Signed receipts and Cedar policies for AI agent tool calls. Claude Code hooks, MCP gateway.
A policy check that sits between your AI agent and the tools it calls. Every tool call is evaluated against a rule you wrote. Every decision is signed. When an AI agent (Claude Code, Cursor, a custom LangChain app, anything that uses the Model Context Protocol) wants to run a command, edit a file, or call an API, intercepts that request before it executes: 1. Checks a policy. You write rules in…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
A policy check that sits between your AI agent and the tools it calls. Every tool call is evaluated against a rule you wrote. Every decision is signed. When an AI agent (Claude Code, Cursor, a custom LangChain app, anything that uses the Model Context Protocol) wants to run a command, edit a file, or call an API, intercepts that request before it executes: 1. Checks a policy. You write rules in Cedar — the same policy language AWS uses for IAM. Rules like "never allow ", "only allow during…