HushSpec is a portable, open specification for declaring security rules at the tool boundary of AI agent runtimes. It defines what security rules an agent operates under, without prescribing how those rules are enforced.
AI agents interact with tools — file systems, network APIs, shell commands, MCP servers. HushSpec provides a standard way to declare which interactions are allowed, blocked, or require confirmation.
- Portable: Works with any engine that implements the spec
- Declarative: Rules are stateless YAML — no runtime state, no detection algorithms
- Fail-closed: Unknown fields are rejected; invalid documents produce errors, not silent misconfiguration
- Extensible: Optional modules for posture state machines, origin-aware profiles, and detection thresholds
hushspec: "0.1.0"
name: my-policy
rules:
forbidden_paths:
patterns:
- "**/.ssh/**"
- "**/.aws/**"
egress:
allow:
- "api.openai.com"
- "*.anthropic.com"
default: block
tool_access:
block:
- shell_exec
- run_command
default: allowHushSpec defines the portable rule language. Engines like Clawdstrike implement the spec and add engine-specific features (detection algorithms, receipt signing, async guard infrastructure).
HushSpec v0.1.0 — unstable. Breaking changes may occur between minor versions. The spec will stabilize at v1.0.0.