Keel Skills is a portable governance framework for Claude Code agents. It gives every agent session a clear, enforced rule: read-only work and proposals are free; anything risky, outward-facing, or irreversible requires an explicit human approval — a green light — before it runs.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/quitohooded/keel-skills/llms.txt
Use this file to discover all available pages before exploring further.
Quickstart
Install Keel Skills and scaffold your first AGENT_POLICY.md in under five minutes.
How It Works
Understand the two-layer architecture: soft reasoning skills and the hard enforcement hook.
Permission Model
Learn the goal / method / green-light distinction and the four-step check.
AGENT_POLICY.md
Configure hot zones, source-of-truth files, and standing approvals for your project.
What Keel Skills does
An autonomous agent is useful right up until it touches production, overwrites something already published, or burns your token budget running the most expensive model on a mechanical task. Most teams have no explicit rule for when the agent may act alone and when it must stop and ask. Keel Skills is that rule, already written.Authorization Protocol
A four-step check that runs before every write action. Only a green light means go.
Model Delegation
Assign the cheapest capable model to every task. Cap subagent depth at two levels.
Context Discipline
Keep sessions anchored in files, not chat. Know when to close a long session cleanly.
Get started in three steps
Generate your project policy
Run the policy-init command in your project. It interviews you about your hot zones and generates a tailored
AGENT_POLICY.md:Two layers of protection
Keel works at two levels simultaneously so you get both smart judgment and hard enforcement:| Layer | What it is | Strength | What it catches |
|---|---|---|---|
| Soft (skills) | The agent applies the four-step check itself | Context-aware, explains its reasoning | Vague goals interpreted as permission, risky chains of small steps |
| Hard (hook) | Deterministic code intercepts every tool call | Fires regardless of model choice | git push, deploys, rm -rf, writes to hot paths, outward MCP calls |
The enforcement hook is a backstop, not a sandbox. It raises assurance against accidents, drift, and hallucinated actions significantly — but a determined or jailbroken agent with shell access can evade command-pattern matching. Pair Keel with scoped credentials and a sandbox for real isolation.
Policy packs for common stacks
Ready-madeAGENT_POLICY.md starting points so you don’t configure from scratch:
Next.js / Vercel
Next.js, Astro, or SvelteKit apps deployed on Vercel or similar PaaS.
Supabase
Supabase / Postgres projects with migrations, RLS, and edge functions.
Web App Deploy
Generic web app with a build + deploy pipeline. The baseline starting point.