Constraints (Benchmark Only)

Constraints are used by the benchmark suite (@usenella/benchmark) to evaluate whether AI agents respect boundaries during task execution. They are not part of t

Constraints are used by the benchmark suite (@usenella/benchmark) to evaluate whether AI agents respect boundaries during task execution. They are not part of the MCP tool interface.

Constraint Structure

Each constraint has the following properties:

Property	Type	Required	Description
`id`	`string`	Yes	Unique identifier for the constraint
`description`	`string`	Yes	Human-readable description of the constraint
`rule`	`string`	No	The rule statement (for documentation)
`filesNotToModify`	`string[]`	No	Glob patterns for files that should not be modified
`forbiddenPatterns`	`string[]`	No	Regex patterns that should not appear in the diff

filesNotToModify

Use glob patterns to protect files from modification:

{
  id: 'protect-migrations',
  description: 'Do not modify migration files',
  filesNotToModify: [
    '**/migrations/**',
    '**/seeds/**',
  ],
}

Common Patterns

Pattern	Matches
`*.json`	All JSON files in root
`*/.json`	All JSON files anywhere
`src/*/.ts`	All TypeScript files in src
`!src/test/**`	Exclude test directory
`config/**`	All files in config directory

forbiddenPatterns

Use regex patterns to detect unwanted code in diffs:

{
  id: 'no-secrets',
  description: 'No hardcoded secrets in code',
  forbiddenPatterns: [
    // Hardcoded passwords
    'password\\s*=\\s*["\'][^"\']+["\']',

    // API keys
    'api[_-]?key\\s*=\\s*["\'][^"\']+["\']',

    // AWS credentials
    'AKIA[0-9A-Z]{16}',

    // Private keys
    '-----BEGIN (RSA |EC |OPENSSH )?PRIVATE KEY-----',
  ],
}

Pattern Examples

Pattern	Detects
`console\\.log\\(`	console.log statements
`debugger`	Debugger statements
`TODO:?\\s*HACK`	TODO HACK comments
`\\beval\\s*\\(`	eval() calls
`innerHTML\\s*=`	innerHTML assignments

Warning

Remember to escape special regex characters in your patterns. In JavaScript strings, use double backslashes (\\).

Usage in Benchmark Tasks

Constraints are defined in task YAML files used by the benchmark suite:

constraints:
  - id: no-schema-changes
    description: Do not modify database schema
    files_not_to_modify:
      - prisma/schema.prisma
      - package.json
  - id: no-console-log
    description: No console.log in production code
    forbidden_patterns:
      - "console\\.log"

The benchmark validators (@usenella/benchmark/validators/) check agent output against these constraints to compute the Constraint Violation Rate (CVR) metric.

Next Steps

See Validation for verification commands
See Configuration Overview for the full picture