Skip to content

v0.1.0 — first release

Choose a tag to compare

View all tags
@hamr0 hamr0 released this 30 Apr 14:41
· 81 commits to main since this release
v0.1.0
529ff0e

First release of bareguard. Action-side runtime policy library for autonomous agents — bounds what the agent does, not what it says.

What's in v0.1.0

  • Single Gate class with three call sites (redact, check, record) plus run / allows / haltContext / terminate.
  • Ten primitives (twelve minus rate limits): bash, budget, fs, net, limits, tools, secrets, audit, content, approval. Each in its own file, src/primitives/*.js.
  • Severity-graded decisions (action vs halt) — halt-severity events (budget exhaustion, maxTurns, terminate) MUST escalate to a human, never bubble to the LLM.
  • One humanChannel callback consolidates ALL ask/halt/topup/terminate. Runner branches on terminal allow/deny only.
  • Single audit file via POSIX O_APPEND atomicity (no lock on Linux/macOS); Windows uses proper-lockfile fallback. Phases: gate, record, approval, halt, topup, terminate.
  • Shared budget across processes via proper-lockfile (the one allowed dep). Versioned format. Rebuilds from audit log on cold start.
  • Six-step eval order (deny > ask > scope > default). Allowlist is scope-only — does NOT silence asks.
  • Safe defaults shipped — DROP TABLE, rm -rf /, destructive verbs.
  • 30/30 tests passing on Linux, macOS, Windows × Node 20, Node 22 (matrix CI).
  • 931 LOC source (under PRD §21's 1000 target).

Install

npm install bareguard

See README for usage, bareguard.context.md for the LLM integration guide, CHANGELOG for full release notes.

Sibling of bareagent in the bare suite.

Assets 2
Loading