guardrails-ref 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +53 -10
  2. package/examples/README.md +16 -0
  3. package/package.json +3 -2
package/README.md CHANGED
@@ -1,14 +1,24 @@
1
1
  # guardrails-ref
2
2
 
3
+ [![npm version](https://img.shields.io/npm/v/guardrails-ref.svg)](https://www.npmjs.com/package/guardrails-ref)
4
+ [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
5
+ [![Node: >=18](https://img.shields.io/badge/node-%3E%3D18-green.svg)](https://nodejs.org)
6
+
3
7
  CLI for [Agent Guardrails](https://github.com/9atar6/agent-guardrails) — init, add, remove, setup, validate, and list GUARDRAIL.md files.
4
8
 
5
- ## Install
9
+ ## Why?
10
+
11
+ AI coding agents (Cursor, Claude Code, etc.) don't remember across sessions. Guardrails give them persistent constraints: "never do this." Write rules once, they apply every chat.
12
+
13
+ ## Quick start
6
14
 
7
15
  ```bash
8
16
  npx guardrails-ref init
9
17
  ```
10
18
 
11
- No global install needed. Or: `npm install -g guardrails-ref`
19
+ Creates `.agents/guardrails/`, adds the `no-plaintext-secrets` example, and configures Cursor and Claude Code to read your guardrails. No global install needed.
20
+
21
+ > **Note:** IDEs don't yet recognize guardrails natively. The `setup` command adds a rule so the AI reads them. Once IDEs add support, this won't be needed.
12
22
 
13
23
  ## Commands
14
24
 
@@ -21,6 +31,27 @@ No global install needed. Or: `npm install -g guardrails-ref`
21
31
  | `npx guardrails-ref validate [path]` | Validate GUARDRAIL.md files (use `--json` for JSON, `--strict` to fail on warnings) |
22
32
  | `npx guardrails-ref list [path]` | List discovered guardrails (use `--json` for JSON output) |
23
33
 
34
+ ## Supported IDEs
35
+
36
+ - **Cursor** — via `.cursor/rules/` or `.cursorrules`
37
+ - **Claude Code** — via `.claude/instructions.md`
38
+
39
+ ## CI/CD
40
+
41
+ Use `validate --strict` in GitHub Actions to fail on warnings:
42
+
43
+ ```yaml
44
+ - name: Validate guardrails
45
+ run: npx guardrails-ref validate . --strict
46
+ ```
47
+
48
+ Or with JSON for scripting:
49
+
50
+ ```yaml
51
+ - name: Validate guardrails
52
+ run: npx guardrails-ref validate . --json
53
+ ```
54
+
24
55
  ## Examples
25
56
 
26
57
  ```bash
@@ -33,14 +64,26 @@ npx guardrails-ref list .
33
64
 
34
65
  ## Available guardrails (add command)
35
66
 
36
- - `no-plaintext-secrets` Never log or commit credentials
37
- - `database-migrations` — Always use migration files
38
- - `no-destructive-commands` No rm -rf, DROP, TRUNCATE without approval
39
- - `no-new-deps-without-approval` No new packages without approval
40
- - `no-hardcoded-urls` No hardcoded API URLs, base URLs, endpoints
41
- - `no-sudo-commands` No sudo/su/root commands without approval
42
- - `rate-limiting` Limit tool calls and API loops
43
- - `no-console-in-production` No console.log in production code
67
+ | Name | What it prevents |
68
+ |------|------------------|
69
+ | `no-plaintext-secrets` | Logging or committing credentials |
70
+ | `database-migrations` | Direct schema changes instead of migrations |
71
+ | `no-destructive-commands` | rm -rf, DROP TABLE, TRUNCATE without approval |
72
+ | `no-new-deps-without-approval` | New packages without approval |
73
+ | `no-hardcoded-urls` | Hardcoded API URLs, base URLs, endpoints |
74
+ | `no-sudo-commands` | sudo/su/root commands without approval |
75
+ | `rate-limiting` | Runaway tool calls and API loops |
76
+ | `no-console-in-production` | console.log in production code |
77
+
78
+ ## Troubleshooting
79
+
80
+ - **"Unknown guardrail"** — Run `npx guardrails-ref list .` to see available names
81
+ - **Setup not working** — Try `npx guardrails-ref setup --remove` then `npx guardrails-ref setup` again
82
+
83
+ ## Links
84
+
85
+ - [GitHub](https://github.com/9atar6/agent-guardrails) — Full repo, spec, examples
86
+ - [Changelog](https://github.com/9atar6/agent-guardrails/blob/main/CHANGELOG.md) — Version history
44
87
 
45
88
  ## License
46
89
 
package/examples/README.md ADDED
@@ -0,0 +1,16 @@
1
+ # Example Guardrails
2
+
3
+ Reference guardrails you can add with `npx guardrails-ref add <name>`.
4
+
5
+ | Name | What it prevents |
6
+ |------|------------------|
7
+ | `no-plaintext-secrets` | Logging or committing API keys, passwords, tokens |
8
+ | `database-migrations` | Direct schema changes instead of migrations |
9
+ | `no-destructive-commands` | `rm -rf`, `DROP TABLE`, `TRUNCATE` without approval |
10
+ | `no-new-deps-without-approval` | New packages without human confirmation |
11
+ | `no-hardcoded-urls` | Hardcoded API URLs, base URLs, endpoints |
12
+ | `no-sudo-commands` | `sudo`, `su`, or root commands without approval |
13
+ | `rate-limiting` | Runaway tool calls and API loops |
14
+ | `no-console-in-production` | `console.log` in production code |
15
+
16
+ Each example lives in its own directory with a `GUARDRAIL.md` file. See the [specification](../spec/specification.md) for the format.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "guardrails-ref",
3
- "version": "1.0.4",
3
+ "version": "1.0.5",
4
4
  "description": "Validate and manage Agent Guardrails (GUARDRAIL.md) — init, add, remove, setup, validate, list",
5
5
  "type": "module",
6
6
  "main": "dist/validate.js",
@@ -43,6 +43,7 @@
43
43
  },
44
44
  "files": [
45
45
  "dist",
46
- "examples"
46
+ "examples",
47
+ "README.md"
47
48
  ]
48
49
  }