DEV Community

Jeremy
Jeremy

Posted on

Introducing PermitFlow: Governance for AI Coding Assistants

#ai #security #devtools #startup

The --dangerously-skip-permissions flag has become the default for teams using AI coding assistants. We click it, accept the risks, and hope nothing breaks.

But what happens when you need to know what your AI actually did?

The Governance Gap

Modern AI coding tools (Cursor, Claude Code, GitHub Copilot) operate with broad permissions:

  • Read/write access to your entire codebase
  • Ability to run shell commands
  • Git commit and push capabilities

The tradeoff is clear: either accept every permission request blindly (destroying flow), or skip them entirely (destroying security).

Neither option gives you:

  • Audit trails for compliance
  • Accountability for decisions
  • Visibility into AI actions

Enter PermitFlow

PermitFlow introduces a governance layer between developers and AI assistants:

Permission Templates

Define once, reuse everywhere:

template: standard-web-dev
permissions:
  - file_read: "./*"
  - file_write: "./src/*"
  - shell_run: "npm install"
  requires_approval:
    - file_write: "./db/*"
    - shell_run: "git push"
Enter fullscreen mode Exit fullscreen mode

Approval Workflows

Sensitive operations route through Slack/email:

AI: "I want to run: git push --force origin main"
PermitFlow: → Slack notification → Manager approval → Execute
Enter fullscreen mode Exit fullscreen mode

Audit Trails

Every action logged with:

  • Timestamp
  • User context
  • Full command/action
  • Outcome
  • Approval chain

Team Policies

Centralized rules that work across your org:

policy: production-rules
rules:
  - no_direct_prod_access
  - require_2_reviewers_for_deploys
  - log_all_database_changes
Enter fullscreen mode Exit fullscreen mode

Real-World Use Cases

Compliance Teams

SOC2 and HIPAA require audit trails. PermitFlow provides them automatically for AI-assisted development.

Enterprise Rollout

IT teams can define approved AI behaviors before enabling tools org-wide.

Security-Conscious Teams

Know exactly what your AI did, when, and why. No more guessing.

Pricing

  • Free: Individual use, basic audit trail
  • Pro ($9/month): Teams, approval workflows, templates, priority support

Getting Started

  1. Connect your AI coding tool
  2. Choose permission templates or create custom ones
  3. Configure approval workflows (optional)
  4. Start coding with visibility

Get started at permitflow-seven.vercel.app

Built for teams who want AI velocity without blind trust.

What governance policies would you want for your team's AI tools?

Top comments (0)