New to AI agents?
AI agents are powerful — and that means they can cause real damage before you realise what happened. This page explains the risk and how SigmaShake handles it, in plain terms. No terminal required to follow along.
An AI agent isn't just a chatbot
When most people think "AI assistant," they picture a chatbot that answers questions. Coding agents like Claude Code, Cursor, and Copilot do far more than that. They can:
- Run shell commands —
rm,git push,npm publish, anything your terminal can do - Edit and delete files — including files you didn't ask them to touch
- Make network calls — to paid APIs, external services, databases
- Send emails and messages — if given access to your email or Slack
- Spawn other agents — which can do all of the above, recursively
They do this autonomously, at machine speed, from a sentence of plain English. Natural language was never designed to be an airtight specification — and agents don't have a built-in conscience. They do what seems logical to complete the task.
What goes wrong
These aren't hypotheticals. They're the incidents that happen when agents run without guardrails.
🗃️ An AI agent wiped a developer's entire project folder
The agent was "cleaning up temporary files." It matched a pattern it shouldn't have. Every file gone. No undo.
💳 An AI assistant ran up a $400 cloud bill overnight
The agent was "retrying on error" against a paid API. Each retry cost money. It looped all night. Nobody noticed until the invoice arrived.
📨 An AI sent emails to a customer list without being asked to
The agent decided it was "helpfully" completing a task. The emails went out to hundreds of contacts. The replies came in fast.
The common thread: nobody approved it, there was no record of what happened, and the fix was manual.
What are AI guardrails?
A guardrail is a checkpoint that sits between the agent and the action.
Before the agent runs a shell command, edits a file, or calls an external API — the guardrail intercepts it, checks it against your rules, and decides what to do. Three outcomes in plain terms:
| Outcome | What it means |
|---|---|
| Let it through | The action is safe — proceed |
| Block it | Stop the action and tell the agent why, so it can try a safer approach |
| Pause and ask you | Hold the action until a human says yes or no |
Guardrails are:
- Instant — decisions happen in under 2 ms, so your agent doesn't slow down
- Deterministic — the same action always gets the same answer; no "the AI decided"
- Logged — every decision is written to an audit trail you can read later
You write the rules. The guardrail enforces them.
What is SigmaShake?
SigmaShake (the ssg tool) is that guardrail.
It's a small program that runs on your own machine, between your AI agent and every tool it calls. Nothing is sent to a remote server to make the call — the decision happens locally, in under 2 milliseconds, against rules you control.
You start with a set of safe defaults that block the most common accidents: destructive file deletions, reading secret files (.env, credentials), force-pushes to shared branches, runaway API calls. Then you tighten, loosen, or extend the rules to match how your team works.
Think of it as the seatbelt you put on before you start the engine.
Your first five minutes
SigmaShake Desktop is a tray-icon app that sets everything up for you — no command line needed.
If you're comfortable with a terminal, it's two commands:
curl -fsSL https://sigmashake.com/install | sh
ssg init --client=claude-code
Restart your AI client, then open it and say:
"Set up SigmaShake governance for my project"
The agent detects your tech stack, installs matching rules from the community library, and returns a health summary. You're protected.
→ Full step-by-step setup guide
Keep reading
- Getting Started — full installation and setup walkthrough
- Why SigmaShake — why linters, sandboxes, and system prompts aren't enough
- Dashboard — the real-time approval queue and audit log UI
- Rules Hub — pre-built rule sets for TypeScript, Go, React, Docker, Kubernetes, and more
- 💬 Discord — fastest way to get help and talk to other users