Documentation
Quick start
npx guardrails-ref initCreates .agents/guardrails/, adds no-plaintext-secrets, configures Cursor, Claude Code, VS Code Copilot, Windsurf, Continue, and JetBrains.
Use init --preset default to add the default preset (4 guardrails) instead of one.
Use init --user for ~/.agents/guardrails/ (user-level). Use init --dry-run to preview without writing.
Run npx guardrails-ref setup so the AI reads your guardrails. Required until IDEs add native support.
Add more
npx guardrails-ref add no-destructive-commandsadd --preset default, security, quality, frontend, api, backend, data, production.
Combine: add --preset default,frontend.
40 reference guardrails with descriptions and add commands.
Run npx guardrails-ref add --list to list available guardrails.
Commands
| Command | Description |
|---|---|
init | Create dir, add example, run setup |
init --preset default | Add preset instead of single example |
init --minimal | Create .agents/guardrails/ only (no example, no setup) |
init --dry-run | Preview what would be created without writing |
add <name> | Add guardrail(s) |
add --dry-run | Preview what would be added without writing |
add --preset default | Add default preset (4 guardrails) |
add --preset default,frontend | Add multiple presets (comma-separated) |
add --preset security | Add security preset (15 guardrails) |
add --preset quality | Add quality preset (11 guardrails) |
add --preset frontend | Add frontend preset (7 guardrails) |
add --preset api | Add API preset (5 guardrails) |
add --preset production | Add production preset (12 guardrails) |
watch | Watch guardrails and rerun check and test --suggest on changes |
remove <name> | Remove guardrail |
remove <name> --dry-run | Preview what would be removed without writing |
setup | Add rule to Cursor, Claude Code, Copilot, Windsurf, Continue, JetBrains |
setup --remove | Undo setup |
setup --pre-commit | Add guardrails check to pre-commit (Husky or pre-commit) |
setup --ide <name> | Target IDE: cursor, claude, copilot, windsurf, continue, jetbrains, junie, or auto |
setup --dry-run | Preview what would be added/removed |
setup --check | Show which IDEs are configured |
setup --check --fail-if-missing | Exit 1 if configured IDE lacks rule (CI) |
validate | Validate guardrail files in the target path |
validate --fix | Apply fixes (whitespace, newline, frontmatter key order) |
validate --fix --dry-run | Preview which files would be fixed without writing |
validate --user | Validate user-level guardrails |
validate --json | JSON output for scripting |
validate --strict | Fail on warnings (CI) |
check | Minimal CI output focused on pass/fail summary |
check --explain | When failing, print grouped remediation hints (CI-friendly) |
test | Basic safety checks (presence, rate-limiting, tools-permissions) |
test --report html | Self-contained HTML report (artifact-friendly) |
test --explain | When failing, print remediation hints (or include remediation in --json) |
health | Combined setup+check+test health status (use --json for CI) |
upgrade | Update to latest templates |
upgrade --user | Upgrade user-level guardrails |
upgrade --dry-run | Preview changes |
diff | Show diff between installed and templates |
drift | Detect drift from reference templates (supports --diff and --json) |
list | List available guardrails (name and path) |
list --user | List user-level guardrails |
list --json | JSON output for scripting |
list --compact | One name per line (for piping) |
why <name> | Show guardrail template content (full rationale and body) |
why <name> --json | JSON output (name, description, body) |
--debug | Global flag: log filesystem read/write paths to stderr (or set GUARDRAILS_REF_DEBUG=1) |
scaffold <name> | Create a new guardrail skeleton with frontmatter and sections |
scaffold <name> --interactive | Guided wizard: prompts for description, triggers, instructions, reason |
presets | List all preset bundles and their guardrails (use --json) |
explain | Summarize installed guardrails (names, scopes, severities, triggers). Supports --json |
report | Create a markdown report scaffold (combine with test --report markdown --badge) |
validate --lint-rules | Run extra static quality checks on guardrail bodies (weak language, short sections) |
snapshot | Write deterministic JSON snapshot (guardrail hashes + effective config + current test results) |
attack-test | Adversarial attack suite against an agent endpoint (supports --suite and --suite-file) |
Scripting & CI
For pipelines and tooling:
npx guardrails-ref add --dry-run no-destructive-commandsPreview what would be added without writing files.
npx guardrails-ref list . --compact | xargs -I {} npx guardrails-ref why {}One name per line for piping. Combine with why to inspect each.
npx guardrails-ref why no-plaintext-secrets --jsonMachine-readable output (name, description, body) for tooling.
npx guardrails-ref setup --check --fail-if-missingExit 1 if configured IDE lacks the guardrail rule (CI enforcement).
GUARDRAILS_REF_READONLY=1 npx guardrails-ref validate --fixGlobal read-only mode: behave as if --dry-run is enabled for write-capable commands.
npx guardrails-ref test . --jsonMachine-readable safety check: verify guardrails are present (including rate-limiting and tools-permissions), plus scorePercent and attackCoverage.
npx guardrails-ref health . --jsonOne JSON for dashboards: IDE setup status + guardrails validation + safety test summary.
npx guardrails-ref drift . --jsonDetect drift between installed guardrails and templates (great for CI gating).
npx guardrails-ref snapshot . --out guardrails-snapshot.jsonWrite an audit artifact (hashes + effective policy + current safety score) as a CI artifact.
npx guardrails-ref attack-test --target http://localhost:4000 --suite-file .guardrails-attack-suite.json --jsonRun a customizable adversarial suite against your agent HTTP endpoint (JSON suite file + JSON output).
npx guardrails-ref test . --min-score 80 --require-categories secrets,destructive,prompt --require-guardrails no-plaintext-secrets,no-destructive-commands,no-prompt-leaks,tools-permissionsEnforce minimum safety score, required categories, and required guardrails in CI using a single command.
npx guardrails-ref suggest-pack . --jsonGenerate a suggested combination of presets and a starter .guardrails-ref.json for onboarding new repos; pipe the JSON into CI or tooling.
Profiles & Policy
Create a .guardrails-ref.json at the project root to configure policy, thresholds, and required guardrails:
{
"test": { "minScorePercent": 70, "requireCategories": ["secrets"] },
"profiles": {
"ci": { "test": { "minScorePercent": 90 } },
"dev": { "test": { "minScorePercent": 50 } }
}
}Activate a profile with --profile ci or the GUARDRAILS_REF_PROFILE env variable. Merge order: base config → profile overlay → CLI flags.
Supported by validate, check, test, health, drift, and snapshot.
Use extends to inherit from shared policy packs:
{
"extends": ["./shared-policy"],
"test": { "minScorePercent": 85 }
}More
README · Examples · Pre-commit · npm · guardrails-ref presets · .guardrails-ref.json for project policy