@hiro-c/agent-gate 1.0.0

package/dist/observability/stats.js

@@ -0,0 +1,78 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.aggregateStats = aggregateStats;
+exports.readStats = readStats;
+exports.formatStats = formatStats;
+const fs_1 = require("fs");
+function emptyStats() {
+    return {
+        total: 0,
+        blocks: 0,
+        allows: 0,
+        byRuleId: {},
+        bySource: { deterministic: 0, ai: 0, pass: 0 },
+        byAdapter: {},
+        byTool: {},
+    };
+}
+function inc(m, k) {
+    m[k] = (m[k] ?? 0) + 1;
+}
+function aggregateStats(entries) {
+    const stats = emptyStats();
+    for (const e of entries) {
+        stats.total++;
+        if (e.decision === 'block')
+            stats.blocks++;
+        else
+            stats.allows++;
+        if (e.ruleId)
+            inc(stats.byRuleId, e.ruleId);
+        inc(stats.bySource, e.source);
+        inc(stats.byAdapter, e.adapter);
+        inc(stats.byTool, e.toolName);
+    }
+    return stats;
+}
+function readStats(logPath) {
+    if (!(0, fs_1.existsSync)(logPath))
+        return emptyStats();
+    const content = (0, fs_1.readFileSync)(logPath, 'utf-8');
+    const entries = [];
+    for (const line of content.split('\n')) {
+        const trimmed = line.trim();
+        if (!trimmed)
+            continue;
+        try {
+            entries.push(JSON.parse(trimmed));
+        }
+        catch {
+            // Skip malformed lines.
+        }
+    }
+    return aggregateStats(entries);
+}
+function formatRecord(label, rec) {
+    const entries = Object.entries(rec).sort((a, b) => b[1] - a[1]);
+    if (entries.length === 0)
+        return `${label}: (none)`;
+    const rendered = entries.map(([k, v]) => `  ${k}: ${v}`).join('\n');
+    return `${label}:\n${rendered}`;
+}
+function formatStats(stats) {
+    const blockPct = stats.total > 0 ? Math.round((stats.blocks / stats.total) * 100) : 0;
+    const lines = [
+        `Total decisions: ${stats.total}`,
+        `Blocks: ${stats.blocks} (${blockPct}%)`,
+        `Allows: ${stats.allows}`,
+        '',
+        formatRecord('By source', stats.bySource),
+        '',
+        formatRecord('By adapter', stats.byAdapter),
+        '',
+        formatRecord('By tool', stats.byTool),
+        '',
+        formatRecord('By rule id (deterministic)', stats.byRuleId),
+    ];
+    return lines.join('\n');
+}

package/dist/validation/models/AnthropicApi.d.ts

@@ -0,0 +1,9 @@
+import { Config } from '../../config/Config';
+import { IModelClient } from '../../contracts/types/ModelClient';
+export declare class AnthropicApi implements IModelClient {
+    private readonly config;
+    private readonly client;
+    constructor(config: Config);
+    ask(prompt: string): Promise<string>;
+}
+//# sourceMappingURL=AnthropicApi.d.ts.map

package/dist/validation/models/AnthropicApi.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AnthropicApi.d.ts","sourceRoot":"","sources":["../../../src/validation/models/AnthropicApi.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAA;AAKhE,qBAAa,YAAa,YAAW,YAAY;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAW;gBAEtB,MAAM,EAAE,MAAM;IAOpB,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAe3C"}

package/dist/validation/models/AnthropicApi.js

@@ -0,0 +1,44 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AnthropicApi = void 0;
+const sdk_1 = __importDefault(require("@anthropic-ai/sdk"));
+const system_prompt_1 = require("../prompts/system-prompt");
+const API_MAX_TOKENS = 1024;
+class AnthropicApi {
+    config;
+    client;
+    constructor(config) {
+        this.config = config;
+        this.client = new sdk_1.default({
+            apiKey: this.config.apiKey,
+        });
+    }
+    async ask(prompt) {
+        const response = await this.client.messages.create({
+            model: this.config.model,
+            system: (0, system_prompt_1.getSystemPrompt)(this.config.reasonLang),
+            max_tokens: API_MAX_TOKENS,
+            messages: [
+                {
+                    role: 'user',
+                    content: prompt,
+                },
+            ],
+        });
+        return extractTextFromResponse(response);
+    }
+}
+exports.AnthropicApi = AnthropicApi;
+function extractTextFromResponse(response) {
+    if (response.content.length === 0) {
+        throw new Error('No content in response');
+    }
+    const firstContent = response.content[0];
+    if (!('text' in firstContent) || !firstContent.text) {
+        throw new Error('Response content does not contain text');
+    }
+    return firstContent.text;
+}

package/dist/validation/models/ClaudeCli.d.ts

@@ -0,0 +1,10 @@
+import { IModelClient } from '../../contracts/types/ModelClient';
+import { Config } from '../../config/Config';
+export declare class ClaudeCli implements IModelClient {
+    private readonly config;
+    private readonly cwd;
+    constructor(config: Config, cwd?: string);
+    ask(prompt: string): Promise<string>;
+    private getClaudeBinary;
+}
+//# sourceMappingURL=ClaudeCli.d.ts.map

package/dist/validation/models/ClaudeCli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClaudeCli.d.ts","sourceRoot":"","sources":["../../../src/validation/models/ClaudeCli.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAA;AAChE,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAO5C,qBAAa,SAAU,YAAW,YAAY;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAQ;gBAEhB,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM;IAKlC,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwC1C,OAAO,CAAC,eAAe;CAYxB"}

package/dist/validation/models/ClaudeCli.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClaudeCli = void 0;
+const child_process_1 = require("child_process");
+const path_1 = require("path");
+const os_1 = require("os");
+const fs_1 = require("fs");
+const system_prompt_1 = require("../prompts/system-prompt");
+const CLI_TIMEOUT_MS = 60_000;
+const CLI_MAX_TURNS = '1';
+const DISALLOWED_TOOLS = 'Edit,Write,Bash,Read,Glob,Grep';
+class ClaudeCli {
+    config;
+    cwd;
+    constructor(config, cwd) {
+        this.config = config;
+        this.cwd = cwd ?? process.cwd();
+    }
+    async ask(prompt) {
+        const claudeBinary = this.getClaudeBinary();
+        const fullPrompt = `${(0, system_prompt_1.getSystemPrompt)(this.config.reasonLang)}\n\n${prompt}`;
+        const args = [
+            '-',
+            '--output-format',
+            'json',
+            '--max-turns',
+            CLI_MAX_TURNS,
+            '--model',
+            this.config.model,
+            '--disallowed-tools',
+            DISALLOWED_TOOLS,
+            '--strict-mcp-config',
+        ];
+        const claudeDir = (0, path_1.join)(this.cwd, '.claude');
+        if (!(0, fs_1.existsSync)(claudeDir)) {
+            (0, fs_1.mkdirSync)(claudeDir, { recursive: true });
+        }
+        const output = (0, child_process_1.execFileSync)(claudeBinary, args, {
+            encoding: 'utf-8',
+            timeout: CLI_TIMEOUT_MS,
+            input: fullPrompt,
+            cwd: claudeDir,
+            // shell is needed on Windows to invoke the `.cmd` shim that npm creates
+            // for installed bins. On Unix the binary is invoked directly via execve,
+            // so shell interpretation (and any associated injection surface) is off.
+            // All args passed here are constants or validated config values, so this
+            // flag does not widen the injection surface in practice.
+            shell: process.platform === 'win32',
+        });
+        const response = JSON.parse(output);
+        return response.result;
+    }
+    getClaudeBinary() {
+        if (this.config.useSystemClaude) {
+            return 'claude';
+        }
+        const localBinary = (0, path_1.join)((0, os_1.homedir)(), '.claude', 'local', 'claude');
+        if ((0, fs_1.existsSync)(localBinary)) {
+            return localBinary;
+        }
+        return 'claude';
+    }
+}
+exports.ClaudeCli = ClaudeCli;

package/dist/validation/models/CompositeModelClient.d.ts

@@ -0,0 +1,20 @@
+import { IModelClient } from '../../contracts/types/ModelClient';
+export interface CompositeModelClientOptions {
+    /** Per-client timeout in ms. A client that exceeds this is treated as failed. */
+    timeoutMs?: number;
+}
+/**
+ * Tries each client in order, returning the first successful response.
+ * If a client throws or exceeds the optional timeout, the composite
+ * falls back to the next client. When every client fails, the composite
+ * itself throws an aggregate error so the AI validator's outer
+ * try/catch can fail-open the request.
+ */
+export declare class CompositeModelClient implements IModelClient {
+    private readonly clients;
+    private readonly timeoutMs?;
+    constructor(clients: IModelClient[], opts?: CompositeModelClientOptions);
+    ask(prompt: string): Promise<string>;
+    private askWithOptionalTimeout;
+}
+//# sourceMappingURL=CompositeModelClient.d.ts.map

package/dist/validation/models/CompositeModelClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CompositeModelClient.d.ts","sourceRoot":"","sources":["../../../src/validation/models/CompositeModelClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAA;AAEhE,MAAM,WAAW,2BAA2B;IAC1C,iFAAiF;IACjF,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;;;;;GAMG;AACH,qBAAa,oBAAqB,YAAW,YAAY;IACvD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAQ;gBAEvB,OAAO,EAAE,YAAY,EAAE,EAAE,IAAI,CAAC,EAAE,2BAA2B;IAQjE,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAgB5B,sBAAsB;CAuBrC"}

package/dist/validation/models/CompositeModelClient.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CompositeModelClient = void 0;
+/**
+ * Tries each client in order, returning the first successful response.
+ * If a client throws or exceeds the optional timeout, the composite
+ * falls back to the next client. When every client fails, the composite
+ * itself throws an aggregate error so the AI validator's outer
+ * try/catch can fail-open the request.
+ */
+class CompositeModelClient {
+    clients;
+    timeoutMs;
+    constructor(clients, opts) {
+        if (clients.length === 0) {
+            throw new Error('CompositeModelClient requires at least one IModelClient');
+        }
+        this.clients = clients;
+        this.timeoutMs = opts?.timeoutMs;
+    }
+    async ask(prompt) {
+        const errors = [];
+        for (let i = 0; i < this.clients.length; i++) {
+            const c = this.clients[i];
+            try {
+                return await this.askWithOptionalTimeout(c, prompt);
+            }
+            catch (e) {
+                const msg = e instanceof Error ? e.message : String(e);
+                errors.push(`client[${i}]: ${msg}`);
+            }
+        }
+        throw new Error(`CompositeModelClient: all ${this.clients.length} clients failed. ${errors.join(' | ')}`);
+    }
+    async askWithOptionalTimeout(client, prompt) {
+        if (this.timeoutMs === undefined) {
+            return client.ask(prompt);
+        }
+        return new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                reject(new Error(`client timeout after ${this.timeoutMs}ms`));
+            }, this.timeoutMs);
+            client.ask(prompt).then((result) => {
+                clearTimeout(timer);
+                resolve(result);
+            }, (err) => {
+                clearTimeout(timer);
+                reject(err instanceof Error ? err : new Error(String(err)));
+            });
+        });
+    }
+}
+exports.CompositeModelClient = CompositeModelClient;

package/dist/validation/prompts/context.d.ts

@@ -0,0 +1,3 @@
+import { RuleSource } from '../../contracts/types/RuleSource';
+export declare function buildPrompt(rules: RuleSource[], toolName: string, toolInput: Record<string, unknown>): string;
+//# sourceMappingURL=context.d.ts.map

package/dist/validation/prompts/context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../../src/validation/prompts/context.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAkB,MAAM,kCAAkC,CAAA;AAc7E,wBAAgB,WAAW,CACzB,KAAK,EAAE,UAAU,EAAE,EACnB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,MAAM,CAoBR"}

package/dist/validation/prompts/context.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildPrompt = buildPrompt;
+const response_1 = require("./response");
+const KIND_LABEL = {
+    'claude-md': 'CLAUDE.md',
+    'agents-md': 'AGENTS.md',
+    cursorrules: '.cursorrules (Cursor legacy)',
+    'cursor-mdc': '.cursor/rules/*.mdc (Cursor)',
+    clinerules: '.clinerules/*.md (Cline)',
+    'windsurf-rule': '.windsurf/rules/*.md (Windsurf)',
+    'copilot-instructions': '.github/copilot-instructions.md (Copilot)',
+    'aider-conventions': 'CONVENTIONS.md (Aider)',
+};
+function buildPrompt(rules, toolName, toolInput) {
+    const rulesSection = rules
+        .map((r) => `## ${KIND_LABEL[r.kind]} (${r.path})\n\n${r.content}`)
+        .join('\n\n');
+    const toolSection = JSON.stringify({ tool_name: toolName, tool_input: toolInput }, null, 2);
+    return `# プロジェクトルール (集約された指示ファイル)
+
+${rulesSection}
+
+# 実行されるツール操作
+
+${toolSection}
+
+${response_1.RESPONSE_FORMAT}`;
+}

package/dist/validation/prompts/response.d.ts

@@ -0,0 +1,2 @@
+export declare const RESPONSE_FORMAT = "\nRespond in the following JSON format only. Do not include any other text.\n\nIf there is a violation:\n```json\n{\"decision\": \"block\", \"reason\": \"Rule \\\"<quote>\\\" forbids this. Next correct step: <what to do instead>.\"}\n```\n\nExample block reason:\n\"CLAUDE.md states \\\"Do not delete production data without confirmation\\\".\nNext correct step: stop the destructive command and ask the user before\nrunning anything that targets the production database.\"\n\nIf there is no violation:\n```json\n{\"decision\": null, \"reason\": \"No violation found\"}\n```";
+//# sourceMappingURL=response.d.ts.map

package/dist/validation/prompts/response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.d.ts","sourceRoot":"","sources":["../../../src/validation/prompts/response.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe,mkBAgBrB,CAAA"}

package/dist/validation/prompts/response.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RESPONSE_FORMAT = void 0;
+exports.RESPONSE_FORMAT = `
+Respond in the following JSON format only. Do not include any other text.
+
+If there is a violation:
+\`\`\`json
+{"decision": "block", "reason": "Rule \\"<quote>\\" forbids this. Next correct step: <what to do instead>."}
+\`\`\`
+
+Example block reason:
+"CLAUDE.md states \\"Do not delete production data without confirmation\\".
+Next correct step: stop the destructive command and ask the user before
+running anything that targets the production database."
+
+If there is no violation:
+\`\`\`json
+{"decision": null, "reason": "No violation found"}
+\`\`\``;

package/dist/validation/prompts/system-prompt.d.ts

@@ -0,0 +1,7 @@
+export declare function getSystemPrompt(reasonLang?: string): string;
+/**
+ * Backwards-compatible constant export used by older callers and tests.
+ * Equivalent to getSystemPrompt() with auto language behavior.
+ */
+export declare const SYSTEM_PROMPT: string;
+//# sourceMappingURL=system-prompt.d.ts.map

package/dist/validation/prompts/system-prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"system-prompt.d.ts","sourceRoot":"","sources":["../../../src/validation/prompts/system-prompt.ts"],"names":[],"mappings":"AA2DA,wBAAgB,eAAe,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAI3D;AAED;;;GAGG;AACH,eAAO,MAAM,aAAa,QAAoB,CAAA"}

package/dist/validation/prompts/system-prompt.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SYSTEM_PROMPT = void 0;
+exports.getSystemPrompt = getSystemPrompt;
+const BASE_PROMPT = `You are a guardrail for an AI coding agent.
+Your job is to evaluate whether the agent's upcoming tool operation
+violates any project rules.
+
+The rules come from one or more instruction files in the project:
+CLAUDE.md, AGENTS.md, .cursorrules, .cursor/rules/*.mdc,
+.clinerules/*.md, .windsurf/rules/*.md, .github/copilot-instructions.md,
+or CONVENTIONS.md. Treat them all as a single combined rule set,
+attributing context by their headings when relevant.
+
+Criteria for blocking:
+- Only block clear, specific rule violations.
+- When ambiguous, allow the operation (avoid over-blocking).
+- Anything not mentioned in the rules is NOT a violation.
+
+When you do block, the "reason" field MUST do two things:
+1. Name the violated rule (or quote the relevant line from the
+   instruction file).
+2. Describe the next correct step the agent should take instead.
+   Treat the reason as guidance, not just a denial. The agent reads
+   the reason and uses it to decide what to do next, so the more
+   actionable the guidance, the better.`;
+const HUMANIZED_LANGS = {
+    en: 'English',
+    ja: 'Japanese',
+    zh: 'Chinese',
+    ko: 'Korean',
+    fr: 'French',
+    de: 'German',
+    es: 'Spanish',
+    pt: 'Portuguese',
+    it: 'Italian',
+    ru: 'Russian',
+    tr: 'Turkish',
+    ar: 'Arabic',
+};
+function humanizeLang(code) {
+    const lower = code.toLowerCase();
+    return HUMANIZED_LANGS[lower] ?? code;
+}
+function buildLanguageDirective(reasonLang) {
+    if (reasonLang && reasonLang.toLowerCase() !== 'auto') {
+        return `Output language:
+- Always write the "reason" field in ${humanizeLang(reasonLang)},
+  regardless of the language used in the instruction files. If you
+  quote a rule that was written in a different language, keep the
+  quote in its original language but write the surrounding guidance
+  in ${humanizeLang(reasonLang)}.`;
+    }
+    return `Output language:
+- Match the dominant language of the instruction files when writing
+  the "reason" field. If the files are mixed or ambiguous, default to
+  English. This default keeps reasons grep-friendly for users who
+  share logs across teams.`;
+}
+function getSystemPrompt(reasonLang) {
+    return `${BASE_PROMPT}
+
+${buildLanguageDirective(reasonLang)}`;
+}
+/**
+ * Backwards-compatible constant export used by older callers and tests.
+ * Equivalent to getSystemPrompt() with auto language behavior.
+ */
+exports.SYSTEM_PROMPT = getSystemPrompt();

package/dist/validation/validator.d.ts

@@ -0,0 +1,5 @@
+import { ValidationResult } from '../contracts/types/ValidationResult';
+import { RuleSource } from '../contracts/types/RuleSource';
+import { IModelClient } from '../contracts/types/ModelClient';
+export declare function validator(rules: RuleSource[], toolName: string, toolInput: Record<string, unknown>, modelClient: IModelClient): Promise<ValidationResult>;
+//# sourceMappingURL=validator.d.ts.map

package/dist/validation/validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../src/validation/validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAA;AAQ7D,wBAAsB,SAAS,CAC7B,KAAK,EAAE,UAAU,EAAE,EACnB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,WAAW,EAAE,YAAY,GACxB,OAAO,CAAC,gBAAgB,CAAC,CAa3B"}

package/dist/validation/validator.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validator = validator;
+const context_1 = require("./prompts/context");
+async function validator(rules, toolName, toolInput, modelClient) {
+    try {
+        const prompt = (0, context_1.buildPrompt)(rules, toolName, toolInput);
+        const response = await modelClient.ask(prompt);
+        return parseModelResponse(response);
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+        return {
+            decision: undefined,
+            reason: `Validation error (allowing operation): ${errorMessage}`,
+        };
+    }
+}
+function parseModelResponse(response) {
+    const jsonString = extractJsonString(response);
+    const parsed = JSON.parse(jsonString);
+    return {
+        decision: parsed.decision === 'block' ? 'block' : undefined,
+        reason: parsed.reason ?? '',
+    };
+}
+function extractJsonString(response) {
+    if (!response) {
+        throw new Error('No response from model');
+    }
+    const jsonFromCodeBlock = extractFromJsonCodeBlock(response);
+    if (jsonFromCodeBlock)
+        return jsonFromCodeBlock;
+    const jsonFromGenericBlock = extractFromGenericCodeBlock(response);
+    if (jsonFromGenericBlock)
+        return jsonFromGenericBlock;
+    const plainJson = extractPlainJson(response);
+    if (plainJson)
+        return plainJson;
+    return response;
+}
+function extractFromJsonCodeBlock(response) {
+    const startPattern = '```json';
+    const endPattern = '```';
+    let startIndex = 0;
+    let lastBlock = null;
+    let blockStart = response.indexOf(startPattern, startIndex);
+    while (blockStart !== -1) {
+        const contentStart = blockStart + startPattern.length;
+        const blockEnd = response.indexOf(endPattern, contentStart);
+        if (blockEnd === -1)
+            break;
+        lastBlock = response.substring(contentStart, blockEnd).trim();
+        startIndex = blockEnd + endPattern.length;
+        blockStart = response.indexOf(startPattern, startIndex);
+    }
+    return lastBlock;
+}
+function extractFromGenericCodeBlock(response) {
+    const startPattern = '```';
+    let lastValidBlock = null;
+    let searchFrom = 0;
+    while (true) {
+        const blockStart = response.indexOf(startPattern, searchFrom);
+        if (blockStart === -1)
+            break;
+        let contentStart = blockStart + startPattern.length;
+        while (contentStart < response.length && /\s/.test(response[contentStart])) {
+            contentStart++;
+        }
+        const blockEnd = response.indexOf(startPattern, contentStart);
+        if (blockEnd === -1)
+            break;
+        const content = response.substring(contentStart, blockEnd).trim();
+        if (isValidJson(content)) {
+            lastValidBlock = content;
+        }
+        searchFrom = blockEnd + startPattern.length;
+    }
+    return lastValidBlock;
+}
+function extractPlainJson(response) {
+    const pattern = /\{[^{}]*"decision"[^{}]*"reason"[^{}]*}|\{[^{}]*"reason"[^{}]*"decision"[^{}]*}/g;
+    const matches = response.match(pattern);
+    if (!matches)
+        return null;
+    const lastMatch = matches[matches.length - 1];
+    return isValidJson(lastMatch) ? lastMatch : null;
+}
+function isValidJson(str) {
+    try {
+        JSON.parse(str);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "@hiro-c/agent-gate",
+  "version": "1.0.0",
+  "description": "Runtime rule enforcer for AI coding agents. Reads CLAUDE.md / AGENTS.md / .cursorrules and enforces them via Claude Code and Cursor hooks, with a deterministic safety baseline.",
+  "author": "Hiro-Chiba",
+  "license": "MIT",
+  "homepage": "https://github.com/Hiro-Chiba/agent-gate#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Hiro-Chiba/agent-gate.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Hiro-Chiba/agent-gate/issues"
+  },
+  "keywords": [
+    "claude",
+    "claude-code",
+    "claude-md",
+    "agents-md",
+    "cursor",
+    "cursor-hooks",
+    "cursor-rules",
+    "ai-agent",
+    "ai-tools",
+    "hooks",
+    "guardrail",
+    "linter",
+    "code-quality"
+  ],
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "agent-gate": "dist/cli/agent-gate.js"
+  },
+  "files": [
+    "dist",
+    "!dist/*.tsbuildinfo",
+    "README.md",
+    "LICENSE",
+    "AGENTS.md"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "scripts": {
+    "build": "tsc --build tsconfig.build.json",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit",
+    "checks": "npm run typecheck && npm run test",
+    "prepublishOnly": "npm run checks && npm run build"
+  },
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.90.0",
+    "jiti": "^2.7.0",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/node": "^25.6.0",
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.4"
+  }
+}