See what your coding agents do.
Stop what they shouldn't.
Your coding agents run real commands and open real files, usually with nothing watching. Stergy sees every move and blocks the dangerous ones before they run. No gateway. No proxy.
$
evaluating against policy…
Your agents have your access. Your audit log has nothing.
AI coding agents don't just suggest. They act, with your permissions, on your machine. And the place they act is the one place nobody is watching.
They act, not chat
Agents run shell commands, read secrets and rewrite files on your machine, all between prompts, while nobody watches each step.
Nothing is logged
Free and Pro plans keep no record of what an agent actually does. Even enterprise logs cover account events, not the commands run on the box.
Gateways can't see it
A proxy only sees traffic you route through it. The destructive command and the secret read happen locally, off network, unseen.
See. Understand. Enforce_
Stergy is built around one moment. When an agent reaches for an action, something has to decide whether it goes through.
See every action
One hook fires on every agent tool call across Claude Code, Cursor and Gemini, and works out which agent acted.
Understand risk
A local daemon evaluates each action against your ruleset in milliseconds, redacts secrets at the boundary, and scores the session as it unfolds.
Enforce policy
Allow, flag, block or audit. Every decision is logged with the reason behind it, ready to review.
A local enforcement layer, not a gateway.
A lightweight hook captures the attempted action and passes it to the Stergy daemon. The daemon evaluates policy and returns a verdict before execution continues.
agent attempts: cat ~/.aws/credentials hook captures: agent = Cursor tool = Read path = ~/.aws/credentials daemon evaluates: rule = creds_read:block decision = block risk = 88 result: execution blocked before it ran recorded to the audit log
Claude Code, Cursor or Gemini reaches for a tool call. A shell command, a file read, a write or an edit.
One auto-detecting hook forwards the action to the local daemon with the context needed to decide.
The daemon returns a verdict, allow, flag, block or audit, with the rule and reason behind it.
Decisions land in an immutable local trail. Redacted export to your SIEM is on the roadmap.
Real policy, at the moment a tool runs.
Stergy ships with a sensible default ruleset, and every rule is plain to read, tune and version.
Credential theft creds_read:block
Blocks an agent reading private keys, ~/.aws/credentials or ~/.kube/config, whether through the read tool or a shell cat or scp.
Destructive commands dangerous_shell:block
Stops rm -rf /, curl | sh, fork bombs and chmod 777 before they ever execute.
Data exfiltration exfil:flag
Flags scp, nc and curl uploads that move data off the machine. Allowed, but never silent.
Config tampering agent_config:flag
Flags writes to an agent's own config that could quietly weaken the controls you put in place.
Built to fit how security teams already work.
Stergy watches the agents you use today, and is being built toward the identity, SIEM and policy-as-code workflows teams already run.
Available now
On the roadmap
The control belongs where the action happens.
Most AI security sits at a gateway. Stergy sits on the machine, the only place that sees everything an agent actually does.
Endpoint, not gateway
Sees what truly happens on the machine, including the off-network actions a proxy never sees.
Near-zero setup
A local daemon and a hook. No traffic routing, no certificate dance, no infrastructure to stand up.
Reads like a security tool
Every rule is plain text you can read, tune and version. Never a black box.
Built for the action layer
Records what agents do. The commands they run and the files they open, not just what they were asked.
Watch your agents before they surprise you.
Stergy is in active development. Drop your email and we'll reach out as early access opens.