What is SSG?

SSG is SigmaShake's AI agent governance CLI. It evaluates every tool call your AI agent is about to make against a set of local rules — blocking dangerous operations, asking for approval on risky ones, and recording everything to a queryable audit log. It runs locally in sub-2 milliseconds and works with every major AI client: Claude Code, Cursor, GitHub Copilot, Codex, Gemini, Antigravity, and Pi.

See it in action

🛡️ Real-time approval dashboard

A local dashboard at http://localhost:5599 shows pending approvals, blocked commands, and a live audit stream.

🌍 Community rules hub

Pull curated rulesets from hub.sigmashake.com — covering bash, secrets, SQL, Docker, Kubernetes, Python, React, Terraform, and more.

🎥 Watch the full dashboard tour (WebM, 208 KB) · or read the dashboard docs.

Why teams pick SSG

• 🏠 Local-first evaluation — no outbound AI calls for governance
• ⚡ Sub-2ms rule eval — faster than the network call it gates
• 🧩 Works everywhere — Claude Code, Cursor, Copilot, Codex, Gemini, Antigravity, Pi
• 🔍 Queryable audit trail — every decision stored locally; searchable from the CLI
• 🌐 Hub rulesets — 20+ curated packs authored by the community
• 🏢 Fleet-ready — SSO, org policies, and SIEM forwarding for enterprise deployments

Install

pnpm add -g @sigmashake/ssg
ssg --help

Every channel

| Channel | Install | |---------|---------| | npm | pnpm add -g @sigmashake/ssg | | PyPI | pip install sigmashake | | Homebrew | brew install sigmashakeinc/tap/ssg | | winget | winget install SigmaShake.SSG | | Docker (OS-agnostic) | docker run --rm -i ghcr.io/sigmashakeinc/ssg:latest eval < call.json |

The Docker image at ghcr.io/sigmashakeinc/ssg is also the install path for musl distros (Alpine, Chimera) and hosts running glibc < 2.24. See the Docker guide for usage.

Quick start

ssg init       # install adapters for detected AI clients + local config
ssg setup      # guided ruleset selection
ssg serve      # start the local approval dashboard at localhost:5599

Evaluate a single tool call from the shell:

echo '{"tool":"Bash","input":{"command":"rm -rf /"}}' | ssg eval

Wire SSG into a specific client (or every supported one):

ssg init --client=claude-code    # or: cursor | copilot | codex | gemini | antigravity | pi
ssg init --client=all            # install every adapter regardless of detection

Documentation

Full reference and guides at docs.sigmashake.com.

| Get started | Integrate | |---|---| | 🚀 Getting started | 🔌 MCP server | | ⚡ Intro | 🤖 Claude Code | | 📺 Dashboard | 🧩 Every adapter |

| Author rules | Operate | |---|---| | 📝 Rule syntax | 💻 CLI reference | | 🌍 Hub guide | 🏗️ Architecture | | 📦 Publishing rulesets | 🏢 Enterprise fleet |

Supported AI clients

ssg init configures, out of the box:

Useful commands

| Command | What it does | |---|---| | ssg init | Install agent adapters and local configuration | | ssg setup | Walk through recommended setup and ruleset selection | | ssg serve | Start the local approval dashboard | | ssg eval | Evaluate a tool call from stdin (JSON) | | ssg audit search | Query local audit history for agents, tools, and actions | | ssg rule ... | List, search, enable, disable, and edit rules | | ssg hub ... | Search, install, update, and audit Hub rulesets | | ssg doctor | Run a health diagnostic for the local installation | | ssg mcp-server | Start the local MCP server for agent integrations |

Authentication

Local rule evaluation, local dashboard usage, and local audit inspection work without signing in. ssg auth login unlocks account-backed features: Hub publishing, organization workflows, support, and private ruleset access.

Community & support

• 💬 Discord — discord.gg/ghWA8Xhs4T
• 🐛 Report an issue — github.com/sigmashakeinc/ssg/issues
• 🏢 Enterprise & support — [email protected]
• 🌐 Hub — hub.sigmashake.com
• 🔐 Accounts — accounts.sigmashake.com

License

Proprietary. The SSG binary is free to use for local governance, auditing, and dashboard workflows. Source code is not distributed — this repository publishes release artifacts only. See LICENSE for the full terms.