Agent Guardrails
Mechanical enforcement for AI agent project standards. Rules in markdown are suggestions. Code hooks are laws.
Quick Start
CODEBLOCK0
This installs the git pre-commit hook, creates a registry template, and copies check scripts into your project.
Enforcement Hierarchy
- 1. Code hooks (git pre-commit, pre/post-creation checks) — 100% reliable
- Architectural constraints (registries, import enforcement) — 95% reliable
- Self-verification loops (agent checks own work) — 80% reliable
- Prompt rules (AGENTS.md, system prompts) — 60-70% reliable
- Markdown rules — 40-50% reliable, degrades with context length
Tools Provided
Scripts
| Script | When to Run | What It Does |
|---|
| INLINECODE0 | Once per project | Installs hooks and scaffolding |
| INLINECODE1 |
Before creating new
.py files | Lists existing modules/functions to prevent reimplementation |
|
post-create-validate.sh | After creating/editing
.py files | Detects duplicates, missing imports, bypass patterns |
|
check-secrets.sh | Before commits / on demand | Scans for hardcoded tokens, keys, passwords |
|
create-deployment-check.sh | When setting up deployment verification | Creates .deployment-check.sh, checklist, and git hook template |
|
install-skill-feedback-loop.sh | When setting up skill update automation | Creates detection, auto-commit, and git hook for skill updates |
Assets
| Asset | Purpose |
|---|
| INLINECODE8 | Ready-to-install git hook blocking bypass patterns and secrets |
| INLINECODE9 |
Template
__init__.py for project module registries |
References
| File | Contents |
|---|
| INLINECODE11 | Research on why code > prompts for enforcement |
| INLINECODE12 |
Template AGENTS.md with mechanical enforcement rules |
|
deployment-verification-guide.md | Full guide on preventing deployment gaps |
|
skill-update-feedback.md | Meta-enforcement: automatic skill update feedback loop |
|
SKILL_CN.md | Chinese translation of this document |
Usage Workflow
Setting up a new project
CODEBLOCK1
Before creating any new .py file
CODEBLOCK2
Review the output. If existing functions cover your needs, import them.
After creating/editing a .py file
CODEBLOCK3
Fix any warnings before proceeding.
Setting up deployment verification
CODEBLOCK4
This creates:
- -
.deployment-check.sh - Automated verification script - INLINECODE17� - Full deployment workflow
- INLINECODE18� - Git hook template
Then customize:
- 1. Add tests to
.deployment-check.sh for your integration points - Document your flow in �INLINECODE20
- Install the git hook
See references/deployment-verification-guide.md for full guide.
Adding to AGENTS.md
Copy the template from references/agents-md-template.md and adapt to your project.
中文文档 / Chinese Documentation
See references/SKILL_CN.md for the full Chinese translation of this skill.
Common Agent Failure Modes
1. Reimplementation (Bypass Pattern)
Symptom: Agent creates "quick version" instead of importing validated code.
Enforcement: pre-create-check.sh +
post-create-validate.sh + git hook
2. Hardcoded Secrets
Symptom: Tokens/keys in code instead of env vars.
Enforcement: check-secrets.sh + git hook
3. Deployment Gap
Symptom: Built feature but forgot to wire it into production. Users don't receive benefit.
Example: Updated
notify.py but cron still calls old version.
Enforcement: .deployment-check.sh + git hook
This is the hardest to catch because:
- - Code runs fine when tested manually
- Agent marks task "done" after writing code
- Problem only surfaces when user complains
Solution: Mechanical end-to-end verification before allowing "done."
4. Skill Update Gap (META - NEW)
Symptom: Built enforcement improvement in project but forgot to update the skill itself.
Example: Created deployment verification for Project A, but other projects don't benefit because skill wasn't updated.
Enforcement: install-skill-feedback-loop.sh → automatic detection + semi-automatic commit
This is a meta-failure mode because:
- - It's about enforcement improvements themselves
- Without fix: improvements stay siloed
- With fix: knowledge compounds automatically
Solution: Automatic detection of enforcement improvements with task creation and semi-automatic commits.
Key Principle
Don't add more markdown rules. Add mechanical enforcement.
If an agent keeps bypassing a standard, don't write a stronger rule — write a hook that blocks it.
Corollary: If an agent keeps forgetting integration, don't remind it — make it mechanically verify before commit.
代理防护栏
针对AI代理项目标准的机械强制执行。Markdown中的规则是建议,代码钩子才是法律。
快速开始
bash
cd your-project/
bash /path/to/agent-guardrails/scripts/install.sh
这将安装git预提交钩子,创建注册表模板,并将检查脚本复制到您的项目中。
执行层级
- 1. 代码钩子(git预提交、创建前/创建后检查)— 100%可靠
- 架构约束(注册表、导入强制执行)— 95%可靠
- 自我验证循环(代理检查自身工作)— 80%可靠
- 提示规则(AGENTS.md、系统提示)— 60-70%可靠
- Markdown规则 — 40-50%可靠,随上下文长度增加而降低
提供的工具
脚本
| 脚本 | 运行时机 | 功能 |
|---|
| install.sh | 每个项目一次 | 安装钩子和脚手架 |
| pre-create-check.sh |
创建新的.py文件之前 | 列出已有模块/函数,防止重复实现 |
| post-create-validate.sh | 创建/编辑.py文件之后 | 检测重复、缺失导入、绕过模式 |
| check-secrets.sh | 提交前/按需运行 | 扫描硬编码的令牌、密钥、密码 |
| create-deployment-check.sh | 设置部署验证时 | 创建.deployment-check.sh、检查清单和git钩子模板 |
| install-skill-feedback-loop.sh | 设置技能更新自动化时 | 创建技能更新的检测、自动提交和git钩子 |
资源文件
| 文件 | 用途 |
|---|
| pre-commit-hook | 即装即用的git钩子,阻止绕过模式和密钥泄露 |
| registry-template.py |
项目模块注册表的
init.py模板 |
参考资料
| 文件 | 内容 |
|---|
| enforcement-research.md | 关于为什么代码比提示更可靠的研究 |
| agents-md-template.md |
包含机械执行规则的AGENTS.md模板 |
| deployment-verification-guide.md | 防止部署漏洞的完整指南 |
| skill-update-feedback.md | 元执行:自动技能更新反馈循环 |
| SKILL_CN.md | 本文档的中文翻译 |
使用流程
设置新项目
bash
bash scripts/install.sh /path/to/project
创建任何新的.py文件之前
bash
bash scripts/pre-create-check.sh /path/to/project
查看输出。如果已有函数满足需求,请直接导入。
创建/编辑.py文件之后
bash
bash scripts/post-create-validate.sh /path/to/new_file.py
在继续之前修复所有警告。
设置部署验证
bash
bash scripts/create-deployment-check.sh /path/to/project
这将创建:
- - .deployment-check.sh - 自动化验证脚本
- DEPLOYMENT-CHECKLIST.md - 完整部署工作流程
- .git-hooks/pre-commit-deployment - Git钩子模板
然后进行自定义:
- 1. 为您的集成点向.deployment-check.sh添加测试
- 在DEPLOYMENT-CHECKLIST.md中记录您的流程
- 安装git钩子
完整指南请参阅references/deployment-verification-guide.md。
添加到AGENTS.md
从references/agents-md-template.md复制模板并根据您的项目进行调整。
中文文档
完整的中文翻译请参阅references/SKILL_CN.md。
常见代理故障模式
1. 重复实现(绕过模式)
症状: 代理创建快速版本而不是导入已验证的代码。
执行: pre-create-check.sh + post-create-validate.sh + git钩子
2. 硬编码密钥
症状: 代码中包含令牌/密钥而非环境变量。
执行: check-secrets.sh + git钩子
3. 部署漏洞
症状: 构建了功能但忘记接入生产环境。用户无法受益。
示例: 更新了notify.py但cron仍调用旧版本。
执行: .deployment-check.sh + git钩子
这是最难捕获的,因为:
- - 手动测试时代码运行正常
- 代理在编写代码后将任务标记为完成
- 只有用户投诉时问题才会暴露
解决方案: 在允许标记完成之前进行机械化的端到端验证。
4. 技能更新漏洞(元级 - 新增)
症状: 在项目中构建了执行改进但忘记更新技能本身。
示例: 为项目A创建了部署验证,但其他项目无法受益,因为技能未更新。
执行: install-skill-feedback-loop.sh → 自动检测 + 半自动提交
这是一个元故障模式,因为:
- - 它关乎执行改进本身
- 不修复:改进被孤立
- 修复后:知识自动累积
解决方案: 自动检测执行改进,配合任务创建和半自动提交。
关键原则
不要添加更多Markdown规则。添加机械强制执行。
如果代理持续绕过某个标准,不要编写更强的规则——编写一个能阻止它的钩子。
推论: 如果代理持续忘记集成,不要提醒它——让它在提交前进行机械验证。
