for engineering teams
One dev's agent goes rogue.
The whole team's the blast radius.
Every developer on your team now runs AI coding agents — Claude Code, Cursor, Codex, aider. Each one can run shell commands on a real machine with real credentials. gate.cat is a deterministic deny-list that vetoes the catastrophic ones before they execute, on every machine, under one flat team price.
The blocking is free and open source on every machine. Team & Business add what a team needs on top: a shared record, fleet alerts, and signed policy sync. You're not paying to unlock safety.
This already happened to teams — at organization scale
These aren't hypotheticals. They're the failure modes already documented on the main site — and at team scale, one person's agent is enough to trigger any of them for everyone.
Cursor agent, unattended
Prod database and every backup wiped in ~9 seconds. No human in the loop, no undo.
Runaway loop
An unbounded agent loop burned ~$47k in paid API and infra — another case reached ~$106k before anyone noticed.
Secret exfil
An agent pipes .env / keys out via curl or scp. On a team machine that's everyone's credentials.
How the gate works — same verdict, every machine
No LLM judge in the path. A deterministic string + path analysis decides before the command runs. Same input, same verdict, every time — so a policy your team approves behaves identically on every developer's laptop and every CI runner.
agent$ rm -rf / --no-preserve-root
gate.cat: VETO irreversible filesystem wipe — blocked before exec
agent$ psql -c 'DROP DATABASE production'
gate.cat: VETO destructive DB op on a protected target — blocked
agent$ git status
gate.cat: allow (~0.6% of commands ever get stopped)
178 / 178 dangerous commands blocked in the threat suite
1,085,159 real agent commands replayed
1 documented false-block (published in the repo)
What a team gets that a solo dev doesn't
The free core blocks locally and offline on every machine. The paid tiers exist because a team needs to see and steer that across many machines and many people — with one bill, not a per-seat spreadsheet.
Shared record. off every machine
Every veto and every allow is recorded off the developer's machine — so a lead can see what agents actually tried across the team, not reconstruct it after an incident.
Fleet alerts. when something trips
Get notified when an agent hits a hard block on any machine in the team — the early signal that a workflow or a prompt is doing something it shouldn't.
Signed policy sync. (Business)
Push one approved, cryptographically signed policy set to up to 10 machines. Each machine can verify it's running exactly the policy your team approved — tampering shows.
Flat pricing. not per-seat
Team is €149/mo flat. Add developers without re-negotiating the bill — the opposite of per-seat security tools that punish you for growing.
Pricing
Free core
€0
- Deterministic blocking on every machine
- Claude Code / Cursor hook, gated shell for Codex & aider
- No model in the path · sub-millisecond · Apache 2.0
- Works fully offline
Install free →
most teams start here
Team
€149 /mo flat
- Everything in Free, across the team
- Shared, off-machine record of vetoes & allows
- Fleet alerts when an agent trips a block
- Flat price — add developers freely
- One invoice
Protect the team →
Business
€399 /mo
- Everything in Team
- Up to 10 machines
- Signed policy sync (verifiable on each machine)
- Fleet report
Go Business →
Prices in EUR. gate.cat bills through Stripe. EU B2B: add your VAT ID at checkout.
What it does not do — plainly
gate.cat catches known dangerous command shapes using a deterministic deny-list. A deliberately obfuscated or genuinely novel command can still slip past it — the full bypass suite is in the repo so you can see exactly where the edges are. It is not a sandbox, not an antivirus, and not a substitute for least-privilege credentials. It's the fast, deterministic layer that stops the well-known catastrophic mistakes an AI agent makes far more often than a human would — before they run.
Try the free core first — it's the whole engine.
pip install gate.cat — then wire it into your agent. The paid tiers only add the team layer on top; the protection itself is free and open source (Apache 2.0). Recommend it to your team, roll out Team when you want shared visibility.