There is a consumer guide that sets out how to use the package. In essence you decide which controls you want, if they are warnings or prevention, and then we generate a guardrails.yaml which is used by the GitHub hooks.
We also provide a utility to generate a markdown file RIPSTOP.md you can include into your AGENTS.md so the LLM knows the environment it is in.
The full set of controls:
pii: Common PII patterns in files you commit (with exemptions)
path-guard: Changes under protected globs need an approval trailer in the final commit message (e.g. CHANGE-APPROVED: TICKET-123).
test-skip: New or disallowed test-skip / disabled-test patterns; optional ticket requirement.
history-guard: Force-push and remote branch delete on protected branch patterns.
ripstop-md-fresh: Committed RIPSTOP.md exists and its embedded config hash matches the resolved guardrails.yaml.
reflog-witness: Appends witness JSON per run.
Some technical commentary.
There is a consumer guide that sets out how to use the package. In essence you decide which controls you want, if they are warnings or prevention, and then we generate a guardrails.yaml which is used by the GitHub hooks.
We also provide a utility to generate a markdown file RIPSTOP.md you can include into your AGENTS.md so the LLM knows the environment it is in.
The full set of controls:
pii: Common PII patterns in files you commit (with exemptions) path-guard: Changes under protected globs need an approval trailer in the final commit message (e.g. CHANGE-APPROVED: TICKET-123). test-skip: New or disallowed test-skip / disabled-test patterns; optional ticket requirement. history-guard: Force-push and remote branch delete on protected branch patterns. ripstop-md-fresh: Committed RIPSTOP.md exists and its embedded config hash matches the resolved guardrails.yaml. reflog-witness: Appends witness JSON per run.