SigmaShake Security Whitepaper

Section 01

Overview

SigmaShake is a governance layer that enforces policy on AI agent tool calls before they execute. The system is designed around three principles: local-first evaluation, cryptographic integrity, and deterministic rule matching. This whitepaper provides a non-confidential overview of the architecture and security model. Code-level evidence and source-file references are available in the NDA-gated Controls Evidence Report.

Section 02

Security Pillars

Local-First Evaluation

All governance decisions run locally in the compiled CLI. No tool-call payloads leave the customer machine unless explicit SIEM forwarding is configured.

Zero Runtime Dependencies

The ssg CLI is compiled Rust + Zig + Bun. Zero third-party NPM packages in the production binary, eliminating supply chain exposure.

Cryptographic Integrity

Ed25519 offline signing of fleet rule bundles. SHA-256 content hashing on every ruleset. Merkle-chain audit log for tamper-evidence.

Enterprise-Grade Tenancy

SAML + OIDC SSO with interactive IdP selector. Custom RBAC, IP/CIDR allowlists, service accounts, per-org isolated D1 databases with regional residency.

Defense in Depth

Cloudflare WAF with OWASP CRS, automatic L3/L4/L7 DDoS mitigation, Turnstile challenges, nonce-based CSP, AES-256 at rest, TLS 1.3 (A grade), HSTS preloaded.

Continuous Assurance

Published threat model. AI-assisted code-level pentest between annual human-led engagements. Responsible disclosure SLA: 48h ack, 5-day triage, 30-day critical remediation.

Section 03

Architecture at a Glance

SigmaShake spans one compiled CLI and a set of edge-deployed Cloudflare Workers. The CLI is the enforcement point; workers provide optional cloud features (rule distribution, billing, SSO, observability).

ssg — Compiled CLI binary. Intercepts agent tool calls via pre-tool-use hook. Local SQLite state. No cloud dependency in the evaluation path.
Hub — Public registry of .rules governance files. SHA-256 content integrity on every download.
Accounts — Identity service: GitHub/Google OAuth for self-service, SAML/OIDC for enterprise, RBAC enforcement, tenant isolation.
Fleet — Enterprise MDM control plane (*.fleet.sigmashake.com). Workers for Platforms with per-tenant isolation. Ed25519 signed rule bundles.
MCP — Remote rule evaluation via SSE for hosts that cannot run the CLI locally.
Trust — This center. NDA-gated evidence distribution with HMAC-signed download tokens.

Section 04

Threat Model Summary

SigmaShake maintains a public threat model (THREAT_MODEL.md v1.0.0, 806 lines) mapping the system to OWASP Top 10 Web, OWASP LLM Top 10, STRIDE, and SOC 2 TSC. Key in-scope threats:

Supply chain attack on CLI dependencies — mitigated via zero-dependency compiled binary.
Database compromise altering rule content — mitigated via SHA-256 content hashing (CLI) and Ed25519 bundle signing (Fleet).
Cross-tenant data access — mitigated via tenant isolation guard on every fleet API call and per-org D1 databases.
Brute-force on trust report OTPs — mitigated via 5-attempts-per-IP-per-15-minutes, single-use OTP, 1-hour TTL.
ReDoS in rule patterns — mitigated by Rust's linear-time regex engine.

Out of scope by design: motivated adversarial agents with shell access. SigmaShake is a guardrail for honest agents; adversarial workloads must be paired with OS-level sandboxing (Docker/seccomp, Apple Sandbox, VM confinement). This scope boundary is documented in the published threat model.

Section 05

Compliance Posture

SOC 2 Type II: In progress. All technical controls implemented. 6-month observation window opens 2026-05-18.
ISO/IEC 27001:2022: Self-assessed. All 93 Annex A controls catalogued; SoA published at compliance.sigmashake.com/compliance/iso27001. A.7 Physical inherited from Cloudflare / AWS / GitHub SOC 2.
GDPR (EU 2016/679): Self-assessed compliant. 31 articles catalogued (Ch. II–V; 25 applicable, 6 documented not-applicable); 9 GDPR-specific collectors covering DSR pipeline, Article 30 RoPA, Article 28(2) sub-processor list, breach SLAs (72h / 14d), TIAs (Schrems II), DPIA register, privacy-notice currency, consent register, data-residency attestation. Public endpoints: POST /api/v1/dsr + GET /api/v1/sub-processors.json. Customer DPA template incorporates SCCs 2021/914 (Module Two).
UK GDPR & Swiss FADP: Covered by the GDPR control set with the UK Addendum / IDTA and Swiss FADP-adequacy modular addenda available on request.
CCPA / CPRA: Self-assessed compliant. No sale or share of personal information; right-to-know, right-to-delete, right-to-correct, and non-discrimination implemented.
HIPAA: Not applicable — SigmaShake does not process PHI.
PCI DSS: Not applicable — cardholder data handled exclusively by Stripe (PCI DSS Level 1).

Section 06

Responsible Disclosure

SigmaShake publishes a responsible disclosure policy with binding SLAs:

Acknowledgment: within 48 hours
Triage: within 5 business days
Remediation (Critical + High): within 30 days
Remediation (Medium + Low): within 90 days

Report vulnerabilities at trust.sigmashake.com/vulnerability-report or via security@sigmashake.com. Safe-harbor language applies to good-faith research conducted under this policy.

Looking for deeper technical evidence?

Controls Evidence Report Penetration Test Report SOC 2 Readiness

All three require an executed mutual NDA, completed in under 2 minutes at the Trust Center.