Claude Code Hook That Engineers Every Prompt for You — Automatically

#claudecode #promptengineering #python #ai

I Built a Claude Code Hook That Engineers Every Prompt for You — Automatically

Most developers using Claude Code write prompts like this:

add rate limiting to the auth endpoints

That works. But it's leaving a lot on the table.

Anthropic's own prompt engineering documentation says that a well-structured prompt — with role assignment, explicit context, constraints, output format, and examples — dramatically improves response quality. The problem? Writing prompts that way every time takes 5–10 minutes. Nobody does it.

So I built steelprompt: a Claude Code hook that silently restructures every prompt using Anthropic's 7 official principles, before Claude even sees it.

What it actually does

steelprompt intercepts every prompt via a UserPromptSubmit hook and runs a 3-tier decision protocol:

Tier 1 — Bypass: slash commands, prompts under 5 words, and atomic tasks pass through unchanged. No overhead on simple stuff.

Tier 2 — Ask: if critical information is missing, steelprompt asks 1–2 targeted questions before guessing. No more "which file?" moments after Claude produces the wrong output.

Tier 3 — Apply: for every clear, non-trivial prompt, steelprompt restructures it inline using the full framework — zero added latency, zero extra tokens billed, because Claude does the restructuring during its own inference.

The before/after

You type:

add rate limiting to the auth endpoints

What steelprompt injects internally:

You are a senior backend security engineer.

<context>
Project: Express.js API with JWT authentication
Endpoints: POST /auth/login, POST /auth/refresh, POST /auth/register
Environment: Node.js 20, Redis already in use for session storage
</context>

<task>
1. Add per-IP rate limiting: max 5 requests/minute on /login and /register
2. Add per-user rate limiting: max 20 requests/hour on /refresh
3. Return 429 with Retry-After header on limit exceeded
4. Do not affect non-auth endpoints
</task>

<constraints>
- Reuse existing Redis connection
- Do not modify JWT validation logic
- Rate limit state must survive server restarts
</constraints>

<output_format>
1. New middleware file
2. Diff showing changes to auth routes
3. Two Jest test cases: limit hit + normal flow
</output_format>

Think through this step by step before answering.

What Claude produces: a complete, production-ready implementation with tests — not a generic overview of rate limiting options.

Beyond the 7 principles: 5 advanced patterns

steelprompt also detects situations where extra patterns help:

Chain detection: when a task spans multiple sequential steps ("refactor auth.py, add tests, update docs"), steelprompt shows the full plan and asks for confirmation before running.

Agentic safety: when a task involves irreversible operations (deleting records, dropping tables), safety constraints are automatically injected — show affected row count, require confirmation, do not touch unspecified tables.

Long context ordering: when tasks reference long files, steelprompt moves the file content before the task description — matching Anthropic's guideline that long data should precede the query.

Prefill anchors: for rigidly critical output formats (JSON, YAML, SQL), steelprompt adds a prefill character ({, ---, SELECT) to lock Claude into the correct format from the first token.

Negative examples: for ambiguous format tasks, steelprompt generates <bad_example> blocks alongside <example> blocks — showing what not to produce reduces hallucinations on format-sensitive tasks.

Modes

/steelprompt mode full      # default: full 3-tier protocol
/steelprompt mode preview   # shows engineered prompt before running
/steelprompt mode ask-only  # clarifying questions only
/steelprompt mode off       # disable entirely

preview mode is particularly useful for learning — you see exactly what gets injected, and you can edit or cancel before Claude runs.

Install

claude plugin marketplace add bhutano/bhutano-marketplace
claude plugin install steelprompt

Requirements: Claude Code 2.0.22+ · Python 3.8+

No API keys. No configuration. No external calls. Defaults to full mode.

Why a hook, not a wrapper

The design choice I'm most happy with: steelprompt runs inside Claude's inference, not before it. There's no separate API call, no added latency, no extra cost. The restructuring happens as part of the same inference that produces the response.

This also means it works with all of Claude Code's native features — slash commands, context files, multi-turn conversations — without interference.