Enforcement Options A+B

## §6 Enforcement

Three options, ranked by intrusiveness:

### Option A — Lint-on-mc-ready (least intrusive) [RECOMMENDED]

A `pre-mc-ready` bash hook intercepts `mc.js ready ` calls. It reads the MC outcome/evidence field and checks whether any path reference points to a non-canonical location (`/tmp/`, `~/Public/`, `~/Downloads/`). If so, it emits a **warning to stderr** — not a block. The operator sees the warning, can investigate, and the `ready` transition proceeds regardless.

- **Implementation:** ~30 lines of bash added to existing hook chain.
- **Risk:** Near zero. Warn-only means no false positives block work.
- **Adoption:** Immediate — no skill changes needed.

### Option B — Skill SDK helper (opt-in) [RECOMMENDED alongside A]

Skills call `output-path.js resolve` as the first action of their preamble. This is not enforced by a hook — it is adopted voluntarily by each skill's author. The helper enforces canonical paths structurally (you cannot call it and get a non-canonical path).

- **Implementation:** One `require()` or one bash call per skill.
- **Risk:** Zero. Opt-in. Non-adopting skills are unaffected.
- **Adoption:** Gradual, driven by Phase 2 opt-in targets.

### Option C — pre-tool-use hook blocking ~/Downloads/ and ~/Public/ writes (most intrusive) [DEFERRED]

A `pre-tool-use` bash hook intercepts any file Write or Bash command that targets `~/Downloads/` or `~/Public/` when a `MC_ACTIVE_TASK` environment variable is set. Blocks the write and redirects to canonical path.

- **Risk:** High false positive rate. CEO legitimately writes to `~/Public/` for grant deliverables. Blocking these creates friction with no benefit.
- **Decision: Deferred.** Do not build Option C until Phase 2 proves the convention stable and Option A/B adoption is measurable.

**Recommendation: Implement Option A + Option B together. Option C deferred indefinitely until evidence of need.**

---