DEV Community

Cover image for I built a safe mode for AI coding agents
Momen Adel
Momen Adel

Posted on

I built a safe mode for AI coding agents

#security #ai #devtools #programming

AI coding agents are getting really good.

Claude Code, Cursor, Codex, Replit, Lovable, Bolt, all of these tools can now build apps, edit files, run commands, install packages, touch databases, and ship changes fast.

But there is one problem.

They are powerful enough to act, but not careful enough to fully trust.

A normal AI coding session can go from:

fix this bug

to:

  • changed auth logic
  • edited env handling
  • touched database code
  • installed packages
  • ran commands
  • maybe even changed production-related files

before you fully understand what happened.

That is fine when the action is safe.

But not every action is safe.

Creating a draft is safe.

Opening a ticket is safe.

Adding a comment is safe.

Deleting production data is not safe.

Sending emails to users is not safe.

Rotating keys is not safe.

Deploying to production without review is not safe.

So I built Keel.

Keel is safe mode for AI coding agents.

It checks commands and tool calls before they run.

Safe actions run.

Risky actions ask first.

Dangerous actions get blocked.

The idea is simple:

Before an AI agent does something, Keel checks:

  1. What action is it trying to run?
  2. Is this action reversible?
  3. What systems or files could it touch?
  4. Should this run, ask for approval, or be blocked?

Then Keel records what happened so you can understand the full story later.

Not just:

the agent changed code

But:

  • what command ran
  • what tool call happened
  • what arguments it used
  • what files or records were touched
  • whether it was allowed, gated, or blocked

I think this layer is missing.

We already have tools for AI chat.

We already have tools for AI coding.

We already have observability tools.

But observability usually tells you what happened after the damage.

Keel is trying to stop the bad action before it lands.

The first version is focused on people building with AI coding agents.

Things like:

  • block risky shell commands
  • ask before production deploys
  • gate destructive database actions
  • stop secrets from being exposed
  • log every agent action
  • make it easier to see what the AI actually did

The bigger idea is this:

Every AI agent needs a brake, a black box, and an undo button.

That is what I want Keel to become.

I am looking for early users using Claude Code, Cursor, Codex, Replit, Lovable, Bolt, or any AI coding agent.

Especially if an agent has ever done something weird, risky, or hard to debug in your project.

Would love feedback from builders.

https://getkeelai.com

Top comments (0)