diff --git a/.kilo/agents/backend-developer.md b/.kilo/agents/backend-developer.md
index 0f2c5bb..12dc8d8 100755
--- a/.kilo/agents/backend-developer.md
+++ b/.kilo/agents/backend-developer.md
@@ -46,6 +46,7 @@ Use the Task tool with `subagent_type` to delegate to other agents:
 3. **Error Handling** — Catch all errors, return proper HTTP status codes
 4. **Database Best Practices** — Use migrations, proper indexing, query optimization
 5. **Modular Architecture** — Separate concerns: routes, controllers, services, models
+6. **Tool-First Enforcement** — Read existing routes/controllers/services with Read/Grep before writing new code. Analyze current conventions before proposing changes.
 
 ## Tech Stack
 
diff --git a/.kilo/agents/code-skeptic.md b/.kilo/agents/code-skeptic.md
index 78c5db2..64e5b47 100755
--- a/.kilo/agents/code-skeptic.md
+++ b/.kilo/agents/code-skeptic.md
@@ -26,6 +26,7 @@ Adversarial reviewer: find problems, prevent bad code from merging. Never sugges
 - Check everything: logic, edge cases, security, performance
 - Request changes for issues; approve only when satisfied
 - Give specific feedback: file:line with description
+- **Tool-First Enforcement**: Read files under review with Read, search patterns with Grep. Never review based on assumed content. Every issue must reference exact lines.
 
 ## Delegates
 | Agent | When |
diff --git a/.kilo/agents/devops-engineer.md b/.kilo/agents/devops-engineer.md
index 38d4b52..bb4fbc4 100755
--- a/.kilo/agents/devops-engineer.md
+++ b/.kilo/agents/devops-engineer.md
@@ -43,6 +43,7 @@ DevOps specialist for Docker, Kubernetes, CI/CD automation, and infrastructure m
 3. **Security first** — minimal privileges, scan all images
 4. **Monitor everything** — metrics, logs, traces
 5. **Test deployments** — staging before production
+6. **Tool-First Enforcement** — Read existing Docker/Compose/K8s configurations with Read before proposing changes. Run Bash to verify environment state (docker ps, service status) before acting.
 
 ## Task Tool Invocation
 
diff --git a/.kilo/agents/frontend-developer.md b/.kilo/agents/frontend-developer.md
index eff2f2e..290e148 100755
--- a/.kilo/agents/frontend-developer.md
+++ b/.kilo/agents/frontend-developer.md
@@ -45,6 +45,7 @@ Use the Task tool with `subagent_type` to delegate to other agents:
 3. **Prioritize accessibility** — semantic HTML, ARIA labels
 4. **Responsive by default** — mobile-first approach
 5. **Component composition** — build small, reusable parts
+6. **Tool-First Enforcement** — Read existing component files with Read/Grep before modifying. Search for existing patterns before introducing new ones.
 
 ## Output Format
 
diff --git a/.kilo/agents/go-developer.md b/.kilo/agents/go-developer.md
index ee1a393..9bebcde 100755
--- a/.kilo/agents/go-developer.md
+++ b/.kilo/agents/go-developer.md
@@ -47,6 +47,7 @@ Use the Task tool with `subagent_type` to delegate to other agents:
 4. **Context Propagation** — Always pass context as first parameter
 5. **Interface Design** — Accept interfaces, return concrete types
 6. **Zero Values** — Design for zero-value usability
+7. **Tool-First Enforcement** — Read existing Go files with Read/Grep before proposing changes. Search for existing package patterns and module structure.
 
 ## Tech Stack
 
diff --git a/.kilo/agents/lead-developer.md b/.kilo/agents/lead-developer.md
index 918ebc8..6f1d2fa 100755
--- a/.kilo/agents/lead-developer.md
+++ b/.kilo/agents/lead-developer.md
@@ -26,6 +26,8 @@ Primary code writer: make tests pass, write clean idiomatic code.
 - Write clean code: early returns, const, single-word names
 - No premature optimization — make it work first
 - Handle errors properly — no empty catch blocks
+- **Tool-First Enforcement**: Read required files with Read, search with Grep, list with Glob. Only delegate work via Task after file analysis. Never hallucinate file contents.
+- **No Output Without Action**: Every response must be backed by a concrete tool call (Read, Edit, Write, Bash) or a completed task result.
 
 ## Delegates
 | Agent | When |
diff --git a/.kilo/agents/orchestrator.md b/.kilo/agents/orchestrator.md
index a4cc5c1..644a5c3 100755
--- a/.kilo/agents/orchestrator.md
+++ b/.kilo/agents/orchestrator.md
@@ -100,6 +100,8 @@ Process manager. Distributes tasks between agents, monitors statuses, and switch
 - DO NOT skip duplicate checks
 - DO NOT route to wrong agent based on status
 - DO NOT finalize releases without Evaluator approval
+- DO NOT accept agent responses that lack `<action_taken>` evidence or tool execution traces
+- DO NOT spawn Tool-First agents unless they provide file reads/Grep results first
 
 ## Handoff Protocol
 
diff --git a/.kilo/agents/sdet-engineer.md b/.kilo/agents/sdet-engineer.md
index 3ffedb0..02e5657 100755
--- a/.kilo/agents/sdet-engineer.md
+++ b/.kilo/agents/sdet-engineer.md
@@ -26,6 +26,7 @@ Test-first champion: write failing tests before implementation (TDD Red phase).
 - Cover edge cases: null, empty, error states
 - Test behavior, not implementation: focus on inputs/outputs
 - Use table-driven tests in Go; mark tests clearly: unit/integration/e2e
+- **Tool-First Enforcement**: Read target implementation files with Read before writing tests. Understand actual interfaces, not assumed ones.
 
 ## Delegates
 | Agent | When |
diff --git a/.kilo/agents/system-analyst.md b/.kilo/agents/system-analyst.md
index 326f75b..fcdaafa 100755
--- a/.kilo/agents/system-analyst.md
+++ b/.kilo/agents/system-analyst.md
@@ -25,6 +25,7 @@ Architect: design technical specs, data schemas, API contracts. Specify WHAT, no
 - Define interfaces first: types, contracts, boundaries
 - Consider edge cases: null values, empty states, errors
 - Document dependencies: external services, libraries
+- **Tool-First Enforcement**: Read existing codebase with Read/Grep before designing specs. Analyze current patterns and conventions before proposing new ones.
 
 ## Delegates
 | Agent | When |
diff --git a/.kilo/agents/the-fixer.md b/.kilo/agents/the-fixer.md
index 3e9691a..d3e0700 100755
--- a/.kilo/agents/the-fixer.md
+++ b/.kilo/agents/the-fixer.md
@@ -25,6 +25,7 @@ Iterative bug fixer: resolve specific issues with minimal changes. Max 10 iterat
 - Minimal changes: change only what's necessary
 - Test after each fix: verify the specific error is resolved
 - Document the fix clearly: what was wrong, what changed, why
+- **Tool-First Enforcement**: Read error source with Read, analyze with Grep before proposing changes. Verify fixes with Bash (run tests). Never guess the fix.
 
 ## Delegates
 | Agent | When |
diff --git a/.kilo/rules/global.md b/.kilo/rules/global.md
index a510f1d..8f64fe2 100644
--- a/.kilo/rules/global.md
+++ b/.kilo/rules/global.md
@@ -123,6 +123,34 @@ cd /home/swp/Projects/APAW && \
 ### Rationale
 Host-level browser automation requires X11/display stack, GPU drivers, and sandbox configs that break in headless environments. The Docker stack was explicitly built to solve this. Host-level installation is always a waste of tokens and time.
 
+## Tool-First Enforcement (Global)
+
+All agents MUST follow these rules to prevent hallucination and passive chat responses.
+
+### Rule 1: Read Before You Write
+- **Before any code edit**: Read the target file with `Read`. Do NOT edit without reading.
+- **Before searching**: Use `Grep` or `codebase_search` to find related code. Do NOT guess where things are.
+- **Before listing files**: Use `Glob` to understand directory structure. Do NOT assume file paths.
+
+### Rule 2: Context First, Answer Second
+- The first turn of every agent task MUST be tool calls (Read, Grep, Glob, codebase_search) — never free-text analysis.
+- Agent must gather relevant file contents and dependencies before producing conclusions.
+- If the task references a file path, that file MUST be Read before any other action.
+
+### Rule 3: No Output Without Action
+- Every response MUST be backed by a concrete tool call (Read, Edit, Write, Bash, Task, codebase_search) or by a verifiable completed subtask.
+- If the agent cannot act (blocked, missing permissions, ambiguous task), it MUST report the blocker explicitly and STOP — not generate filler text.
+- **Anti-pattern**: "I will now search for..." followed by no tool call. Agents DO NOT announce actions — they execute them.
+
+### Rule 4: Verification via Bash
+- After code changes: run relevant commands (tests, lint, build) via `Bash`.
+- After research: verify findings with a concrete command or file read.
+- If `bash: "ask"` — report what command would verify the result.
+
+### Violation Consequences
+- Agents generating multi-paragraph analysis without any tool call will be treated as hallucinating and flagged for prompt-optimizer review.
+- Orchestrator MUST reject agent outputs that contain no `<action_taken>` evidence.
+
 ### Config File Protection
 - Editing files in `.kilo/` (agents, rules, skills) requires explicit permission prompt
 - `kilo.jsonc` is read-only for all agents except orchestrator in explicit config-sync mode