Hacker News: cavalrytactics

New comment by cavalrytactics in "Incident CVE-2026-LGTM"

cavalrytactics — Fri, 26 Jun 2026 15:43:19 +0000

Should have used Sigmashake guardrails... When will this industry learn. Youtube video: https://www.youtube.com/watch?v=SHZaMu6J0F0

New comment by cavalrytactics in "Is your company affected by NIS2?"

cavalrytactics — Tue, 16 Jun 2026 19:37:04 +0000

Maybe!

New comment by cavalrytactics in "Hillock – Local, brain-inspired AI memory using SQLite and HDC"

cavalrytactics — Tue, 16 Jun 2026 19:36:44 +0000

Hello

Show HN: A policy gate that runs before your AI coding agent's tool calls

cavalrytactics — Tue, 16 Jun 2026 17:12:02 +0000

As a Security Engineer with over 10+ years in industry, I kept running into the same problem with coding agents: Instructions are not guarantees.

I put guidance in `CLAUDE.md`, `AGENTS.md`, memory files, MCP descriptions, and tool documentation. I explicitly told the agent things like:

- Use the code graph for architecture questions instead of grepping the repository. - Do not use deprecated APIs or Unsafe code. - Prefer specific tools for specific tasks.

The agent would still ignore those instructions surprisingly often. It would grep the entire repo, use deprecated APIs, or choose a slower tool even when a better one was available.

That made me realize prompts and rules solve different problems.

A prompt is a probabilistic influence on model behavior. A rule is an enforcement mechanism.

So I built SSG (SigmaShake Governance), which sits between the agent and its tools. Instead of asking the model to remember a policy, SSG evaluates every tool call before it executes.

For example, this rule redirects architecture-related repository searches away from recursive grep and toward a code graph:

```text rule route-codebase-grep-to-graph { enable true priority 80 severity warning CATEGORY tool-routing FORCE search IF tool EQUALS "Grep" MESSAGE "Architecture, relationship, and dependency questions are routed to the code-graph tool." SUBSTITUTE "graphify query \"\"" } ```

When the agent attempts a grep for an architecture question, the call is redirected. If it attempts to write deprecated code, the write can be blocked before the content reaches disk and the replacement API can be suggested.

A few design choices:

- Rules are plain text and git-versioned. - Enforcement runs locally. - The same rules work across Claude Code, Codex, Cursor, Gemini, and MCP-based agents. - Bypasses are allowed, but recorded. - The goal is not to sandbox a hostile model; it's to prevent routine agent mistakes and shortcuts.

I found that many existing controls operate either too early or too late:

- Prompt files influence behavior but don't enforce it. - Tool allowlists are often all-or-nothing. - Pre-commit hooks catch problems after files have already been written. - Harness-specific permissions don't travel with the repository. (what if your team does not use the same harness?)

If you do not live in the terminal, SigmaShake Desktop is the same governance dashboard with no CLI required: a free direct download for macOS, Windows, and Linux. The Mac App Store and Microsoft Store also carry it as a paid, sandboxed build that auto-updates and skips the Gatekeeper and SmartScreen prompts, if you would rather pay once for the managed install (or just want to support the project): https://apps.apple.com/us/app/sigmashake-desktop/id676990115... https://apps.microsoft.com/detail/9N2CHV3STGS4

I've been building this in public for a few months. https://twitch.tv/sigmashake https://youtube.com/@sigmashakeinc

What instructions do your agents consistently ignore?

Comments URL: https://news.ycombinator.com/item?id=48558502

Points: 1

# Comments: 0

New comment by cavalrytactics in "Codex just found a "workaround" of not having sudo on my PC"

cavalrytactics — Sun, 31 May 2026 21:03:14 +0000

Should have used my AI Agent Guardrails. Its free. Check it out at sigmashake.com

New comment by cavalrytactics in "Show HN: Sigmashake Desktop – AI Coding Agent Guardrails"

cavalrytactics — Tue, 12 May 2026 19:18:01 +0000

Mac, Windows, and Linux versions are working now. Sorry for the delay

New comment by cavalrytactics in "Show HN: Sigmashake Desktop – AI Coding Agent Guardrails"

cavalrytactics — Tue, 12 May 2026 03:07:52 +0000

My bad for mac users, didn't compile and upload the mac version yet. Will reply here when its done

Show HN: Sigmashake Desktop – AI Coding Agent Guardrails

cavalrytactics — Tue, 12 May 2026 02:35:24 +0000

SigmaShake Desktop - Guardrails for YOLO AI coding agents

Your AI will use the wrong tool, nuke your database, force push to main because it won't respect your markdown instructions

One ruleset, every major AI coding tool, local, no cloud, no sandbox

Open to hearing feedback. Free to use

BuildingInPublic live on twitch and youtube as well. Feel free to hangout and say Hi!

Comments URL: https://news.ycombinator.com/item?id=48103540

Points: 2

# Comments: 2

Show HN: AI Coding Agent Guardrails enforced at runtime

cavalrytactics — Mon, 20 Apr 2026 17:25:08 +0000

Hello, looking for some users interested using a devtool that allows developers to centrally manage AI Coding Agent tools that supports all AI Coding Agent tools like Claude Code, Codex, Antigravity, etc.