v8.0.0: Agentic programming guardrails#2
Merged
Conversation
Add built-in ESLint and unicorn rules targeting common AI agent anti-patterns with zero new dependencies: - max-params, max-depth, no-nested-ternary, id-length, no-useless-assignment - unicorn/throw-new-error, no-await-expression-member, no-useless-undefined, no-useless-spread, consistent-function-scoping, expiring-todo-comments - TypeScript: await-thenable, use-unknown-in-catch, no-unnecessary-type-assertion, restrict-template-expressions, unbound-method These rules catch god functions, silent error swallowing, nested ternaries, single-letter variables, redundant assignments, and type safety issues common in AI-generated code.
Integrate eslint-plugin-llm-core with complexity config + select best-practices rules targeting AI anti-patterns: - complexity: max-file-length (400), max-function-length, max-nesting-depth, max-params - best-practices: no-async-array-callbacks, no-empty-catch, prefer-early-return, throw-error-objects, no-swallowed-errors, no-commented-out-code, no-llm-artifacts - no-magic-numbers with ignoreObjectProperties and allow list Also refactored test files to use named constants instead of magic numbers and removed eslint-disable comments from typescript/rules.js
Add @eslint-react strict preset rules targeting security issues AI coding agents frequently introduce in React components: - dom-no-unsafe-target-blank: require rel=noopener on external links - dom-no-missing-iframe-sandbox: require sandbox attribute on iframes - dom-no-missing-button-type: require explicit type on buttons
Add comprehensive changelog documenting all new rules added across all three phases of agentic programming guardrails.
Add eslint-plugin-llm-core to plugin listings, update version history, dependencies, and version number.
400 lines of actual code (skipping blanks) felt too tight for React component files with JSX + logic. 500 gives reasonable leeway while still keeping the guardrail active.
Move new Phase 1-3 rules into their correct alphabetical positions:
- es6: swap max-depth/max-params, fix no-* section order,
merge unicorn rules alphabetically, sort llm-core rules
- typescript: integrate 5 new @typescript-eslint type-aware rules
into existing alphabetical positions
- react: reorder @eslint-react rules (dom-* before jsx-* before no-*)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds 20+ new ESLint rules targeting common AI coding agent anti-patterns, organized across three phases.
Phase 1 — Built-in & Unicorn Rules
max-params: [error, 5]max-depth: [error, 4]no-nested-ternaryid-length: [min: 2]unicorn/throw-new-errorunicorn/consistent-function-scopingunicorn/expiring-todo-commentsPhase 2 — eslint-plugin-llm-core Integration (New Dependency)
no-async-array-callbacks,no-empty-catch,prefer-early-return,throw-error-objects,no-swallowed-errors,no-commented-out-code,no-llm-artifacts,no-magic-numbersPhase 3 — React DOM Security Rules
@eslint-react/dom-no-unsafe-target-blank— error (external links withoutrel="noopener noreferrer")@eslint-react/dom-no-missing-iframe-sandbox— warn (iframes without sandbox)@eslint-react/dom-no-missing-button-type— warn (buttons without explicit type)Refactoring
Changed Files
Closes: #2