Shadow Executor
Pre-execution simulation and policy enforcement for AI agent actions.
Shadow Executor prevents accidental and IPI-induced destructive operations before they reach real infrastructure.
What is Shadow Executor?โ
Shadow Executor is a middleware layer that sits between AI agents and cloud infrastructure. It:
- Intercepts every agent action before execution
- Simulates the action in a safe local environment
- Evaluates the action against your defined policies
- Detects Indirect Prompt Injection (IPI) attempts
- Enforces policy decisions (BLOCK, WARN, REQUIRE_APPROVAL, LOG_ONLY)
- Logs every decision with cryptographic audit trails
Key Featuresโ
๐ก๏ธ Policy Engineโ
Define declarative YAML policies to control what AI agents can and cannot do:
- id: SE-001
name: Block production database deletion
severity: CRITICAL
action: BLOCK
match:
service: rds
operation: DeleteDBInstance
resource_tags:
Environment: production
๐ IPI Detectionโ
Detect Indirect Prompt Injection attempts using heuristic and pattern-based scoring:
- Base64-encoded payloads
- Unicode zero-width characters
- Destructive operations on untagged resources
๐งช Local Simulationโ
Simulate AWS operations locally without touching real infrastructure:
- S3: All bucket and object operations
- RDS: Database lifecycle operations
- DynamoDB: Full CRUD operations
- Lambda: Function invocations in isolated environment
๐ Audit Loggingโ
Every policy decision is logged with HMAC-SHA-256 signatures for tamper detection:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"decision": {
"action": "BLOCK",
"matched_rule_id": "SE-001",
"reason": "Matched: service=rds, operation=DeleteDBInstance",
"timestamp": "2026-05-06T12:00:00.000Z"
},
"hmac": "a3f5...",
"log_version": "1.0"
}
๐ Framework Integrationsโ
Shadow Executor integrates with leading AI agent frameworks:
- MCP (Model Context Protocol) โ Middleware for MCP servers
- Claude Code โ Automatic protection via MCP injection
- LangGraph โ Tool wrappers for TypeScript and Python
Architectureโ
โโโโโโโโโโโโโโโโโโโ
โ AI Agent โ
โ (Claude Code, โ
โ LangGraph, etc)โ
โโโโโโโโโโฌโโโโโโโโโ
โ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Shadow Executor โ
โ โโโโโโโโโโโโโโโโโโโโโโโโ
โ โ Policy Engine โโ
โ โโโโโโโโโโโโโโโโโโโโโโโคโ
โ โ IPI Detector โโ
โ โโโโโโโโโโโโโโโโโโโโโโโคโ
โ โ LocalStack Sim โโ
โ โโโโโโโโโโโโโโโโโโโโโโโคโ
โ โ Audit Logger โโ
โ โโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโฌโโโโโโโโโโโโโโโโโ
โ
โ
โโโโโโโดโโโโโโ
โ โ
โ โ
BLOCKED ALLOWED
(logged) (executed)
Use Casesโ
Prevent Accidental Deletionsโ
Block AI agents from deleting production databases or S3 buckets unless explicitly approved.
IPI Protectionโ
Detect when user-provided content tricks an agent into executing destructive operations.
Compliance Auditingโ
Maintain cryptographically signed audit trails of every AI agent decision for compliance requirements.
Approval Workflowsโ
Require human approval for high-risk operations like IAM policy changes or production deployments.
Getting Startedโ
Ready to protect your infrastructure? Start with the Quickstart Guide.
Current Statusโ
Milestone 1: Local MVP (Active)
โ Policy engine with all 5 action types โ IPI detector with heuristic scoring โ LocalStack simulation for S3, RDS, DynamoDB, Lambda โ HMAC audit logging with verification CLI โ MCP integration middleware โ Claude Code integration โ LangGraph integration (TypeScript + Python)
Milestone 2: Cloud Simulation Tier (Upcoming)
๐ฒ AWS SAM/CDK ephemeral stack simulation ๐ฒ Real AWS SDK calls with automatic tear-down ๐ฒ 99% fidelity for all AWS services
Milestone 3: Production Features (Future)
๐ฒ Slack/Teams approval integrations ๐ฒ Elasticsearch log backend ๐ฒ Multi-cloud support (Azure, GCP)
Licenseโ
MIT License - Copyright ยฉ 2026 Shadow Executor
Contributingโ
Contributions welcome! See GitHub repository for details.