ai-guard-plugins 1.1.0

package/.github/workflows/publish.yml

@@ -0,0 +1,42 @@
+# Publish to npm via Trusted Publishing (OIDC)
+# ──────────────────────────────────────────────
+# Publishes to npm when a version tag is pushed (pairs with release.yml).
+# Uses OIDC-based trusted publishing — no NPM_TOKEN secret needed.
+#
+# Setup (one-time):
+#   1. Go to https://www.npmjs.com/package/ai-guard-plugins/access
+#   2. Under "Trusted Publishers", add:
+#        - Repository owner: YosefHayim
+#        - Repository name: ai-guard-plugins
+#        - Workflow filename: publish.yml
+#        - Environment: (leave empty)
+
+name: Publish Package
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Update npm for trusted publishing support
+        run: npm install -g npm@latest
+
+      - name: Publish to npm
+        run: npm publish --access public --provenance

package/.github/workflows/release.yml

@@ -0,0 +1,156 @@
+# Automated Release Workflow
+# ─────────────────────────
+# Bumps version, creates Git tag, and publishes a GitHub Release
+# when a PR is merged into `main` or a commit is pushed directly.
+#
+# Version bump is determined by PR labels (or defaults to patch for direct pushes):
+#   - `major` → breaking changes (1.0.0 → 2.0.0)
+#   - `minor` → new features    (1.0.0 → 1.1.0)
+#   - `patch` → bug fixes       (1.0.0 → 1.0.1)  [default]
+#   - `no-release` → skip entirely
+#
+# The tag push triggers publish.yml for npm publishing.
+
+name: Release
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    types: [closed]
+    branches: [main]
+
+concurrency:
+  group: release
+  cancel-in-progress: false
+
+jobs:
+  release:
+    if: >
+      (github.event_name == 'push' && !startsWith(github.event.head_commit.message, 'chore(release):')) ||
+      (github.event_name == 'pull_request' && github.event.pull_request.merged == true &&
+       !contains(github.event.pull_request.labels.*.name, 'no-release'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Configure Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Check if release needed
+        id: skip_check
+        run: |
+          if git describe --exact-match HEAD >/dev/null 2>&1; then
+            echo "HEAD is already tagged — skipping release"
+            echo "skip=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "skip=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Get release description
+        if: steps.skip_check.outputs.skip != 'true'
+        id: desc
+        run: |
+          if [ "${{ github.event_name }}" = "push" ]; then
+            echo "title=$(git log -1 --pretty=format:'%s')" >> "$GITHUB_OUTPUT"
+          else
+            echo "title=${{ github.event.pull_request.title }}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Determine version bump
+        if: steps.skip_check.outputs.skip != 'true'
+        id: bump
+        env:
+          LABELS: ${{ toJson(github.event.pull_request.labels.*.name) }}
+        run: |
+          if [ "${{ github.event_name }}" = "push" ]; then
+            echo "type=patch" >> "$GITHUB_OUTPUT"
+          elif echo "$LABELS" | grep -q '"major"'; then
+            echo "type=major" >> "$GITHUB_OUTPUT"
+          elif echo "$LABELS" | grep -q '"minor"'; then
+            echo "type=minor" >> "$GITHUB_OUTPUT"
+          else
+            echo "type=patch" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Bump version in package.json
+        if: steps.skip_check.outputs.skip != 'true'
+        id: version
+        run: |
+          if ! node -e "const p = require('./package.json'); if (!p.version) process.exit(1);" 2>/dev/null; then
+            echo "No version found in package.json — initializing to 0.1.0"
+            npm pkg set version=0.1.0
+          fi
+          NEW_VERSION=$(npm version ${{ steps.bump.outputs.type }} --no-git-tag-version)
+          echo "version=$NEW_VERSION" >> "$GITHUB_OUTPUT"
+          echo "Bumped to $NEW_VERSION (${{ steps.bump.outputs.type }})"
+
+      - name: Build release notes from commits
+        if: steps.skip_check.outputs.skip != 'true'
+        id: notes
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          BUMP_TYPE: ${{ steps.bump.outputs.type }}
+        run: |
+          PREV_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+          if [ -n "$PREV_TAG" ]; then
+            COMMITS=$(git log "$PREV_TAG"..HEAD --pretty=format:"- %s (%h)" --no-merges)
+          else
+            COMMITS=$(git log --pretty=format:"- %s (%h)" --no-merges -20)
+          fi
+          {
+            echo "body<<RELEASE_EOF"
+            echo "## What Changed"
+            echo ""
+            if [ "${{ github.event_name }}" = "push" ]; then
+              echo "**Direct push to ${GITHUB_REF_NAME}**"
+            else
+              echo "**PR:** [#${PR_NUMBER} — ${PR_TITLE}](${PR_URL})"
+            fi
+            echo "**Bump:** \`${BUMP_TYPE}\`"
+            echo ""
+            echo "### Commits"
+            echo ""
+            echo "$COMMITS"
+            echo ""
+            echo "RELEASE_EOF"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Commit version bump and create tag
+        if: steps.skip_check.outputs.skip != 'true'
+        run: |
+          git add package.json
+          git commit -m "chore(release): ${{ steps.version.outputs.version }}"
+          git tag -a "${{ steps.version.outputs.version }}" \
+            -m "Release ${{ steps.version.outputs.version }} — ${{ steps.desc.outputs.title }}"
+          git push origin main --follow-tags
+
+      - name: Create GitHub Release
+        if: steps.skip_check.outputs.skip != 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAG: ${{ steps.version.outputs.version }}
+        run: |
+          gh release create "$TAG" \
+            --title "$TAG — ${{ steps.desc.outputs.title }}" \
+            --notes "${{ steps.notes.outputs.body }}" \
+            --latest
+
+      # npm publish is handled by publish.yml (triggered by the tag created above)

package/CONTRIBUTING.md

@@ -0,0 +1,56 @@
+# Contributing to ai-guard-plugins
+
+Thanks for your interest in contributing! Every plugin in this repo was born from a real pain point during AI-assisted development. If you've hit a scenario that should be caught, we want it here.
+
+## Adding a New Plugin
+
+1. **Fork** and create a branch from `main`
+2. Create your plugin in `plugins/your-plugin-name.ts`
+3. Follow the existing plugin patterns:
+
+```typescript
+import type { Plugin } from '@opencode-ai/plugin';
+
+export const YourPluginName: Plugin = async () => {
+  return {
+    // Intercept before tool execution
+    'tool.execute.before': async (input, output) => { },
+
+    // React after tool execution
+    'tool.execute.after': async (input, output) => { },
+
+    // Listen to session events
+    event: async ({ event }) => { },
+  };
+};
+```
+
+4. Update `README.md` with:
+   - Plugin name and one-line description
+   - Table of real scenarios that led to its creation
+   - Any dependencies required
+5. Add the plugin to `install.yaml` choices
+6. Submit a PR with a clear description
+
+## Plugin Guidelines
+
+- **Solve a real problem.** Every plugin must include the scenarios that motivated it.
+- **Zero dependencies preferred.** If you need an external tool, document it clearly.
+- **No `any` types.** Use proper TypeScript types throughout.
+- **Fail gracefully.** Plugins should never crash the host agent. Use try/catch where appropriate.
+- **Log clearly.** Use `console.warn` or `console.error` with a prefix like `[your-plugin]`.
+- **Don't block unnecessarily.** Only `throw` to block a tool call when the violation is clear-cut.
+
+## Reporting Issues
+
+Found a false positive? A scenario that should be caught but isn't? Open an issue with:
+
+1. The plugin name
+2. What happened (expected vs actual)
+3. Steps to reproduce
+
+## Code Style
+
+- TypeScript with strict types
+- No `as any`, `@ts-ignore`, or `@ts-expect-error`
+- Biome for formatting (run `npx biome check --fix` before committing)

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yosef Hayim Sabag
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,247 @@
+# ai-guard-plugins
+
+> Production-hardened plugins for [Claude Code](https://docs.anthropic.com/en/docs/claude-code), [OpenCode](https://opencode.ai), [Cline](https://cline.bot), [Cursor](https://cursor.com), & [Kilo Code](https://kilocode.ai) — battle-tested hooks from real AI-assisted development that catch costly mistakes before they happen.
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+[![Plugins](https://img.shields.io/badge/Plugins-6-blue.svg)](#plugins)
+[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](CONTRIBUTING.md)
+
+---
+
+## Install
+
+```bash
+# Download and inspect before running
+curl -fsSL https://raw.githubusercontent.com/YosefHayim/ai-guard-plugins/main/install.sh -o /tmp/ai-guard-install.sh
+less /tmp/ai-guard-install.sh  # inspect first
+bash /tmp/ai-guard-install.sh
+
+# Specify platform explicitly
+AI_GUARD_PLATFORM=opencode bash /tmp/ai-guard-install.sh
+AI_GUARD_PLATFORM=claude bash /tmp/ai-guard-install.sh
+AI_GUARD_PLATFORM=cline bash /tmp/ai-guard-install.sh
+AI_GUARD_PLATFORM=cursor bash /tmp/ai-guard-install.sh
+AI_GUARD_PLATFORM=kilo bash /tmp/ai-guard-install.sh
+
+# Pin to a specific version
+INSTALL_VERSION=v1.0.0 bash /tmp/ai-guard-install.sh
+```
+
+Or pick what you need with the interactive wizard ([grimoire-wizard](https://github.com/YosefHayim/grimoire) required):
+
+```bash
+npx grimoire-wizard run https://raw.githubusercontent.com/YosefHayim/ai-guard-plugins/main/install.yaml
+```
+
+---
+
+## Why This Exists
+
+AI coding assistants are powerful but reckless. Left unchecked, they will:
+
+- **Freeze for 10+ minutes** retrying a billing error that will never resolve
+- **Burn your entire context window** on a 50K-char paste they could have summarized
+- **Silently duplicate** code that already exists two directories over
+- **Add `as any`** to "fix" a type error instead of solving it
+- **Create TODO placeholders** they promise to fill in "later" (they won't)
+- **Repeat the same mistakes** across sessions because they have no memory
+
+These plugins are the guardrails. They intercept, warn, block, and learn — so you don't have to babysit.
+
+---
+
+## Plugins
+
+### 💳 billing-guard
+
+**Catches billing errors before infinite retry freezes.**
+
+When an API provider runs out of credits or has no payment method, the agent enters a retry loop that never resolves — burning tokens and your time. This plugin intercepts billing-related error responses and immediately interrupts with a clear message.
+
+| Scenario | What happened | Time wasted |
+|----------|--------------|-------------|
+| OpenAI billing inactive | Agent retried 4x then froze | 12 minutes |
+| Cloudflare quota exceeded | Infinite generation loop | 8 minutes |
+| Gemini invalid API key | Burned context on retries | 15 minutes |
+
+**Patterns detected:** `No payment method`, `account is not active`, `billing details`, `quota exceeded`, `insufficient funds`, `plan expired`, `subscription inactive`
+
+---
+
+### 🧹 auto-lint-fix
+
+**Auto-formats code after every write/edit.**
+
+Every time the agent writes or edits a TypeScript/JavaScript file, Biome runs `check --fix --unsafe` immediately. No more commit-time lint failures or wasted tool calls on "fix formatting."
+
+| Scenario | What happened |
+|----------|--------------|
+| Pre-commit hook rejects commit | Agent loses flow, wastes 2 tool calls fixing formatting |
+| Inconsistent style across files | Accumulated drift in multi-file changes |
+| Agent "fixes" lint manually | Extra tool call that Biome handles instantly |
+
+**Requires:** [Biome](https://biomejs.dev/) installed (path configurable in plugin)
+
+---
+
+### 📦 auto-summarize-input
+
+**Compresses large inputs to save context window tokens.**
+
+When pasted input exceeds 10,000 characters, this plugin auto-summarizes via Claude Haiku — keeping all code snippets, file paths, error messages, and requirements verbatim while stripping redundancy.
+
+| Scenario | Input size | After compression | Savings |
+|----------|-----------|-------------------|---------|
+| Full error log paste | 52K chars | 8K chars | 85% |
+| Stack trace with repeats | 28K chars | 4K chars | 86% |
+| Requirements doc | 35K chars | 9K chars | 74% |
+
+**Requires:** Active Anthropic API key (uses Claude Haiku)
+
+---
+
+### 🧠 capture-insights
+
+**Learns from recurring mistakes across sessions.**
+
+Monitors session messages for recurring patterns — DRY violations, type safety bypasses, scope creep, circular dependencies, security issues. Logs insights to a persistent JSONL file with counts, timestamps, and project associations. Auto-squeezes to keep the top 15 most frequent insights.
+
+| Pattern tracked | Example trigger |
+|----------------|----------------|
+| DRY violation | "already exists", "duplicat" |
+| Type safety bypass | `as any`, `ts-ignore` |
+| Scope creep | "refactor…minimal", "scope creep" |
+| Circular dependency | "circular import" |
+| Security | "secret", "credential", "token leak" |
+
+**Persistent memory** across sessions — the more you use it, the smarter it gets.
+
+---
+
+### 📏 cursorrules-enforcer
+
+**Enforces project coding standards on every file write.**
+
+Intercepts all write/edit operations and blocks violations with clear error messages. No more "I'll fix it later" from the agent.
+
+| Rule | What it blocks |
+|------|---------------|
+| Type cast | `as any`, `as unknown` |
+| TS suppression | `@ts-ignore`, `@ts-expect-error` |
+| CommonJS | `require()` in ESM projects |
+| Placeholders | `TODO`, `FIXME`, `HACK`, `// later` |
+| Naming | Underscore-prefixed variables and files |
+| Index logic | Business logic in index/barrel files |
+| Re-exports | Excessive re-exports in non-index files |
+
+---
+
+### 🔍 dry-guard
+
+**Warns before creating files that duplicate existing code.**
+
+When the agent creates a new file, this plugin searches the project for similar filenames (token matching), existing files in the target directory, and export/symbol collisions. Warns the agent to consider extending existing code.
+
+| Scenario | What it caught |
+|----------|---------------|
+| `utils/format-date.ts` | `utils/dates.ts` already had the same function |
+| New component in `components/` | 3 similar components already existed |
+| `UserService` export | Symbol already exported from `services/auth.ts` |
+
+---
+
+## Manual Install
+
+### OpenCode
+
+```bash
+# All plugins
+cp plugins/*.ts ~/.config/opencode/plugins/
+
+# Single plugin
+cp plugins/billing-guard.ts ~/.config/opencode/plugins/
+```
+
+### Claude Code
+
+```bash
+# All plugins
+cp plugins/*.ts ~/.claude/plugins/
+
+# Single plugin
+cp plugins/billing-guard.ts ~/.claude/plugins/
+```
+
+Restart your AI coding assistant after installing.
+
+---
+
+## Requirements
+
+| Plugin | Dependency |
+|--------|-----------|
+| auto-lint-fix | [Biome](https://biomejs.dev/) installed |
+| auto-summarize-input | Active Anthropic API key |
+| All others | None — zero dependencies |
+
+---
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## License
+
+[MIT](LICENSE)
+
+### Cline
+
+```bash
+# All hooks
+cp plugins/cline/hooks/* ~/.clinerules/hooks/
+chmod +x ~/.clinerules/hooks/*
+
+# Single hook
+cp plugins/cline/hooks/PreToolUse ~/.clinerules/hooks/
+chmod +x ~/.clinerules/hooks/PreToolUse
+```
+
+**Requires:** [jq](https://jqlang.github.io/jq/) installed
+
+### Cursor
+
+```bash
+# All rules
+cp plugins/cursor/rules/*.mdc .cursor/rules/
+
+# Single rule
+cp plugins/cursor/rules/code-standards.mdc .cursor/rules/
+```
+
+### Kilo Code
+
+```bash
+# All rules
+cp plugins/kilo/rules/*.md .kilo/rules/
+
+# Single rule
+cp plugins/kilo/rules/code-standards.md .kilo/rules/
+```
+
+---
+
+## Platform Support Matrix
+
+| Plugin | OpenCode | Claude Code | Cline | Cursor | Kilo Code |
+|--------|----------|-------------|-------|--------|-----------|
+| billing-guard | TypeScript plugin | TypeScript plugin | Bash hook (PreToolUse + PostToolUse) | Advisory rule (.mdc) | Advisory rule (.md) |
+| auto-lint-fix | TypeScript plugin | TypeScript plugin | Bash hook (PostToolUse) | Advisory rule (.mdc) | Advisory rule (.md) |
+| auto-summarize-input | TypeScript plugin | TypeScript plugin | Bash hook (UserPromptSubmit) | Advisory rule (.mdc) | Advisory rule (.md) |
+| capture-insights | TypeScript plugin | TypeScript plugin | Bash hook (TaskComplete) | Advisory rule (.mdc) | Advisory rule (.md) |
+| cursorrules-enforcer | TypeScript plugin | TypeScript plugin | Bash hook (PreToolUse) | Advisory rule (.mdc) | Advisory rule (.md) |
+| dry-guard | TypeScript plugin | TypeScript plugin | Bash hook (PreToolUse) | Advisory rule (.mdc) | Advisory rule (.md) |
+
+**Enforcement levels:**
+- **TypeScript plugins** (OpenCode/Claude Code): Programmatic — intercepts and blocks violations at runtime
+- **Bash hooks** (Cline): Programmatic — executable scripts that cancel or warn via JSON contract
+- **Advisory rules** (Cursor/Kilo): Instructional — AI follows rules as system prompt guidance (no programmatic enforcement)

package/install.sh

@@ -0,0 +1,129 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+VERSION="${INSTALL_VERSION:-main}"
+REPO_RAW="https://raw.githubusercontent.com/YosefHayim/ai-guard-plugins/${VERSION}/plugins"
+PLUGINS=(billing-guard auto-lint-fix auto-summarize-input capture-insights cursorrules-enforcer dry-guard)
+
+CLINE_HOOKS=(PreToolUse PostToolUse UserPromptSubmit TaskComplete)
+CURSOR_RULES=(billing-guard dry-guard code-standards auto-lint-fix auto-summarize-input capture-insights)
+KILO_RULES=(billing-guard dry-guard code-standards auto-lint-fix auto-summarize-input capture-insights)
+
+detect_platform() {
+  if [ -n "${AI_GUARD_PLATFORM:-}" ]; then
+    case "$AI_GUARD_PLATFORM" in
+      opencode) echo "opencode" ;;
+      claude)   echo "claude" ;;
+      cline)    echo "cline" ;;
+      cursor)   echo "cursor" ;;
+      kilo)     echo "kilo" ;;
+      *) echo "Unknown platform: $AI_GUARD_PLATFORM (use 'opencode', 'claude', 'cline', 'cursor', or 'kilo')" >&2; exit 1 ;;
+    esac
+    return
+  fi
+
+  if [ -d "$HOME/.config/opencode/plugins" ]; then
+    echo "opencode"
+  elif [ -d "$HOME/.claude/plugins" ] || [ -d "$HOME/.claude" ]; then
+    echo "claude"
+  elif [ -d "$HOME/.cline" ] || [ -d "$HOME/.clinerules" ]; then
+    echo "cline"
+  elif [ -d "$HOME/.cursor" ]; then
+    echo "cursor"
+  elif [ -d "$HOME/.kilo" ] || [ -d "$HOME/.kilocode" ]; then
+    echo "kilo"
+  else
+    echo ""
+  fi
+}
+
+PLATFORM=$(detect_platform)
+
+if [ -z "$PLATFORM" ]; then
+  echo "Could not detect platform. Set AI_GUARD_PLATFORM to one of:"
+  echo ""
+  echo "  AI_GUARD_PLATFORM=opencode bash install.sh"
+  echo "  AI_GUARD_PLATFORM=claude bash install.sh"
+  echo "  AI_GUARD_PLATFORM=cline bash install.sh"
+  echo "  AI_GUARD_PLATFORM=cursor bash install.sh"
+  echo "  AI_GUARD_PLATFORM=kilo bash install.sh"
+  exit 1
+fi
+
+install_opencode_claude() {
+  local dest="$1"
+  mkdir -p "$dest"
+  echo "Installing AI Guard Plugins (${VERSION}) to: $dest"
+  echo ""
+  for plugin in "${PLUGINS[@]}"; do
+    echo "  Downloading ${plugin}.ts..."
+    curl -fsSL "${REPO_RAW}/${plugin}.ts" -o "${dest}/${plugin}.ts"
+  done
+  echo ""
+  echo "Done! ${#PLUGINS[@]} plugins installed to ${dest}"
+}
+
+install_cline() {
+  local dest="$1"
+  mkdir -p "$dest"
+  echo "Installing AI Guard Hooks for Cline (${VERSION}) to: $dest"
+  echo ""
+  for hook in "${CLINE_HOOKS[@]}"; do
+    echo "  Downloading ${hook}..."
+    curl -fsSL "${REPO_RAW}/cline/hooks/${hook}" -o "${dest}/${hook}"
+    chmod +x "${dest}/${hook}"
+  done
+  echo ""
+  echo "Done! ${#CLINE_HOOKS[@]} hooks installed to ${dest}"
+  echo "Requires: jq (https://jqlang.github.io/jq/)"
+}
+
+install_cursor() {
+  local dest="$1"
+  mkdir -p "$dest"
+  echo "Installing AI Guard Rules for Cursor (${VERSION}) to: $dest"
+  echo ""
+  for rule in "${CURSOR_RULES[@]}"; do
+    echo "  Downloading ${rule}.mdc..."
+    curl -fsSL "${REPO_RAW}/cursor/rules/${rule}.mdc" -o "${dest}/${rule}.mdc"
+  done
+  echo ""
+  echo "Done! ${#CURSOR_RULES[@]} rules installed to ${dest}"
+}
+
+install_kilo() {
+  local dest="$1"
+  mkdir -p "$dest"
+  echo "Installing AI Guard Rules for Kilo Code (${VERSION}) to: $dest"
+  echo ""
+  for rule in "${KILO_RULES[@]}"; do
+    echo "  Downloading ${rule}.md..."
+    curl -fsSL "${REPO_RAW}/kilo/rules/${rule}.md" -o "${dest}/${rule}.md"
+  done
+  echo ""
+  echo "Done! ${#KILO_RULES[@]} rules installed to ${dest}"
+}
+
+case "$PLATFORM" in
+  opencode)
+    install_opencode_claude "$HOME/.config/opencode/plugins"
+    ;;
+  claude)
+    install_opencode_claude "$HOME/.claude/plugins"
+    ;;
+  cline)
+    install_cline "$HOME/.clinerules/hooks"
+    ;;
+  cursor)
+    install_cursor "$HOME/.cursor/rules"
+    ;;
+  kilo)
+    if [ -d "$HOME/.kilocode" ] && [ ! -d "$HOME/.kilo" ]; then
+      install_kilo "$HOME/.kilocode/rules"
+    else
+      install_kilo "$HOME/.kilo/rules"
+    fi
+    ;;
+esac
+
+echo "Restart your AI coding assistant to activate them."