NoGlobalAccessRule
Blocks access to dangerous global objects via member expressions.window.locationprocess.envglobal.setTimeout
console.log()(if configured)
ReservedPrefixRule
Prevents user code from declaring identifiers with reserved prefixes.const __ag_hack = 1;let __safe_bypass = true;
NoCallTargetAssignmentRule
Protects critical call targets from being reassigned or shadowed.callTool = malicious;- Direct assignmentconst callTool = () => {};- Variable shadowingconst { callTool } = obj;- Destructuring shadowingfunction callTool() {}- Function declaration shadowing
UnicodeSecurityRule
Detects Unicode-based attacks including Trojan Source and homoglyphs.StaticCallTargetRule
Enforces static string literals for call targets.callTool(dynamicName, {})- Variable as tool namecallTool(getToolName(), {})- Function call as tool name
callTool('users:list', {})- Static string literal
NoRegexLiteralRule
Blocks or analyzes regex literals for ReDoS vulnerabilities.DisallowedIdentifierRule
Blocks specific identifier names.ForbiddenLoopRule
Restricts which loop constructs are allowed.RequiredFunctionCallRule
Ensures code contains required function calls.UnknownGlobalRule
Rejects references to undeclared identifiers (whitelist mode).NoEvalRule
Blocks eval and dynamic code execution.eval('code')new Function('return 1')setTimeout('code', 100)- String form
NoAsyncRule
Restricts async/await usage.NoUserDefinedFunctionsRule
Blocks user-defined functions (prevents recursion).function foo() {}const fn = function() {}
array.map(x => x * 2)- Arrow functions (if enabled)
UnreachableCodeRule
Detects code after return/throw statements.CallArgumentValidationRule
Validates function call arguments.Rule Severity
All rules support severity configuration:Related
- Custom Rules - Writing your own rules
- AgentScript Preset - Pre-configured ruleset
- Pre-Scanner - Layer 0 defense