SSG policy gate enforces AI agent tool calls before execution
A security engineer built SSG (SigmaShake Governance), a policy gate that intercepts and enforces rules on AI coding agent tool calls before they execute, addressing the gap between probabilistic prompt instructions and hard enforcement.
Score breakdown
SSG fills the gap between probabilistic prompt instructions and hard enforcement by blocking or redirecting non-compliant agent tool calls before they execute — something prompt files, tool allowlists, and pre-commit hooks each fail to do.
- 01Built by a security engineer with 10+ years of industry experience after AI agents repeatedly ignored prompt-file instructions.
- 02SSG (SigmaShake Governance) intercepts every tool call before it executes, rather than relying on prompt influence.
- 03Rules are plain text and git-versioned, making them portable with the repository.
The post, authored by cavalrytactics, describes a recurring frustration: AI coding agents consistently ignore guidance placed in prompt files like `CLAUDE.md`, `AGENTS.md`, memory files, MCP descriptions, and tool documentation. The agent would still grep entire repositories, use deprecated APIs, or choose slower tools even when explicitly instructed otherwise. The author's core insight is that "a prompt is a probabilistic influence on model behavior" while "a rule is an enforcement mechanism" — and existing controls either operate too early (prompt files) or too late (pre-commit hooks, which catch problems only after files are written).
SSG (SigmaShake Governance) addresses this by sitting between the agent and its tools, evaluating every tool call before it executes.
SSG (SigmaShake Governance) addresses this by sitting between the agent and its tools, evaluating every tool call before it executes. Rules are written in plain text, git-versioned, and portable across agents — the same ruleset works with Claude Code, Codex, Cursor, Gemini, and MCP-based agents. An example rule shown in the post redirects architecture-related grep calls to a code graph tool instead. Rules can also block deprecated code writes before content reaches disk and suggest replacement APIs. Bypasses are allowed but recorded, and the stated goal is preventing routine agent mistakes rather than sandboxing a hostile model.
A companion desktop app, SigmaShake Desktop, provides a governance dashboard without requiring CLI usage and is available as a free direct download for macOS, Windows, and Linux. Sandboxed builds that auto-update are also available on the Mac App Store and Microsoft Store as paid options.
Key facts
- 01Built by a security engineer with 10+ years of industry experience after AI agents repeatedly ignored prompt-file instructions.
- 02SSG (SigmaShake Governance) intercepts every tool call before it executes, rather than relying on prompt influence.
- 03Rules are plain text and git-versioned, making them portable with the repository.
- 04The same rules work across Claude Code, Codex, Cursor, Gemini, and MCP-based agents.
- 05Bypasses are permitted but recorded.
- 06SigmaShake Desktop is available as a free direct download for macOS, Windows, and Linux; paid sandboxed builds are on the Mac App Store and Microsoft Store.
- 07The author contrasts SSG with existing controls: prompt files don't enforce, tool allowlists are all-or-nothing, and pre-commit hooks catch problems only after files are written.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 17, 2026 · 10:39 UTC. How this works →