今日已更新 246 条资讯 | 累计 21112 条内容
关于我们

Show HN: Policy enforcement for Claude Code, Cursor, and Codex

carlosjimenez1 2026年07月09日 23:26 1 次阅读 来源:HackerNews

Show HN: Runtime authorization for Claude Code, Cursor, and Codex Hi HN, Fernando and I built Kastra. Kastra intercepts AI agent tool calls and evaluates them against deterministic policies before they execute. This is aimed at developers using coding agents like Claude Code, Codex, Cursor, and OpenClaw. We built Kastra after one of our Cursor agents almost executed DELETE FROM customers WHERE status='test' against a production database. We caught it before it ran, but it made us realize that no

Show HN: Runtime authorization for Claude Code, Cursor, and Codex Hi HN, Fernando and I built Kastra. Kastra intercepts AI agent tool calls and evaluates them against deterministic policies before they execute. This is aimed at developers using coding agents like Claude Code, Codex, Cursor, and OpenClaw. We built Kastra after one of our Cursor agents almost executed DELETE FROM customers WHERE status='test' against a production database. We caught it before it ran, but it made us realize that nothing in our stack actually decided what the agent was allowed to do. What mattered for us wasn't the mistake; it was realizing nothing in our setup would have stopped it if we weren't actively on top of it. LLMs are probabilistic, and prompts influence behavior, but they don't deterministically decide what an agent is allowed to do. Without a deterministic policy system, nothing could have decided what it was allowed to do. Kastra pushes an allow, hold, and deny decision before the action runs. You can build these policies in plain English from the web app. The interception engine evaluates the tools, targets, and parameters of every action. We also shipped many policy packs covering common high-risk scenarios, and every decision is recorded in an immutable audit trail. The desktop app, CLI, dashboard, and Recon scan are free to use for developers. If you often use Claude, Codex, Openclaw, and Cursor, Kastra can run a scan command on which risky actions your agents have already taken and automatically build rules to avoid them from happening again. Recon is a feature of Kastra that scans your local agent history. In order to run this scan, execute the commands below in your coding agent. brew install kastra-labs/tap/kastra-edge kastra-edge scan The scan reads your local agent session history, and it shows all the risky actions your agent has already taken before, the secrets written to tracked files, production databases touched, force pushes, curl-to-shell, and more. This r
本文内容来源于互联网,版权归原作者所有
查看原文