Skip to main content
ast-guard is a production-ready AST validation library for JavaScript. It inspects user-provided or LLM-generated code before execution, blocking dangerous constructs and enforcing API usage policies. ast-guard powers Enclave’s first security layer and can be used standalone for any JavaScript validation needs.

16 Built-in Rules

Block eval, dangerous globals, prototype manipulation, unbounded loops, ReDoS, and more with battle-tested validation rules.

Pre-Scanner Defense

Layer 0 security that runs BEFORE parsing - catches DoS attacks that could crash the parser itself.

AgentScript Preset

Purpose-built preset for LLM-generated orchestration code with whitelist-only globals and strict control flow.

When to Use ast-guard

  • LLM-generated code - Validate AI-written JavaScript before execution
  • User scripts - Accept arbitrary JavaScript with deterministic guardrails
  • Workflow builders - Enforce API usage and block dangerous constructs
  • Compliance requirements - Audit trails showing exactly which rule blocked a script
ast-guard is a pure TypeScript package with zero native dependencies. It works in Node.js 22+ and can be used standalone or as part of the Enclave execution environment.

Installation

npm install @enclave-vm/ast

Quick Start

import { JSAstValidator, createAgentScriptPreset } from '@enclave-vm/ast';

// Create validator with AgentScript preset (recommended for LLM code)
const validator = new JSAstValidator(createAgentScriptPreset());

// Validate code
const result = await validator.validate(`
  const users = await callTool('users:list', { limit: 10 });
  return users.filter(u => u.active);
`);

if (result.valid) {
  console.log('Code is safe to execute');
} else {
  console.log('Blocked:', result.issues);
}
Instantiate JSAstValidator once and reuse it. This keeps presets, custom rules, and caches consistent across requests.

Validation Result

interface ValidationResult {
  valid: boolean;
  issues: ValidationIssue[];
}

interface ValidationIssue {
  rule: string;        // Rule that triggered
  message: string;     // Human-readable message
  severity: 'error' | 'warning';
  location?: {
    line: number;
    column: number;
  };
}

Validation Options

const result = await validator.validate(source, {
  maxIssues: 10,           // Cap findings returned
  stopOnFirstError: true,  // Halt on first error (faster)
});

// Get stats for monitoring
const stats = validator.getStats(result, durationMs);
AST Guard prevents unsafe syntax from entering your sandbox, but it does not execute or sandbox code itself. Pair it with enclave-vm for complete defense-in-depth.