scope-guard

Use when a task must stay inside a narrow file or directory boundary, or when risky commands need an explicit stop rule — define the writable surface first so the agent does not drift.

8 stars

Best use case

scope-guard is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when a task must stay inside a narrow file or directory boundary, or when risky commands need an explicit stop rule — define the writable surface first so the agent does not drift.

Teams using scope-guard should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/scope-guard/SKILL.md --create-dirs "https://raw.githubusercontent.com/drvoss/everything-copilot-cli/main/skills/copilot-exclusive/scope-guard/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/scope-guard/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How scope-guard Compares

Feature / Agentscope-guardStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when a task must stay inside a narrow file or directory boundary, or when risky commands need an explicit stop rule — define the writable surface first so the agent does not drift.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Scope Guard

Scope Guard is a Copilot-native way to reduce blast radius. It combines explicit file ownership,
prompt-level boundaries, and approval checkpoints so the agent treats one area as writable and
everything else as read-only unless you reopen the scope.

## Why This is Copilot-Exclusive

Copilot CLI does not expose Claude-style hook permissions, but it does combine several useful
primitives:

- **Plan Mode approval** before execution starts
- **Task delegation** where each agent gets its own brief
- **Prompt-scoped ownership** for exact paths, files, and stop conditions

This skill packages those primitives into a repeatable guardrail pattern for risky or tightly
scoped work.

## When to Use

- Production code, infrastructure, migrations, auth, billing, or other high-risk surfaces
- Refactors that should stay inside one directory or file set
- Parallel agent work where each agent must own a separate writable area
- Tasks that may involve destructive commands and need a pause before execution

## When NOT to Use

| Instead of scope-guard | Use |
|------------------------|-----|
| You need full branch- or filesystem-level isolation | `workflow/using-git-worktrees` |
| You want broad autonomous execution after the plan is approved | `copilot-exclusive/autopilot-patterns` |
| The task is read-only research with no file edits | Do a normal explore pass or use `context-prime` to load the relevant files first |

## Prerequisites

- Know the exact writable path or file list
- Decide what counts as a risky command for this task
- Have a rollback path if the work matters enough to isolate further

## Modes

| Mode | Intent | Behavior |
|------|--------|----------|
| **Careful** | Risk warning | The agent must stop and ask before running destructive or high-impact commands |
| **Freeze** | Path lock | The agent may read broadly, but may only edit inside the named path or file list |
| **Guard** | Careful + Freeze | The agent stays inside the approved writable surface and pauses before risky commands |

## Workflow

### 1. Define the writable surface

Name the exact path, file set, or ownership boundary before any edits begin:

```text
Only modify files under src/payments/.
You may read other files for context, but do not edit, create, or delete anything outside that path.
```

If the task spans multiple owned areas, list them explicitly.

### 2. Choose the mode

**Careful** when the surface is broad but the commands are risky:

```text
Work across the approved files normally, but stop and ask before any destructive command,
dependency change, schema migration, force push, or file deletion.
```

Treat wrapper-prefixed commands as the same risk as the underlying command. `env ...`,
`sudo ...`, `watch ...`, `ionice ...`, and `setsid ...` do not make a risky action safe.
Likewise, treat `find -exec` and `find -delete` as explicit stop-and-review cases, not routine
discovery commands.

**Freeze** when the path boundary matters more than the command type:

```text
You may only write to docs/api/.
Read other files if needed, but do not edit outside docs/api/.
```

**Guard** when both constraints matter:

```text
Use Guard mode for this task.
Writable surface: infra/terraform/.
Stop and ask before any delete, rename, state import, or other destructive infrastructure action.
```

### 3. Add a plan checkpoint for risky work

For high-risk changes, review the plan before execution:

```text
Enter Plan Mode first.
List every file you expect to touch and any risky commands you might need.
Do not execute until that scope is approved.
```

This turns the plan itself into the first guardrail.

### 4. Re-brief each delegated agent separately

Do not assume one agent's scope automatically applies to another. Restate the ownership boundary
for every background or parallel agent:

```text
Owned path: packages/billing/
Do not touch shared CI, lockfiles, or docs.
If the fix requires an out-of-scope edit, stop and report the blocker.
```

### 5. Remove the guard explicitly

When the restriction is no longer needed, say so plainly:

```text
Scope restriction removed. You may now edit any necessary files for the next task.
```

Do not rely on the agent to infer that the boundary changed.

## Practical Guardrails

- Name both the **allowed paths** and the **forbidden shared surfaces**
- Tell the agent what to do on a scope violation: **stop and report**
- Pair large or destructive tasks with a branch or worktree
- Review the diff before merging, even when the guard held
- Write risky-command rules in terms of the real action, not only the first token. For example,
  `sudo rm -rf`, `env NODE_ENV=prod npm run migrate`, and `find . -delete` should all follow the
  same pause rules as their underlying destructive command

## Related Skills

- [`plan-mode-mastery`](../plan-mode-mastery/SKILL.md) — approve file scope before execution
- [`autopilot-patterns`](../autopilot-patterns/SKILL.md) — run autonomously after the boundary is clear
- [`fleet-parallel`](../fleet-parallel/SKILL.md) — assign separate writable surfaces per agent
- [`using-git-worktrees`](../../workflow/using-git-worktrees/SKILL.md) — move from logical scope limits to physical checkout isolation

Related Skills

verification-before-completion

8
from drvoss/everything-copilot-cli

Use before claiming any task is done — run the exact command that proves the fix works, read the output, and only then report success.

using-git-worktrees

8
from drvoss/everything-copilot-cli

Use when you need multiple branches checked out at once — create isolated working directories for parallel development without cloning the repository repeatedly

triage

8
from drvoss/everything-copilot-cli

Use when a single issue needs structured triage — classify it, reproduce if needed, request missing information, and leave a durable brief or close-out note in the tracker.

to-issues

8
from drvoss/everything-copilot-cli

Use when a plan, spec, or PRD must become an actionable backlog — break it into thin dependency-aware issues that each deliver a verifiable vertical slice

sprint-workflow

8
from drvoss/everything-copilot-cli

Use when starting a new feature, refactor, or multi-step dev task — runs the full sprint cycle (Think → Plan → Build → Review → Test → Ship → Monitor) using Copilot CLI's plan/autopilot modes.

sprint-retro

8
from drvoss/everything-copilot-cli

Use at the end of a sprint to run a data-driven retrospective — analyzes session history and git metrics to surface what shipped, what slowed you down, and concrete improvements.

security-audit

8
from drvoss/everything-copilot-cli

Use when a codebase needs a formal security audit beyond a quick scan — applies OWASP Top 10 and STRIDE threat modeling from a CSO perspective to surface systemic vulnerabilities.

release

8
from drvoss/everything-copilot-cli

Use when a sprint or feature is complete and ready to ship — tags the version, generates GitHub Release notes, runs rollout or smoke verification, and publishes to npm/PyPI/Docker registries.

prompt-optimizer

8
from drvoss/everything-copilot-cli

Use when a rough prompt, vague idea, or task description needs to become a finished copy-pasteable prompt for a chat-based LLM - rewrite it into one ready-to-send prompt with no blanks, no placeholders, and a clear output shape.

outside-voice

8
from drvoss/everything-copilot-cli

Use when you need an independent second opinion before, during, or after implementation — run challenge, consult, or review mode in a direct builder-to-builder voice

llm-wiki

8
from drvoss/everything-copilot-cli

Use when research or domain knowledge keeps getting rediscovered across sessions — build a supplementary markdown wiki that compounds synthesized knowledge without replacing GitHub or committed project guidance

interview-me

8
from drvoss/everything-copilot-cli

Use when a request is underspecified and you need to discover what the user actually wants before writing a plan, spec, or code - ask one question at a time, attach your current hypothesis, and stop only after the intent is explicitly confirmed.