The control plane for AI coding agents · Mac & Windows

Steer your AI agents
to safety.

Steerly sits between Claude Code, Codex, Cursor, Copilot, Gemini — and your machine. Every command classified allow / ask / deny in real time. One workspace for your whole AI team, with the guardrails on.

Download Steerly → ▶ Watch the 60-sec tour
No agent rewrites · runs locally · 7-day money-back guarantee
steerly · control-plane · acme/api
Live
Your agents
Claude Codeauth-reset
Codexpassword-reset
Cursorbilling-fixes
Copilotchart-fixes
Geminidocs-cleanup
Steerly firewall
Your machine
acme/api · main
.env.production
postgres · prod
deploy · vercel

Works with the agents you already run

Claude Code Codex Cursor Copilot Gemini + any MCP client

Trademarks are the property of their respective owners; use here indicates compatibility, not endorsement.

The workspace

Every coding CLI, tiled in one workbench.

Run Claude Code, Codex, Gemini CLI and Cursor as real terminals — split and tile as many as you want, each its own agent, all sharing one repo. Prefer a chat pane? Flip to it. Either way, the firewall classifies every command in every pane.

Steerly Workbench — steerlyproject
claude · auth-reset × codex · tests × gemini · docs ×
Claude Code opus 4.8 · auth-reset Gated
Claude Code v2.1.168
Opus 4.8 (1M context) · Claude Max · ~/Documents/steerlyproject
operator › add a password-reset flow with a DB migration and tests
drafting plan: reset_token migration · POST /auth/reset · email worker · tests
$ npm install [email protected]
ASK · new dependency — approval required
bypass permissions on · shift+tab to cycle1 gate · 1,284 tokens
Codex tests Safe
$ npm test -- --watch=false
ALLOW · read-only, sandboxed
PASS 42 passing (1.2s)
codex-cli v0.420 gates · 642 tokens
Gemini docs Blocked
$ cat .env.production
DENY · secret read — firewall blocked
✕ blocked by secrets-dlp.yaml
gemini-cli v1.81 block · 318 tokens
Chat
auth-reset Claude Gated
You
Add a password-reset flow with a DB migration and tests.
Claude
Plan: reset_token migration, POST /auth/reset, email worker, tests. Installing jsonwebtoken.
Ask npm install jsonwebtoken
Deny cat .env.production
docs-cleanup Gemini Safe
You
Tidy the README and fix broken links.
Gemini
Scanning docs/ for dead links. 3 found — patching now.
Allow rg "http" docs/
Allow npm test -- --watch=false
Context Security Review
Runtime
3 terminals · 2 chats Online
Policy decisions · today
Allowed214
Asked18
Denied6
Last blocked
Deny cat .env.production
Command firewall

Allow. Ask. Deny.

Three-way classification on every shell command and tool call an agent proposes. Reads, tests and lints fly through. Deps, migrations and deploys ask first. Secret reads and history rewrites never make it out of the sandbox.

  • Deterministic, sub-millisecond. 10 built-in policy packs, ~100 rules. deny > ask > allow, every time.
  • Policy as code. Override any rule per-project or per-environment in a YAML pack, reviewed in a PR like the rest of your stack.
  • DLP built in. A 50-pattern detector blocks secret reads before they ever enter agent context.
Firewall · acme/api classified live
Allow$ npm test -- --watch=falseRead-only
Allow$ rg "TODO" src/Local search
Ask$ npm install stripeNew dependency
Ask$ git push origin mainRemote write
Ask$ psql -c "ALTER TABLE users…"Schema change
Deny$ cat .env.productionSecret read
Deny$ git push --force origin mainHistory rewrite
Block$ rm -rf /Destructive · always
Security Room

The whole fleet, in one room.

A live cross-session ops view — open approvals, blocked commands, high-risk sessions and DLP hits across every repo. The exact triage surface from the app. Switch pages, clear an approval, watch the counts move.

Security Room live · 5 active sessions · last 24h
Egress volume · codex · last 60 min Anomaly
Outbound spike on codex. 14× baseline to an un-allowlisted host in 90 seconds — consistent with bulk exfiltration. Session paused; egress held pending review.
Anomaly detection

Catch the run that doesn't look like the others.

Steerly learns the shape of normal agent behavior per session — command cadence, file scope, network egress — and flags the runs that drift. The kind of slow-burn exfiltration a single allow/deny rule would miss.

  • Behavioral baselines. Per-agent, per-session models of egress volume, command mix and touched-file scope.
  • Held, not just logged. A flagged session pauses its risky surface — egress and writes — until you clear it.
  • Routed to the Room. Anomalies open as a triage item with the full timeline attached.
Auto-remediation · review loop

Don't just block it. Fix it.

A deny is the start, not the end. Steerly runs the safe correction — rotate the key, scrub the commit, open a clean PR — then re-scans it through the same 0–100 risk brief. The loop only closes when the score is back in the green.

  • Closes the loop. Every fix is re-scored against the PR risk brief — you watch 82 → 9 before it's cleared to merge.
  • Reversible by design. Each step is a proposed change you review, never a silent edit.
  • Evidence attached. The whole chain lands in the audit log, exportable to your SIEM.
Review loop · PR #482 · secret exposed in a91f0
82
High risk
3 sensitive files · 1 new dep · 2 policy hits
PR risk
brief
0cleared to merge ≤ 30100
Detected — Stripe key committed risk 82
sk_live_… matched by DLP in src/config.ts. Push denied.
1
Rotate the exposed key −18
Call the Stripe API to revoke sk_live_…91f and issue a fresh key.
2
Scrub it from history −26
Replace the literal with process.env.STRIPE_KEY and amend the commit.
3
Open a clean PR + brief −16
Branch fix/rotate-stripe-key with the patch and a reviewer brief.
4
Re-scan the PR −13
Same deterministic brief runs again. Risk recomputed 82 → 9.
Cleared to merge. Risk back in the green · evidence appended to the audit log.
The 60-second tour

See it steer a real session.

How it works

Five minutes from install to guarded.

No agent rewrites. No waiting on AppSec. Plug Steerly into the places your agents already live.

01

Download for Mac or Windows.

Grab the installer. Steerly runs locally — it has to, to watch the agents on your machine.

02

Connect your agents.

Run steerly install-shims or use the in-app installer. Every command is now classified, gated and logged.

03

Open the Security Room.

Optional: install the GitHub App for PR risk briefs. Then watch the whole team work — with a hand on the wheel.

Who it's for

Built for the teams who actually ship with agents.

— Vibe coders

Solo founders & tiny teams

You let the agent drive 80% of the time and ship to prod from your laptop. You want a soft floor under your worst day.

  • One-command install, no SSO, no queue
  • Solo-friendly defaults — fewer prompts, smarter denies
  • Catch the moment an agent tries cat .env
— SMB & startups

Engineering teams of 5–50

A CTO, no AppSec lead, three agents in active use. You need governance without buying a SOC.

  • One workspace across every agent
  • Reviewer briefs that cut an AI PR to a 4-minute review
  • Policies as code, reviewed in PRs
— Security-conscious

Enterprises & regulated teams

You answer to auditors. You need per-agent identity, evidence on tap, and a deny that actually holds.

  • SSO/SAML · self-hosted & air-gapped
  • MCP gateway · per-agent identity
  • SIEM export · SOC 2 / ISO evidence
Pricing

Pricing that scales with your team.

Per-seat — every agent included on every plan. Cancel anytime.

Base
$16/seat / mo
billed annually · or $20 monthly
  • Multi-agent workspace — Claude, Codex, Cursor, Copilot, Gemini
  • Persistent terminals
  • File editor + project explorer
  • Unlimited sessions
Get Base →
Pro
$40/seat / mo
billed annually · or $50 monthly
  • Everything in Base, plus:
  • PR risk briefs — the 0–100 review brief
  • Auto-remediation review loop — fix, re-scan, merge
  • GitHub App + blocking status checks
  • Audit export
Get Pro →
Ultra Security
$80/seat / mo
billed annually · or $100 monthly
  • Everything in Pro, plus:
  • Command firewall — allow / ask / deny
  • Policy engine + 10 built-in packs
  • DLP scanning (50 patterns)
  • Security Room — cross-session triage
  • Anomaly detection · memory graph
Get Ultra Security →
Enterprise
Contact Us· annual contract

Self-hosted governance and identity for regulated teams.

  • Everything in Security, plus:
  • SSO / SAML · SCIM provisioning
  • Self-hosted & air-gapped options
  • MCP gateway · per-agent identity
  • SIEM export · SOC 2 / ISO evidence
  • Dedicated CSM
Talk to us →

✓ Cancel anytime  ·  ✓ 7-day money-back guarantee  ·  macOS + Windows

FAQ

Questions, answered.

Do you store my code?

No. Steerly observes commands, tool events and PR diffs — it does not store or retain your source.

Which agents are supported?

Claude Code, Codex, Cursor, Copilot and Gemini CLI today, plus any MCP-aware client.

How is this different from a linter or CI check?

Linters and CI run after the fact, on committed code. Steerly classifies and gates agent actions in real time — before a secret read or force-push ever leaves your machine.

What does auto-remediation actually do?

It runs the safe correction for a policy hit — rotate a key, revert a commit, open a clean PR — as a reviewable proposed change, never a silent edit, with full evidence attached.

Is there a self-hosted option?

Yes, on Enterprise — including air-gapped deployments. Talk to us.

Steer your agents
to safety.

Download Steerly for Mac or Windows and put a hand on the wheel. 7-day money-back guarantee.

Download Steerly → Watch the tour