Hybrid Runtime Access Control for Untrusted Delegated Actions
The open source policy enforcement layer for AI tool calls — the defensive counterpart to VAAST.
Core Design
Enforce before execution. Audit everything.
Pre-dispatch enforcement
Tool calls are intercepted before execution, not after — the model cannot bypass by reprompting.
YAML policy file
Human-readable, version-controlled, defines allow/deny/review per tool and parameter.
Local audit log
Every decision written to SQLite on disk — no telemetry, no cloud dependency.
Demo
See it in action.
HYDRACUDA intercepting a live Claude API request attempting to read /etc/passwd
Decision Flow
Three outcomes. No ambiguity.
ALLOW
Forwarded to tool handler
DENY
Structured error returned to model
REVIEW
Queued for human approval
Ecosystem
HYDRACUDA + VAAST
VAAST finds the vulnerabilities offensively. HYDRACUDA blocks them defensively at runtime. They are fully decoupled — HYDRACUDA does not require VAAST.