A rule in a file is a wish. The thing that actually stops the mistake runs outside the AI.
I had a constitution — a CLAUDE.md with the standing rules. One of them said, plainly, never commit a secret. And it got committed anyway. Not once: a recurring violation, dozens of times. The lesson landed hard — writing a rule down is not the same as enforcing it. An instruction the model is supposed to remember is exactly as reliable as the model remembering it, which is to say: not.
So I tested a hook — a small script the harness runs automatically, before a tool call, whether the AI cooperates or not. A PreToolUse hook that scans the staged diff for anything that looks like a key and hard-blocks the commit. The AI doesn't get a vote. The check runs FOR me, not through the model's good intentions.
The hook. Deterministic, runs every time, can't be talked out of it. The 50th violation simply couldn't happen — the commit was refused at the door.
Relying on the model to obey its own written rules. Memory is not enforcement; a rule with no mechanism behind it is decoration.
If a rule matters, don't write it — wire it. The harness enforces; the model forgets.