Combining Built-in Rules
Create a custom validator by combining built-in rules:Security Presets
ast-guard includes pre-built security presets:| Preset | Use Case | Security Level |
|---|---|---|
| AgentScript | LLM-generated code | Highest - whitelist-only |
| STRICT | Untrusted guest code | High - no loops, no async |
| SECURE | Automation scripts | Medium - bounded loops only |
| STANDARD | Trusted scripts | Low - basic guardrails |
| PERMISSIVE | Internal/test code | Minimal - eval blocked |
Writing Custom Rules
Rule Interface
Example: Custom Rule
Example: Block Specific API Calls
Extending Presets
Add rules to an existing preset:Removing Rules from Presets
Filter out rules you don’t need:Rule Ordering
Rules are executed in array order. For performance, order rules by:- Fast rejections first - Rules that quickly identify invalid code
- Complex analysis last - Rules that traverse the entire AST
Testing Custom Rules
Related
- Security Rules - Built-in rules reference
- AgentScript Preset - Default preset
- Overview - Getting started