// AGENT TYPE / CODING AGENTS

Your coding agents can touch everything a developer can. Govern every call.

Claude Code, Cursor, and Codex reach shell, repos, CI, databases, and cloud through MCP. Route that traffic through PolicyLayer and every tool call is checked against your policy before it runs.

GOVERN YOUR CODING AGENTS → Free to start. No card required.

For platform and security teams running AI agents in production.

// THE PROBLEM

A coding agent runs with a developer's full reach, and a lot less hesitation.

It rarely looks like an attack. It looks like a helpful fix.

One agent, every system

Connect your MCP servers and a coding agent can push code, trigger deploys, query production, and change cloud, all in one session.

The instruction hides in the work

An issue, a dependency README, or a code comment reads "push straight to main" or "drop the staging table." The model treats its context as instructions.

It just runs

No review, no second check. The merge lands or the table is gone before anyone sees a pull request.

// THE SURFACE AREA

The tools a coding agent reaches for.

A coding session spans far more than the repo. PolicyLayer governs every call across them.

GitHub

delete_file CRITICAL

GitLab

create_merge_request HIGH
manage_pipeline HIGH

AWS

delete_resource CRITICAL
tf_destroy CRITICAL

Snowflake

drop_object CRITICAL
run_query HIGH

Browse every execute tool →

// HOW POLICYLAYER WORKS

PolicyLayer sits between your coding agents and your systems.

Drop PolicyLayer into your MCP request path. Your agents keep their tools. You keep control. Core concepts →

⬡

AGENT

Calls tools via MCP

tool_call

◆

POLICYLAYER

Enforces before execution

postgres.run_query read_only = true

ALLOW DENY RATE-LIMIT APPROVE

if allowed

⬢

MCP SERVER

Stripe, AWS, Postgres...

Add Stripe, GitHub, Postgres, Slack, AWS, or any other MCP server.

Define policy

Set defaults, rate limits, denials, approvals, hidden tools, and argument-level conditions.

Issue grants

Give each person, agent, CI job, or environment its own scoped token tied to a named policy.

Connect client

Paste the PolicyLayer proxy URL into your MCP client config. Agents keep the same tools. PolicyLayer enforces your rules before calls execute.

// ON EVERY CALL

What PolicyLayer enforces, on every call.

Approval gates

Merges to protected branches, production deploys, and destructive cloud calls wait for human sign-off before they run.

Per-identity scopes

Each developer's agent carries only the repos, environments, and tools you grant. A review bot reads pull requests; only the release agent merges to main.

Argument-level rules

Not just which tool, but the call: deny force-push to main, block writes to production data, require a change-ticket id on deploys. Writing policies →

Rate caps

Cap pipelines, merges, and destructive actions per hour, so a runaway loop cannot cascade.

Deterministic, deny by default

Rules run as code, first denial wins. The same call gets the same decision every time.

// POLICY EDITOR

You decide what every coding agent can do.

Build policy around the fields that matter (branch, environment, resource tag) in the visual editor. Allow, deny, rate-limit, or require approval, per tool. Writing policies →

PolicyLayer visual policy editor with allow, deny, hide and custom rules

Protect main

Deny force-push and direct commits to main. Require a pull request.

Read-only production

Allow SELECT against prod data; deny writes and drops.

Approval on deploy

Production deploys wait for a human.

Block infra deletes

Deny any action on resources tagged production.

CI throttle

No more than 20 pipeline triggers an hour, per token.

// THE PLATFORM

Not just rules. A platform.

Whatever your agents touch, the same engine, audit, and access model is doing the work underneath every rule you write.

Deterministic engine

Rules run as code, not model judgement: argument-level conditions, quotas, deny-by-default. The same call gets the same decision every time.

Writing policies →

Separation of duties

Your security or compliance team writes and attaches policy without ever holding the upstream credentials or grant tokens.

Roles →

Tamper-proof audit

Every call is logged with its decision and the rule that fired, attributed to the identity, in an append-only record. Argument values are redacted, never stored.

Logs & security →

Credentials never reach the agent

Upstream secrets are encrypted at rest and injected by the gateway. The agent only ever holds a scoped token.

Logs & security →

Per-identity access

Every person and agent connects with its own scoped grant. Rotate or revoke any one of them instantly, without disrupting the rest.

Core concepts →

Live in minutes

Hosted gateway. Point your clients at it, register a server, issue a token. Nothing to install.

Quick start →

//FAQ

Coding agents and MCP questions.

Which coding agents work with PolicyLayer?+

Any MCP-compatible agent: Claude Code, Cursor, Codex, and others. They connect to your MCP servers through the gateway and keep all of their tools and schemas.

Does this replace --dangerously-skip-permissions?+

It removes the reason to reach for it. Instead of an agent prompting on every action or skipping checks entirely, PolicyLayer enforces deterministic policy at the gateway, so allowed calls pass straight through and only the calls you flagged are stopped.

Does PolicyLayer slow down coding calls?+

Policy is evaluated in memory before the call is forwarded, so the overhead is negligible. Allowed calls pass straight through to your code server.

Where do my Git tokens live?+

Upstream credentials are encrypted at rest and injected by the gateway. Your agents only ever hold a scoped token, never your Git tokens.

Do my agents lose any tools?+

No. Agents keep the same tools and schemas. PolicyLayer enforces policy on each call (allow, deny, rate-limit, or require approval), apart from any tools you deliberately hide.

// RELATED

Govern the same calls from another angle.

Let coding agents ship without rewriting your history.

Approval gates, branch and environment scopes, argument-level rules, and a tamper-proof audit log on every call a coding agent makes. Route your existing MCP servers through the gateway, live in minutes.

GOVERN YOUR CODING AGENTS →

Free to start. No card required.