You already use AI agents to write code. The question isn't whether to use them — it's how to structure their behavior so it's repeatable, safe, and increasingly autonomous.
The answer, emerging across both the SAW harness and GitHub Agentic Workflows, is a three-layer architecture that separates what agents must always do from what you ask them to do from what they figure out on their own.
Hooks fire automatically on specific events — before a file is written, after a command runs, before a commit. The agent doesn't choose whether to follow them. They're enforced.
In Claude Code, these live in .claude/hooks-config.json. In gh-aw, they're the permissions: and safe-outputs: frontmatter. Same concept: what the agent is not allowed to violate.
Examples:
.env filesHooks exist because AI agents are eager. Without guardrails, they'll do what seems helpful — which sometimes means reformatting your entire codebase or committing untested code. Hooks make certain mistakes structurally impossible.
Commands are multi-step processes you invoke explicitly. They encode your team's workflow as executable instructions the agent follows. In Claude Code, these are slash commands (/start-work, /pre-pr). In gh-aw, they're the entire workflow markdown file triggered by events or /slash commands in issues.
A command typically:
The power here is repeatability. Instead of explaining your workflow to the agent each time, you encode it once and invoke it with a word.
Skills are domain knowledge that the agent loads automatically when relevant. They use frontmatter triggers — file patterns, project conditions — to activate. The agent recognizes "I'm working on a database migration" and loads your migration patterns skill.
Skills don't execute steps. They inform the agent's decision-making. They're the difference between an agent that writes generic code and one that writes code matching your project's patterns.
In Claude Code / Kiro, these are .claude/skills/ or steering files. In SAW, they're the 18 model-invoked skills with Skills 2.0 frontmatter.
The layers aren't independent — they compose:
/start-work TICKET-123Notice the layering: the command drives the workflow, skills inform the agent's choices within it, and hooks constrain every action along the way. Process as service, not control.
| Layer | Claude Code | Kiro | Codex CLI | gh-aw |
|---|---|---|---|---|
| Hooks | .claude/hooks-config.json |
Steering files (always-on) | config.toml approval policy |
permissions: + safe-outputs: |
| Commands | .claude/commands/*.md |
Skills (manual trigger) | Natural language (no slash) | Workflow markdown files |
| Skills | .claude/skills/*/SKILL.md |
Steering files (file-matched) | .agents/skills/*.md |
Prompt body + imports |
You're already using pieces of this. Every time you set a Kiro steering file or write a Claude Code command, you're building one layer. The three-layer architecture just names the pattern and asks: are all three layers present and working together?
/pre-pr and the agent runs linting, checks test coverage, updates the changelog, and opens a PR. Which layer?/pre-pr, and it executed a multi-step workflow. Hooks fire automatically; skills load contextually.Now that you have the mental model, the next lesson will be hands-on: building your first hook. We'll set up a Claude Code hook that enforces a constraint you choose — something you've wished your agent would stop doing wrong.
Effective Harnesses for Long-Running Agents — Anthropic Engineering. This is the paper that established the three-layer pattern. ~15 min read. Focus on the "Architecture" section.