https://github.com/sigmashakeinc/ssg
AI Coding Agent Guardrails enforced at runtime
https://github.com/sigmashakeinc/ssg
agents ai ai-agents antigravity claude-code cli codex copilot cursor devtools governance guardrails linux macos platform terminal ubuntu vscode windows
Last synced: 19 days ago
JSON representation
AI Coding Agent Guardrails enforced at runtime
- Host: GitHub
- URL: https://github.com/sigmashakeinc/ssg
- Owner: sigmashakeinc
- Created: 2026-04-04T22:37:19.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-05-26T23:36:55.000Z (28 days ago)
- Last Synced: 2026-05-27T01:23:28.413Z (28 days ago)
- Topics: agents, ai, ai-agents, antigravity, claude-code, cli, codex, copilot, cursor, devtools, governance, guardrails, linux, macos, platform, terminal, ubuntu, vscode, windows
- Homepage: https://sigmashake.com
- Size: 6.84 KB
- Stars: 1
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
@sigmashake/ssg
AI Agent Guardrails. Sub-2ms governance for every AI agent. Local-first.
Install ·
Quick start ·
Demos ·
Docs ·
Discord
---
## What is SSG?
SSG is SigmaShake's AI agent governance CLI. It evaluates every tool call your AI agent is about to make against a set of local rules — blocking dangerous operations, asking for approval on risky ones, and recording everything to a queryable audit log. It runs locally in sub-2 milliseconds and works with every major AI client: **Claude Code**, **Cursor**, **GitHub Copilot**, **Codex**, **Gemini**, **Antigravity**, and **Pi**.
## See it in action
### 🛡️ Real-time approval dashboard
A local dashboard at `http://localhost:5599` shows pending approvals, blocked commands, and a live audit stream.
### 🌍 Community rules hub
Pull curated rulesets from [`hub.sigmashake.com`](https://hub.sigmashake.com) — covering bash, secrets, SQL, Docker, Kubernetes, Python, React, Terraform, and more.
> 🎥 [Watch the full dashboard tour](https://docs.sigmashake.com/img/demos/dashboard_demo.webm) (WebM, 208 KB) · or read the [dashboard docs](https://docs.sigmashake.com/dashboard).
## Why teams pick SSG
- 🏠 **Local-first evaluation** — no outbound AI calls for governance
- ⚡ **Sub-2ms rule eval** — faster than the network call it gates
- 🧩 **Works everywhere** — Claude Code, Cursor, Copilot, Codex, Gemini, Antigravity, Pi
- 🔍 **Queryable audit trail** — every decision stored locally; searchable from the CLI
- 🌐 **Hub rulesets** — 20+ curated packs authored by the community
- 🏢 **Fleet-ready** — SSO, org policies, and SIEM forwarding for enterprise deployments
## Install
```bash
npm install -g @sigmashake/ssg
ssg --help
```
### Every channel
| Channel | Install |
|---------|---------|
| npm | `npm install -g @sigmashake/ssg` |
| PyPI | `pip install sigmashake` |
| Homebrew | `brew install sigmashakeinc/tap/ssg` |
| winget | `winget install SigmaShake.SSG` |
| Docker (OS-agnostic) | `docker run --rm -i ghcr.io/sigmashakeinc/ssg:latest eval < call.json` |
The Docker image at `ghcr.io/sigmashakeinc/ssg` is also the install path for musl distros (Alpine, Chimera) and hosts running glibc < 2.24. See the [Docker guide](https://docs.sigmashake.com/intro) for usage.
## Quick start
```bash
ssg init # install adapters + local config for every supported AI client
ssg setup # guided ruleset selection
ssg serve # start the local approval dashboard at localhost:5599
```
Evaluate a single tool call from the shell:
```bash
echo '{"tool":"Bash","input":{"command":"rm -rf /"}}' | ssg eval
```
Wire SSG into just one client:
```bash
ssg init --client=claude-code # or: cursor | copilot | codex | gemini | antigravity | pi
```
## Documentation
Full reference and guides at **[docs.sigmashake.com](https://docs.sigmashake.com)**.
| Get started | Integrate |
|---|---|
| 🚀 [Getting started](https://docs.sigmashake.com/getting-started) | 🔌 [MCP server](https://docs.sigmashake.com/mcp) |
| ⚡ [Intro](https://docs.sigmashake.com/intro) | 🤖 [Claude Code](https://docs.sigmashake.com/claude-code-integration) |
| 📺 [Dashboard](https://docs.sigmashake.com/dashboard) | 🧩 [Every adapter](https://docs.sigmashake.com/adapters) |
| Author rules | Operate |
|---|---|
| 📝 [Rule syntax](https://docs.sigmashake.com/rule-syntax) | 💻 [CLI reference](https://docs.sigmashake.com/cli) |
| 🌍 [Hub guide](https://docs.sigmashake.com/hub) | 🏗️ [Architecture](https://docs.sigmashake.com/architecture) |
| 📦 [Publishing rulesets](https://docs.sigmashake.com/publishing) | 🏢 [Enterprise fleet](https://docs.sigmashake.com/fleet-mcp-setup) |
## Supported AI clients
`ssg init` configures, out of the box:
## Useful commands
| Command | What it does |
|---|---|
| `ssg init` | Install agent adapters and local configuration |
| `ssg setup` | Walk through recommended setup and ruleset selection |
| `ssg serve` | Start the local approval dashboard |
| `ssg eval` | Evaluate a tool call from stdin (JSON) |
| `ssg audit search` | Query local audit history for agents, tools, and actions |
| `ssg rule ...` | List, search, enable, disable, and edit rules |
| `ssg hub ...` | Search, install, update, and audit Hub rulesets |
| `ssg doctor` | Run a health diagnostic for the local installation |
| `ssg mcp-server` | Start the local MCP server for agent integrations |
## Authentication
Local rule evaluation, local dashboard usage, and local audit inspection work **without signing in**. `ssg auth login` unlocks account-backed features: Hub publishing, organization workflows, support, and private ruleset access.
## Community & support
- 💬 **Discord** — [discord.gg/ghWA8Xhs4T](https://discord.gg/ghWA8Xhs4T)
- 🐛 **Report an issue** — [github.com/sigmashakeinc/ssg/issues](https://github.com/sigmashakeinc/ssg/issues)
- 🏢 **Enterprise & support** — [support@sigmashake.com](mailto:support@sigmashake.com)
- 🌐 **Hub** — [hub.sigmashake.com](https://hub.sigmashake.com)
- 🔐 **Accounts** — [accounts.sigmashake.com](https://accounts.sigmashake.com)
## License
Proprietary. The SSG binary is free to use for local governance, auditing, and dashboard workflows. **Source code is not distributed** — this repository publishes release artifacts only. See [`LICENSE`](./LICENSE) for the full terms.
© Sigma Shake. All rights reserved. · sigmashake.com · Terms · Privacy