16 Built-in Rules
Block eval, dangerous globals, prototype manipulation, unbounded loops, ReDoS, and more with battle-tested validation rules.
Pre-Scanner Defense
Layer 0 security that runs BEFORE parsing - catches DoS attacks that could crash the parser itself.
AgentScript Preset
Purpose-built preset for LLM-generated orchestration code with whitelist-only globals and strict control flow.
When to Use ast-guard
- LLM-generated code - Validate AI-written JavaScript before execution
- User scripts - Accept arbitrary JavaScript with deterministic guardrails
- Workflow builders - Enforce API usage and block dangerous constructs
- Compliance requirements - Audit trails showing exactly which rule blocked a script
ast-guard is a pure TypeScript package with zero native dependencies. It works in Node.js 22+ and can be used standalone or as part of the Enclave execution environment.
Installation
Quick Start
Validation Result
Validation Options
Related
- Pre-Scanner - Layer 0 defense before parsing
- AgentScript Preset - Preset for LLM code
- Security Rules - Built-in rules reference
- enclave-vm - Runtime sandbox