Documentation Index
Fetch the complete documentation index at: https://docs.agentfront.dev/llms.txt
Use this file to discover all available pages before exploring further.
AgentScript is a safe subset of JavaScript designed for AI-generated orchestration code. It provides the expressiveness needed for tool orchestration while blocking dangerous constructs that could compromise security.
Design Philosophy
AgentScript is designed with these principles:
- Whitelist over blacklist - Only allowed constructs are permitted
- No user-defined functions - Prevents recursion and complexity
- Bounded iteration - All loops have limits
- Explicit tool calls - External interactions through
callTool()
- Static targets - Tool names must be string literals
What’s Allowed
Variables
const x = 1; // ✓ const declaration
let y = 2; // ✓ let declaration
y = 3; // ✓ reassignment
const { a, b } = obj; // ✓ destructuring
const [first] = arr; // ✓ array destructuring
// ✓ Async tool calls with static names
const result = await callTool('users:list', { limit: 10 });
const user = await callTool('users:get', { id: 'user-123' });
Conditionals
// ✓ if/else
if (condition) {
doSomething();
} else if (other) {
doOther();
} else {
doDefault();
}
// ✓ ternary
const value = condition ? 'yes' : 'no';
Bounded Loops
// ✓ for loop (bounded)
for (let i = 0; i < items.length; i++) {
process(items[i]);
}
// ✓ for-of loop (bounded by array length)
for (const item of items) {
process(item);
}
Array Methods with Arrow Functions
// ✓ map, filter, reduce, etc.
const names = users.map(u => u.name);
const active = users.filter(u => u.active);
const total = items.reduce((sum, x) => sum + x, 0);
const found = users.find(u => u.id === targetId);
const all = users.every(u => u.valid);
const any = users.some(u => u.admin);
Safe Globals
// ✓ Math operations
const max = Math.max(1, 2, 3);
const random = Math.floor(Math.random() * 100);
// ✓ JSON handling
const parsed = JSON.parse('{"key": "value"}');
const str = JSON.stringify(obj);
// ✓ Object/Array utilities
const keys = Object.keys(obj);
const values = Object.values(obj);
const entries = Object.entries(obj);
const isArray = Array.isArray(value);
// ✓ String/Number methods
const upper = str.toUpperCase();
const num = parseInt('42');
const fixed = num.toFixed(2);
// ✓ Console (rate-limited)
console.log('debug message');
console.warn('warning');
console.error('error');
Return Values
// ✓ Return any serializable value
return { count: 5, items: filteredList };
return users.length;
return 'success';
return null;
What’s Blocked
Dynamic Code Execution
eval('code'); // ✗ eval blocked
new Function('return 1')(); // ✗ Function constructor
setTimeout('code', 100); // ✗ setTimeout with string
setInterval(fn, 100); // ✗ setInterval
System Access
process.env.SECRET; // ✗ process blocked
require('fs'); // ✗ require blocked
import('module'); // ✗ dynamic import
module.exports = {}; // ✗ module blocked
__dirname; // ✗ __dirname blocked
__filename; // ✗ __filename blocked
Buffer.from('data'); // ✗ Buffer blocked
Global Objects
window.location; // ✗ window blocked
global.something; // ✗ global blocked
globalThis.x; // ✗ globalThis blocked
self.postMessage(); // ✗ self blocked
this.method(); // ✗ this blocked
Prototype Manipulation
obj.__proto__ = {}; // ✗ __proto__ blocked
obj.constructor; // ✗ constructor blocked
Array.prototype.evil = fn; // ✗ prototype blocked
new Proxy(obj, handler); // ✗ Proxy blocked
Reflect.get(obj, 'key'); // ✗ Reflect blocked
User-Defined Functions
function myFunction() {} // ✗ function declarations
const fn = function() {}; // ✗ function expressions
async function asyncFn() {} // ✗ async functions
// Arrow functions only allowed in array methods
const fn = () => {}; // ✗ standalone arrow (depends on config)
Unbounded Loops
while (condition) {} // ✗ while blocked (by default)
do {} while (condition); // ✗ do-while blocked
for (key in obj) {} // ✗ for-in blocked (prototype walking)
Network and Storage
fetch('http://example.com'); // ✗ fetch blocked
new XMLHttpRequest(); // ✗ XHR blocked
new WebSocket('ws://'); // ✗ WebSocket blocked
localStorage.setItem(); // ✗ localStorage blocked
Native Code
new WebAssembly.Module(); // ✗ WebAssembly blocked
new Worker('script.js'); // ✗ Worker blocked
new SharedArrayBuffer(); // ✗ SharedArrayBuffer blocked
Configuration
The AgentScript preset is configurable:
import { createAgentScriptPreset } from '@enclave-vm/ast';
const preset = createAgentScriptPreset({
// Require tool calls
requireCallTool: true,
// Custom globals
allowedGlobals: ['callTool', 'context', 'Math', 'JSON'],
// Loop configuration
allowedLoops: {
allowFor: true,
allowForOf: true,
allowWhile: false, // Keep blocked
},
// Additional blocked identifiers
additionalDisallowedIdentifiers: ['customDangerous'],
});
// Original
const users = await callTool('users:list', {});
for (const user of users) {
console.log(user.name);
}
return users.length;
// Transformed
async function __ag_main() {
const users = await __safe_callTool('users:list', {});
for (const user of __safe_forOf(users)) {
__safe_console.log(user.name);
}
return users.length;
}
AgentScript for LLMs
When prompting an LLM to generate AgentScript, include this context:
Generate JavaScript code that:
- Uses `callTool(name, args)` for external operations
- Uses only const/let for variables
- Uses for/for-of loops (no while/do-while)
- Uses arrow functions only in array methods
- Does not define functions
- Returns a result at the end
Available tools:
- callTool('users:list', { limit: number }) -> User[]
- callTool('users:get', { id: string }) -> User
