Skip to main content
Glama

๐Ÿ›ก๏ธ DocGuard

English ยท Portuguรชs (BR) ยท Espaรฑol

The enforcement layer for Spec-Driven Development. Validate. Score. Enforce. Ship documentation that AI agents can actually use.

CI npm npm downloads PyPI License: MIT Node.js Runtime deps Spec Kit Extension


โœจ See what DocGuard catches in 30 seconds โ€” no install, no setup:

npx docguard-cli demo

Runs against a baked-in sample project with intentional drift and shows you the findings + a clear path to fixing them.

DocGuard demo


Table of Contents


Related MCP server: EasyPeasyMCP

What is DocGuard?

DocGuard enforces Canonical-Driven Development (CDD) โ€” a methodology where documentation is the source of truth, not an afterthought. AI writes the docs, DocGuard validates them.

Traditional Development

Canonical-Driven Development

Code first, docs maybe

Docs first, code conforms

Docs rot silently

Drift is tracked and enforced

Docs are optional

Docs are required and validated

One AI agent, one context

Any agent, shared context via canonical docs

DocGuard is an official GitHub Spec Kit community extension. It validates the artifacts that Spec Kit creates, ensuring your specs stay high-quality throughout the development lifecycle.

๐Ÿ“– Philosophy ยท ๐Ÿ“‹ CDD Standard ยท โš–๏ธ Comparisons ยท ๐Ÿ—บ๏ธ Roadmap

Architecture

graph TD
    CLI["CLI Entry<br/>docguard.mjs"] --> Commands["Commands (18)"]
    Commands --> guard["guard"]
    Commands --> generate["generate"]
    Commands --> score["score"]
    Commands --> diagnose["diagnose"]
    Commands --> setup["setup wizard"]
    Commands --> other["diff ยท init ยท fix ยท trace ยท impact ยท sync<br/>explain ยท memory ยท upgrade ยท agents ยท hooks ยท badge ยท ci ยท watch"]

    guard --> Validators["Validators (24)"]
    generate --> Scanners["Scanners (4)<br/>routes ยท schemas ยท doc-tools ยท speckit"]
    score --> Scoring["Weighted Scoring<br/>8 categories"]
    diagnose --> Validators
    diagnose --> AIPrompts["AI-Ready<br/>Fix Prompts"]

    Validators --> Output["Output"]
    Scanners --> Output
    Scoring --> Output
    Output --> Terminal["Terminal"]
    Output --> JSON["JSON"]
    Output --> Badge["Badge"]

    style CLI fill:#2d5016,color:#fff
    style Validators fill:#1a3a5c,color:#fff
    style Scanners fill:#1a3a5c,color:#fff
    style Output fill:#5c3a1a,color:#fff

Distribution: Node.js core (npm) ยท Python wrapper (PyPI) ยท GitHub Action (action.yml) ยท Spec Kit Extension (ZIP)


Why DocGuard?

Documentation that drifts from code is worse than no documentation โ€” it confidently misleads humans and AI agents alike. DocGuard treats your canonical docs as an enforced contract: deterministic validators diff what the docs claim against what the code does, on every commit, with no LLM required. The full thesis (and the research behind it) lives in PHILOSOPHY.md; recent feature highlights moved below.


โšก Quick Start

Package naming: this repo is raccioly/docguard; the published package is docguard-cli on both npm and PyPI; the installed command is docguard. Same project โ€” the -cli suffix is just the registry name. The package runs no install scripts, so npm i -g docguard-cli --ignore-scripts is equivalent.

Node.js (npm)

# No install needed โ€” run directly
npx docguard-cli diagnose

# Or install globally
npm i -g docguard-cli
docguard diagnose

Python (PyPI)

pip install docguard-cli
docguard diagnose

Note: The Python package is a thin wrapper that delegates to npx. Node.js 18+ is required on the system.

More ways to integrate

  • pre-commit โ€” changed-only guard on every commit:

    repos:
      - repo: https://github.com/raccioly/docguard
        rev: v0.29.0
        hooks: [{ id: docguard-guard }]   # docguard-guard-full for pre-push
  • MCP (Claude, Cursor, any MCP client) โ€” claude mcp add docguard -- npx -y docguard-cli mcp; 5 read-only tools (guard, score, explain, verify-claims, diagnose). Registry manifest ships in-repo (server.json, Smithery-ready).

  • GitLab CI โ€” component staged at templates/ci/gitlab-component.yml (guard/score/ci job with a SARIF artifact).

  • Homebrew โ€” brew install raccioly/tap/docguard (formula in packaging/homebrew/).

Core Workflow

# 1. Initialize docs for your project
npx docguard-cli init

# 2. Or reverse-engineer docs from existing code
npx docguard-cli generate

# 3. AI diagnoses issues and generates fix prompts
npx docguard-cli diagnose

# 4. Validate โ€” use as CI gate
npx docguard-cli guard

# 5. Check maturity score
npx docguard-cli score

The AI Loop

diagnose  โ†’  AI reads prompts  โ†’  AI fixes docs  โ†’  guard verifies
   โ†‘                                                       โ†“
   โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ issues found? โ†โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

diagnose is the primary command. It runs all validators, maps every failure to an AI-actionable fix prompt, and outputs a remediation plan. Your AI agent runs it, fixes the docs, and runs guard to verify.

Mechanical vs. agent fixes

DocGuard splits drift into two kinds and is explicit about which is which:

Kind

Example

How it's fixed

Mechanical (deterministic)

An endpoint documented in API-REFERENCE.md that the OpenAPI spec confirms is gone

docguard fix --write deletes the row + detail block itself โ€” no AI

Agent (needs judgment)

Rewriting an X-Ray prose section as CloudWatch; writing a new endpoint's request/response

Routed to an AI agent via diagnose / fix --doc prompts

docguard fix --write only touches docs marked <!-- docguard:generated true --> (override with --force), is idempotent, and prints exactly what changed. It never rewrites prose โ€” that stays with the agent.

Hands-off loop (set and forget)

guard โ”€โ”€โ–ถ fix --write (mechanical, auto) โ”€โ”€โ–ถ guard โ”€โ”€โ–ถ diagnose (agent prompts for the rest)
  • CI / pre-commit: docguard hooks --type pre-commit --auto-fix installs a hook that applies mechanical fixes, re-stages the docs, then runs guard; anything left is surfaced as agent prompts.

  • Agent-driven: docguard diagnose --auto scaffolds missing docs and applies mechanical fixes, then emits prompts for the content rewrites that remain.

  • JSON for automation: guard/diagnose --format json include a mechanicalFixes array and tag each issue mechanical vs agent, so an agent can apply or delegate precisely.


๐ŸŒฑ Spec Kit Integration

DocGuard is a community extension for GitHub's Spec Kit framework. While Spec Kit focuses on creating specifications (via AI slash commands like /speckit.specify and /speckit.plan), DocGuard focuses on validating their quality.

How They Work Together

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”          โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚    Spec Kit      โ”‚          โ”‚    DocGuard       โ”‚
โ”‚                  โ”‚          โ”‚                   โ”‚
โ”‚  /speckit.specifyโ”‚ โ”€โ”€โ”€โ”€โ”€โ”€โ†’  โ”‚  docguard guard   โ”‚
โ”‚  Creates specs   โ”‚          โ”‚  Validates specs  โ”‚
โ”‚  (AI-driven)     โ”‚          โ”‚  (automated)      โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜          โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Phase

Tool

What happens

1. Initialize

specify init

Creates .specify/ directory and templates

2. Write specs

/speckit.specify

AI creates spec.md with FR-IDs, user stories

3. Validate

docguard guard

Checks spec quality (mandatory sections, FR/SC IDs)

4. Plan

/speckit.plan

AI creates plan.md with technical context

5. Validate

docguard guard

Checks plan quality (sections, structure)

6. Tasks

/speckit.tasks

AI creates tasks.md with phased breakdown

7. Validate

docguard guard

Checks task quality (phases, T-IDs)

8. Implement

/speckit.implement

AI writes code

9. Enforce

docguard guard

Final quality gate โ€” CI/CD

What DocGuard Validates in Spec Kit Projects

  • spec.md โ€” Mandatory sections (User Scenarios, Requirements, Success Criteria), FR-xxx IDs, SC-xxx IDs

  • plan.md โ€” Summary, Technical Context, Project Structure sections

  • tasks.md โ€” Phased task breakdown (Phase 1, 2, 3+), T-xxx task IDs

  • constitution.md โ€” Detected at .specify/memory/constitution.md or project root

  • Requirement traceability โ€” FR, SC, NFR, US, AC, UC, SYS, ARCH, MOD, T IDs

Installing as a Spec Kit Extension

specify extension add docguard

This installs DocGuard's slash commands (/docguard.init, /docguard.guard, /docguard.review, /docguard.fix, /docguard.update) into your AI agent's command palette.


Usage

DocGuard ships 18 commands (the "Daily 5" + 13 situational tools, including the zero-install demo and the mcp server). Six additional one-shot scaffolders are accessed via docguard init --with <name>. Eight v0.19 commands continue to work as deprecation aliases through v0.20.x โ€” see MIGRATION-v0.20.md.

The Daily 5 โ€” what you'll reach for 95% of the time:

Command

What It Does

init

Bootstrap a project (--wizard for interactive ยท --with <name> for scaffolders)

guard

Validate against canonical docs โ€” 24 validators

diff

Show gaps between docs and code (--since <ref> for impact mode)

sync

Refresh code-truth doc sections โ€” keeps memory always up to date

score

CDD maturity score (0-100; --diff for delta between refs)

Tools (situational, but day-to-day useful):

Command

Purpose

demo

Zero-install showcase โ€” runs guard against a baked-in drifting fixture (npx docguard-cli demo)

diagnose

AI orchestrator โ€” guard โ†’ emit fix prompts in one command

fix

Generate AI fix instructions for specific docs (--doc <name> --format prompt)

fix --write

Apply deterministic fixes (no AI โ€” version bumps, counts, anchors, sections)

fix --history

Audit log of every mechanical fix applied (from .docguard/fixed.json)

generate

Reverse-engineer docs from existing codebase (--plan for AI scan) โ€” includes auto-generated Mermaid ER diagrams from your detected schemas (Prisma/Drizzle/TypeORM/Sequelize/Django/Rails) in DATA-MODEL.md

agent

One-shot agent task graph โ€” ordered, pre-filled code-truth, per-task verify (--format json)

explain <warning|CODE>

Paste any warning โ€” or a finding code like SEC001 โ€” to get the validator's docstring, fix path, and how to suppress

verify --semantic

Extract documented numbers/limits/enums (retention days, rate limits, GSI/role counts, status enums) as a task list for an agent to check against code โ€” the semantic-drift class regex/AST can't see

verify --instructions

Audit AGENTS.md/CLAUDE.md themselves for drift: duplicate rules, never-vs-always contradictions, stale file pointers, unknown commands โ€” plus clustered rule pairs as agent judgment tasks

feedback

Report likely false positives back to DocGuard โ€” local-first record + a 1-click prefilled, redacted GitHub issue (zero typing)

mcp

MCP server over stdio โ€” exposes guard/score/explain/verify/diagnose as native tools for Claude, Cursor, and any MCP client. Setup: claude mcp add docguard -- npx docguard-cli mcp

memory

Per-domain accuracy headline (endpoints / entities / env / tech)

memory --diff

Drill into which specific claims don't match code

memory --pack

Write .docguard/context-pack.md โ€” compact, code-truth-stamped session-start context for AI agents

score --diff

Drill into which checks pulled each category down

trace / trace --reverse <file>

Requirements traceability โ€” forward AND reverse

trace --features

Per-feature spec-adherence scores (requirement coverage, task completion, task evidence, artifacts) โ€” worst-first with fix hints

upgrade [--apply] [--pr]

Check + migrate .docguard.json schema; --pr opens a PR

watch

Live mode: re-run guard on file changes

init --with <name> scaffolders โ€” picked at init time:

Scaffolder

What It Generates

agents

AGENTS.md, CLAUDE.md, .cursor/rules/, .github/copilot-instructions.md

hooks

Git pre-commit / pre-push hooks

ci

GitHub Actions / pipeline YAML

badge

Shields.io score badges for README

llms

llms.txt (AI-friendly summary)

publish

External doc-site config (Mintlify) โ€” experimental

Run them solo (docguard init --with hooks) or stacked (docguard init --with agents,hooks,badge,ci).

Deprecation aliases โ€” setup ยท agents ยท hooks ยท ci ยท badge ยท llms ยท publish ยท impact keep working in v0.20.x with a yellow stderr warning. audit โ†’ guard is permanent (no warning). See MIGRATION-v0.20.md.

CLI Flags

Flag

Description

Commands

--dir <path>

Project directory (default: .)

All

--verbose

Show detailed output

All

--quiet / -q

Suppress banner โ€” for hooks, CI loops, scripts

All

--format json

Machine-readable output (clean JSON, no ANSI bleed)

guard, score, diff, trace, diagnose, memory, impact, explain

--format sarif

SARIF 2.1.0 output โ€” findings as rules/results for GitHub Code Scanning and SARIF dashboards

guard

--full

Generate llms-full.txt (full doc bodies inlined) instead of the llms.txt link index

llms

--pack

Write .docguard/context-pack.md โ€” agent session-start context

memory

--sync

Regenerate the agent-file family (CLAUDE.md, Copilot, Cursor, โ€ฆ) from AGENTS.md; hash-marked, never touches hand-written files without --force

agents

--check

CI gate for the synced agent-file family โ€” exit 2 when a variant is stale

agents

--force

Overwrite existing files (creates .bak backups)

generate, agents, init

--force-redo

Bypass ping-pong suppression in .docguard/fixed.json

fix --write

--profile <name>

Starter / standard / enterprise

init

--no-spec-kit

Skip auto-init of .specify/ / .agent/ scaffolding

init

--changed-only [--since <ref>]

Pre-commit lite mode (5 fast validators on changed files only)

guard

--timings

Per-validator wall-time profile (slowest first)

guard

--show-failing

Show warnings/errors even when status is PASS

guard

--pin

Record running CLI version into .docguard.json (reproducibility)

guard

--diff

Per-category drill-down

score, memory

--check-only

Exit 1 if behind (for CI)

upgrade

--apply

Actually run the migration

upgrade

--pr

Open a PR with the migration

upgrade

--reverse <file>

Reverse traceability (code โ†’ docs)

trace

--history

Show fix audit log

fix

Example Output

$ npx docguard-cli generate

๐Ÿ”ฎ DocGuard Generate โ€” my-project
   Scanning codebase to generate canonical documentation...

  Detected Stack:
    language: TypeScript ^5.0
    framework: Next.js ^14.0
    database: PostgreSQL
    orm: Drizzle 0.33
    testing: Vitest
    hosting: AWS Amplify

  โœ… ARCHITECTURE.md (4 components, 6 tech)
  โœ… DATA-MODEL.md (12 entities detected)
  โœ… ENVIRONMENT.md (18 env vars detected)
  โœ… TEST-SPEC.md (45 tests, 8/10 services mapped)
  โœ… SECURITY.md (auth: NextAuth.js)
  โœ… REQUIREMENTS.md (spec-kit aligned)
  โœ… AGENTS.md
  โœ… CHANGELOG.md
  โœ… DRIFT-LOG.md

  Generated: 9  Skipped: 0

๐Ÿ” Validators

DocGuard runs 24 automated validators on every guard check. Every one is language-aware as of v0.16 โ€” patterns for Python (test_*.py), Rust (tests/*.rs), Go (*_test.go), Java (*Test.java), Ruby (*_spec.rb), PHP, and JS/TS all match.

#

Validator

What It Checks

Default

1

Structure

Required CDD files exist

โœ… On

2

Doc Sections

Canonical docs have required sections (or N/A markers)

โœ… On

3

Docs-Sync

Routes/services referenced in docs + OpenAPI cross-check

โœ… On

4

Drift-Comments

// DRIFT: comments logged in DRIFT-LOG.md (skips test files by default)

โœ… On

5

Changelog

CHANGELOG.md has [Unreleased] section

โœ… On

6

Test-Spec

Tests exist per TEST-SPEC.md rules

โœ… On

7

Environment

Env vars documented, .env.example exists

โœ… On

8

Security

No hardcoded secrets in source code

โœ… On

9

Architecture

Imports follow layer boundaries (honors config.ignore)

โœ… On

10

Freshness

Docs not stale relative to code changes (rename-aware via git log --follow)

โœ… On

11

Traceability

Requirement IDs (FR, SC, NFR, US, AC, T) trace to tests

โœ… On

12

Docs-Diff

Code artifacts match documented entities

โœ… On

13

API-Surface

API-REFERENCE.md endpoints match real routes (OpenAPI cross-check)

โœ… On

14

Metadata-Sync

Version refs consistent across docs

โœ… On

15

Docs-Coverage

Code features referenced in documentation

โœ… On

16

Doc-Quality

Writing quality (readability, passive voice, atomicity, IEEE 830)

โœ… On

17

TODO-Tracking

Untracked TODOs/FIXMEs and skipped tests (skips test files by default)

โœ… On

18

Schema-Sync

Database models documented in DATA-MODEL.md

โœ… On

19

Spec-Kit

Spec quality validation (FR-IDs, mandatory sections, phased tasks)

โœ… On

20

Cross-Reference

Internal markdown links + anchors resolve (with "did you mean?" hints)

โœ… On

21

Generated-Staleness

source=code sections match scanner output; status: draft doc age

โœ… On

22

Canonical-Sync

DocGuard's own README count claims match code-truth (DocGuard repo only โ€” N/A elsewhere)

โœ… On

23

Metrics-Consistency

Hardcoded numbers match actual counts

โœ… On

24

Surface-Sync

Item-level enumerable drift โ€” names in doc tables/lists (commands, validators, etc.) match code-truth (opt-in via surfaceSync.surfaces; N/A unless configured)

โœ… On

Per-validator controls (in .docguard.json):

{
  "validators": {
    "test-spec": false,                 // disable (kebab-case OR camelCase both accepted)
    "freshness": true
  },
  "severity": {
    "todoTracking": "high",             // warnings fail CI
    "freshness": "low"                  // warnings ignored for exit code
  }
}

๐Ÿ“„ Templates

DocGuard ships 18 professional templates with metadata, badges, and revision history:

Template

Type

Purpose

ARCHITECTURE.md

Canonical

System design, components, layer boundaries

DATA-MODEL.md

Canonical

Schemas, entities, relationships

SECURITY.md

Canonical

Auth, permissions, secrets management

TEST-SPEC.md

Canonical

Test strategy, coverage requirements

ENVIRONMENT.md

Canonical

Environment variables, deployment config

REQUIREMENTS.md

Canonical

Spec-kit aligned FR/SC IDs, user stories

DEPLOYMENT.md

Canonical

Infrastructure, CI/CD, DNS

ADR.md

Canonical

Architecture Decision Records

ROADMAP.md

Canonical

Project phases, feature tracking

KNOWN-GOTCHAS.md

Implementation

Symptom โ†’ gotcha โ†’ fix entries

TROUBLESHOOTING.md

Implementation

Error diagnosis guides

RUNBOOKS.md

Implementation

Operational procedures

VENDOR-BUGS.md

Implementation

Third-party issue tracker

CURRENT-STATE.md

Implementation

Deployment status, tech debt

AGENTS.md

Agent

AI agent behavior rules

CHANGELOG.md

Tracking

Change log

DRIFT-LOG.md

Tracking

Deviation tracking

llms.txt

Generated

AI-friendly project summary (llmstxt.org)


๐Ÿค– AI Agent Support

DocGuard works with every major AI coding agent. All canonical docs are plain markdown โ€” no vendor lock-in.

Agent

Compatibility

Auto-Generate Config

Google Antigravity

โœ…

docguard agents --agent antigravity

Claude Code

โœ…

docguard agents --agent claude

GitHub Copilot

โœ…

docguard agents --agent copilot

Cursor

โœ…

docguard agents --agent cursor

Windsurf

โœ…

docguard agents --agent windsurf

Cline

โœ…

docguard agents --agent cline

Google Gemini CLI

โœ…

docguard agents --agent gemini

Kiro (AWS)

โœ…

โ€”


โšก Slash Commands

DocGuard provides AI agent slash commands for integrated workflows. Installed automatically via docguard init or specify extension add docguard:

Command

What It Does

/docguard.init

Initialize Canonical-Driven Development in a new or existing project

/docguard.guard

Run quality validation โ€” check all 24 validators

/docguard.review

Analyze doc quality and suggest improvements

/docguard.fix

Generate targeted fix prompts for specific issues

/docguard.update

Update canonical docs after code changes โ€” detect drift and sync documentation

These commands are installed into your AI agent's command directory:

.github/commands/     โ†’ GitHub Copilot
.cursor/rules/        โ†’ Cursor
.gemini/commands/     โ†’ Google Gemini
.claude/commands/     โ†’ Claude Code
.agents/workflows/    โ†’ Antigravity

๐Ÿง  AI Skills (Enterprise)

Beyond slash commands, DocGuard provides 4 enterprise-grade AI skills โ€” deep behavior protocols that tell AI agents not just what to run, but how to think, validate, and iterate. Skills are modeled after Spec Kit's skill architecture.

Skill

Lines

What It Does

docguard-guard

155

6-step quality gate with severity triage (CRITICALโ†’LOW), structured reporting, remediation

docguard-fix

195

7-step research workflow with per-document codebase research and 3-iteration validation loops

docguard-review

170

Read-only semantic cross-document analysis with 6 analysis passes and quality scoring

docguard-score

165

CDD maturity assessment with ROI-based improvement roadmap and grade progression

Workflow Hooks

DocGuard integrates into the spec-kit workflow as an automated quality gate:

Hook

When

Behavior

after_implement

After /speckit.implement

Mandatory โ€” always runs DocGuard guard

before_tasks

Before /speckit.tasks

Optional โ€” reviews doc consistency

after_tasks

After /speckit.tasks

Optional โ€” shows CDD maturity score

Orchestration Scripts

For advanced users and CI/CD pipelines, DocGuard includes bash scripts with --json output:

Script

Purpose

docguard-check-docs.sh

Discover project docs, return JSON inventory with metadata

docguard-suggest-fix.sh

Run guard, parse results, output prioritized fixes

docguard-init-doc.sh

Initialize canonical doc with metadata header


๐Ÿ“ Examples

Three real-world projects to see DocGuard in action:

Example

Scenario

What You'll See

01-express-api

Node.js API with zero docs

Cold-start: generate โ†’ instant coverage

02-python-flask

Python app with drifted docs

Drift detection: catch when docs lie

03-spec-kit-project

Full CDD + Spec Kit

Gold standard: what maturity looks like

See examples/README.md for step-by-step instructions.


๐Ÿงช Testing

Test Suite

npm test    # 33 tests across 18 describe blocks

Covers all 15 CLI commands, project type detection, compliance profiles, JSON output format, and help completeness.

CI Matrix

Node.js

OS

Status

18

ubuntu-latest

โœ…

20

ubuntu-latest

โœ…

22

ubuntu-latest

โœ…

Self-Validation (Dogfooding)

DocGuard runs its own guard, score, diff, diagnose, and badge commands against itself in CI โ€” ensuring the tool passes its own checks.


โš™๏ธ CI/CD Integration

Full recipes: see docs-canonical/CI-RECIPES.md for guard, auto-fix (commits mechanical fixes back to PRs), nightly sync, score-on-PR, and pre-commit configs.

GitHub Actions โ€” Guard (most common)

name: DocGuard Guard
on: [pull_request, push]
permissions: { pull-requests: write }   # for the sticky PR comment (optional)
jobs:
  docguard:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }
      - uses: raccioly/docguard@v0.12.0
        with:
          command: guard

On pull requests, guard mode also gives inline PR feedback (both default on):

Input

Default

Description

annotations

true

Inline ::error/::warning annotations on the PR diff, one per guard finding (capped at 50; a final notice reports how many were elided)

pr-comment

true

Sticky PR comment with the guard verdict, top findings (by code), and which canonical docs the PR's changed files impact (diff --since origin/<base>). Needs permissions: pull-requests: write; degrades to a log warning without it

Both run even when guard fails โ€” that's when the feedback matters. Prefer native code-scanning integration? docguard guard --format sarif uploads straight to GitHub Code Scanning via github/codeql-action/upload-sarif.

GitHub Actions โ€” Auto-Fix (commits mechanical fixes back)

name: DocGuard Auto-Fix
on: { pull_request: { types: [opened, synchronize, reopened] } }
permissions: { contents: write, pull-requests: write }
jobs:
  autofix:
    runs-on: ubuntu-latest
    if: github.event.pull_request.head.repo.full_name == github.repository
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ secrets.GITHUB_TOKEN }}
          fetch-depth: 0
      - uses: raccioly/docguard@v0.12.0
        with: { command: fix, auto-commit: 'true', comment-on-pr: 'true' }

Pre-commit Hook

npx docguard-cli hooks --type pre-commit

Workflow starters (copy directly)

Two ready-to-use templates ship with the Spec Kit extension and as standalone files:

  • extensions/spec-kit-docguard/templates/github-workflows/docguard-guard.yml โ€” mandatory CI gate

  • extensions/spec-kit-docguard/templates/github-workflows/docguard-autofix.yml โ€” PR auto-fix


โœจ What's New

Recent highlights across the v0.16 โ†’ v0.19 line:

  • docguard explain <validator> โ€” docguard explain freshness prints purpose, rules, common failures, and fix recipes for any of the 24 validators. No need to dig into source.

  • docguard memory --diff โ€” surface what changed in your canonical docs between two refs (HEAD~10..HEAD by default). Great for code review and changelog drafting.

  • docguard score --diff โ€” see exactly which validators moved the score up or down between two commits. Pinpoints regressions without re-running the full suite by hand.

  • docguard upgrade --apply --pr โ€” when the config schema bumps, DocGuard migrates .docguard.json for you and (optionally) opens a PR with the change.

  • Language-aware traceability โ€” both docguard trace and the guard-time Traceability validator understand Python, Rust, Go, Java, Ruby, and PHP layouts in addition to JS/TS, via a shared pattern set (cli/shared-trace-patterns.mjs) so the two never drift apart.

  • Per-validator severity overrides โ€” escalate freshness to high for production repos, demote doc-quality to low for prototypes. Configurable per-project.

  • JSON Schema for .docguard.json โ€” IDE autocomplete, in-line docs, and validation via $schema. Shipped in the package at schemas/docguard-config.schema.json.

  • Version pin (docguardVersion + --pin) โ€” pin the CLI version your project supports so CI fails loudly if someone bumps DocGuard without re-running the suite.

  • Cross-process plan cache โ€” repeated runs reuse the validator plan across processes when the working tree hasn't changed. ~30% faster guard runs on typical repos.

  • Headless-aware banner โ€” --quiet, --format json, --write, and --changed-only automatically suppress the banner so JSON output stays parse-clean.

  • npm-pack smoke gate โ€” every release now extracts the actual tarball and runs the CLI end-to-end before publish, catching missing-file regressions.

See CHANGELOG.md for the full history.


๐Ÿ“ File Structure

your-project/
โ”œโ”€โ”€ .specify/                        # Spec Kit (if using specify init)
โ”‚   โ”œโ”€โ”€ specs/
โ”‚   โ”‚   โ””โ”€โ”€ 001-feature/
โ”‚   โ”‚       โ”œโ”€โ”€ spec.md              # Requirements (FR-IDs, user stories)
โ”‚   โ”‚       โ”œโ”€โ”€ plan.md              # Implementation plan
โ”‚   โ”‚       โ””โ”€โ”€ tasks.md             # Task breakdown
โ”‚   โ”œโ”€โ”€ memory/
โ”‚   โ”‚   โ””โ”€โ”€ constitution.md          # Project principles
โ”‚   โ””โ”€โ”€ templates/
โ”‚
โ”œโ”€โ”€ docs-canonical/                  # CDD canonical docs (the "blueprint")
โ”‚   โ”œโ”€โ”€ ARCHITECTURE.md              # System design, components
โ”‚   โ”œโ”€โ”€ DATA-MODEL.md                # Database schemas
โ”‚   โ”œโ”€โ”€ SECURITY.md                  # Auth, permissions, secrets
โ”‚   โ”œโ”€โ”€ TEST-SPEC.md                 # Required tests, coverage
โ”‚   โ”œโ”€โ”€ ENVIRONMENT.md               # Environment variables
โ”‚   โ””โ”€โ”€ REQUIREMENTS.md              # Spec-kit aligned FR/SC IDs
โ”‚
โ”œโ”€โ”€ docs-implementation/             # Current state (optional)
โ”‚   โ”œโ”€โ”€ KNOWN-GOTCHAS.md
โ”‚   โ”œโ”€โ”€ TROUBLESHOOTING.md
โ”‚   โ”œโ”€โ”€ RUNBOOKS.md
โ”‚   โ””โ”€โ”€ CURRENT-STATE.md
โ”‚
โ”œโ”€โ”€ AGENTS.md                        # AI agent behavior rules
โ”œโ”€โ”€ CHANGELOG.md                     # Change tracking
โ”œโ”€โ”€ DRIFT-LOG.md                     # Documented deviations
โ”œโ”€โ”€ llms.txt                         # AI-friendly summary
โ””โ”€โ”€ .docguard.json                   # DocGuard configuration

โš™๏ธ Configuration

Create .docguard.json in your project root (auto-generated by docguard init):

{
  "projectName": "my-project",
  "version": "0.4",
  "profile": "standard",
  "projectType": "webapp",
  "validators": {
    "structure": true,
    "docsSync": true,
    "drift": true,
    "changelog": true,
    "testSpec": true,
    "security": true,
    "environment": true,
    "docQuality": true,
    "specKit": true
  }
}

See Configuration Guide for all options.


๐Ÿ”ฌ Research Credits

DocGuard's quality evaluation and documentation generation patterns are informed by peer-reviewed research from the University of Arizona and the Joint Interoperability Test Command (JITC), U.S. Department of Defense:

Lead researcher: Martin Manuel Lopez ยท ORCID 0009-0002-7652-2385

See CONTRIBUTING.md for full citations.


โญ Star History

Star History Chart


๐Ÿ“„ License

MIT โ€” Free to use, modify, and distribute.


Made with โค๏ธ by Ricardo Accioly

A
license - permissive license
-
quality - not tested
-
maintenance - not tested

Maintenance

โ€“Maintainers
11dResponse time
2dRelease cycle
43Releases (12mo)
Commit activity
Issues opened vs closed

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/raccioly/docguard'

If you have feedback or need assistance with the MCP directory API, please join our Discord server