Coming soon.

Babysit, or YOLO.

AI coding agents (Claude Code, Codex, opencode, and successors) give you two options. Permission-prompt mode interrupts on every command, file read, and URL the agent touches. The point of an agent was to not do that.

Switch to YOLO mode and the prompts stop. So does the floor. The agent now gets to wipe a project, force push to main, leak credentials, or send data somewhere it does not belong. One bad instruction is enough.

yolocage is YOLO mode with a floor.

Five ways agents go wrong. All caged.

1. 01

   Destructive commands.

   Recursive deletes, force pushes, overwritten disks, fork bombs. Actions you cannot undo.

   → Intercepted and stopped.

2. 02

   Leaked secrets.

   Tokens, SSH keys, and environment files stay where they belong instead of being copied, encoded, or sent.

   → Read eliminated.

3. 03

   Untrusted network calls.

   Outbound traffic is held to destinations you have approved. Encoded or sharded exfiltration has nowhere to land.

   → Filtered out.

4. 04

   Silent service misuse.

   High impact actions on services the agent already reaches are surfaced before they happen, not after.

   → Detected and prevented.

5. 05

   Compromised tool surfaces.

   New tools added to an agent get an explicit moment of consent and a safety check on what they claim to do.

   → Scanned and caught.

Keep rules aligned.

Open source and configurable at any level you want: your laptop, your project, your org, or all three layered together. One ladder, end to end. Readable, auditable, forkable.

For developers, vibe coders, and the businesses built on AI agents. Anyone who wants to walk away from the keyboard while an agent works, and find a healthy repo, an intact machine, and credentials safe.