guardrails-ref 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +45 -0
  2. package/dist/cli.js +14 -1
  3. package/dist/remove.d.ts +1 -0
  4. package/dist/remove.js +34 -0
  5. package/dist/templates.js +28 -0
  6. package/package.json +3 -3
package/README.md ADDED
@@ -0,0 +1,45 @@
1
+ # guardrails-ref
2
+
3
+ CLI for [Agent Guardrails](https://github.com/9atar6/agent-guardrails) — validate, init, setup, and add GUARDRAIL.md files.
4
+
5
+ ## Install
6
+
7
+ ```bash
8
+ npx guardrails-ref init
9
+ ```
10
+
11
+ No global install needed. Or: `npm install -g guardrails-ref`
12
+
13
+ ## Commands
14
+
15
+ | Command | Description |
16
+ |---------|-------------|
17
+ | `npx guardrails-ref init [path]` | Create `.agents/guardrails/`, add no-plaintext-secrets, configure Cursor and Claude Code |
18
+ | `npx guardrails-ref add <name> [path]` | Add an example guardrail (e.g. no-destructive-commands, database-migrations) |
19
+ | `npx guardrails-ref remove <name> [path]` | Remove a guardrail from .agents/guardrails/ |
20
+ | `npx guardrails-ref setup [path]` | Add the guardrail rule to Cursor rules and Claude instructions |
21
+ | `npx guardrails-ref validate [path]` | Validate GUARDRAIL.md files |
22
+ | `npx guardrails-ref list [path]` | List discovered guardrails (use `--json` for JSON output) |
23
+
24
+ ## Examples
25
+
26
+ ```bash
27
+ npx guardrails-ref init
28
+ npx guardrails-ref add no-destructive-commands
29
+ npx guardrails-ref add no-new-deps-without-approval
30
+ npx guardrails-ref validate .
31
+ npx guardrails-ref list .
32
+ ```
33
+
34
+ ## Available guardrails (add command)
35
+
36
+ - `no-plaintext-secrets` — Never log or commit credentials
37
+ - `database-migrations` — Always use migration files
38
+ - `no-destructive-commands` — No rm -rf, DROP, TRUNCATE without approval
39
+ - `no-new-deps-without-approval` — No new packages without approval
40
+ - `rate-limiting` — Limit tool calls and API loops
41
+ - `no-console-in-production` — No console.log in production code
42
+
43
+ ## License
44
+
45
+ MIT — [GitHub](https://github.com/9atar6/agent-guardrails)
package/dist/cli.js CHANGED
@@ -5,6 +5,7 @@ import { validatePath, listGuardrails } from "./validate.js";
5
5
  import { runSetup } from "./setup.js";
6
6
  import { runInit } from "./init.js";
7
7
  import { runAdd } from "./add.js";
8
+ import { runRemove } from "./remove.js";
8
9
  program
9
10
  .name("guardrails-ref")
10
11
  .description("Validate and list Agent Guardrails (GUARDRAIL.md) files")
@@ -56,6 +57,13 @@ program
56
57
  const ok = runAdd(name, path);
57
58
  process.exit(ok ? 0 : 1);
58
59
  });
60
+ program
61
+ .command("remove <name> [path]")
62
+ .description("Remove a guardrail from .agents/guardrails/")
63
+ .action((name, path = ".") => {
64
+ const ok = runRemove(name, path);
65
+ process.exit(ok ? 0 : 1);
66
+ });
59
67
  program
60
68
  .command("setup [path]")
61
69
  .description("Add the guardrail one-liner to Cursor rules and Claude instructions (required until IDEs support guardrails natively)")
@@ -66,8 +74,13 @@ program
66
74
  program
67
75
  .command("list [path]")
68
76
  .description("List discovered guardrails")
69
- .action((path = ".") => {
77
+ .option("-j, --json", "Output as JSON")
78
+ .action((path = ".", options) => {
70
79
  const guardrails = listGuardrails(path);
80
+ if (options.json) {
81
+ console.log(JSON.stringify({ guardrails, total: guardrails.length }, null, 2));
82
+ return;
83
+ }
71
84
  if (guardrails.length === 0) {
72
85
  console.log(chalk.yellow("No guardrails found"));
73
86
  return;
package/dist/remove.d.ts ADDED
@@ -0,0 +1 @@
1
+ export declare function runRemove(name: string, projectPath?: string): boolean;
package/dist/remove.js ADDED
@@ -0,0 +1,34 @@
1
+ import { existsSync, readdirSync, rmSync, rmdirSync } from "fs";
2
+ import { resolve } from "path";
3
+ import chalk from "chalk";
4
+ import { listGuardrails } from "./validate.js";
5
+ export function runRemove(name, projectPath = ".") {
6
+ const normalized = name.toLowerCase().replace(/\s+/g, "-");
7
+ const root = resolve(projectPath);
8
+ const guardrailsDir = resolve(root, ".agents", "guardrails");
9
+ const targetDir = resolve(guardrailsDir, normalized);
10
+ const targetFile = resolve(targetDir, "GUARDRAIL.md");
11
+ if (!existsSync(targetFile)) {
12
+ const guardrails = listGuardrails(projectPath);
13
+ const names = guardrails.map((g) => g.name);
14
+ console.log(chalk.red("Guardrail not found:") + " .agents/guardrails/" + normalized);
15
+ if (names.length > 0) {
16
+ console.log(chalk.gray("Installed: " + names.join(", ")));
17
+ }
18
+ return false;
19
+ }
20
+ rmSync(targetDir, { recursive: true });
21
+ console.log(chalk.green("✓") + " Removed .agents/guardrails/" + normalized);
22
+ // Remove parent dir if empty
23
+ try {
24
+ const remaining = readdirSync(guardrailsDir);
25
+ if (remaining.length === 0) {
26
+ rmdirSync(guardrailsDir);
27
+ console.log(chalk.green("✓") + " Removed empty .agents/guardrails/");
28
+ }
29
+ }
30
+ catch {
31
+ // Ignore
32
+ }
33
+ return true;
34
+ }
package/dist/templates.js CHANGED
@@ -142,6 +142,34 @@ Debugging API integrations, making repeated external API calls, or when context
142
142
 
143
143
  ## Reason
144
144
  Agent debugging Stripe entered an infinite loop of test calls, resulting in 2000+ requests in 30 minutes, $200 API costs, and account suspension.
145
+ `,
146
+ "no-console-in-production": `---
147
+ name: no-console-in-production
148
+ description: Never add console.log, console.debug, or console.info in production code. Use a proper logging library. Apply when adding debugging, logging, or trace statements.
149
+ scope: project
150
+ severity: warning
151
+ triggers:
152
+ - "Adding logging"
153
+ - "Debugging"
154
+ - "console.log"
155
+ - "console.debug"
156
+ - "Trace statements"
157
+ ---
158
+
159
+ # No Console in Production
160
+
161
+ ## Trigger
162
+ Adding logging, debugging statements, or trace output to application code that ships to production.
163
+
164
+ ## Instruction
165
+ - Never add \`console.log\`, \`console.debug\`, or \`console.info\` in production code paths
166
+ - Use a structured logging library (e.g. pino, winston, log4j) with log levels
167
+ - For temporary debugging: use \`console.warn\` or \`console.error\` and add a TODO to remove before merge
168
+ - Strip or gate console calls in production builds when a logger is not available
169
+ - Prefer environment-based log levels (e.g. DEBUG=true) over hardcoded console statements
170
+
171
+ ## Reason
172
+ console.log in production leaks sensitive data, clutters logs, and impacts performance. Structured loggers support levels, formatting, and safe redaction.
145
173
  `,
146
174
  };
147
175
  export const TEMPLATE_NAMES = Object.keys(TEMPLATES);
package/package.json CHANGED
@@ -1,11 +1,11 @@
1
1
  {
2
2
  "name": "guardrails-ref",
3
- "version": "1.0.0",
3
+ "version": "1.0.2",
4
4
  "description": "Validate and manage Agent Guardrails (GUARDRAIL.md) — init, setup, add, validate",
5
5
  "type": "module",
6
6
  "main": "dist/validate.js",
7
7
  "bin": {
8
- "guardrails-ref": "./dist/cli.js"
8
+ "guardrails-ref": "dist/cli.js"
9
9
  },
10
10
  "scripts": {
11
11
  "build": "tsc",
@@ -23,7 +23,7 @@
23
23
  "license": "MIT",
24
24
  "repository": {
25
25
  "type": "git",
26
- "url": "https://github.com/9atar6/agent-guardrails.git",
26
+ "url": "git+https://github.com/9atar6/agent-guardrails.git",
27
27
  "directory": "guardrails-ref"
28
28
  },
29
29
  "bugs": "https://github.com/9atar6/agent-guardrails/issues",