Show HN: Cupcake – Better performance and security for coding agents (via OPA)

https://github.com/eqtylab/cupcake

12•ramoz•1mo ago

We're releasing early efforts on coding agent governance with Cupcake [1] - an open-source policy enforcement layer with native integrations. You write rules in policy-as-code (OPA/Rego), and Cupcake integrates them into the agent runtime via Hooks.

See it in action (Desktop only): https://cupcake-policy-studio.vercel.app/example-policies/se...

Help us build: https://github.com/eqtylab/cupcake

We are EQTY Lab, our mission is verifiable AI (identity, provenance, and governance). With the rise of capable agents like Claude Code, it became immediately clear that those deploying these agents need the ability to conduct their own alignment and safety controls. We can’t rely solely on the frontier labs.

This is why we created the feature request for Hooks in Claude Code [2], and pivoted away from filesystem and OS-level monitoring once those hooks were implemented. Hooks provide the critical points we need:

* Evaluation: Checking agent intent and actions.

* Prevention: Stopping unsafe or unwanted actions.

* Modification: Adjusting the agent's output before execution.

Policy-as-Code with OPA/Rego - While many agent security papers suggest similar policy architectures using invented DSLs, Cupcake is fundamentally built on Open Policy Agent (OPA) and its policy language, Rego [3].

We chose Rego because it is:

* Industry-Robust: Widely adopted across enterprise DevSecOps and cloud-native environments.

* Purpose-Built: Offers unique, mature advantages for defining, managing, and enforcing policy as code.

* Enterprise-Oriented: This makes Cupcake compatible with existing enterprise governance frameworks.

Cupcake is released under the Apache-2.0 license. We will formalize a path to v1.0.0 in Q1 of 2026. This is an early preview version. The goal with Cupcake is not suppression, but to ensure an agent is able to drive fast without crashing. To collaborate, or join forces: ramos at eqtylab dot io.

[1] https://github.com/eqtylab/cupcake

[2] https://github.com/anthropics/claude-code/issues/712

[3] https://www.openpolicyagent.org/

Comments

maaydin•1mo ago

I liked the policy studio, is it also open sourced?

Dexterous robotic hands: 2009 – 2014 – 2025

Interop 2025: A Year of Convergence

JobArena – Human Intuition vs. Artificial Intelligence

Concept Artists Say Generative AI References Only Make Their Jobs Harder

Show HN: PaySentry – Open-source control plane for AI agent payments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

Pax Historia – User and AI powered gaming platform

Show HN: I built a RAG engine to search Singaporean laws

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

Porting Doom to My WebAssembly VM

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

Full-Blown Cross-Assembler in a Bash Script

Logic Puzzles: Why the Liar Is the Helpful One

Optical Combs Help Radio Telescopes Work Together

Show HN: Myanon – fast, deterministic MySQL dump anonymizer

The Tao of Programming

Forcing Rust: How Big Tech Lobbied the Government into a Language Mandate

PanelBench: We evaluated Cursor's Visual Editor on 89 test cases. 43 fail

Can You Draw Every Flag in PowerPoint? (Part 2) [video]

Show HN: MCP-baepsae – MCP server for iOS Simulator automation

Make Trust Irrelevant: A Gamer's Take on Agentic AI Safety

Show HN: Sem – Semantic diffs and patches for Git

Hello world does not compile

Show HN: ZigZag – A Bubble Tea-Inspired TUI Framework for Zig

Metaphor+Metonymy: "To love that well which thou must leave ere long"(Sonnet73)

Show HN: Django N+1 Queries Checker

Emacs-tramp-RPC: High-performance TRAMP back end using JSON-RPC instead of shell

Protocol Validation with Affine MPST in Rust

Female Asian Elephant Calf Born at the Smithsonian National Zoo