See it in action (Desktop only): https://cupcake-policy-studio.vercel.app/example-policies/se...
Help us build: https://github.com/eqtylab/cupcake
We are EQTY Lab, our mission is verifiable AI (identity, provenance, and governance). With the rise of capable agents like Claude Code, it became immediately clear that those deploying these agents need the ability to conduct their own alignment and safety controls. We can’t rely solely on the frontier labs.
This is why we created the feature request for Hooks in Claude Code [2], and pivoted away from filesystem and OS-level monitoring once those hooks were implemented. Hooks provide the critical points we need:
* Evaluation: Checking agent intent and actions.
* Prevention: Stopping unsafe or unwanted actions.
* Modification: Adjusting the agent's output before execution.
Policy-as-Code with OPA/Rego - While many agent security papers suggest similar policy architectures using invented DSLs, Cupcake is fundamentally built on Open Policy Agent (OPA) and its policy language, Rego [3].
We chose Rego because it is:
* Industry-Robust: Widely adopted across enterprise DevSecOps and cloud-native environments.
* Purpose-Built: Offers unique, mature advantages for defining, managing, and enforcing policy as code.
* Enterprise-Oriented: This makes Cupcake compatible with existing enterprise governance frameworks.
Cupcake is released under the Apache-2.0 license. We will formalize a path to v1.0.0 in Q1 of 2026. This is an early preview version. The goal with Cupcake is not suppression, but to ensure an agent is able to drive fast without crashing. To collaborate, or join forces: ramos at eqtylab dot io.
[1] https://github.com/eqtylab/cupcake