A policy gate that runs before your AI coding agent's tool calls

As a Security Engineer with over 10+ years in industry, I kept running into the same problem with coding agents: Instructions are not guarantees.

I put guidance in `CLAUDE.md`, `AGENTS.md`, memory files, MCP descriptions, and tool documentation. I explicitly told the agent things like:

* Use the code graph for architecture questions instead of grepping the repository. * Do not use deprecated APIs or Unsafe code. * Prefer specific tools for specific tasks.

The agent would still ignore those instructions surprisingly often. It would grep the entire repo, use deprecated APIs, or choose a slower tool even when a better one was available.

That made me realize prompts and rules solve different problems.

A prompt is a probabilistic influence on model behavior. A rule is an enforcement mechanism.

So I built SSG (SigmaShake Governance), which sits between the agent and its tools. Instead of asking the model to remember a policy, SSG evaluates every tool call before it executes.

For example, this rule redirects architecture-related repository searches away from recursive grep and toward a code graph:

```text rule route-codebase-grep-to-graph { enable true priority 80 severity warning CATEGORY tool-routing FORCE search IF tool EQUALS "Grep" MESSAGE "Architecture, relationship, and dependency questions are routed to the code-graph tool." SUBSTITUTE "graphify query \"<what you were searching for>\"" } ```

When the agent attempts a grep for an architecture question, the call is redirected. If it attempts to write deprecated code, the write can be blocked before the content reaches disk and the replacement API can be suggested.

A few design choices:

* Rules are plain text and git-versioned. * Enforcement runs locally. * The same rules work across Claude Code, Codex, Cursor, Gemini, and MCP-based agents. * Bypasses are allowed, but recorded. * The goal is not to sandbox a hostile model; it's to prevent routine agent mistakes and shortcuts.

I found that many existing controls operate either too early or too late:

* Prompt files influence behavior but don't enforce it. * Tool allowlists are often all-or-nothing. * Pre-commit hooks catch problems after files have already been written. * Harness-specific permissions don't travel with the repository. (what if your team does not use the same harness?)

If you do not live in the terminal, SigmaShake Desktop is the same governance dashboard with no CLI required: a free direct download for macOS, Windows, and Linux. The Mac App Store and Microsoft Store also carry it as a paid, sandboxed build that auto-updates and skips the Gatekeeper and SmartScreen prompts, if you would rather pay once for the managed install (or just want to support the project): https://apps.apple.com/us/app/sigmashake-desktop/id676990115... https://apps.microsoft.com/detail/9N2CHV3STGS4

I've been building this in public for a few months. https://twitch.tv/sigmashake https://youtube.com/@sigmashakeinc

What instructions do your agents consistently ignore?