The Probabilistic Reality
Claude’s behavior is probabilistic. Given the same input, it will usually produce the same output — but not always. Temperature, slight variations in prompt formatting, model updates, and edge cases in the input all introduce variability.
For most applications, this is fine. A writing assistant that occasionally uses a slightly different tone is acceptable. A customer support agent that occasionally processes a refund without verifying identity is not.
The question isn’t “will Claude follow this instruction?” The answer is almost always yes. The question is: “What happens in the 0.1% of cases where it doesn’t?”
At 10,000 transactions per day, 0.1% is 10 transactions. If each incorrect transaction is a $200 refund to the wrong person, that’s $2,000 per day — $730,000 per year. From a prompt instruction that was 99.9% reliable.
This is why the CCA exam tests this concept more than any other.
What Prompt Guidance Is Good For
Prompt guidance works well for:
- Tone and communication style
- Response format preferences
- Which tools to prefer when multiple are available
- Soft ordering preferences (“generally check X before Y”)
- Content guidelines that don’t have legal/financial consequences
# Good use of prompt guidance
system_prompt = """
When responding to customers:
- Use a friendly, empathetic tone
- Acknowledge their frustration before providing solutions
- Keep responses concise — aim for under 150 words
- If multiple solutions exist, present the simplest first
"""
These are preferences. Occasional deviation doesn’t cause harm.
What Programmatic Enforcement Is Required For
Enforcement is required when:
- A failure has financial consequences (incorrect refunds, unauthorized charges)
- A failure has legal consequences (regulatory compliance, data access controls)
- A failure has safety consequences (medical information, emergency services)
- The business requirement is absolute (“must always,” “never permitted to”)
How Programmatic Enforcement Works
A PreToolUse hook intercepts a tool call before it executes. It can:
- Allow the call to proceed unchanged
- Block the call and return an error
- Modify the tool’s inputs before execution
def customer_verification_hook(tool_name: str, tool_input: dict, session: dict) -> dict:
"""
Blocks process_refund if customer hasn't been verified in this session.
"""
if tool_name == "process_refund":
# Check session state — was get_customer called and verified?
if not session.get("customer_verified"):
return {
"blocked": True,
"error": {
"type": "prerequisite_not_met",
"message": "Customer identity must be verified before processing refunds. "
"Call get_customer first.",
"required_action": "call get_customer with customer identifier"
}
}
# Also enforce refund limit
refund_amount = tool_input.get("amount", 0)
if refund_amount > 500:
return {
"blocked": True,
"error": {
"type": "policy_violation",
"message": f"Refund amount ${refund_amount} exceeds the $500 limit. "
"Escalate to human agent for amounts over $500.",
"escalation_required": True
}
}
return {"blocked": False} # Allow all other tool calls
The hook is deterministic. It checks session state. If the condition isn’t met, the refund is blocked — 100% of the time, regardless of what the prompt says or what Claude decided.
PostToolUse Hooks
PostToolUse hooks transform tool results before Claude sees them:
def normalize_order_data_hook(tool_name: str, tool_result: dict, session: dict) -> dict:
"""
Normalizes timestamps and status codes from different order management systems.
Claude receives consistent formats regardless of which system the data came from.
"""
if tool_name in ("get_order_legacy", "get_order_v2", "get_order_v3"):
normalized = {
"order_id": tool_result.get("id") or tool_result.get("orderId") or tool_result.get("order_id"),
"status": STATUS_CODE_MAP.get(
tool_result.get("status_code"),
tool_result.get("status", "unknown")
),
"created_at": parse_to_iso8601(
tool_result.get("created_at") or
tool_result.get("createdTimestamp") or
tool_result.get("order_date")
),
"amount": float(tool_result.get("total") or tool_result.get("amount", 0))
}
return normalized
return tool_result # Pass through unchanged for other tools
Claude always receives normalized data — it doesn’t need to handle the inconsistencies between three different order management systems.
The Combined Pattern
Best practice: use hooks for hard requirements, prompts for guidance within what hooks allow.
# Hook enforces the hard requirements (deterministic)
hooks = {
"pre_tool_use": [
customer_verification_hook, # Must verify before refund
refund_limit_hook, # Max $500 without escalation
business_hours_hook, # No automated refunds after hours
],
"post_tool_use": [
normalize_order_data_hook, # Consistent data format
redact_pii_hook, # Remove SSN/card numbers from tool results
]
}
# Prompt guides behavior within the space hooks allow (probabilistic)
system_prompt = """
You are a customer support agent.
After verifying customer identity (required before any refund):
- Express empathy for their situation
- Explain the resolution clearly
- Ask if they need anything else
For refunds within $500: process immediately with explanation
For refunds over $500: the system will handle escalation automatically
"""
The prompt guides tone and approach. The hooks ensure compliance. Neither can compensate for the other’s absence in critical areas.
The Exam Question Pattern
The exam typically presents a scenario where something is going wrong in production, then gives four options for fixing it. Options B, C, D are usually prompt-based solutions (more detailed instructions, few-shot examples, better phrasing). Option A is programmatic enforcement.
When the scenario involves:
- Money moving incorrectly
- Identity verification failures
- Policy compliance
- Security controls
The answer is always programmatic enforcement.
Key Takeaways
- LLMs are probabilistic — any prompt instruction has a non-zero failure rate
- Financial, legal, safety consequences → programmatic enforcement
- Preferences, style, soft guidance → prompt instructions
- PreToolUse hooks — intercept and potentially block before execution
- PostToolUse hooks — transform results before Claude processes them
- Hooks + prompts work together — hooks set hard limits, prompts guide within them
- “Very detailed prompt” is not a substitute — determinism requires code, not words