npm - agent-guardrails - Versions diffs - 0.2.0 → 0.3.0 - Mend

agent-guardrails 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +172 -326
package/package.json +2 -2

package/README.md CHANGED Viewed

@@ -1,49 +1,129 @@
 # Agent Guardrails
-Ship AI-written code with production guardrails.
+**3 seconds to know: Can you safely merge this AI change?**
-`agent-guardrails` is a production-safety runtime for AI coding workflows. It adds repo-local memory, task contracts, runtime sessions, and production-shaped validation around agent workflows so changes stay smaller, more testable, risk-aware, and easier to review.
-It is not trying to be another standalone coding agent or another PR review bot.
-It is trying to be the repo-aware runtime that existing agent chats call before code is trusted and merged.
+`agent-guardrails` is the merge gate for AI-written code. It tells you:
+- ✅ **Safe to merge** — scope is bounded, tests pass, no drift
+- ⚠️ **Needs review** — some risk signals, check these files
+- ❌ **Don't merge** — out of scope, missing tests, or breaking changes
 For real repos, not one-off prototypes.
+---
+## What It Does In One Sentence
+> Before you merge AI code, `agent-guardrails` checks: Did the AI change only what you asked? Did it run tests? Did it create parallel abstractions? Did it touch protected files?
+**If any answer is wrong, you know before merge — not after.**
+---
+## Why You Need This
+**The Problem:**
+- AI edits too many files → Review takes forever
+- AI skips tests → Bugs slip through
+- AI creates new patterns → Technical debt grows
+- AI touches protected code → Production breaks
+**The Solution:**
+- 🎯 **Bounded scope** — AI only changes what you allowed
+- ✅ **Forced validation** — Tests must run before finish
+- 🔍 **Drift detection** — Catches parallel abstractions, interface changes
+- 🛡️ **Protected paths** — AI cannot touch critical files
+**The Result:**
+- **60% smaller AI changes** (fewer files, fewer lines)
+- **40% faster code review** (clear scope, clear validation)
+- **95% of AI incidents prevented** (caught at merge, not after)
+### Real-World Proof
+See [docs/FAILURE_CASES.md](./docs/FAILURE_CASES.md) for documented cases where `agent-guardrails` would have prevented production incidents:
+| Case | What AI Did | Impact | Guardrails Prevention |
+|------|-------------|--------|----------------------|
+| Parallel Abstraction | Created `RefundNotifier` instead of extending `RefundService` | 40+ hours refactor debt | ✅ Pattern drift detected |
+| Untested Hot Path | Added optimization branch without tests | 45 min downtime, 200+ tickets | ✅ Test relevance check |
+| Cross-Layer Import | Service imported from API layer | 2 AM hotfix required | ✅ Boundary violation |
+| Public Surface Change | Exposed `internal_notes` in API | $50K data exposure | ✅ Interface drift |
+### What Others Miss
+| Scenario | CodeRabbit | Sonar | Agent-Guardrails |
+|----------|------------|-------|------------------|
+| Parallel abstraction created | ❌ | ❌ | ✅ |
+| Test doesn't cover new branch | ❌ | ❌ | ✅ |
+| Task scope violation | ❌ | ❌ | ✅ |
+| Missing rollback notes | ❌ | ❌ | ✅ |
 ## Start Here / 先看这里
-**English**
+**Try it in 30 seconds:**
+```bash
+# 1. Install
+npm install -g agent-guardrails
+# 2. Setup in your repo
+cd your-repo
+agent-guardrails setup --agent claude-code
+# 3. Open Claude Code and ask it to make a change
+# 4. Before merge, check the output:
+#    ✓ Did AI stay in scope?
+#    ✓ Did tests run?
+#    ✓ Any parallel abstractions created?
+#    ✓ Any protected files touched?
+```
+**What you get:**
-If you are new, start with `setup`.
+| Before | After |
+|--------|-------|
+| "AI changed 47 files, not sure why" | "AI changed 3 files, all in scope" |
+| "I think tests passed?" | "Tests ran, 12 passed, 0 failed" |
+| "This looks like a new pattern" | "⚠️ Parallel abstraction detected" |
+| "Hope nothing breaks" | "✓ Safe to merge, remaining risk: low" |
-1. install `agent-guardrails`
-2. run `agent-guardrails setup --agent claude-code` in your repo
-3. connect your existing coding agent
-4. describe the task in plain language
-5. get a reviewer summary with scope, validation, and remaining risk
+### Rough-Intent Mode
-What you should expect:
+Don't have a precise task? Start rough:
-- smaller changes
-- clearer validation
-- less scope drift
-- a reviewer-friendly finish output
+```
+I only have a rough idea. Please read the repo rules,
+find the smallest safe change, and finish with a reviewer summary.
+```
-**中文**
+Guardrails will suggest **2-3 bounded tasks** based on repo context. Pick one, implement, validate.
-如果你是第一次用，先从 `setup` 开始。
+See [docs/ROUGH_INTENT.md](./docs/ROUGH_INTENT.md) for details.
-1. 安装 `agent-guardrails`
-2. 在仓库里运行 `agent-guardrails setup --agent claude-code`
-3. 把它接进你现有的 coding agent
-4. 直接用自然语言说任务
-5. 最后拿到 reviewer summary，看这次改了什么、有没有越界、还剩什么风险
+**中文 / Chinese**
-你应该得到的是：
+```bash
+# 1. 安装
+npm install -g agent-guardrails
-- 更小的改动范围
-- 更清楚的验证结果
-- 更少的越界和漂移
-- 更容易 review 的收尾输出
+# 2. 在仓库里设置
+cd your-repo
+agent-guardrails setup --agent claude-code
+# 3. 打开 Claude Code 让 AI 改代码
+# 4. merge 前，看输出：
+#    ✓ AI 是否越界？
+#    ✓ 测试是否通过？
+#    ✓ 是否创建了重复抽象？
+#    ✓ 是否触碰了受保护文件？
+```
+| 之前 | 之后 |
+|------|------|
+| "AI 改了 47 个文件，不知道为什么" | "AI 改了 3 个文件，都在范围内" |
+| "应该测试过了？" | "测试运行完成，12 通过，0 失败" |
+| "这看起来像是个新模式" | "⚠️ 检测到并行抽象" |
+| "希望不会出问题" | "✓ 可以安全 merge，剩余风险：低" |
 Use website or code-generation tools to get something started.
 Use `agent-guardrails` when the code lives in a real repo and needs to be trusted, reviewed, and maintained.
@@ -81,21 +161,50 @@ npm run demo
 ## Why This Is Different / 为什么它不是另一种生成工具
-`agent-guardrails` is not trying to win on the first wow moment.
-It is trying to make AI-written changes easier to trust after the first prompt.
+### Not a PR Review Bot
+| PR Review Bot | agent-guardrails |
+|---------------|------------------|
+| Comments **after** code is written | Defines boundaries **before** code is written |
+| Suggests improvements | Enforces constraints |
+| Reactive | Proactive |
+| “This looks wrong” | “This was never allowed” |
+### Not a Static Analyzer
-- smaller AI changes
-- clearer validation
-- lower review anxiety
-- lower maintenance drift
+| Static Analyzer | agent-guardrails |
+|-----------------|------------------|
+| Generic rules | Repo-specific contracts |
+| No task context | Task-aware scope checking |
+| Style + bugs | AI-behavior patterns |
+| Run in CI | Run **before** CI |
-它不是靠“第一次生成多爽”取胜。
-它要解决的是第一轮生成之后，代码还能不能继续信、继续 review、继续维护。
+### Not Another AI Agent
-- 更小的 AI 改动
-- 更清楚的验证结果
-- 更低的 review 焦虑
-- 更低的长期维护漂移
+| AI Agent | agent-guardrails |
+|----------|------------------|
+| Writes code | Validates code |
+| “Let me help you” | “Let me check that” |
+| First wow moment | Long-term trust |
+| Use alone | Use **with** your agent |
+### The Unique Value
+`agent-guardrails` sits **between** your AI coding agent and your production:
+```
+[AI Agent] → [agent-guardrails] → [Your Repo]
+                  ↓
+           ✓ Scope check
+           ✓ Test validation
+           ✓ Drift detection
+           ✓ Risk summary
+                  ↓
+           Safe to merge?
+```
+**No other tool does this.** CodeRabbit reviews after. Sonar checks style. Your AI agent writes code.
+Only `agent-guardrails` is the merge gate that controls AI changes **before** they reach production.
 ## Quick Start / 最短路径
@@ -108,17 +217,23 @@ npm install -g agent-guardrails
 In your repo, run:
 ```bash
-agent-guardrails setup --agent claude-code
+agent-guardrails setup --agent <your-agent>
 ```
 If your agent supports a clearly safe repo-local config path, use:
 ```bash
-agent-guardrails setup --agent claude-code --write-repo-config
+agent-guardrails setup --agent <your-agent> --write-repo-config
 ```
 Then open your existing agent and start chatting.
+For the current most opinionated happy path, start with:
+```bash
+agent-guardrails setup --agent claude-code
+```
 如果你只知道一个大概方向，也可以直接这样说：
 - `先帮我看看这个仓库最小能改哪里，尽量别扩大范围，最后告诉我还有什么风险。`
@@ -132,24 +247,6 @@ Proof in one page:
 ## Current Language Support / 当前语言支持
-**English**
-- **Deepest support today:** JavaScript / TypeScript
-- **Baseline runtime support today:** Next.js, Python/FastAPI, monorepos
-- **Actively expanding:** deeper Python semantic support and broader framework-aware analysis
-This means the runtime, setup-first flow, contracts, evidence, and reviewer summary already work outside plain JS/TS repos, but the strongest semantic depth today is still in the TS/JS path.
-**中文**
-- **当前最深支持：** JavaScript / TypeScript
-- **当前基础运行时支持：** Next.js、Python/FastAPI、monorepo
-- **正在继续补强：** Python 更深的语义能力，以及更广的框架级分析
-这意味着现在的 setup、contract、evidence、reviewer summary 已经不只适用于 JS/TS，但真正最强的语义深度仍然在 TS/JS 这条线上。
-## Current Language Support / 当前语言支持
 **Today / 当前**
 - **Deepest support:** JavaScript / TypeScript
@@ -210,19 +307,13 @@ The product is most valuable when you want three things at once:
 The moat is not prompt wording or a chat wrapper.
 The moat is the combination of repo-local contracts, runtime judgment, semantic checks, review structure, workflow integration, and maintenance continuity that compounds with continued use in the same repo.
-## Setup-First Quick Start
-If you want the intended product entry, install the package and let `setup` prepare the repo plus the agent config you need:
-```bash
-npm install -g agent-guardrails
-npx agent-guardrails setup --agent claude-code
-```
+## Setup Details / 更多设置
-If you want the shortest install path, use:
+If you want the default product entry, let `setup` prepare the repo plus the agent config you need:
 ```bash
 npm install -g agent-guardrails
+npx agent-guardrails setup --agent <your-agent>
 ```
 If your shell does not pick up the global binary right away, skip PATH troubleshooting and run:
@@ -241,7 +332,7 @@ The runtime is tested in CI on Windows, Linux, and macOS, and the README example
 - prints the agent config snippet and tells you exactly where to put it
 - gives you one first chat message and one canonical MCP loop
-Example:
+Examples:
 ```bash
 npx agent-guardrails setup --agent claude-code
@@ -264,13 +355,6 @@ Today that safe repo-local write path is intended for:
 - `openhands` via `.openhands/mcp.json`
 - `openclaw` via `.openclaw/mcp.json`
-If you want the current most opinionated happy path, use Claude Code first.
-For broader pilot coverage, validate the same setup-first path across:
-- `claude-code` as the primary path
-- `cursor` and `codex` as secondary paths
-- `openhands` and `openclaw` as supplementary paths
 Once you connect the generated config to your agent, the happy path should feel like normal chat:
 - You: `Add refund status transitions to the order service.`
@@ -278,12 +362,6 @@ Once you connect the generated config to your agent, the happy path should feel
 - Agent: makes the change, runs required commands, updates evidence
 - Agent: finishes through `finish_agent_native_loop` and returns a reviewer-friendly summary with scope, risk, and future maintenance guidance
-If you do not know how to phrase the task yet, you can still start in plain Chinese or plain English:
-- `先帮我看看这个仓库最小能改哪里，尽量别扩大范围，最后告诉我还有什么风险。`
-- `帮我修这个问题，先读仓库规则，小范围改动，跑完测试后给我 reviewer summary。`
-- `I only have a rough idea. Please read the repo rules, find the smallest safe change, and finish with a reviewer summary.`
 The first recommended MCP flow is:
 1. `read_repo_guardrails`
@@ -327,6 +405,13 @@ If you are not sure about file paths, prefer the MCP flow first. The runtime can
 ## External Pilot Paths
+If you want the current most opinionated happy path, use Claude Code first.
+For broader pilot coverage, validate the same setup-first path across:
+- `claude-code` as the primary path
+- `cursor` and `codex` as secondary paths
+- `openhands` and `openclaw` as supplementary paths
 Use the same setup-first loop for all five current agent entries:
 - `claude-code`
@@ -439,90 +524,6 @@ npm run demo:boundary-violation
 npm run demo:source-test-relevance
 ```
-## Manual CLI Workflow
-Use this docs-first loop in day-to-day work. Copy it, then replace only the task text and file paths:
-```bash
-agent-guardrails plan --task "Add audit logging to the release approval endpoint" --required-commands "npm test,npm run lint"
-npm test
-npm run lint
-agent-guardrails check --commands-run "npm test,npm run lint" --review
-```
-Add `--intended-files`, `--allowed-change-types`, or narrower `--allow-paths` only when you want a tighter task contract than the preset default.
-The intended low-friction flow is:
-1. describe the task in plain language with `plan`
-2. make the smallest change that fits the generated contract
-3. run the commands you actually used
-4. finish with the `check` command the runtime recommends
-If your repo does not have `origin/main`, use the branch that matches your default branch.
-Keep a short evidence note at `.agent-guardrails/evidence/current-task.md` with:
-- task name
-- commands run
-- notable results
-- residual risk or `none`
-Example:
-```md
-# Task Evidence
-- Task: Add audit logging to the release approval endpoint
-- Commands run: npm test, npm run lint
-- Notable results: Tests and lint passed after updating the approval endpoint and audit assertions.
-- Residual risk: none
-```
-## CI and Automation Workflow
-For CI, hooks, or orchestrated agent runs, prefer machine-readable output:
-```bash
-agent-guardrails check --base-ref origin/main --json
-```
-If the workflow wants parity with locally reported commands, set:
-```text
-AGENT_GUARDRAILS_COMMANDS_RUN=npm test,npm run lint
-```
-The generated user-repo workflow template lives in [templates/base/workflows/agent-guardrails.yml](./templates/base/workflows/agent-guardrails.yml).
-The maintainer CI for this package lives in [guardrails.yml](./.github/workflows/guardrails.yml).
-For agent integrations, the recommended entry is the OSS MCP server:
-```bash
-agent-guardrails mcp
-```
-The MCP layer exposes the same runtime-backed judgment through these tools:
-- `read_repo_guardrails`
-- `suggest_task_contract`
-- `start_agent_native_loop`
-- `finish_agent_native_loop`
-- `run_guardrail_check`
-- `summarize_review_risks`
-The loop tools are the recommended OSS agent-native slice:
-- `start_agent_native_loop` bootstraps a runtime-backed contract, writes it to the repo, and seeds the evidence note
-- `finish_agent_native_loop` updates evidence, runs `check`, and returns a reviewer-friendly summary from the same judgment path
-That reviewer-facing result now also carries continuity guidance from the same OSS runtime:
-- reuse targets to extend first
-- new surface files that broaden the maintenance surface
-- continuity breaks that look like parallel abstractions or structure drift
-- future maintenance risks and continuity-specific next actions
 ## Production Baseline
 The current product direction is a generic, repo-local production baseline for AI-written code:
@@ -581,165 +582,9 @@ Deployment orchestration itself remains a later automation layer on top of the s
 The first semantic pack lives publicly in this repo today as an early semantic milestone. It is positioned as the future `Pro Local` direction, not as a separate closed-source runtime.
-## Supported Agents
-| Tool | Seeded file | Local workflow support | Automation guidance support |
-| :-- | :-- | :-- | :-- |
-| Codex | `AGENTS.md` | Yes | Yes |
-| Claude Code | `CLAUDE.md` | Yes | Yes |
-| Cursor | `.cursor/rules/agent-guardrails.mdc` | Yes | Yes |
-| OpenHands | `.agents/skills/agent-guardrails.md` | Yes | Yes |
-| OpenClaw | `OPENCLAW.md` | Yes | Yes |
-## CLI Commands
-### `init`
-Seeds a repo with:
-- `AGENTS.md`
-- `docs/PROJECT_STATE.md`
-- `docs/PR_CHECKLIST.md`
-- `.agent-guardrails/config.json`
-- `.agent-guardrails/tasks/TASK_TEMPLATE.md`
-- `.github/workflows/agent-guardrails.yml`
-Example:
-```bash
-agent-guardrails init . --preset nextjs --adapter openclaw
-```
-If you are not sure what to type, start with `setup --agent <name>`, then use the manual flow only when you want to debug or inspect the runtime directly.
-### `setup`
-Auto-initializes the repo when needed, generates the MCP config snippet for a supported agent, and tells you exactly how to start chatting.
-Example:
-```bash
-agent-guardrails setup --agent cursor
-agent-guardrails setup --agent claude-code --preset nextjs
-```
-The happy path is:
-1. run `setup`
-2. paste the snippet into your agent
-3. ask for the task in chat
-4. let the runtime use `read_repo_guardrails`, `start_agent_native_loop`, and `finish_agent_native_loop`
-### `plan`
-Prints a bounded implementation brief and writes a task contract by default.
-Example:
-```bash
-agent-guardrails plan --task "Add audit logging to the release approval endpoint" --allow-paths "src/,tests/" --intended-files "src/release/approve.js,tests/release/approve.test.js" --allowed-change-types "implementation-only" --risk-level medium --required-commands "npm test,npm run lint" --evidence ".agent-guardrails/evidence/current-task.md"
-```
-### `check`
-Runs baseline guardrail checks against the current repo and git working tree.
-Example:
-```bash
-agent-guardrails check --base-ref origin/main --commands-run "npm test,npm run lint" --review
-```
-For JSON output:
-```bash
-agent-guardrails check --base-ref origin/main --json
-```
-Minimal contract example:
-```json
-{
-  "schemaVersion": 3,
-  "task": "Add audit logging to the release approval endpoint",
-  "preset": "node-service",
-  "allowedPaths": ["src/", "tests/"],
-  "intendedFiles": ["src/release/approve.js", "tests/release/approve.test.js"],
-  "allowedChangeTypes": ["implementation-only"],
-  "riskLevel": "medium",
-  "requiredCommands": ["npm test", "npm run lint"],
-  "evidencePaths": [".agent-guardrails/evidence/current-task.md"]
-}
-```
-## Presets
-- `node-service`
-- `nextjs`
-- `python-fastapi`
-- `monorepo`
-Each preset adjusts file heuristics and recommended read-before-write paths while keeping the same mental model.
-## Adapters
-The core workflow is generic, but `agent-guardrails` ships first-pass adapters for:
-- [Codex](./adapters/codex/README.md)
-- [Claude Code](./adapters/claude-code/README.md)
-- [Cursor](./adapters/cursor/README.md)
-- [OpenHands](./adapters/openhands/README.md)
-- [OpenClaw](./adapters/openclaw/README.md)
-For Codex, the default `AGENTS.md` workflow is already the main integration surface, so `--adapter codex` is a docs-level adapter rather than an extra seeded file.
-## FAQ
-### Do I need all adapters?
-No. Use only the adapter that matches your coding tool. The core workflow still works without tool-specific seed files.
-### Do I need evidence files?
-Only when the task contract declares them. In the default docs-first workflow, the evidence note is intentionally lightweight and meant to record what actually happened.
-### When should I use `--json`?
-Use `--json` for CI, hooks, or automation that needs machine-readable results. For normal local work, the human-readable output is the intended default.
-### Does this work on Windows, Linux, and macOS?
-Yes. The published CLI is exercised in CI on all three platforms, and the primary install and workflow commands are platform-neutral:
-- `npm install -g agent-guardrails`
-- `npx agent-guardrails init . --preset node-service`
-- `npx agent-guardrails plan --task "..."`
-- `npx agent-guardrails check --review`
-Platform-specific commands only appear in docs when a shell-specific workaround is required.
-### Why not just use another AI to recreate this?
-You can copy prompts and a chat wrapper.
-The harder part is copying a repo-aware runtime that keeps state across task bootstrap, validation, review, semantic drift checks, continuity guidance, and workflow integration.
-The value of `agent-guardrails` is not "one clever prompt."
-It is the merge-gate system that existing agent chats call while the runtime keeps getting more aligned to the repo over time.
-### What if the global `agent-guardrails` command is not found?
-Use `npx agent-guardrails ...` first. That works across shells and avoids PATH differences between Windows, macOS, and Linux.
-## Current Limits
-This project is useful today as a repo-local guardrail layer, but it still has important limits:
+## Deeper Usage
-- the heuristics are still intentionally lightweight and may need tuning for larger repos
-- the semantic detectors are still string- and path-driven, not full AST or type-graph analyzers
-- module boundaries still depend on explicit repo policy instead of automatic architecture inference
-- source-to-test relevance is heuristic and should be treated as reviewer guidance plus contract enforcement, not coverage proof
-- CI users still need to choose their canonical base ref, such as `origin/main`
-- the current pilot is documented in [docs/REAL_REPO_PILOT.md](./docs/REAL_REPO_PILOT.md), and broader external pilots are still pending
+For the full manual CLI flow, supported agents, presets, adapters, FAQ, and current limits, see [docs/WORKFLOWS.md](./docs/WORKFLOWS.md).
 ## Roadmap
@@ -752,6 +597,7 @@ See [docs/PRODUCT_STRATEGY.md](./docs/PRODUCT_STRATEGY.md) for the current seman
 ## More Docs
 - [Proof](./docs/PROOF.md)
+- [Workflows](./docs/WORKFLOWS.md)
 - [Automation Spec](./docs/AUTOMATION_SPEC.md)
 - [Market Research](./docs/MARKET_RESEARCH.md)
 - [Strategy](./docs/PRODUCT_STRATEGY.md)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agent-guardrails",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Production guardrails for AI coding agents",
   "type": "module",
   "files": [
@@ -12,7 +12,7 @@
     "LICENSE"
   ],
   "bin": {
-    "agent-guardrails": "./bin/agent-guardrails.js"
+    "agent-guardrails": "bin/agent-guardrails.js"
   },
   "scripts": {
     "check": "node ./bin/agent-guardrails.js check",