Agents move fast.
aim keeps them safe.

Default-deny sandbox, enforced policy, audit trail.

deploys on-prem · local / container · macOS / linux

Your devs want agents.Your auditors want receipts.aim makes it a package deal.

01// centralized controls

Security writes the policy.
Developers can't unwrite it.

One console for enforced local and proxy policies. Developers work inside them, never around them.

org.aim enforced by security · read-only
denyany~/.ssh/** · **/secrets/**
denyexeccurl | sh · install scripts
denyPOSTunlisted hosts
allowGETregistry.npmjs.org · github.com/acme/**
auditexportdaily · SIEM
workspace.aimyour additions · within org policy
allowread/write~/projects/acme-api/**
allowGETapi.stripe.com
presetnode-devnpm · github · docker hub
01

Security defines

one policy, every seat · devs can’t edit it

02

Developers extend

allow extra dirs & domains for their own work · never past org policy

03

Presets included

common allowlists built in · no tickets to security

02// in production

Banned, until aim.

“aim has allowed us to finally deploy coding agents for our devs.”

running pilot with a compliance-tech company

// our pilot: compliance-tech company · ~105 people · regulated clientsfig 02.01
before
  • coding agentsbanned org-wide
  • delivery pacebehind teams shipping with agents
  • shadow AIunsanctioned tools · zero oversight
with aim
  • Claude Code & Cursorin production
  • one enforced policydevs can tighten it, never loosen it
  • audit exportsautomated · grouped by regulation
// deployed on-prem
03// how it works

A proxy between the agent
and the metal.

01

Set the policy

security · once

02

Run the agents

default-deny sandbox

03

Everything audited

mediated · logged

// agent ⇄ aim ⇄ systemfig 03.01
agent
claude-code · cursor
request
aim
org policy · default-deny
allow
action
file · exec · network
// every decision → audit trailMore technical details
04// developers & auditors

A prompt for the dev.
A receipt for the auditor.

Anything the policy doesn’t cover becomes a one-keystroke prompt — and every decision lands in an audit stream that never leaves your infrastructure. Try it below.

⌃ LIVE PROMPT · 00:00:01.234claude-code · pid 31821

claude-code wants to write src/auth/middleware.ts

// diff +18 -4 · 1 file · no network

audit stream18 events · last 4m
  • 14:23readsrc/index.ts
  • 14:23execgit status
  • 14:24writepackage.jsondeny
  • 14:24readtsconfig.json
  • 14:24execnpm test
  • 14:25GETapi.github.com
  • 14:25read.env.example
  • 14:25read~/.ssh/id_ed25519
  • 14:26POSTraw.gh.com
  • 14:26POSThooks.slack.comallow
  • 14:26readsrc/components/
  • 14:27writesrc/auth.ts
  • 14:27GET*.openai.com
  • 14:28execgit diff
  • 14:28write.env.localdeny
  • 14:28readREADME.md
  • 14:29execrm -rf node_modules
  • 14:29GETapi.anthropic.com
  • 14:23readsrc/index.ts
  • 14:23execgit status
  • 14:24writepackage.jsondeny
  • 14:24readtsconfig.json
  • 14:24execnpm test
  • 14:25GETapi.github.com
  • 14:25read.env.example
  • 14:25read~/.ssh/id_ed25519
  • 14:26POSTraw.gh.com
  • 14:26POSThooks.slack.comallow
  • 14:26readsrc/components/
  • 14:27writesrc/auth.ts
  • 14:27GET*.openai.com
  • 14:28execgit diff
  • 14:28write.env.localdeny
  • 14:28readREADME.md
  • 14:29execrm -rf node_modules
  • 14:29GETapi.anthropic.com
~/.aim/audit.jsonl · streaming
01

Your tools, unchanged

Claude Code, Cursor, Copilot. They just work.

02

One-keystroke prompts

Allow once, this session, or forever. No tickets to security.

03

Automated exports

Logs grouped by regulation, ready for your SIEM and your auditors.

04

Fully on-prem

No vendor cloud in the loop. Your infra, your data.

05// agents

Works with the agents
you already use.

Out of the box for the major coding agents; an OpenAPI hook for anything you build yourself.

CODING
Cursor
 ◆ 
◆ ◆
 ◆ 
01
CODING
Claude Code
 ▲ 
▲▲▲
━━━
02
CODING
Codex
▮▮▮
▮ ▮
▮▮▮
03
CODING
Copilot
 ◓ 
◐ ◑
 ◒ 
04
AUTONOMOUS
Openclaw
◤ ◥
 ▆ 
◣ ◢
05
OPENAPI
Your own
 + 
+++
 + 
06
06// faq

Questions, answered.

Fully on-prem: one centralized proxy for your whole network, plus a binary on each dev device or devbox. On macOS agents run in a Linux VM through Apple’s container machine; on Linux, in a microVM with seccomp and Landlock.

Org-wide local and proxy policies: file scopes, egress domains, and request types. They ship to every seat and are read-only for developers.

No. The sandbox is default-deny and the org policy is uneditable. Developer additions can only widen access within it, never past it.

Their normal tools, unchanged. Anything the policy doesn’t cover surfaces as a one-keystroke prompt: allow once, this session, or forever.

Every file access, command, and network decision. Exports run automatically and are grouped by regulation, mapping your coverage and risks, so compliance reporting comes essentially for free.

No. aim never phones home. Policies, decisions, and logs stay on your infrastructure.

We’re running pilot programs now. Team pricing is covered on the demo call.

07// demo

Stop choosing between
velocity and compliance.

// or join the waitlist

deploys on-prem · macOS / linux·30-minute call