Supply chain risk
A malicious skill can inject prompt instructions that exfiltrate secrets, backdoor code, or bypass security review. No SBOM, no signing, no provenance.
Proxy every skill install through policy, publish your internal conventions, and audit every fetch.
Works with the coding agents your team already uses
The governance vacuum
of developers use or plan to use AI coding agents in their daily workflow.
of GitHub's committed code is AI-assisted — and the share keeps climbing each quarter.
inventory of the skills your agents are reading today. No SBOM, no audit trail, no review.
Problem
Engineers copy .cursorrules files from gists, install MCP servers from random repos, and pull skills from public registries with no review. Platform teams have no inventory, security has no scanning, and compliance has no audit trail.
A malicious skill can inject prompt instructions that exfiltrate secrets, backdoor code, or bypass security review. No SBOM, no signing, no provenance.
Security knows every package via Snyk or Dependabot. They have no idea which skills shaped the code your agents produced. A growing blind spot in SOC2 and ISO audits.
Every platform team writes their "how we do things" docs for AI agents. Scattered across repos, Confluence, and individual .claude directories — unversioned, undistributed, unmeasured.
Skills reference specific library versions, internal endpoints, and API shapes. Without version management, they rot silently — and your agents generate confident, deprecated code.
Which skills are most used? Which teams adopt them fastest? Do they correlate with faster cycle times? Which should you deprecate? Platform leaders can't answer any of it.
How it works
Every install flows through Cavalry. Policies evaluate, caches fill, audit rows append. Upstream sources — Tessl, GitHub, HTTP — are proxied; internal skills live inside.
01 · Policy enforcement
Allowlists, blocklists, version pins, and approval gates are all first-class. Policies evaluate at the gateway before an install completes; errors surface to the CLI with the policy name and rationale.
02 · Immutable audit
Ship SIEM-ready webhooks, export CSV, correlate commits to installs. Retention defaults configurable per org; deletion is not a supported verb.
03 · Internal registry
Platform teams write the skill that teaches agents to use your internal Kafka wrapper. Cavalry serves it to every developer's Claude Code, Cursor, and Codex through the same gateway endpoint.
Teaches agents to use Acme's internal Kafka wrapper SDK. Redirects imports and adds retry conventions.
04 · CLI · proxy
cavalry publish, install, login, whoami. Your engineers never pull from a public registry directly — every fetch goes through your gateway, and every install record lands in Postgres with actor and project metadata.
05 · Approvals
When a policy fires, the install stalls with a structured error and an approval ticket is created. Slack delivers it; admins approve or deny. Your developers keep working; the install resolves on retry.
Built for four roles
Platform engineering
docker-compose or Helm. OIDC against Okta or Entra. Terraform provider for policy-as-code (M+). Good docs, clean APIs, no "another SaaS console" energy.
CISO · AppSec
Audit every install. SIEM deliveries in 5s. SOC2-ready retention defaults. Pair with Snyk, Wiz, or equivalent — Cavalry closes the context-level blind spot.
Software engineers
Run cursor or claude as always. Skills that pass policy install instantly. Skills that need approval surface a structured error with an actionable link.
Internal library teams
Publish with cavalry publish. Watch adoption curves per team. Iterate weekly. Ship your internal SDK conventions to every IDE your company uses.
Comparison
Public registries will consolidate around Tessl and platform-native offerings. The governance layer — the thing that sits inside your walls — is a separate, uncaptured category.
| Capability | Cavalry | Tessl | Spec Kit | AWS Kiro | Artifactory |
|---|---|---|---|---|---|
| Self-hostable | |||||
| Policy engine (allow / block / pin / approve) | partial | ||||
| Immutable audit log | partial | ||||
| Understands skills as a type | partial | partial | |||
| Proxies public registries | |||||
| SIEM + webhook integrations | partial | ||||
| OIDC · SAML · SCIM | partial | partial |
Self-host
Cavalry is licensed under the Business Source License 1.1, with a three-year conversion to Apache 2.0. Self-host freely; a hosted competitive service is the only restriction. Enterprise features land in the commercial tier.
# 1. Bring up Postgres + MinIO docker compose up -d # 2. Apply migrations pnpm db:migrate # 3. Launch web + gateway pnpm dev # 4. Mint a token, point your CLI at it cavalry login --url http://localhost:3001 --token cav_… # 5. Publish an internal skill cavalry publish ./path/to/your/skill
Integrates with your agent stack
Drop Cavalry in without asking developers to change their tools. Every major coding agent and upstream registry speaks our gateway.
Ready when you are
Clone the repo, bring up docker-compose, and run your first policy eval in under five minutes.