Now in private beta · v0.4.2

Let your team vibe-code
without losing control of the codebase.

Steerly sits between Claude Code, Codex, Cursor, Copilot, and Gemini — and your repository. Every agent action is classified, every risky command is gated, every PR ships with a security brief.

Try the live demo → See how it works
steerly.ai/sessions/sess-codex-auth-reset
CODEX acme/api · branch feat/password-reset Approval-gated
Operator Add a password reset flow with database migration and tests.
Codex Drafting plan: 1) reset_token migration, 2) POST /auth/reset endpoint, 3) email worker, 4) tests. I'll need to install jsonwebtoken and run a DB migration.
Tool · npm install $ npm install [email protected]
Ask New dependency · sec review required
Tool · shell $ cat .env.production
Denied Secret read · firewall blocked
Four pillars

Vibe-coding works because someone's watching the tools.

Steerly wraps the four places agents cause damage: the chat, the shell, the dependency tree, and the pull request.

01 / Workbench

One pane for every agent session.

Codex, Claude Code, Cursor, Copilot, Gemini CLI — chat, file context, tool events, and approvals in a single timeline. Built for teams who run more than one agent at once.

Codex Claude Cursor Gemini
02 / Command firewall

Allow. Ask. Deny.

Three-way classification on every shell command an agent proposes. Reads, tests, and lints fly through. Deps, migrations, deploys ask first. Secret reads and history rewrites never make it out of the sandbox.

Allow Ask Deny
03 / PR risk brief

The reviewer brief you'd write if you had time.

Every PR opened by an agent ships with a 0–100 risk score, a list of sensitive surfaces touched, mapped policy hits, and a checklist of what a human reviewer should still verify before merge.

auth secrets deps migrations infra payments
04 / Audit & policy

Evidence, not vibes.

Every chat turn, every tool call, every approval — append-only and exportable. Policy library covers the OWASP-shaped stuff plus AI-native risks like changes to AGENTS.md, CLAUDE.md, and MCP config.

SOC 2 ISO 27001 SIEM export

The firewall, by example.

A live snapshot of how Steerly would classify common agent actions on an SMB Node repo. You can override any rule per-repo or per-environment.

Allow $ npm test -- --watch=false Read-only, sandboxed
Allow $ rg "TODO" src/ Local search
Ask $ npm install stripe Dependency change
Ask $ git push origin main Remote write
Ask $ psql -c "ALTER TABLE users…" Schema change
Deny $ cat .env.production Secret read
Deny $ git push --force origin main Forced history rewrite
Deny $ rm -rf / Destructive · always
How it works

Five minutes from install to guarded.

No agent rewrites. No waiting for your AppSec team to bless something. Plug Steerly into the four places your agents already live.

01

Install the GitHub App.

Pick the repos you want covered. Steerly reads PR diffs only — no full repo storage, no source code retention.

02

Wire up your agents.

Drop our shim into Codex, Claude Code, Cursor, or any MCP-aware client. Sessions, tool events, and command attempts stream into the workbench.

03

Tune your policies.

Start from the default pack — auth approvals, deps review, secret block, migration rollback notes — then add anything specific to your stack.

Who it's for

Built for the teams who actually ship
with AI agents.

— Vibe coders

Solo founders & tiny teams

You let the agent drive 80% of the time. You ship to prod from your laptop. You just want a soft floor under your worst day.

  • One-command install, no SSO, no approval queue
  • Solo-friendly defaults — fewer prompts, smarter denies
  • Catch the moment the agent tries to cat .env.production
  • Free for one repo, forever
— SMB & startups

Engineering teams of 5–50

You have a CTO, no AppSec lead, and three different agents in active use. You need governance without buying a SOC.

  • One workbench across Codex, Cursor, Claude, Copilot, Gemini
  • Reviewer briefs that turn an AI PR into a 4-minute human review
  • Policies as code — reviewed in PRs, just like the rest of your stack
  • SOC 2 evidence on tap when the customer asks
Pricing

Pay for the guard, not the seats.

Per-repo pricing scales with what you actually want covered. Unlimited developers on every plan.

Free
$0/forever
For solo vibe-coders.
  • 1 repository
  • PR risk briefs
  • Command firewall (default policies)
  • 7-day audit retention
Start free
Team
$19/repo / mo
For SMB engineering teams.
  • Unlimited repos & developers
  • Custom policies + policy library
  • Slack & Linear alerts
  • 90-day audit retention
  • Required-reviewer routing
Start 14-day trial
Business
$499/mo
For growing security programs.
  • SSO / SAML
  • SIEM export
  • SOC 2 / ISO 27001 evidence packs
  • Jira integration
  • 1-year audit retention
Talk to sales
Enterprise
Custom
For regulated & large orgs.
  • MCP gateway · agent permissions
  • Per-agent identity & scoped credentials
  • Self-hosted & air-gapped options
  • Dedicated CSM
Talk to sales

Ship faster.
Without flying blind.

Open the live workbench — every panel is real, every interaction wired up. No signup.

Open the workbench → Read the docs