Summary

Cupcake provides a native policy enforcement layer for AI coding agents, built on OPA/Rego and compiled to WebAssembly. It addresses the challenge of ensuring AI agents adhere to operational and security rules, enhancing performance and security by moving enforcement out of model context. This offers developers robust governance, enabling proactive alerts, action blocking, modification, and auto-correction for reliable AI-driven workflows.

How It Works

Cupcake intercepts proposed agent actions or tool calls, enriching them with real-time environmental "Signals." These are evaluated against OPA/Rego policies compiled to WebAssembly (Wasm) for fast, sandboxed execution. Based on policy outcomes, Cupcake can allow, modify, block with feedback for self-correction, warn, or require human review, all without consuming model context tokens.

Quick Start & Requirements

Installation is primarily via Nix (nix profile install github:eqtylab/cupcake#cupcake-cli or nix run github:eqtylab/cupcake#cupcake-cli -- --help). A development shell is available via nix develop. Official quick-start guides for supported agent harnesses are linked in the README.

Highlighted Details

• Multi-Harness Support: Integrations for Claude Code, Cursor, Factory AI, OpenCode, and JavaScript/TypeScript bindings.
• Governance-as-Code: OPA/Rego policies compiled to WebAssembly for efficient, sandboxed evaluation.
• LLM-as-Judge: Optional mode using a secondary LLM for nuanced action evaluation.
• Granular Control: Blocks specific tools/arguments, modifies inputs, injects context, requires human review.
• Observability: Structured logs and evaluation traces for auditing and debugging.

Maintenance & Community

Official open-source release: December 10, 2025. Roadmap planned for Q1 2026. Developed by EQTYLab with research support from Trail of Bits. Updates via X.

Licensing & Compatibility

Apache 2.0 license, permitting commercial use. Note that specific features like context injection and action modification have varying support across agent harnesses.

Limitations & Caveats

Context injection and action modification are not universally supported (e.g., available for Claude Code/Factory AI, not Cursor). AMP and Gemini CLI harnesses are "Coming soon." Runtime integration depends on harness support.