ai-guard-plugins 1.1.0

package/plugins/cursorrules-enforcer.ts

@@ -0,0 +1,124 @@
+import type { Plugin } from '@opencode-ai/plugin';
+
+const SKIP_PATHS = ['node_modules', 'dist', '.next', 'build', '.turbo', 'migrations'];
+const CODE_EXTS = new Set(['ts', 'tsx', 'js', 'jsx', 'mts', 'mjs', 'cts', 'cjs']);
+const DOC_FILES = new Set(['readme.md', 'readme', 'changelog.md', 'contributing.md']);
+
+interface Violation {
+	rule: string;
+	message: string;
+}
+
+function check(content: string, filePath: string): Violation[] {
+	const violations: Violation[] = [];
+	const basename = filePath.split('/').pop() ?? '';
+	const ext = basename.includes('.') ? (basename.split('.').pop()?.toLowerCase() ?? '') : '';
+	const isIndex = /^index\.(ts|tsx|js|jsx|mts|mjs|cts|cjs)$/i.test(basename);
+
+	if (DOC_FILES.has(basename.toLowerCase())) {
+		violations.push({
+			rule: 'DOCUMENTATION',
+			message: `Creating ${basename}. Do not create documentation files unless explicitly requested.`,
+		});
+	}
+
+	if (basename.startsWith('_')) {
+		violations.push({
+			rule: 'UNDERSCORE FILE',
+			message: `Filename starts with underscore (${basename}). Do not use underscore prefixes.`,
+		});
+	}
+
+	if (!CODE_EXTS.has(ext)) return violations;
+
+	if (/\bas\s+(any|unknown)\b/.test(content)) {
+		violations.push({
+			rule: 'TYPE CAST',
+			message: "'as any' or 'as unknown' found. Use the most specific correct type.",
+		});
+	}
+
+	if (/\bas\s+[A-Z][A-Za-z]+/.test(content)) {
+		violations.push({
+			rule: 'TYPE ASSERTION',
+			message: "'as Type' found. Avoid type assertions — use type narrowing or generics instead.",
+		});
+	}
+
+	if (/\brequire\s*\(/.test(content)) {
+		violations.push({ rule: 'REQUIRE', message: 'require() found. Use static imports.' });
+	}
+
+	if (/@ts-ignore|@ts-expect-error/.test(content)) {
+		violations.push({
+			rule: 'TS SUPPRESSION',
+			message: '@ts-ignore or @ts-expect-error found. Fix the type error properly.',
+		});
+	}
+
+	if (/\bTODO\b|\bFIXME\b|\bHACK\b|\bplaceholder\b|\/\/\s*later\b/i.test(content)) {
+		violations.push({
+			rule: 'PLACEHOLDER',
+			message: 'TODO/FIXME/placeholder/later found. Production-ready code only.',
+		});
+	}
+
+	if (/(const|let|var|function)\s+_[a-zA-Z]/.test(content)) {
+		violations.push({
+			rule: 'UNDERSCORE NAMING',
+			message: 'Variable/function starting with underscore. Do not use underscore prefixes.',
+		});
+	}
+
+	if (isIndex) {
+		const lines = content
+			.split('\n')
+			.filter(
+				(l) =>
+					l.trim() &&
+					!/^\s*(export\s+[{*]|export\s+type|export\s+default|import\s|\/\/|\/\*)/.test(l),
+			);
+		if (lines.length > 2) {
+			violations.push({
+				rule: 'INDEX LOGIC',
+				message: 'Logic found in index file. Index files may only re-export modules.',
+			});
+		}
+	}
+
+	if (!isIndex) {
+		const reexports = (content.match(/export\s+\{[^}]*\}\s+from\s+/g) || []).length;
+		if (reexports > 2) {
+			violations.push({ rule: 'RE-EXPORTS', message: 'Multiple re-exports in non-index file.' });
+		}
+	}
+
+	return violations;
+}
+
+export const CursorrulesEnforcerPlugin: Plugin = async () => {
+	return {
+		'tool.execute.before': async (input, output) => {
+			if (input.tool !== 'write' && input.tool !== 'edit') return;
+
+			const args = (output?.args ?? input.args) as Record<string, unknown> | undefined;
+			if (!args) return;
+
+			const filePath = (args.filePath ?? args.file_path) as string | undefined;
+			if (!filePath) return;
+			const normalizedPath = filePath.replace(/\\/g, '/');
+			if (SKIP_PATHS.some((p) => normalizedPath.split('/').includes(p))) return;
+
+			const content = (input.tool === "edit" ? (args.newString ?? args.new_string ?? "") : (args.content ?? "")) as string;
+			if (!content) return;
+
+			const violations = check(content, filePath);
+			if (violations.length === 0) return;
+
+			const msg = violations.map((v) => `- ${v.rule}: ${v.message}`).join('\n');
+			throw new Error(
+				`CURSORRULES VIOLATIONS in ${filePath.split('/').pop()}:\n${msg}\n\nFix these before proceeding.`,
+			);
+		},
+	};
+};

package/plugins/dry-guard.ts

@@ -0,0 +1,107 @@
+import type { Plugin } from '@opencode-ai/plugin';
+
+const CODE_EXTS = new Set(['.ts', '.tsx', '.js', '.jsx']);
+const SKIP_PATHS = ['node_modules', 'dist', '.next', 'build', '.turbo', 'migrations'];
+const SAFE_TOKEN = /^[a-z0-9]+$/;
+
+function getExt(filePath: string): string {
+	const dot = filePath.lastIndexOf('.');
+	return dot === -1 ? '' : filePath.slice(dot);
+}
+
+function tokenize(filename: string): string[] {
+	const noExt = filename.replace(/\.[^.]+$/, '');
+	return noExt
+		.split(/[-_.]/)
+		.map((t) => t.toLowerCase())
+		.filter((t) => t.length >= 3 && SAFE_TOKEN.test(t));
+}
+
+function toPascalCase(name: string): string {
+	return name
+		.replace(/\.[^.]+$/, '')
+		.split(/[-_.]/)
+		.map((w) => w.charAt(0).toUpperCase() + w.slice(1))
+		.join('');
+}
+
+export const DryGuardPlugin: Plugin = async ({ $, directory }) => {
+	return {
+		'tool.execute.before': async (input, output) => {
+			if (input.tool !== 'write') return;
+
+			const args = (output?.args ?? input.args) as Record<string, unknown> | undefined;
+			if (!args) return;
+
+			const filePath = (args.filePath ?? args.file_path) as string | undefined;
+			if (!filePath) return;
+
+			if (!CODE_EXTS.has(getExt(filePath))) return;
+			const normalizedPath = filePath.replace(/\\/g, '/');
+			if (SKIP_PATHS.some((p) => normalizedPath.split('/').includes(p))) return;
+
+			const basename = filePath.split('/').pop() ?? '';
+			const rawDirname = filePath.split('/').slice(0, -1).join('/');
+			const dirname = rawDirname.startsWith('/') ? rawDirname : `${directory}/${rawDirname}`;
+			const tokens = tokenize(basename);
+			const projectDir = directory;
+
+			const warnings: string[] = [];
+
+			try {
+				const similarFiles = new Set<string>();
+				for (const token of tokens) {
+					const result =
+						await $`find ${projectDir} -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx" \) ! -path "*/node_modules/*" ! -path "*/dist/*" ! -path "*/.next/*" ! -path "*/.turbo/*" 2>/dev/null | grep -Fi -- ${token} | grep -Fv -- ${filePath} | head -8`
+							.quiet()
+							.nothrow();
+					const found = String(result.stdout).trim();
+					if (found) {
+						for (const f of found.split('\n')) {
+							if (f.trim()) similarFiles.add(f.trim());
+						}
+					}
+				}
+
+				if (similarFiles.size > 0) {
+					const files = [...similarFiles].slice(0, 10).join('\n');
+					warnings.push(
+						`SIMILAR FILES (${similarFiles.size} found matching tokens from '${basename}'):\n${files}`,
+					);
+				}
+
+				if (dirname) {
+					const existing =
+						await $`find ${dirname} -maxdepth 1 -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx" \) 2>/dev/null`
+							.quiet()
+							.nothrow();
+					const existingFiles = String(existing.stdout).trim().split('\n').filter(Boolean);
+					if (existingFiles.length > 0) {
+						warnings.push(
+							`TARGET DIR already has ${existingFiles.length} file(s):\n${existingFiles.slice(0, 15).join('\n')}`,
+						);
+					}
+				}
+
+				const likelyExport = toPascalCase(basename);
+				if (likelyExport.length >= 3 && SAFE_TOKEN.test(likelyExport.toLowerCase())) {
+					const collisions =
+						await $`grep -rEl -- "export.*${likelyExport}" ${projectDir}/src ${projectDir}/packages ${projectDir}/lib ${projectDir}/app 2>/dev/null | grep -Fv -- ${filePath} | grep -v node_modules | head -5`
+							.quiet()
+							.nothrow();
+					const found = String(collisions.stdout).trim();
+					if (found) {
+						warnings.push(`SYMBOL COLLISION — '${likelyExport}' already exported from:\n${found}`);
+					}
+				}
+			} catch {
+				return;
+			}
+
+			if (warnings.length === 0) return;
+
+			const message = `[DRY-GUARD] Before creating ${basename}:\n\n${warnings.join('\n\n')}\n\nConsider extending an existing file instead of creating a new one.`;
+			console.warn(message);
+		},
+	};
+};

package/plugins/kilo/rules/auto-lint-fix.md

@@ -0,0 +1,15 @@
+# Auto Lint Fix
+
+After EVERY file write or edit to a TypeScript/JavaScript file, run:
+
+```bash
+"${BIOME_PATH:-biome}" check --fix --unsafe <filepath>
+```
+
+## Rules
+
+- Only run on code files: .ts, .tsx, .js, .jsx, .mts, .mjs, .cts, .cjs
+- Skip files in: node_modules, dist, .next, build, .turbo
+- If `BIOME_PATH` environment variable is set, use that path instead of `biome`
+- If Biome is not installed, skip formatting (do not fail)
+- Do not manually fix formatting issues that Biome handles automatically

package/plugins/kilo/rules/auto-summarize-input.md

@@ -0,0 +1,12 @@
+# Auto Summarize Input
+
+When receiving input that exceeds 10,000 characters, summarize it before processing.
+
+## Summarization rules
+
+- Preserve ALL code snippets verbatim
+- Preserve ALL file paths verbatim
+- Preserve ALL error messages verbatim
+- Preserve ALL requirements and specifications verbatim
+- Remove ONLY: redundancy, repetition, and filler text
+- Note the original character count and reduction percentage

package/plugins/kilo/rules/billing-guard.md

@@ -0,0 +1,21 @@
+# Billing Guard
+
+If ANY API call, tool execution, or command output contains text matching these patterns, IMMEDIATELY stop all operations:
+
+- "no payment method" or "add a payment method"
+- "payment required"
+- "account is not active" with "billing"
+- "billing details"
+- "quota exceeded"
+- "insufficient funds"
+- "rate limit" with "billing"
+- "plan expired"
+- "subscription inactive"
+
+## Required behavior
+
+1. STOP all current operations immediately
+2. Do NOT retry the failed operation
+3. Do NOT delegate or spawn sub-tasks
+4. Notify the user that billing needs to be fixed before continuing
+5. Do NOT attempt workarounds or alternative approaches — the billing issue must be resolved first

package/plugins/kilo/rules/capture-insights.md

@@ -0,0 +1,27 @@
+# Capture Insights
+
+Monitor your own outputs and actions for these recurring anti-patterns. When detected, apply the corresponding lesson immediately.
+
+## Tracked patterns
+
+| Pattern | Lesson |
+|---------|--------|
+| DRY violation ("already exists", "duplicate") | Check existing files before creating new ones. Extract shared utils for clear reuse. |
+| Unused code (imports, variables, dead code) | Biome --fix handles unused imports/variables automatically. |
+| Type safety bypass (as any, ts-ignore) | Never use as any or ts-ignore. Use the most specific correct type. |
+| Scope creep (refactoring while fixing) | Make the minimal change needed. Do not refactor while fixing. |
+| Circular dependencies | Restructure module boundaries to break circular dependencies. |
+| Re-export overuse (barrel files with logic) | Index files may only re-export modules, never contain logic. |
+| Path resolution (process.cwd assumptions) | Never assume process.cwd() equals project root in monorepos. |
+| Migration issues | Verify schema and data integrity after migrations. Make migrations idempotent. |
+| Workarounds and hacks | Document why the workaround was needed and plan a proper fix. |
+| Performance guessing | Profile before optimizing. Measure, do not guess. |
+| Security (secrets, credentials, tokens) | Review credentials handling. Never commit secrets. |
+| Test mock overreach | Mock behavior (modules), not implementation details. |
+
+## Required behavior
+
+When you detect one of these patterns in your own work:
+1. Stop and acknowledge the pattern
+2. Apply the corresponding lesson
+3. Correct the action before proceeding

package/plugins/kilo/rules/code-standards.md

@@ -0,0 +1,71 @@
+# Code Standards Enforcer
+
+These rules apply to every code file write and edit. Violations must be fixed before proceeding.
+
+## Type safety
+
+- Never use `as any` or `as unknown`. Use the most specific correct type.
+- Never use `as Type` assertions. Use type narrowing, generics, or satisfies instead.
+- Never use `@ts-ignore` or `@ts-expect-error`. Fix the underlying type error.
+
+```typescript
+// Bad
+const data = response as any;
+const user = getUser() as UserType;
+// @ts-ignore
+brokenCall();
+
+// Good
+const data: ApiResponse = response;
+const user = getUser(); // return type already UserType
+```
+
+## Import style
+
+- Never use `require()`. Use static `import` statements.
+
+```typescript
+// Bad
+const fs = require('fs');
+
+// Good
+import fs from 'node:fs';
+```
+
+## No placeholders
+
+- Never leave `TODO`, `FIXME`, `HACK`, `placeholder`, or `// later` comments. All code must be production-ready.
+
+## Naming
+
+- Never prefix variables or functions with underscore (`_`).
+- Never prefix filenames with underscore.
+
+```typescript
+// Bad
+const _count = 0;
+function _helper() {}
+
+// Good
+const count = 0;
+function helper() {}
+```
+
+## Index files
+
+- Index/barrel files (`index.ts`, `index.js`) may ONLY contain re-exports. No business logic.
+- Non-index files may have at most 2 re-export statements.
+
+```typescript
+// Good index.ts
+export { UserService } from './user-service';
+export { AuthService } from './auth-service';
+
+// Bad index.ts
+export { UserService } from './user-service';
+const cache = new Map(); // logic does not belong here
+```
+
+## Documentation files
+
+- Do not create README.md, CHANGELOG.md, or CONTRIBUTING.md unless explicitly requested.

package/plugins/kilo/rules/dry-guard.md

@@ -0,0 +1,25 @@
+# DRY Guard
+
+Before creating ANY new code file (.ts, .tsx, .js, .jsx), perform these checks:
+
+## 1. Similar file search
+
+Tokenize the new filename by splitting on `-`, `_`, and `.` (ignore tokens shorter than 3 characters). Search the project for existing files whose names contain any of those tokens.
+
+Skip directories: node_modules, dist, .next, build, .turbo, migrations
+
+## 2. Target directory check
+
+List existing code files in the target directory. If the directory already contains files, consider whether the new file's logic belongs in one of them.
+
+## 3. Symbol collision check
+
+Convert the filename to PascalCase (e.g., `format-date.ts` becomes `FormatDate`). Search `src/`, `packages/`, `lib/`, and `app/` for existing exports matching that name.
+
+## Required behavior
+
+- If similar files are found: review them before creating a new file
+- If the symbol already exists: extend the existing file instead
+- If the target directory has related files: consolidate rather than create
+
+Do NOT create a new file when extending an existing one would be cleaner.