guardrails-ref 1.0.0

package/dist/add.d.ts

@@ -0,0 +1 @@
+export declare function runAdd(name: string, projectPath?: string): boolean;

package/dist/add.js

@@ -0,0 +1,29 @@
+import { existsSync, mkdirSync, writeFileSync } from "fs";
+import { resolve } from "path";
+import chalk from "chalk";
+import { TEMPLATES, TEMPLATE_NAMES } from "./templates.js";
+export function runAdd(name, projectPath = ".") {
+    const normalized = name.toLowerCase().replace(/\s+/g, "-");
+    const content = TEMPLATES[normalized];
+    if (!content) {
+        console.log(chalk.red("Unknown guardrail:") + " " + name);
+        console.log(chalk.gray("Available: " + TEMPLATE_NAMES.join(", ")));
+        return false;
+    }
+    const root = resolve(projectPath);
+    const guardrailsDir = resolve(root, ".agents", "guardrails");
+    const exampleDir = resolve(guardrailsDir, normalized);
+    const exampleFile = resolve(exampleDir, "GUARDRAIL.md");
+    if (existsSync(exampleFile)) {
+        console.log(chalk.yellow(".agents/guardrails/" + normalized + "/GUARDRAIL.md already exists"));
+        return true;
+    }
+    if (!existsSync(guardrailsDir)) {
+        mkdirSync(guardrailsDir, { recursive: true });
+        console.log(chalk.green("✓") + " Created .agents/guardrails/");
+    }
+    mkdirSync(exampleDir, { recursive: true });
+    writeFileSync(exampleFile, content);
+    console.log(chalk.green("✓") + " Added .agents/guardrails/" + normalized + "/GUARDRAIL.md");
+    return true;
+}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+import { program } from "commander";
+import chalk from "chalk";
+import { validatePath, listGuardrails } from "./validate.js";
+import { runSetup } from "./setup.js";
+import { runInit } from "./init.js";
+import { runAdd } from "./add.js";
+program
+    .name("guardrails-ref")
+    .description("Validate and list Agent Guardrails (GUARDRAIL.md) files")
+    .version("1.0.0");
+program
+    .command("validate [path]")
+    .description("Validate GUARDRAIL.md files in a directory or a single file")
+    .action((path = ".") => {
+    const result = validatePath(path);
+    let hasErrors = false;
+    for (const r of result.results) {
+        if (r.success) {
+            const warnStr = r.warnings.length > 0 ? chalk.yellow(` (${r.warnings.length} warnings)`) : "";
+            console.log(chalk.green("✓"), r.path, warnStr);
+            for (const w of r.warnings) {
+                console.log(chalk.yellow("  warning:"), w);
+            }
+        }
+        else {
+            hasErrors = true;
+            console.log(chalk.red("✗"), r.path);
+            for (const e of r.errors) {
+                console.log(chalk.red("  error:"), e);
+            }
+            for (const w of r.warnings) {
+                console.log(chalk.yellow("  warning:"), w);
+            }
+        }
+    }
+    if (result.total === 0) {
+        console.log(chalk.yellow("No GUARDRAIL.md or GUARDRAILS.md files found"));
+    }
+    else {
+        console.log();
+        console.log(`Valid: ${result.valid}/${result.total}  Invalid: ${result.invalid}/${result.total}`);
+    }
+    process.exit(hasErrors ? 1 : 0);
+});
+program
+    .command("init [path]")
+    .description("Create .agents/guardrails/, add no-plaintext-secrets, and run setup (one command to get started)")
+    .action((path = ".") => {
+    runInit(path);
+});
+program
+    .command("add <name> [path]")
+    .description("Add an example guardrail by name (e.g. no-destructive-commands, no-new-deps-without-approval)")
+    .action((name, path = ".") => {
+    const ok = runAdd(name, path);
+    process.exit(ok ? 0 : 1);
+});
+program
+    .command("setup [path]")
+    .description("Add the guardrail one-liner to Cursor rules and Claude instructions (required until IDEs support guardrails natively)")
+    .action((path = ".") => {
+    const result = runSetup(path);
+    console.log(result.message);
+});
+program
+    .command("list [path]")
+    .description("List discovered guardrails")
+    .action((path = ".") => {
+    const guardrails = listGuardrails(path);
+    if (guardrails.length === 0) {
+        console.log(chalk.yellow("No guardrails found"));
+        return;
+    }
+    for (const g of guardrails) {
+        console.log(chalk.cyan(g.name));
+        console.log("  ", g.description.slice(0, 80) + (g.description.length > 80 ? "..." : ""));
+        console.log("  ", chalk.gray(g.path));
+        console.log();
+    }
+    console.log(`Total: ${guardrails.length} guardrail(s)`);
+});
+program.parse();

package/dist/init.d.ts

@@ -0,0 +1,6 @@
+export interface InitResult {
+    guardrailsDir: string;
+    exampleCreated: boolean;
+    setupDone: string;
+}
+export declare function runInit(projectPath?: string): InitResult;

package/dist/init.js

@@ -0,0 +1,32 @@
+import { existsSync, mkdirSync, writeFileSync } from "fs";
+import { resolve } from "path";
+import chalk from "chalk";
+import { runSetup } from "./setup.js";
+import { TEMPLATES } from "./templates.js";
+export function runInit(projectPath = ".") {
+    const root = resolve(projectPath);
+    const guardrailsDir = resolve(root, ".agents", "guardrails");
+    const exampleDir = resolve(guardrailsDir, "no-plaintext-secrets");
+    const exampleFile = resolve(exampleDir, "GUARDRAIL.md");
+    let exampleCreated = false;
+    if (!existsSync(guardrailsDir)) {
+        mkdirSync(guardrailsDir, { recursive: true });
+        console.log(chalk.green("✓") + " Created .agents/guardrails/");
+    }
+    if (!existsSync(exampleFile)) {
+        mkdirSync(exampleDir, { recursive: true });
+        writeFileSync(exampleFile, TEMPLATES["no-plaintext-secrets"]);
+        exampleCreated = true;
+        console.log(chalk.green("✓") + " Created .agents/guardrails/no-plaintext-secrets/GUARDRAIL.md");
+    }
+    else {
+        console.log(chalk.yellow("  .agents/guardrails/no-plaintext-secrets/GUARDRAIL.md already exists"));
+    }
+    const setupResult = runSetup(projectPath);
+    console.log(setupResult.message);
+    return {
+        guardrailsDir,
+        exampleCreated,
+        setupDone: setupResult.message,
+    };
+}

package/dist/parse.d.ts

@@ -0,0 +1,23 @@
+export interface GuardrailFrontmatter {
+    name: string;
+    description: string;
+    scope?: "global" | "project" | "session";
+    severity?: "critical" | "warning" | "advisory";
+    triggers?: string[];
+    license?: string;
+    metadata?: Record<string, string>;
+}
+export interface ParsedGuardrail {
+    path: string;
+    name: string;
+    description: string;
+    frontmatter: GuardrailFrontmatter;
+    body: string;
+}
+export interface ParseResult {
+    success: boolean;
+    guardrail?: ParsedGuardrail;
+    errors: string[];
+    warnings: string[];
+}
+export declare function parseGuardrailFile(filePath: string): ParseResult;

package/dist/parse.js

@@ -0,0 +1,121 @@
+import matter from "gray-matter";
+import { readFileSync } from "fs";
+import { resolve } from "path";
+const NAME_REGEX = /^[a-z0-9]+(?:-[a-z0-9]+)*$/;
+const MAX_NAME_LENGTH = 64;
+const MAX_DESCRIPTION_LENGTH = 1024;
+const VALID_SCOPES = new Set(["global", "project", "session"]);
+const VALID_SEVERITIES = new Set(["critical", "warning", "advisory"]);
+export function parseGuardrailFile(filePath) {
+    const errors = [];
+    const warnings = [];
+    let content;
+    try {
+        content = readFileSync(filePath, "utf-8");
+    }
+    catch (err) {
+        return {
+            success: false,
+            errors: [`Cannot read file: ${filePath}`],
+            warnings: [],
+        };
+    }
+    let parsed;
+    try {
+        parsed = matter(content);
+    }
+    catch (err) {
+        return {
+            success: false,
+            errors: [`Invalid YAML frontmatter: ${err.message}`],
+            warnings: [],
+        };
+    }
+    const data = parsed.data;
+    const body = parsed.content.trim();
+    // Required: name
+    const name = data.name;
+    if (typeof name !== "string" || !name.trim()) {
+        errors.push("Missing or empty required field: name");
+    }
+    else {
+        if (name.length > MAX_NAME_LENGTH) {
+            warnings.push(`name exceeds ${MAX_NAME_LENGTH} characters`);
+        }
+        if (!NAME_REGEX.test(name)) {
+            errors.push("name must be lowercase letters, numbers, and hyphens only; no consecutive hyphens; cannot start or end with hyphen");
+        }
+    }
+    // Required: description
+    const description = data.description;
+    if (typeof description !== "string" || !description.trim()) {
+        errors.push("Missing or empty required field: description");
+    }
+    else if (description.length > MAX_DESCRIPTION_LENGTH) {
+        warnings.push(`description exceeds ${MAX_DESCRIPTION_LENGTH} characters`);
+    }
+    // Optional: scope
+    const scope = data.scope;
+    if (scope !== undefined) {
+        if (typeof scope !== "string" || !VALID_SCOPES.has(scope)) {
+            warnings.push(`scope must be one of: global, project, session`);
+        }
+    }
+    // Optional: severity
+    const severity = data.severity;
+    if (severity !== undefined) {
+        if (typeof severity !== "string" || !VALID_SEVERITIES.has(severity)) {
+            warnings.push(`severity must be one of: critical, warning, advisory`);
+        }
+    }
+    // Optional: triggers
+    const triggers = data.triggers;
+    if (triggers !== undefined) {
+        if (!Array.isArray(triggers) || !triggers.every((t) => typeof t === "string")) {
+            warnings.push("triggers must be a list of strings");
+        }
+    }
+    // Check directory name matches (when in a directory)
+    const dirName = filePath.split(/[/\\]/).slice(-2)[0];
+    if (dirName && dirName !== "." && typeof name === "string" && name !== dirName) {
+        warnings.push(`name "${name}" does not match parent directory "${dirName}"`);
+    }
+    if (errors.length > 0) {
+        return {
+            success: false,
+            errors,
+            warnings,
+        };
+    }
+    const frontmatter = {
+        name: name.trim(),
+        description: description.trim(),
+    };
+    if (scope && typeof scope === "string" && VALID_SCOPES.has(scope)) {
+        frontmatter.scope = scope;
+    }
+    if (severity && typeof severity === "string" && VALID_SEVERITIES.has(severity)) {
+        frontmatter.severity = severity;
+    }
+    if (Array.isArray(triggers) && triggers.every((t) => typeof t === "string")) {
+        frontmatter.triggers = triggers;
+    }
+    if (data.license && typeof data.license === "string") {
+        frontmatter.license = data.license;
+    }
+    if (data.metadata && typeof data.metadata === "object" && !Array.isArray(data.metadata)) {
+        frontmatter.metadata = data.metadata;
+    }
+    return {
+        success: true,
+        guardrail: {
+            path: resolve(filePath),
+            name: frontmatter.name,
+            description: frontmatter.description,
+            frontmatter,
+            body,
+        },
+        errors: [],
+        warnings,
+    };
+}

package/dist/setup.d.ts

@@ -0,0 +1,6 @@
+export interface SetupResult {
+    cursor: boolean;
+    claude: boolean;
+    message: string;
+}
+export declare function runSetup(projectPath?: string): SetupResult;

package/dist/setup.js

@@ -0,0 +1,81 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { resolve } from "path";
+import chalk from "chalk";
+const GUARDRAIL_RULE = "You MUST read and follow all constraints in .agents/guardrails/. Never violate a guardrail without explicit human approval.";
+const GUARDRAIL_RULE_MARKER = "read and follow all constraints in .agents/guardrails";
+function hasRule(content) {
+    return content.includes(GUARDRAIL_RULE_MARKER);
+}
+export function runSetup(projectPath = ".") {
+    const root = resolve(projectPath);
+    let cursorDone = false;
+    let claudeDone = false;
+    // Cursor: .cursor/rules/agent-guardrails.md (preferred) or .cursorrules (legacy)
+    const cursorRulesDir = resolve(root, ".cursor", "rules");
+    const cursorRuleFile = resolve(cursorRulesDir, "agent-guardrails.md");
+    const cursorRuleContent = `---
+description: Load and follow Agent Guardrails
+alwaysApply: true
+---
+
+${GUARDRAIL_RULE}
+`;
+    const cursorrulesPath = resolve(root, ".cursorrules");
+    if (existsSync(cursorRuleFile)) {
+        const existing = readFileSync(cursorRuleFile, "utf-8");
+        if (!hasRule(existing)) {
+            writeFileSync(cursorRuleFile, cursorRuleContent);
+            cursorDone = true;
+        }
+    }
+    else if (existsSync(cursorrulesPath)) {
+        // Legacy: append to .cursorrules
+        const existing = readFileSync(cursorrulesPath, "utf-8");
+        if (!hasRule(existing)) {
+            const appended = existing.trimEnd() + "\n\n" + GUARDRAIL_RULE + "\n";
+            writeFileSync(cursorrulesPath, appended);
+            cursorDone = true;
+        }
+    }
+    else {
+        // Create .cursor/rules/agent-guardrails.md
+        if (!existsSync(cursorRulesDir)) {
+            mkdirSync(cursorRulesDir, { recursive: true });
+        }
+        writeFileSync(cursorRuleFile, cursorRuleContent);
+        cursorDone = true;
+    }
+    // Claude Code: .claude/instructions.md
+    const claudeDir = resolve(root, ".claude");
+    const claudeInstructions = resolve(claudeDir, "instructions.md");
+    if (existsSync(claudeInstructions)) {
+        const existing = readFileSync(claudeInstructions, "utf-8");
+        if (!hasRule(existing)) {
+            const appended = existing.trimEnd() + "\n\n" + GUARDRAIL_RULE + "\n";
+            writeFileSync(claudeInstructions, appended);
+            claudeDone = true;
+        }
+    }
+    else {
+        if (!existsSync(claudeDir)) {
+            mkdirSync(claudeDir, { recursive: true });
+        }
+        writeFileSync(claudeInstructions, GUARDRAIL_RULE + "\n");
+        claudeDone = true;
+    }
+    const messages = [];
+    if (cursorDone) {
+        messages.push(chalk.green("✓") + " Added guardrail rule for Cursor");
+    }
+    if (claudeDone) {
+        messages.push(chalk.green("✓") + " Added guardrail rule for Claude Code");
+    }
+    if (messages.length === 0) {
+        messages.push(chalk.yellow("Guardrail rule already present in all config files."));
+    }
+    return {
+        cursor: cursorDone,
+        claude: claudeDone,
+        message: messages.join("\n"),
+    };
+}

package/dist/templates.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Bundled example guardrails. Used by init and add commands.
+ */
+export declare const TEMPLATES: Record<string, string>;
+export declare const TEMPLATE_NAMES: string[];

package/dist/templates.js

@@ -0,0 +1,147 @@
+/**
+ * Bundled example guardrails. Used by init and add commands.
+ */
+export const TEMPLATES = {
+    "no-plaintext-secrets": `---
+name: no-plaintext-secrets
+description: Never log, commit, or expose API keys, passwords, or tokens. Use environment variables or secrets managers. Apply when adding logging, implementing auth, or integrating third-party APIs.
+scope: project
+severity: critical
+triggers:
+  - "Adding logging"
+  - "Implementing authentication"
+  - "API integration"
+  - "Handling credentials"
+---
+
+# No Plaintext Secrets
+
+## Trigger
+Implementing authentication endpoints, adding logging, integrating third-party APIs, or handling any user credentials or API keys.
+
+## Instruction
+- Never store, log, or commit plaintext credentials (API keys, passwords, tokens, sessions)
+- Always use environment variables or secrets managers (e.g. 1Password, Vault)
+- Use bcrypt with 12 salt rounds for password hashing
+- Always require HTTPS for authentication endpoints
+- Use a \`redactSensitive()\` helper when logging objects that may contain secrets
+
+## Reason
+API keys were exposed in git during a 2025 security audit. Plaintext credentials in logs led to emergency key rotation.
+`,
+    "database-migrations": `---
+name: database-migrations
+description: Always use migration files for schema changes. Never modify production schema directly. Apply when modifying database schema, adding tables, or changing columns.
+scope: project
+severity: critical
+triggers:
+  - "Modifying database schema"
+  - "Adding or changing tables"
+  - "Database migrations"
+  - "Prisma schema"
+  - "SQL migrations"
+---
+
+# Database Migrations
+
+## Trigger
+Modifying database schema, adding tables, changing columns, or optimizing queries that affect schema.
+
+## Instruction
+- Always create a migration file (e.g. \`prisma migrate dev\`, \`rails db:migrate\`, or equivalent)
+- Never modify production schema directly without a migration
+- Test migrations in staging before applying to production
+- Require explicit human approval before running migrations in production
+
+## Reason
+Direct schema changes caused 4-hour downtime and data inconsistencies. Migrations provide rollback capability and audit trail.
+`,
+    "no-destructive-commands": `---
+name: no-destructive-commands
+description: Never run destructive shell commands or SQL without explicit human approval. Apply when deleting files, dropping tables, truncating data, or modifying production.
+scope: project
+severity: critical
+triggers:
+  - "Deleting files"
+  - "Cleaning up"
+  - "Dropping tables"
+  - "Truncating data"
+  - "Database cleanup"
+  - "rm -rf"
+  - "DROP TABLE"
+  - "TRUNCATE"
+---
+
+# No Destructive Commands
+
+## Trigger
+Running shell commands that delete files, database commands that drop or truncate data, or any operation that irreversibly removes content.
+
+## Instruction
+- Never run \`rm -rf\`, \`rm -r\`, or recursive deletes without explicit human approval
+- Never run \`DROP TABLE\`, \`DROP DATABASE\`, \`TRUNCATE\`, or \`DELETE\` without a WHERE clause on production data without explicit approval
+- For cleanup tasks: propose the command, explain the impact, and wait for confirmation before executing
+- Prefer moving to trash or using \`--dry-run\` when available
+- If the user asks to "delete everything" or "clean slate": stop and confirm scope before proceeding
+
+## Reason
+Agents have run \`rm -rf\` on wrong directories and \`DROP TABLE\` in production. Destructive operations must never execute without explicit human confirmation.
+`,
+    "no-new-deps-without-approval": `---
+name: no-new-deps-without-approval
+description: Do not add new npm, pip, or other package dependencies without explicit human approval. Apply when installing packages, adding imports, or suggesting new libraries.
+scope: project
+severity: warning
+triggers:
+  - "Installing packages"
+  - "Adding dependencies"
+  - "npm install"
+  - "pip install"
+  - "New library"
+  - "Use package X"
+---
+
+# No New Dependencies Without Approval
+
+## Trigger
+Adding a new package to package.json, requirements.txt, pyproject.toml, Cargo.toml, or any dependency manifest.
+
+## Instruction
+- Before running \`npm install <pkg>\`, \`pip install <pkg>\`, or equivalent: list the package and why it's needed, then ask for approval
+- Prefer using existing project dependencies over adding new ones
+- If a built-in or stdlib solution exists, use it instead of a new dependency
+- When suggesting a new dependency: include package name, purpose, and alternative (e.g. "or we could use the built-in X")
+- Never add dependencies "to fix" a problem without confirming the user wants new packages in the project
+
+## Reason
+Uncontrolled dependency growth leads to security risk, bundle bloat, and maintenance burden. Teams want to review what gets added to their lockfile.
+`,
+    "rate-limiting": `---
+name: rate-limiting
+description: Limit tool calls and API requests to prevent runaway loops. Max 50 tool calls per session, max 10 per iteration. Stop after 3 consecutive errors.
+scope: session
+severity: warning
+triggers:
+  - "Debugging API integrations"
+  - "Stripe or payment API calls"
+  - "External API calls in loops"
+  - "Context window approaching capacity"
+---
+
+# Rate Limiting
+
+## Trigger
+Debugging API integrations, making repeated external API calls, or when context exceeds 80% capacity or 10+ consecutive errors.
+
+## Instruction
+- Max 50 tool calls per session
+- Max 10 tool calls per iteration
+- Stop after 3 consecutive errors and request context rotation
+- For payment APIs (Stripe, etc.): always use test mode when debugging
+- When context exceeds 80% capacity: re-inject GUARDRAILS.md + summary + objective, then reset context
+
+## Reason
+Agent debugging Stripe entered an infinite loop of test calls, resulting in 2000+ requests in 30 minutes, $200 API costs, and account suspension.
+`,
+};
+export const TEMPLATE_NAMES = Object.keys(TEMPLATES);

package/dist/validate.d.ts

@@ -0,0 +1,17 @@
+export interface ValidateResult {
+    valid: number;
+    invalid: number;
+    total: number;
+    results: Array<{
+        path: string;
+        success: boolean;
+        errors: string[];
+        warnings: string[];
+    }>;
+}
+export declare function validatePath(inputPath: string): ValidateResult;
+export declare function listGuardrails(inputPath: string): Array<{
+    path: string;
+    name: string;
+    description: string;
+}>;

package/dist/validate.js

@@ -0,0 +1,99 @@
+import { readdirSync, statSync } from "fs";
+import { join, resolve } from "path";
+import { parseGuardrailFile } from "./parse.js";
+const GUARDRAIL_FILENAMES = ["GUARDRAIL.md", "GUARDRAILS.md"];
+const MAX_DEPTH = 6;
+const MAX_DIRS = 2000;
+function findGuardrailFiles(dir, depth = 0, count = { dirs: 0 }) {
+    if (depth > MAX_DEPTH || count.dirs > MAX_DIRS) {
+        return [];
+    }
+    const files = [];
+    try {
+        const entries = readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (entry.name === ".git" || entry.name === "node_modules") {
+                continue;
+            }
+            const fullPath = join(dir, entry.name);
+            if (entry.isFile()) {
+                if (GUARDRAIL_FILENAMES.includes(entry.name)) {
+                    files.push(fullPath);
+                }
+            }
+            else if (entry.isDirectory()) {
+                count.dirs++;
+                files.push(...findGuardrailFiles(fullPath, depth + 1, count));
+            }
+        }
+    }
+    catch {
+        // Skip directories we can't read
+    }
+    return files;
+}
+export function validatePath(inputPath) {
+    const resolved = resolve(inputPath);
+    const results = [];
+    let valid = 0;
+    let invalid = 0;
+    let filesToValidate = [];
+    try {
+        const stat = statSync(resolved);
+        if (stat.isFile()) {
+            if (GUARDRAIL_FILENAMES.includes(resolved.split(/[/\\]/).pop() || "")) {
+                filesToValidate = [resolved];
+            }
+        }
+        else if (stat.isDirectory()) {
+            filesToValidate = findGuardrailFiles(resolved);
+        }
+    }
+    catch {
+        results.push({
+            path: resolved,
+            success: false,
+            errors: ["Path does not exist or is not accessible"],
+            warnings: [],
+        });
+        invalid++;
+    }
+    for (const filePath of filesToValidate) {
+        const parseResult = parseGuardrailFile(filePath);
+        results.push({
+            path: filePath,
+            success: parseResult.success,
+            errors: parseResult.errors,
+            warnings: parseResult.warnings,
+        });
+        if (parseResult.success) {
+            valid++;
+        }
+        else {
+            invalid++;
+        }
+    }
+    return {
+        valid,
+        invalid,
+        total: valid + invalid,
+        results,
+    };
+}
+export function listGuardrails(inputPath) {
+    const validateResult = validatePath(inputPath);
+    const guardrails = [];
+    for (const r of validateResult.results) {
+        if (r.success) {
+            const parseResult = parseGuardrailFile(r.path);
+            if (parseResult.guardrail) {
+                guardrails.push({
+                    path: parseResult.guardrail.path,
+                    name: parseResult.guardrail.name,
+                    description: parseResult.guardrail.description,
+                });
+            }
+        }
+    }
+    return guardrails;
+}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "guardrails-ref",
+  "version": "1.0.0",
+  "description": "Validate and manage Agent Guardrails (GUARDRAIL.md) — init, setup, add, validate",
+  "type": "module",
+  "main": "dist/validate.js",
+  "bin": {
+    "guardrails-ref": "./dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "validate": "node dist/cli.js validate",
+    "list": "node dist/cli.js list",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "agent",
+    "guardrails",
+    "ai",
+    "cursor",
+    "claude"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/9atar6/agent-guardrails.git",
+    "directory": "guardrails-ref"
+  },
+  "bugs": "https://github.com/9atar6/agent-guardrails/issues",
+  "homepage": "https://github.com/9atar6/agent-guardrails#readme",
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "gray-matter": "^4.0.3"
+  },
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "typescript": "^5.3.0"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "files": [
+    "dist"
+  ]
+}