Vectimus – Cedar policy enforcement for AI coding agents
Cedar policies block `terraform destroy` before AI agents execute it.
Intention-reading guardrail for AI agents, not just a command string denylist.
Teams using Claude Code, Codex, or Cursor for AI-assisted development
LLM Guard · Guardrails AI · Rebuff
2 weeks ago, I told our eng team they could spend 20% of their week on side projects. The result: They came out with 3 open source projects. Tools we're using ourselves.
Fence is the first one. It prevents an agent, confused or poorly prompted, to execute a catastrophic command before it happens. This could be 'rm -rf~’, ‘rm -fr~’ or even ‘sudo rm -rf $HOME’. It’s different from a denylist, because it reads the intention, not only the string.
We use this for Claude Code and Codex. We want to see adoption before jumping to Cursor next.
The team is very excited to release this, so please to drop any comments with feedback or issues you find:
github.com/hoophq/fence
Cedar policies block `terraform destroy` before AI agents execute it.
First runtime permission layer for agents—detects risky tool chains and enforces policies outside LLM context.
TPM-bound agent identity solves a real pain, but execution is pre-launch vaporware.
Remote coding agent—but unclear how it differs from Cursor, Continue, or existing AI coding platforms.
Stops AI agents from forgetting requirements by writing decisions to locked files.
OS-level sandboxing blocks base64 evasion when pattern matching alone fails.