Hadeda

Hadeda

Hadeda
HomeGet Started

Get started

Introduction

Hadeda is a VPC-resident security gateway for AI coding agents. It sits between your AI tools and your internal systems, enforcing policies, authorizing actions, and auditing everything.

Installation

Install Hadeda using Go:

Terminal
$ go install github.com/Hadeda-dev/hadeda@latest

Or clone and build from source:

Terminal
$ git clone https://github.com/Hadeda-dev/hadeda.git
$ cd hadeda
$ go build -o hadeda .

Configuration

Create a config.yaml file:

config.yaml
port: "8080"

auth:
  api_keys:
    - "your-api-key"
  require_mtls: false

scrubber:
  patterns:
    - '(?i)(api_key|secret|password|token)(\s*[:=]\s*)["'][a-zA-Z0-9_\-\.\~]{10,}["']'

limits:
  rate: 5.0
  capacity: 10.0

rules:
  - tool: "*"
    pattern: ".*"
    allow: true

Quickstart

Learn how to get Hadeda set up with your AI coding tool.

Cursor

Set up Hadeda with Cursor IDE

Claude Code

Filter Claude Code commands

Windsurf

Secure Windsurf agent traffic

OpenCode

Add Hadeda to OpenCode

Docker

Deploy with Docker

Go SDK

Integrate via Go library

What's next

Command Filter

Block and allow AI agent commands by tool, pattern, or regex.

Secret Scrubber

Strip API keys, tokens, and PII from agent traffic in transit.

Audit Logging

Generate structured, SIEM-ready logs for every agent action.

Command Filter

The Command Filter intercepts every tool call and command from your AI agents and evaluates it against a set of configurable allow/block rules. Rules can match by tool name, string pattern, or regex.

config.yaml
rules:
  - tool: "shell"
    pattern: "rm -rf"
    allow: false
  - tool: "*"
    pattern: ".*"
    allow: true

Rules are evaluated in order. The first matching rule determines whether a command is allowed or blocked. Use tool: "*" to match all tools.

Secret Scrubber

The Secret Scrubber scans all agent traffic in transit and strips out API keys, tokens, passwords, and PII before they reach your internal systems. It uses configurable regex patterns to detect sensitive data.

config.yaml
scrubber:
  patterns:
    - '(?i)(api_key|secret|password|token)(\s*[:=]\s*)["'][a-zA-Z0-9_\-\.\~]{10,}["']'

When a match is found, the sensitive value is replaced with [REDACTED] (or your custom redaction string). Scrubbed content is logged separately for audit purposes.

Rate Limiter

The Rate Limiter uses a token bucket algorithm to throttle agent requests on a per-user, per-tool basis. This prevents runaway agents from consuming excessive resources.

config.yaml
limits:
  rate: 5.0        # tokens added per second
  capacity: 10.0    # max burst size

When the rate limit is exceeded, Hadeda returns a 429 Too Many Requests response. The agent can retry after the cooldown period.

Audit Logging

Every agent action passing through Hadeda is logged as a structured JSON event. Logs are SIEM-ready and include the tool name, command, user identity, timestamp, and the outcome (allowed/blocked/scrubbed).

Log Output
{
  "timestamp": "2026-06-23T10:15:32Z",
  "user": "dev@company.com",
  "tool": "bash",
  "command": "curl https://api.example.com/v1/data",
  "allowed": true,
  "reason": "",
  "overhead_ms": "1.2ms"
}

Logs can be shipped to your SIEM (Splunk, Datadog, Elastic) via stdout, file, or webhook. Each entry includes a request_id for tracing across services.

Cursor

Hadeda integrates with Cursor by proxying all agent requests through the gateway. Configure Cursor to route traffic through Hadeda's local port.

Terminal
$ export HADEDA_PROXY=http://localhost:8080
$ cursor

All Cursor agent commands will now pass through Hadeda for filtering, authorizing, and auditing.

Claude Code

Claude Code sends tool calls over HTTP. Point it at Hadeda to intercept and inspect all agent traffic.

Terminal
$ export ANTHROPIC_BASE_URL=http://localhost:8080/v1
$ claude

Hadeda will intercept all Claude Code requests, apply your configured policies, and forward allowed traffic to Anthropic's API.

Windsurf

Windsurf agent traffic can be routed through Hadeda by setting the proxy environment variable before launching the editor.

Terminal
$ export WINDSURF_PROXY=http://localhost:8080
$ windsurf

All Windsurf agent actions will be filtered, authorized, and audited by Hadeda.

OpenCode

OpenCode communicates via standard HTTP. Configure it to use Hadeda as its gateway.

Terminal
$ export OPENCODE_PROXY=http://localhost:8080
$ opencode

Hadeda sits between OpenCode and your APIs, enforcing policies on every request.

Docker

Run Hadeda in a Docker container for easy deployment alongside your other services.

Terminal
$ docker run -d \
--name hadeda \
-p 8080:8080 \
-v ./config.yaml:/root/config.yaml \
hadeda:latest

Mount your config.yaml into the container at /root/config.yaml. The gateway listens on port 8080 by default.

VPC Setup

For production deployments, run Hadeda inside your VPC so it can act as a true security boundary between your AI tools and internal services.

Recommended Architecture

  • Deploy Hadeda in a private subnet with no public ingress
  • Place it behind an internal load balancer for high availability
  • Use security groups to restrict traffic to known AI tool IPs only
  • Enable VPC flow logs for additional network-level auditing
  • Run Hadeda as a DaemonSet (Kubernetes) or ECS service for auto-scaling

Ensure your AI coding tools can reach Hadeda's internal endpoint (e.g., hadeda.internal:8080) and that no direct outbound traffic to external APIs bypasses the gateway.

mTLS Configuration

Mutual TLS (mTLS) ensures that both the client and server authenticate each other. This is recommended for production deployments where you need strong identity verification.

config.yaml
auth:
  require_mtls: true
  client_ca_file: "certs/ca.crt"

Generate certificates using your internal CA or tools like cfssl or openssl. Each client (your AI tools) must present a valid client certificate signed by the same CA.