FrontGuard Agent
Two kilobytes of runtime watching a page for things it shouldn't be doing. Small enough to forget. Sharp enough to matter.
The Agent is what happens when you take the FrontGuard pipeline and ask: what if the same envelope shipped to production?
It's an embeddable browser script — under two kilobytes gzipped, zero dependencies, no React, no observers libraries — that hooks into MutationObserver, the global message event, and a small set of canary surfaces to detect script injection, iframe injection, suspicious DOM mutations, and unscoped postMessage traffic. When it sees something, it emits the same typed envelope the playground emits, to the same ingestion API, into the same triage dashboard. One pipeline. Two front doors.
The hard work in a script like this isn't writing the detector. It's deciding what not to detect. Every browser tab is a noisy environment — analytics tools mutate the DOM, ad networks inject iframes, password managers inject scripts. The Agent runs every event through an allowlist, a rate limiter, and a quiet-period heuristic before it forwards anything to the server. The point is to be useful on the tenth Tuesday, not loud on the first.
One envelope, two doors
The Agent ships the same typed event the playground does. The ingestion API doesn't know — or care — which door the event came through.
1.94kb gzipped, zero dependencies
No framework. No observer libraries. The Agent is small enough that teams will actually let it through a performance budget review.
Quiet by default
Allowlists, rate limits, and a quiet-period heuristic mean the Agent doesn't cry wolf at every analytics tool that touches the DOM. Noise filtering is part of the shipping surface, not a tuning exercise.