惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hugging Face - Blog
Hugging Face - Blog
C
Cybersecurity and Infrastructure Security Agency CISA
G
Google Developers Blog
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
The GitHub Blog
The GitHub Blog
TaoSecurity Blog
TaoSecurity Blog
V
Visual Studio Blog
D
DataBreaches.Net
人人都是产品经理
人人都是产品经理
博客园 - Franky
S
Security @ Cisco Blogs
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cyber Attacks, Cyber Crime and Cyber Security
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
T
Troy Hunt's Blog
B
Blog RSS Feed
A
About on SuperTechFans
IT之家
IT之家
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
J
Java Code Geeks
S
Securelist
T
Threatpost
SecWiki News
SecWiki News
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Y
Y Combinator Blog
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Forbes - Security
Forbes - Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
Docker
N
News and Events Feed by Topic
Schneier on Security
Schneier on Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
月光博客
月光博客
C
CXSECURITY Database RSS Feed - CXSecurity.com
罗磊的独立博客
H
Hacker News: Front Page
N
News and Events Feed by Topic
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
P
Privacy International News Feed
Scott Helme
Scott Helme
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
V
Vulnerabilities – Threatpost
The Register - Security
The Register - Security

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
SigmaShake — AI Agent Guardrails
cavalrytacti · 2026-06-17 · via Show HN

AI coding agents are non-deterministic. SigmaShake makes sure yours only does what you allow.

Force the tools your agent can use. Block dangerous, unsafe commands before they run. Audit everything it does.

~96 MB · Windows 10 (1809+) and 11 · v1.0.1 · per-user install

🏆 Benchmarked, not claimed · SHAKEDOWN

The #1-ranked guardrail for AI coding agents

Choosing what guards your agents is a critical decision, so we made it measurable. The question that matters: which guardrail actually contains a rogue agent without breaking real work? We replayed 324 attack tasks across 9 agent harnesses through every approach. SigmaShake wins — and the score below shows by how much.

SigmaShake SSG + hardening overlay100

Sandbox runtime NVIDIA OpenShell (modeled from public docs)49.5

Policy kernel MS AGT (modeled from public docs)21.1

Skill-based guardrail (modeled from public docs)19.3

Prompt guard (modeled from public docs)18.1

SHAKEDOWN score = Containment × (1 − FalseBlock) × 100. Higher is better — you only win by catching attacks and leaving legitimate work alone.

🎯

Contains without breaking work

100% of attacks blocked at 0% false-block on the SHAKEDOWN corpus (3,855 malicious + 1,894 benign tasks, measured).

Decides in ~85 ms

Deterministic native evaluation — no model inference, no GPU, no token cost. Prompt/model guards need a full LLM forward pass.

🧭

Guides, not just blocks

Allow · Ask · Deny with a guidance message — it steers the agent and asks a human, instead of a blunt block/allow.

See the full head-to-head SSG row measured (overlay-only run, submitter: sigmashake-bench) · competitor rows modeled from public docs · SHAKEDOWN authored by SigmaShake · full results

Works with the agents your team already uses

Claude Code PreToolUse hook integration

Cursor MCP Server Integration

Codex MCP Server Integration

VSCode Copilot MCP Server Integration

Gemini CLI MCP Server Integration

Antigravity MCP Server Integration

Pi Coding Agent MCP Server Integration

Claude Code PreToolUse hook integration

Cursor MCP Server Integration

Codex MCP Server Integration

VSCode Copilot MCP Server Integration

Gemini CLI MCP Server Integration

Antigravity MCP Server Integration

Pi Coding Agent MCP Server Integration

Two ways to install

Pick the install that fits you.

Same engine, same rules. The Desktop app wraps it in a no-terminal-required GUI; the CLI plugs into whatever shell, CI, or hook chain you already run.

For everyone

SigmaShake Desktop

Recommended for Windows

Click-to-install desktop app. No terminal, no admin, no Electron-sized footprint. The shield in your tray turns green when your AI agents are governed.

  • 30-second install · per-user · no admin/UAC/sudo
  • Windows: ~96 MB NSIS installer (C#/.NET + WebView2) · macOS: ~20 MB .dmg (Swift/AppKit) · Linux: ~12 MB .tar.gz (Go/Wails)
  • Auto-updates: Windows via R2 delta · macOS via Sparkle · Linux via R2 delta
  • Visual approval queue + system tray controls
  • Wraps the same ssg binary — identical engine

Free for personal use · Windows 10+ · macOS 14 Sonoma+ · Ubuntu 22.04+ / Fedora 38+ / Pop!_OS

One-line install via curl, npm, docker, or PowerShell. Wire it into Claude Code, Cursor, Gemini CLI, VS Code, CI, or any PreToolUse hook chain.

  • 0.39 ms p50 in daemon mode via persistent Unix-socket (measured: ssg 0.29.156, n=500; p99 under 2 ms)
  • One-liner install — curl / npm / docker / pwsh
  • Scriptable, CI-friendly, deterministic exit codes
  • 8+ AI-agent adapters out of the box
  • Flat-scaling to 100 000 rules · ~43 MB RSS

curl -fsSL sigmashake.com/install | sh

Closed-source binary · runs locally · product analytics opt-in · anonymous usage counter automatic (see IT review packet) · Starter free forever · one-line install via npm, docker, curl, or PowerShell

Also for editors

SigmaShake SSG for VS Code, Cursor, and any Open VSX editor

Pending Approvals, Rules, and Audit Log right in the side bar. Embedded dashboard panel. .rules syntax highlighting and snippets. Free.

New to AI

Put the brakes on before you hit the gas.

AI agents are powerful — and that means they can cause real damage before you realise what happened. SSG is the seatbelt you put on first.

An AI agent wiped a developer's entire project folder while "cleaning up temporary files." It matched a pattern it shouldn't have. There was no undo.

An AI assistant ran up a $400 cloud bill overnight by repeatedly calling a paid API while trying to "retry on error." Nobody noticed until the invoice arrived.

An AI sent emails to a customer list without being asked to. It was completing a task "helpfully." The replies came in fast.

1 — INSTALL

One line, every platform.

curl curl -fsSL sigmashake.com/install | sh

30 seconds. Zero config. Zero-dependency install — no third-party packages pulled.

2 — DEPLOY

Covers every agent your team uses.

Policy applies uniformly across Claude Code, Cursor, Codex, Gemini CLI, Copilot, and more.

3 — PROTECT

Every decision — deterministic.

$rm -rf / DENY

$sudo apt-get update ASK

$curl https://api.example.com/data FORCE

DENY blocks. ASK prompts. FORCE substitutes with a safer path — all in under 2ms.

For engineerssee the rule DSL, live dashboard, benchmarks & onboarding

priority / severity

Determines conflict precedence and the active audit log volume.

DENY / ASK / ALLOW

The raw execution action dynamically enforced upon matching.

IF command ...

The AST condition intercepting the raw agent process payload.

0.39 ms p50 daemon (measured: ssg 0.29.156, n=500) · ~246× faster than CLI · flat scaling to 100,000 rules

AMD Threadripper 3990X · 128 threads

64 GB DDR4 · ~43 MB RSS per eval

95.8ms median latency (p50)

Process RSS~43 MB

Startup overhead~73 ms (Bun spawn)

Decisions120 allow60 block20 log

~246× faster than CLI

Iterations1,000

Rules in memoryPre-loaded, no file I/O

ProtocolUnix socket (no TCP)

Scaling: Latency vs Rule Count

1,000 iterations + 50 warmup per tier · Unix socket RTT included · daemon p50 sub-ms at every tier · p99 stays under 2 ms (variance ±0.5 ms)

Rules CLI p50 CLI p95 CLI RSS Daemon p50 Daemon p95
10 95.4 ms 120.5 ms 42 MB 0.23 ms 0.35 ms
50 94.8 ms 104.2 ms 47 MB 0.17 ms 0.34 ms
100 97.9 ms 113.0 ms 42 MB 0.23 ms 0.35 ms
200 96.9 ms 126.2 ms 44 MB 0.13 ms 0.26 ms
500 100.3 ms 122.0 ms 43 MB 0.17 ms 0.32 ms
100,000 276.4 ms 340.9 ms 95 MB 0.16 ms 0.29 ms

CLI latency is dominated by Bun process startup (~73 ms) — rule count barely moves the needle up to 500 rules. At 100K rules, rule-file I/O pushes CLI to ~276 ms. Daemon p50 stays flat in the 0.1–0.4 ms band (sub-ms measurement noise dominates — the ordering of tiers is not meaningful). Engine p99 stays < 20 µs at every tier up to 100,000 rules; end-to-end daemon p99 (including Unix socket RTT) stays under 2 ms.

Join engineering teams reducing AI-agent incident risk — deterministically, across every agent in their stack.

Native Eval Engine

< 2ms · 100k+ rules

Zero-dependency binary via npm/curl. No Docker, no cluster, no token cost. Impossible to replicate with prompt engineering.

🔌

Agent-Agnostic

7 agents · 1 surface

Claude Code hooks + MCP across Cursor, Codex, VSCode Copilot, Gemini CLI, Antigravity & Pi Coding. One install governs them all.

🌐

Rule Hub Network Effect

Community · Compounding

A public .rules registry where every new rule strengthens the ecosystem. Competitors start from zero community.

Install SigmaShake 30 seconds · npm install -g @sigmashake/ssg

Measured, not marketed · MITRE ATT&CK-mapped

SHAKEDOWN — the agent-containment benchmark

Anyone can claim their guardrail is safe. SHAKEDOWN proves it. We replay a curated corpus of destructive, persistence, credential-access, defense-evasion and supply-chain tool calls — each mapped to a MITRE ATT&CK technique — through SSG under every supported agent harness, and score how much it blocks while leaving legitimate developer work alone. Fully local, no GPU, no token cost, open methodology.

Across the ATT&CK kill chain: Initial AccessPersistenceDefense EvasionCredential AccessExfiltrationImpact

Community Rules, Ready to Install

Pre-built rulesets for TypeScript, Python, Rust, Security, Docker, and more.
Certified, version-controlled, and installable with one command.

ssg hub pull rules-agentic-ai_

200+Rulesets

1,000+Rules

100,000+Rules capacity in sub-2 ms

Simple, Predictable Pricing

Start free. Upgrade when you need more, month to month or annually.

Monthly Annually Save $48/yr

14-day free trial on Monthly · Annual plan bills $192 immediately, no trial

Starter

$0

Local rules, one machine.

  • 5,000 Tool evaluations per month
  • Community Hub access — public rulesets only
  • Approval dashboard (localhost)
  • CLI locally — eval, lint, format

Get Started

Recommended

Pro

$20/mo

For teams that must prove what their AI agents are allowed to do.

  • Private rulesets — install from your own private GitHub repos or publish privately to the Hub for your team
  • Cloud audit sync — signed, exportable for security review
  • Unlimited Tool evaluations
  • Priority email support

Start 14-day free trial Prefer to pay now? Subscribe today — no trial →

Enterprise

Custom

When procurement asks.

  • Everything in Pro
  • Extended audit retention
  • Team policy sharing & SSO / SAML
  • Priority support with response-time SLA (hours defined in your SOW)
  • Supports On-Prem Deployments
  • Source code access for the licensed version of ssg & SigmaShake Desktop — available to customers who purchase or sign a binding purchase commitment. Scoped to that version only; updates are not included.
  • ISO 27001 & SOC 2 compliance artifacts on request
  • Custom adapter development

Enterprise Guide →

Honest Answers to Hard Questions

Questions skeptical engineers actually ask — answered directly.

Isn't this just a PreToolUse hook or MCP server with regex?

Yes, the enforcement mechanism integrates natively via agent hooks or MCP servers (supporting Claude Code, Codex, Antigravity, Gemini, and more) — and that's intentional. What SigmaShake adds on top of a hand-rolled hook script: a community rule library you don't have to write from scratch, an Ed25519-signed bundle so you can trust rules from the Hub, a per-row signed audit log (every governance event individually signed for tamper-evidence), fleet-wide policy sync across many machines, and a dashboard UI for approvals and profiling. If you only need one rule on one machine, a raw script is fine. SigmaShake is for teams that want the whole system.

Can't an agent just bypass the rules with encoding or whitespace tricks?

A motivated attacker with shell access: yes. An honest agent making a mistake, a misconfigured automation, or a junior dev who accidentally wrote a destructive command: no. SigmaShake is a guardrail for the 95% case — preventing accidental harm from agents that are trying to do the right thing but might not know all your constraints. It is not a sandbox and does not claim to be. For adversarial isolation, compose it with OS-level sandboxing (Docker, seccomp, Apple Sandbox) — they address different parts of the threat surface.

How is this different from Lakera, Guardrails AI, or NeMo Guardrails?

Those products filter LLM output — they run after the model responds, checking whether generated text is safe. SigmaShake gates agent tool calls — it runs before the action executes, checking whether the thing the agent is about to do is allowed. The threat models are complementary, not competing. An LLM output filter won't stop an agent from running rm -rf; a tool-call gate will.

Is the Hub a supply-chain risk?

Every ruleset on the Hub is content-hashed and Ed25519-signed before distribution. The bundle is verified at load time — if tampered with, it won't run. Rulesets are plain DSL text, readable before install. You can audit exactly what a ruleset does before pulling it: ssg hub inspect <ruleset-id>.

Can I run this without sending anything to the cloud?

Yes. ssg is a local binary with no mandatory cloud dependency. The Hub is optional (for downloading community rules), the fleet sync is optional (Pro+), and the audit export is optional (Pro+). Local-only mode: install via npm, run ssg init, and configure your agent hooks or MCP server. No network calls during evaluation.

Claude Code already asks before running commands — why pay for this?

Claude Code's built-in permission prompts are a good start, but they're binary (allow or skip) and require your attention for every action. SigmaShake adds four things you can't get from a raw hook: (1) Defaults without writing a script — the Starter preset ships 20 rules on day one covering the most common destruction, secret-leak, and supply-chain patterns; (2) Audit trail — every evaluation is signed and stored, so you can see exactly what was blocked and why; (3) Fleet-wide policy — one rule set pushed to every developer machine, enforced without each developer writing and maintaining their own hook; (4) Multi-agent coverage — the same rules enforce across Claude Code, Cursor, Codex, Gemini CLI, and any other MCP-compatible agent simultaneously.

Will this slow down or break my agent?

In daemon mode (the default after ssg init), evaluation adds about 0.39 ms p50 over a Unix-socket hop (measured: ssg 0.29.156, n=500) — imperceptible in any interactive session. Cold-start (if the daemon isn't running) takes ~73–104 ms for the first call, then stays at socket-hop latency. The false-block rate on ordinary development work is measured by the SHAKEDOWN benchmark: the “agent-safety-baseline” preset blocks 0 out of 894 benign tasks. See the benchmark page for the full false-block report. If a rule fires on something legitimate, you can add an exception in one command: ssg rules exception add <rule-id> <value>.