AI egress control
built for engineering teams.

A hardened, policy-governed IDE built on a stable open-source foundation. Developers get the full coding experience they expect — syntax highlighting, AI completions, terminal, debugging — within a controlled surface area that your security team manages.

Extension and integration access is defined by policy. Unapproved tools simply aren't available. There's no configuration drift, no shadow plugins, and no user-installed workarounds.

• Approved extension allowlist — enforced, not suggested
• Clipboard and data transfer controls built in
• Idle lock and session management
• Policy-controlled external link access
• Consistent environment across all enrolled developer machines

A lightweight background service installed on each developer machine. It operates system-wide — not as an IDE plugin — which means it intercepts AI traffic from any application on the machine, not only the controlled IDE.

Enforcement runs in two layers. Rules handle the deterministic floor — credential patterns, blocked destinations, watermarked exports. An on-device judge then classifies the intent of what's left: testing vs. shipping, brainstorming vs. exfil, public reference vs. trade secret. Your policy maps each intent class to one of six response modes. When the local judge isn't confident, the case escalates to a cloud judge for a second opinion. When no policy can be retrieved, the agent fails closed.

• System-wide HTTPS intercept — all AI API traffic, all tools
• Deterministic rules + on-device intent classification — regex catches the known, the judge reasons about the rest
• Two-tier judging — on-device first, cloud judge for ambiguous cases only
• Fail-closed posture — blocks when policy is unavailable
• Tamper-resistant design — policy changes require cryptographic verification
• Heartbeat and posture reporting back to admin console

A web-based management interface for your security and IT teams. Create and manage tenants (teams, business units, or customer organizations), author and publish policy, and review the complete audit trail across your fleet.

Policy is organized into functional groups — AI egress, clipboard and data transfer, terminal and extension access, session management, and more — giving you granular control without requiring you to understand implementation internals.

• Multi-tenant — manage dozens of groups from one console
• Policy editor with grouped controls and live preview
• Fleet health dashboard — enrollment status, policy version, last check-in
• Audit log with full decision history and export
• Policy versioning — roll back to any previous configuration

Cryptographically signed installer packages for macOS, Windows, and Linux. Distributed via your existing MDM (Jamf, Intune, etc.) or pulled directly from a per-tenant artifact channel.

Auto-update mode is configurable: immediate (track latest stable), staged (canary fleet then broad rollout), manual (pinned version, ops-controlled), or off (air-gap, internal mirror only). The on-device judge model ships bundled with the agent — new model versions are signed and verified before activation.

• Signed artifacts — agent refuses to apply an update without matching publisher signature
• Rollback supported on every channel — pin the previous version at any time
• Air-gap mirror — same artifact format, served from your internal registry

Distributed via Chrome Enterprise / Edge for Business managed policies — installed silently and unremovably on all enrolled developer endpoints. Updates flow through the standard managed-extension channel.

For air-gap and SCIF deployments, the extension is served as a signed CRX/XPI from your internal extension mirror, with auto-update disabled and version-pinning enforced by the agent.

• Enterprise-managed install — no user opt-in / opt-out
• Pairs with the agent over a local IPC socket — both must be present and version-matched
• Covers browser-side AI surfaces (ChatGPT, Claude, Copilot Chat, etc.) the system-wide intercept can't see into

Distributed via the native marketplaces for VSCode, Cursor, and JetBrains IDEs. Enterprise customers can pin a specific build or mirror the marketplace through their own registry.

The plugin handles the in-IDE coaching UI, the controlled extension allowlist, and the integration with the agent's policy engine. Out-of-date plugin versions degrade gracefully — AI features are blocked until the plugin is in range.

• Marketplace-published with a parallel enterprise channel
• Version range enforced by the agent — old plugins fail closed
• Air-gap mirror packages all approved versions for offline install

Policy is distributed independently of binary releases. Each bundle is a versioned, cryptographically signed manifest of rules. The agent verifies the signature against your tenant's pinned public key on every fetch — and re-verifies on every request before applying.

Typical deployments pull policy on a 60-second heartbeat. Air-gap deployments load policy bundles via approved one-way media into the internal admin console, which then re-signs and distributes within the tenant.

• Cryptographic verification on every request — not just on fetch
• Versioned with full rollback history
• Independent of binary update cadence — change policy without redeploying the agent