Skip to content

v8.0.0: Agentic programming guardrails#2

Merged
shaunburdick merged 7 commits into
mainfrom
008-v800-agentic-guardrails
Jun 7, 2026
Merged

v8.0.0: Agentic programming guardrails#2
shaunburdick merged 7 commits into
mainfrom
008-v800-agentic-guardrails

Conversation

@shaunburdick

Copy link
Copy Markdown
Owner

Summary

Adds 20+ new ESLint rules targeting common AI coding agent anti-patterns, organized across three phases.

Phase 1 — Built-in & Unicorn Rules

Rule Level
max-params: [error, 5] Prevents parameter bloat
max-depth: [error, 4] Prevents pyramid-of-doom
no-nested-ternary AI nests ternaries excessively
id-length: [min: 2] Single-letter vars
unicorn/throw-new-error Raw string throws
unicorn/consistent-function-scoping Inner functions
unicorn/expiring-todo-comments TODOs without deadlines
6 TypeScript type-checked rules Type safety

Phase 2 — eslint-plugin-llm-core Integration (New Dependency)

  • Complexity config: max-file-length (500, skips blanks), max-function-length, max-nesting-depth, max-params
  • Best-practices: no-async-array-callbacks, no-empty-catch, prefer-early-return, throw-error-objects, no-swallowed-errors, no-commented-out-code, no-llm-artifacts, no-magic-numbers

Phase 3 — React DOM Security Rules

  • @eslint-react/dom-no-unsafe-target-blankerror (external links without rel="noopener noreferrer")
  • @eslint-react/dom-no-missing-iframe-sandboxwarn (iframes without sandbox)
  • @eslint-react/dom-no-missing-button-typewarn (buttons without explicit type)

Refactoring

  • Test files updated to follow new rules (named constants, removed commented-out code)

Changed Files

 AGENTS.md                  |   7 +++-
 eslint/CHANGELOG.md        |  56 ++++++++++++++++++++++++++++
 eslint/es6/index.js        |  16 +++++++-
 eslint/es6/rules.js        |  92 ++++++++++++++++++++++++++++++++++++++++++++++
 eslint/package-lock.json   |  21 +++++++++++
 eslint/package.json        |   5 ++-
 eslint/react/rules.js      |  18 +++++++++
 eslint/test/test.js        |  10 +++--
 eslint/typescript/rules.js |  41 +++++++++++++++++++--
 9 files changed, 254 insertions(+), 12 deletions(-)

Closes: #2

Add built-in ESLint and unicorn rules targeting common AI agent
anti-patterns with zero new dependencies:

- max-params, max-depth, no-nested-ternary, id-length, no-useless-assignment
- unicorn/throw-new-error, no-await-expression-member, no-useless-undefined,
  no-useless-spread, consistent-function-scoping, expiring-todo-comments
- TypeScript: await-thenable, use-unknown-in-catch, no-unnecessary-type-assertion,
  restrict-template-expressions, unbound-method

These rules catch god functions, silent error swallowing, nested ternaries,
single-letter variables, redundant assignments, and type safety issues
common in AI-generated code.
Integrate eslint-plugin-llm-core with complexity config + select
best-practices rules targeting AI anti-patterns:

- complexity: max-file-length (400), max-function-length, max-nesting-depth, max-params
- best-practices: no-async-array-callbacks, no-empty-catch, prefer-early-return,
  throw-error-objects, no-swallowed-errors, no-commented-out-code, no-llm-artifacts
- no-magic-numbers with ignoreObjectProperties and allow list

Also refactored test files to use named constants instead of magic numbers
and removed eslint-disable comments from typescript/rules.js
Add @eslint-react strict preset rules targeting security issues
AI coding agents frequently introduce in React components:

- dom-no-unsafe-target-blank: require rel=noopener on external links
- dom-no-missing-iframe-sandbox: require sandbox attribute on iframes
- dom-no-missing-button-type: require explicit type on buttons
Add comprehensive changelog documenting all new rules added
across all three phases of agentic programming guardrails.
Add eslint-plugin-llm-core to plugin listings, update version
history, dependencies, and version number.
400 lines of actual code (skipping blanks) felt too tight for
React component files with JSX + logic. 500 gives reasonable
leeway while still keeping the guardrail active.
Move new Phase 1-3 rules into their correct alphabetical positions:
- es6: swap max-depth/max-params, fix no-* section order,
       merge unicorn rules alphabetically, sort llm-core rules
- typescript: integrate 5 new @typescript-eslint type-aware rules
              into existing alphabetical positions
- react: reorder @eslint-react rules (dom-* before jsx-* before no-*)
@shaunburdick shaunburdick merged commit 2f4e1be into main Jun 7, 2026
13 checks passed
@shaunburdick shaunburdick deleted the 008-v800-agentic-guardrails branch June 7, 2026 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant