{"id":49026142,"url":"https://github.com/eqtylab/cupcake","last_synced_at":"2026-06-13T09:02:03.410Z","repository":{"id":313080477,"uuid":"1018199266","full_name":"eqtylab/cupcake","owner":"eqtylab","description":"A native policy enforcement layer for AI coding agents. Built on OPA/Rego.","archived":false,"fork":false,"pushed_at":"2026-03-02T17:06:18.000Z","size":31861,"stargazers_count":259,"open_issues_count":8,"forks_count":19,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-05-05T10:04:58.045Z","etag":null,"topics":["agent-security","alignment","claude-code","coding-agents","cursor","factory-ai","gemini-cli","hooks","llm-as-a-judge","mcp","opa","opencode"],"latest_commit_sha":null,"homepage":"https://cupcake.eqtylab.io/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eqtylab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-11T19:30:13.000Z","updated_at":"2026-05-04T08:24:15.000Z","dependencies_parsed_at":"2025-11-28T08:07:03.421Z","dependency_job_id":"2f4e6d2e-76c1-4ad2-bd9d-ffd3d38ab320","html_url":"https://github.com/eqtylab/cupcake","commit_stats":null,"previous_names":["eqtylab/cupcake"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/eqtylab/cupcake","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eqtylab%2Fcupcake","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eqtylab%2Fcupcake/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eqtylab%2Fcupcake/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eqtylab%2Fcupcake/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eqtylab","download_url":"https://codeload.github.com/eqtylab/cupcake/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eqtylab%2Fcupcake/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34278154,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-security","alignment","claude-code","coding-agents","cursor","factory-ai","gemini-cli","hooks","llm-as-a-judge","mcp","opa","opencode"],"created_at":"2026-04-19T07:00:20.155Z","updated_at":"2026-06-13T09:02:03.404Z","avatar_url":"https://github.com/eqtylab.png","language":"Rust","funding_links":[],"categories":["Policy, approvals, and audit layers"],"sub_categories":["Multiplatform"],"readme":"# Cupcake\n\n\u003cp align=\"left\"\u003e\n  \u003cpicture\u003e\n    \u003csource srcset=\"docs/docs/assets/cupcake-dark.png\" media=\"(prefers-color-scheme: dark)\"\u003e\n    \u003cimg src=\"docs/docs/assets/cupcake.png\" alt=\"Cupcake logo\" width=\"180\"\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\nMake AI agents follow the rules.\n\n[![Docs](https://img.shields.io/badge/docs-Start%20here-8A2BE2)](https://cupcake.eqtylab.io/)\n[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](LICENSE)\n[![Tests](https://img.shields.io/github/actions/workflow/status/eqtylab/cupcake/ci.yml?branch=main\u0026label=tests)](https://github.com/eqtylab/cupcake/actions/workflows/ci.yml)\n[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://github.com/eqtylab/cupcake/actions/runs/19737865145/job/56558251812)\n\n**Policy enforcement** layer for AI agents; yielding better performance and security **without consuming model context**.\n\n- **Deterministic rule-following** for your agents. [Interactive Examples](https://cupcake-policy-studio.vercel.app/example-policies/security/symlink-detection?harness=claude-code\u0026format=rego)\n- **Better performance** by moving rules out of context and into policy-as-code.\n- **Trigger alerts** and put _bad_ agents in timeout when they repeatedly violate rules.\n\nCupcake intercepts agent events and evaluates them against **user-defined rules** written in **[Open Policy Agent (OPA)](https://www.openpolicyagent.org/) [Rego](https://www.openpolicyagent.org/docs/policy-language).** Agent actions can be blocked, modified, and auto-corrected by providing the agent helpful feedback. Additional benefits include reactive automation for tasks you dont need to rely on the agent to conduct (like linting after a file edit).\n\n## Updates\n\n**`2025-12-10`**: Official open source release. Roadmap will be produced in Q1 2026.\n\n**`2025-04-04`**: We produce the [feature request](https://github.com/anthropics/claude-code/issues/712) for Claude Code Hooks. Runtime alignment requires integration into the agent harnesses, and we pivot away from filesystem and os-level monitoring of agent behavior (early cupcake PoC).\n\n## Supported Agent Harnesses\n\nCupcake provides lightweight **native integrations** for multiple AI coding agents:\n\n| Harness                                                                           | Status             | Integration Guide                                                            |\n| --------------------------------------------------------------------------------- | ------------------ | ---------------------------------------------------------------------------- |\n| **[Claude Code](https://claude.ai/code)**                                         | ✅ Fully Supported | [Setup Guide](https://cupcake.eqtylab.io/getting-started/usage/claude-code/) |\n| **[Cursor](https://cursor.com)**                                                  | ✅ Fully Supported | [Setup Guide](https://cupcake.eqtylab.io/getting-started/usage/cursor/)      |\n| **[Factory AI](https://docs.factory.ai/welcome)**                                 | ✅ Fully Supported | [Setup Guide](https://cupcake.eqtylab.io/getting-started/usage/factory-ai/)  |\n| **[OpenCode](https://opencode.ai)**                                               | ✅ Fully Supported | [Setup Guide](https://cupcake.eqtylab.io/getting-started/usage/opencode/)    |\n| **[AMP](https://ampcode.com)**                                                    | Coming soon        | [Awaiting release](https://ampcode.com/manual?internal#hooks)                |\n| **[Gemini CLI](https://docs.cloud.google.com/gemini/docs/codeassist/gemini-cli)** | Coming soon        | [Awaiting release](https://github.com/google-gemini/gemini-cli/issues/2779)  |\n\nEach harness uses native event formats. Similar to terraform, policies are separated by harness (`policies/claude/`, `policies/cursor/`, `policies/factory/`, `policies/opencode/`) to ensure clarity and full access to harness-specific capabilities. If a particular harness is not supported, it is because it has no means for runtime integration.\n\n#### Language Bindings\n\nCupcake can be embedded in JavaScript agent applications through native bindings. This enables integration with web-based agent frameworks like LangChain, Google ADK, NVIDIA NIM, Vercel AI SDK, and more.\n\n| Language                                                                      | Binding        |\n| ----------------------------------------------------------------------------- | -------------- |\n| \u003cimg src=\"docs/docs/assets/typescript.svg\" width=\"24\" height=\"24\"\u003e TypeScript | `./cupcake-ts` |\n\n## How it Works\n\nCupcake acts as an enforcement layer between your coding agents and their runtime environment **via hooks** directly in the agent action path.\n\n\u003cimg src=\"./docs/docs/assets/flow-cupcake.png\" alt=\"Cupcake agent hooks security architecture\" width=\"600\"/\u003e\n\n`Agent → (proposed action) → Cupcake → (policy decision) → Agent runtime`\n\n1. **Interception**: The agent prepares to execute an action/tool-call (e.g., `git push`, `fs_write`).\n2. **Enrichment**: Cupcake gathers real-time **Signals**—facts from the environment such as the current Git branch, CI status, or database metadata.\n3. **Evaluation**: The action and signals are packaged into a JSON input and evaluated against your Wasm policies in milliseconds.\n\n### Deterministic and Non-Deterministic Evaluation\n\nCupcake supports two evaluation models:\n\n1. **Deterministic Policies**: Policies are written in **OPA/Rego** and **compiled to WebAssembly (Wasm)** for fast, sandboxed evaluation. [Writing Policies](https://cupcake.eqtylab.io/reference/policies/custom/) guide for implementation details.\n2. **LLM‑as‑Judge**: For simpler, yet more advanced, oversight of your rules, Cupake can interject via a secondary LLM or agent to evaluate how an action should proceed. [Cupcake Watchdog](https://cupcake.eqtylab.io/watchdog/getting-started/) guide for implementation details.\n\n### Decisions \u0026 Feedback\n\nBased on the evaluation, Cupcake returns one of five decisions to the agent runtime, along with a human-readable message:\n\n- **Allow**: The action proceeds. Optionally, Cupcake can inject **Context** (e.g., \"Remember: you're on the main branch\") to guide subsequent behavior without blocking. _Note: Context injection is supported in Claude Code and Factory AI, but not Cursor._\n- **Modify**: The action proceeds with transformed input. Policies can sanitize commands, add safety flags, or enforce conventions before execution. _Note: Supported in Claude Code and Factory AI only._\n- **Block**: The action is stopped. Cupcake sends **Feedback** explaining _why_ it was blocked (e.g., \"Tests must pass before pushing\"), allowing the agent to self-correct.\n- **Warn**: The action proceeds, but a warning is logged or displayed.\n- **Require Review**: The action pauses until a human approves it.\n\n## Why Cupcake?\n\nModern agents are powerful but inconsistent at following operational and security rules, especially as context grows. Cupcake turns the rules you already maintain (e.g., `CLAUDE.md`, `AGENT.md`, `.cursor/rules`) into **enforceable guardrails** that run before actions execute.\n\n- **Multi-harness support** with first‑class integrations for **Claude Code**, **Cursor**, **Factory AI**, and **OpenCode**.\n- **Governance‑as‑code** using OPA/Rego compiled to WebAssembly for fast, sandboxed evaluation.\n- **Enterprise‑ready** controls: allow/deny/review, **enriched audit** trails for AI SOCs, and proactive warnings.\n\n### Core Capabilities\n\n- **Granular Tool Control**: Prevent specific tools or arguments (e.g., blocking `rm -rf /`).\n- **MCP Support**: Native governance for Model Context Protocol tools (e.g., `mcp__memory__*`, `mcp__github__*`).\n- **LLM‑as‑Judge**: Use a secondary LLM or agent to evaluate actions for more dynamic oversight.\n- **Guardrail Libraries**: First‑class integrations with `NeMo` and `Invariant` for content and safety checks.\n- **Observability**: All inputs, signals, and decisions generate structured logs and evaluation traces for debugging.\n\n## Installation and development with Nix\n\nIf you're using [nix](https://nixos.org/), you can install and run Cupcake using the provided flake:\n\n### Install Cupcake CLI using Nix\n\n```bash\n# Install directly from GitHub\nnix profile install github:eqtylab/cupcake#cupcake-cli\n\n# Or run without installing\nnix run github:eqtylab/cupcake#cupcake-cli -- --help\n```\n\n### Install Cupcake CLI on NixOS\n\nAdd the following to your `flake.nix`:\n```nix\ninputs.cupcake.url = \"github:eqtylab/cupcake\";\n```\n\nAnd then the following package to your environment.systemPackages or home.packages:\n```nix\ninputs.cupcake.packages.${system}.cupcake-cli\n```\n\n### Development Shell\n\nFor development, you can also use the provided dev shell that includes Rust toolchain, just, and other dependencies:\n\n```bash\n# Enter the development shell\nnix develop\n```\n\n## FAQ\n\n**Does Cupcake consume prompt/context tokens?**\nNo. Policies run outside the model and return structured decisions.\n\n**Is Cupcake tied to a specific model?**\nNo. Cupcake supports multiple AI coding agents with harness-specific integrations.\n\n**How fast is evaluation?**\nSub‑millisecond for cached policies in typical setups.\n\n## Contributing\n\nWe welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n## License\n\n[Apache 2.0](LICENSE)\n\n---\n\nCupcake is developed by [EQTYLab](https://eqtylab.io/), with agentic safety research support by [Trail of Bits](https://www.trailofbits.com/).\n\n[Follow on X](https://x.com/CupcakeSecures) for a regular updates.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feqtylab%2Fcupcake","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feqtylab%2Fcupcake","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feqtylab%2Fcupcake/lists"}