SigmaShake

Governance rules for AI agents — connect in 2 minutes.

SigmaShake evaluates AI agent tool calls against declarative rules at the tool-call boundary. Every Bash command, file write, network request, or agent spawn is checked before it executes — in under 2ms.

The fastest path

If you use Claude Code, Cursor, Windsurf, or Antigravity:

pnpm add -g @sigmashake/ssg
ssg init --client=claude-code

Restart your AI client, then say:

"Set up SigmaShake governance for my project"

Your agent detects your stack, installs matching rules from the Hub, and returns a health report. Done.

→ Full quickstart guide

On Alpine / musl or old-glibc hosts where the npm binary won't load? Use the OS-agnostic Docker image: docker pull ghcr.io/sigmashakeinc/ssg:latest.

On Windows? The pnpm add -g @sigmashake/ssg command works in any PowerShell or Command Prompt window. Or run the one-liner: iwr -useb sigmashake.com/install.ps1 | iex. If you'd rather skip the terminal entirely, install SigmaShake Desktop — a tray-icon desktop app that sets everything up for you.

What SigmaShake does

When an AI agent calls a tool, SigmaShake intercepts and returns one of:

Decision	Meaning
ALLOW	Let it through
DENY	Block it with an explanation
LOG	Allow but record for audit
ASK	Pause and require human approval
FORCE	Block and suggest a safer alternative
SHADOW	Allow silently, log for monitoring

Without governance

Agent: git push --force origin main  →  💥 history rewritten
Agent: cat .env                       →  🔓 secrets exposed
Agent: rm -rf node_modules/..        →  🗑️  wrong directory deleted
Agent: npm publish                    →  📦 unreviewed release shipped

With SigmaShake

Agent: git push --force origin main  →  BLOCK: "Use --force-with-lease"
Agent: cat .env                       →  BLOCK: "Secret file access blocked"
Agent: rm -rf node_modules/..        →  BLOCK: "Destructive command blocked"
Agent: npm publish                    →  ASK:   Waits for your approval

Key properties

Property	Value
Evaluation latency	< 2ms
Dependencies	Zero (standalone binary)
Transport	stdio (MCP), stdin/stdout (hooks)
Rule format	Declarative DSL, hot-reloaded
Audit	Every eval logged locally
Hub	50+ community rulesets for TypeScript, React, Go, Docker, and more

Components

Component	Purpose	Where
ssg CLI	Rule evaluation, Hub, linting, dashboard	Local binary
MCP Server	AI agent integration (19 tools)	`ssg mcp-server`
Dashboard	Real-time approvals, audit log	`localhost:5599`
Rules Hub	Verified community rulesets	hub.sigmashake.com
Fleet	Org-wide agent governance	fleet.sigmashake.com
Accounts	Plans, login, license	accounts.sigmashake.com

Next steps

Getting Started — Install + connect your AI agent in 2 minutes
MCP Server — All 19 MCP tools for AI agents
Rule Syntax — Write your own governance rules
Hub — Browse 50+ community rulesets
Enterprise Fleet — Fleet admin onboarding via AI agent

The fastest path​

What SigmaShake does​

Without governance​

With SigmaShake​

Key properties​

Components​

Next steps​