{"id":"jzocb-agent-guardrails","name":"agent-guardrails","homepage":null,"repo_url":"https://github.com/jzOcb/agent-guardrails","category":"devtools","subcategories":[],"tags":["devtools","ai-guardrails","git-hooks","security","secret-scanning","policy-enforcement","automation"],"what_it_does":"Agent-guardrails is a shell-based toolkit that installs and wires mechanical enforcement for AI coding agents via git pre-commit hooks and local validation scripts. It helps prevent common bypass patterns and hardcoded secret leaks, and encourages an import-based “registry” pattern (via a project __init__.py template) so new code imports validated functions rather than reimplementing them.","use_cases":["Prevent AI coding agents from committing code that bypasses established project standards (via pre-commit hooks).","Detect and block hardcoded secrets (tokens/keys/passwords) before they are committed.","Verify that newly created/modified files follow expected structure (duplicate functions, missing imports, bypass patterns).","Establish an import registry pattern to constrain agent-written code to approved interfaces."],"not_for":["Organizations needing a networked SaaS API with centralized policy management.","Teams requiring fine-grained, user-specific authorization and auditing for every enforcement decision (this appears local and repo-scoped).","Workflows that cannot use git hooks or cannot run local scripts during development/CI."],"best_when":"Used in repositories where developers already allow local git hooks and want deterministic, repo-local enforcement against agent-generated code.","avoid_when":"Avoid if your team cannot tolerate blocking commits/edits based on heuristic pattern matching, or if your workflow disallows modification of git hooks and project files (e.g., pre-commit).","alternatives":["Dedicated secret scanning tools (e.g., Gitleaks/TruffleHog) combined with CI enforcement.","Conventional pre-commit frameworks (pre-commit.ci) with generic hooks (secret detection, linting, policy checks).","Static analysis and policy-as-code tools (e.g., OPA Gatekeeper for relevant environments, or custom linters).","Language-specific unit/integration tests to validate behavior rather than relying on string-based bypass detection."],"af_score":39.5,"security_score":25.0,"reliability_score":22.5,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:32:56.591420+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No network authentication described; enforcement is local via scripts and git hooks. Any secrets scanned are in-repo content; no credentials/keys are shown to be required to run the tools."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"License is MIT; pricing details for any hosted service are not provided."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":39.5,"security_score":25.0,"reliability_score":22.5,"mcp_server_quality":0.0,"documentation_accuracy":45.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":100.0,"rate_limit_clarity":0.0,"tls_enforcement":0.0,"auth_strength":20.0,"scope_granularity":10.0,"dependency_hygiene":40.0,"secret_handling":60.0,"security_notes":"The toolkit’s primary security mechanism is deterministic, local enforcement: a pre-commit hook intended to block hardcoded secrets and bypass patterns, plus additional scripts for secret scanning and post-create validation. However, from the provided README alone, secret-detection method quality (regexes, entropy checks, allowlists), false-positive handling, and structured error reporting are not verifiable. The project depends on shell scripts and a pre-commit hook; supply-chain and dependency hygiene cannot be assessed from the provided content.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Heuristic bypass-pattern detection can produce false positives/negatives (e.g., legitimate “TODO: integrate” strings).","If the import registry is not enforced consistently (e.g., missing __init__.py generation or agent ignores it), agents may still bypass by copying/reimplementing logic.","Repo-local hooks run only where git hooks are installed/enabled; bypasses remain possible in environments that don’t run hooks (e.g., direct CI pushes without hooks)."]}}