> ## Documentation Index
> Fetch the complete documentation index at: https://docs.agentfront.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Rules

> Built-in security rules for AST validation

ast-guard ships with 15 built-in security rules that cover common attack vectors. Each rule can be configured and combined to match your security requirements.

## NoGlobalAccessRule

Blocks access to dangerous global objects via member expressions.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { NoGlobalAccessRule } from '@enclave-vm/ast';

const rule = new NoGlobalAccessRule({
  blockedGlobals: ['window', 'process', 'global', 'globalThis'],
  allowedMembers: { console: ['log', 'warn', 'error'] },
});
```

**Blocks:**

* `window.location`
* `process.env`
* `global.setTimeout`

**Allows:**

* `console.log()` (if configured)

## ReservedPrefixRule

Prevents user code from declaring identifiers with reserved prefixes.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { ReservedPrefixRule } from '@enclave-vm/ast';

const rule = new ReservedPrefixRule({
  prefixes: ['__ag_', '__safe_'],
  allowedIdentifiers: ['__ag_main'],
});
```

**Blocks:**

* `const __ag_hack = 1;`
* `let __safe_bypass = true;`

## NoCallTargetAssignmentRule

Protects critical call targets from being reassigned or shadowed.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { NoCallTargetAssignmentRule } from '@enclave-vm/ast';

const rule = new NoCallTargetAssignmentRule({
  protectedTargets: ['callTool', '__safe_callTool'],
});
```

**Blocks:**

* `callTool = malicious;` - Direct assignment
* `const callTool = () => {};` - Variable shadowing
* `const { callTool } = obj;` - Destructuring shadowing
* `function callTool() {}` - Function declaration shadowing

## UnicodeSecurityRule

Detects Unicode-based attacks including Trojan Source and homoglyphs.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { UnicodeSecurityRule } from '@enclave-vm/ast';

const rule = new UnicodeSecurityRule({
  blockBidi: true,          // Block bidirectional text attacks
  blockHomoglyphs: true,    // Block lookalike characters
  blockZeroWidth: true,     // Block zero-width characters
  blockInvisible: true,     // Block invisible formatting
  checkComments: true,      // Also check inside comments
});
```

<Warning>
  Trojan Source attacks (CVE-2021-42574) use Unicode bidirectional control characters to make code appear different than it actually executes. Always enable `blockBidi: true` for untrusted code.
</Warning>

## StaticCallTargetRule

Enforces static string literals for call targets.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { StaticCallTargetRule } from '@enclave-vm/ast';

const rule = new StaticCallTargetRule({
  targetFunctions: ['callTool', '__safe_callTool'],
  argumentPosition: 0,
  allowedToolNames: ['users:list', 'billing:*'], // Optional whitelist
});
```

**Blocks:**

* `callTool(dynamicName, {})` - Variable as tool name
* `callTool(getToolName(), {})` - Function call as tool name

**Allows:**

* `callTool('users:list', {})` - Static string literal

## NoRegexLiteralRule

Blocks or analyzes regex literals for ReDoS vulnerabilities.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { NoRegexLiteralRule } from '@enclave-vm/ast';

// Block all regex (AgentScript preset)
new NoRegexLiteralRule({ blockAll: true });

// Analyze patterns for ReDoS
new NoRegexLiteralRule({
  analyzePatterns: true,
  analysisLevel: 'catastrophic',
  blockThreshold: 80,
  warnThreshold: 50,
});
```

## DisallowedIdentifierRule

Blocks specific identifier names.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { DisallowedIdentifierRule } from '@enclave-vm/ast';

const rule = new DisallowedIdentifierRule({
  disallowed: ['eval', 'Function', 'process', 'require'],
});
```

## ForbiddenLoopRule

Restricts which loop constructs are allowed.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { ForbiddenLoopRule } from '@enclave-vm/ast';

const rule = new ForbiddenLoopRule({
  allowFor: true,
  allowForOf: true,
  allowWhile: false,
  allowDoWhile: false,
  allowForIn: false,
});
```

## RequiredFunctionCallRule

Ensures code contains required function calls.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { RequiredFunctionCallRule } from '@enclave-vm/ast';

const rule = new RequiredFunctionCallRule({
  required: ['callTool'],
  minCalls: 1,
});
```

## UnknownGlobalRule

Rejects references to undeclared identifiers (whitelist mode).

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { UnknownGlobalRule } from '@enclave-vm/ast';

const rule = new UnknownGlobalRule({
  allowedGlobals: ['callTool', 'Math', 'JSON', 'Array', 'Object'],
  allowStandardGlobals: true, // Allow undefined, null, NaN, etc.
});
```

## NoEvalRule

Blocks eval and dynamic code execution.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { NoEvalRule } from '@enclave-vm/ast';

const rule = new NoEvalRule();
```

**Blocks:**

* `eval('code')`
* `new Function('return 1')`
* `setTimeout('code', 100)` - String form

## NoAsyncRule

Restricts async/await usage.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { NoAsyncRule } from '@enclave-vm/ast';

const rule = new NoAsyncRule({
  allowTopLevelAwait: true,
  allowAsyncFunctions: false,
});
```

## NoUserDefinedFunctionsRule

Blocks user-defined functions (prevents recursion).

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { NoUserDefinedFunctionsRule } from '@enclave-vm/ast';

const rule = new NoUserDefinedFunctionsRule({
  allowArrowFunctions: true, // For array methods
});
```

**Blocks:**

* `function foo() {}`
* `const fn = function() {}`

**Allows:**

* `array.map(x => x * 2)` - Arrow functions (if enabled)

## UnreachableCodeRule

Detects code after return/throw statements.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { UnreachableCodeRule } from '@enclave-vm/ast';

const rule = new UnreachableCodeRule();
```

## CallArgumentValidationRule

Validates function call arguments.

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
import { CallArgumentValidationRule } from '@enclave-vm/ast';

const rule = new CallArgumentValidationRule({
  targetFunctions: ['callTool'],
  minArgs: 1,
  maxArgs: 2,
});
```

## Rule Severity

All rules support severity configuration:

```ts theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
const rule = new DisallowedIdentifierRule({
  disallowed: ['eval'],
  severity: 'error', // 'error' or 'warning'
});
```

## Related

* [Custom Rules](/enclave/core-libraries/ast-guard/custom-rules) - Writing your own rules
* [AgentScript Preset](/enclave/core-libraries/ast-guard/agentscript-preset) - Pre-configured ruleset
* [Pre-Scanner](/enclave/core-libraries/ast-guard/pre-scanner) - Layer 0 defense
