The latest articles on DEV Community by Momen Adel (@momenbuilds). https://dev.to/momenbuilds https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3985569%2F3498a196-3756-4c47-8d7a-78be22a313e1.jpeg https://dev.to/momenbuilds en Momen Adel Mon, 15 Jun 2026 12:56:56 +0000 https://dev.to/momenbuilds/i-built-a-safe-mode-for-ai-coding-agents-3928 https://dev.to/momenbuilds/i-built-a-safe-mode-for-ai-coding-agents-3928 <p>AI coding agents are getting really good.</p> <p>Claude Code, Cursor, Codex, Replit, Lovable, Bolt, all of these tools can now build apps, edit files, run commands, install packages, touch databases, and ship changes fast.</p> <p>But there is one problem.</p> <p>They are powerful enough to act, but not careful enough to fully trust.</p> <p>A normal AI coding session can go from:</p> <blockquote> <p>fix this bug</p> </blockquote> <p>to:</p> <ul> <li>changed auth logic</li> <li>edited env handling</li> <li>touched database code</li> <li>installed packages</li> <li>ran commands</li> <li>maybe even changed production-related files</li> </ul> <p>before you fully understand what happened.</p> <p>That is fine when the action is safe.</p> <p>But not every action is safe.</p> <p>Creating a draft is safe.</p> <p>Opening a ticket is safe.</p> <p>Adding a comment is safe.</p> <p>Deleting production data is not safe.</p> <p>Sending emails to users is not safe.</p> <p>Rotating keys is not safe.</p> <p>Deploying to production without review is not safe.</p> <p>So I built <strong>Keel</strong>.</p> <p>Keel is safe mode for AI coding agents.</p> <p>It checks commands and tool calls before they run.</p> <p>Safe actions run.</p> <p>Risky actions ask first.</p> <p>Dangerous actions get blocked.</p> <p>The idea is simple:</p> <p>Before an AI agent does something, Keel checks:</p> <ol> <li>What action is it trying to run?</li> <li>Is this action reversible?</li> <li>What systems or files could it touch?</li> <li>Should this run, ask for approval, or be blocked?</li> </ol> <p>Then Keel records what happened so you can understand the full story later.</p> <p>Not just:</p> <blockquote> <p>the agent changed code</p> </blockquote> <p>But:</p> <ul> <li>what command ran</li> <li>what tool call happened</li> <li>what arguments it used</li> <li>what files or records were touched</li> <li>whether it was allowed, gated, or blocked</li> </ul> <p>I think this layer is missing.</p> <p>We already have tools for AI chat.</p> <p>We already have tools for AI coding.</p> <p>We already have observability tools.</p> <p>But observability usually tells you what happened after the damage.</p> <p>Keel is trying to stop the bad action before it lands.</p> <p>The first version is focused on people building with AI coding agents.</p> <p>Things like:</p> <ul> <li>block risky shell commands</li> <li>ask before production deploys</li> <li>gate destructive database actions</li> <li>stop secrets from being exposed</li> <li>log every agent action</li> <li>make it easier to see what the AI actually did</li> </ul> <p>The bigger idea is this:</p> <p>Every AI agent needs a brake, a black box, and an undo button.</p> <p>That is what I want Keel to become.</p> <p>I am looking for early users using Claude Code, Cursor, Codex, Replit, Lovable, Bolt, or any AI coding agent.</p> <p>Especially if an agent has ever done something weird, risky, or hard to debug in your project.</p> <p>Would love feedback from builders.</p> <p><a href="https://getkeelai.com" rel="noopener noreferrer">https://getkeelai.com</a></p> ai devtools programming security