Rules Hub
The SigmaShake Rules Hub at hub.sigmashake.com is a public registry of .rules governance files.
Features
- Browse community-contributed rulesets by technology (TypeScript, Python, Go, etc.)
- Search rules by keyword using BM25 full-text search
- Download rulesets directly into your project
- Submit your own rules via
ssg publish, MCP tool, or GitHub OAuth - Auto-sync — rulesets re-sync from GitHub weekly
Using Hub rules
Browse and download
- Visit hub.sigmashake.com
- Filter by technology or search by keyword
- Click a ruleset to view its contents
- Copy the rules into your
.sigmashake/rules/directory
Install via ssg hub pull (with integrity verification)
ssg hub pull <ruleset-id>
Downloads the ruleset, verifies its SHA-256 content hash, then writes .rules files to .sigmashake/rules/. The ruleset ID is the UUID in the hub URL.
ssg hub pull 550e8400-e29b-41d4-a716-446655440000
# Verifying integrity... OK (sha256:4a9f3c1b8e2d7f05...)
# Installed: TypeScript v3
ssg sync # load rules into the engine
Sync from Hub
ssg sync
Pulls rules from the Hub API into your local SQLite database.
Publishing rules
There are three ways to publish. See the Publishing Guide for full details.
Option 1 — ssg publish (recommended, <1 min)
npm install -g ssg # install CLI
gh auth login # authenticate GitHub CLI (one-time)
cd your-project
ssg publish # create repo + push rules + open hub
Option 2 — MCP tool (AI agents)
AI agents can publish programmatically via the sigmashake_hub_submit MCP tool:
{
"name": "sigmashake_hub_submit",
"arguments": {
"repo_url": "https://github.com/alice/rules-typescript",
"github_token": "ghp_xxxxxxxxxxxxxxxxxxxx"
}
}
See MCP Server for setup instructions.
Option 3 — REST API
curl -X POST https://hub.sigmashake.com/api/submit \
-H "Authorization: Bearer ghp_xxxx" \
-H "Content-Type: application/json" \
-d '{"repo": "https://github.com/alice/rules-typescript"}'
Option 4 — Manual form
- Go to hub.sigmashake.com/submit
- Click Manual submit tab
- Sign in with GitHub and fill in the form
API
| Endpoint | Method | Description |
|---|---|---|
/api/rulesets | GET | Paginated JSON ruleset listing |
/api/rulesets/:id | GET | Single ruleset with all rules |
/api/search?q=keyword&format=json | GET | Search rulesets |
/api/technologies | GET | List all technologies |
/api/submit | POST | Submit ruleset (Bearer token auth) |
/api/downloads/:id | POST | Increment download counter |
/api/health | GET | Health check |
AI agent context
The hub exposes machine-readable discovery files:
GET /llms.txt— plain-text API reference for LLMsGET /robots.txt— endpoint listing for crawlersGET /api/openapi.json— OpenAPI 3.1 spec
Security & Trust
The hub implements SHA-256 content hash verification for every ruleset. See Security & Trust for the full threat model, mitigation details, and security roadmap.
Self-hosting
The Hub is a Cloudflare Worker with D1 database and KV storage. To deploy your own:
cd sigmashake-hub
npm install
wrangler d1 create sigmashake-hub-db
# Update wrangler.toml with D1 ID
wrangler d1 migrations apply sigmashake-hub-db
npm run deploy