The open-source control plane for AI agents that take real actions

AI agents now deploy code, change infrastructure, move money, touch production data, and burn model spend — in seconds, without anyone in the loop. The problem is not that agents are useless. The problem is that uncontrolled tool access, model access, and runtime identity turn one bad prompt, one hallucination, or one compromised agent into a production incident, a runaway bill, or an audit gap.

Preloop is the open-source control plane that sits between every agent and the systems it touches — governing tool calls, routing risky actions to human approval, attributing model spend, and recording an audit trail of every decision.

Without a safety layer, MCP tools execute directly and failures happen after the fact.

What Preloop Does

Preloop gives teams one place to govern tool use, route risky actions to approval workflows, control model traffic, enforce budget limits, and keep a searchable audit trail of what happened — without rewriting the agents you already use.

Preloop helps teams:

• Govern tool calls with allow, deny, approval, and justification rules
• Route model traffic through a managed gateway for attribution and budget controls
• Onboard existing agents in one command — curl -fsSL https://preloop.ai/install/cli | sh discovers Claude Code, Codex CLI, Gemini CLI, Hermes, OpenClaw, OpenCode and other MCP‑compatible runtimes already installed on the machine, then signs you up (if needed) and rewires them through Preloop without touching the agent's source
• See every onboarded agent on a live canvas — the Agents view in the console shows every detected runtime, its current onboarding state (fully onboarded, MCP‑only, gateway‑only, discovered), and live activity as it happens
• Record the full audit trail for review, compliance, and debugging
• Give operators visibility into usage, spend, sessions, and risky actions

This lets you keep fast automation for low-risk operations while keeping humans in control of risky actions and keeping model spend and runtime behavior visible. It also lets teams start from the agents they already use instead of rebuilding everything from scratch.

Preloop evaluates policies before tool execution and routes risky actions to the right approval path.

Why Teams Use Preloop

• Engineering teams protect deployments, schema changes, and cloud operations.
• Platform and DevOps teams enforce access rules without rewriting existing tools.
• Security and compliance teams get auditability, runtime visibility, and human checkpoints for sensitive actions.
• Finance and operations teams apply approval workflows and budget controls to payments, refunds, and business-critical AI activity.

Preloop works with OpenClaw, OpenCode, Claude Code, Codex CLI, Gemini CLI, Hermes, Cursor, Cline, Windsurf, and other MCP-compatible agents or managed runtimes.

Edition notes

• Open Source gives you the core AI safety and control platform, including policy enforcement, approvals, and model gateway foundations.
• Enterprise adds richer policy controls such as CEL conditions, team-based workflows, escalation, and additional operator-facing integrations.
• Mobile apps are proprietary clients that work with hosted and self-hosted Preloop deployments.

Start Here

Pick the quick start that matches what you want to do first:

• Onboard local agents with the CLI (60s) — One‑line install that discovers and rewires the agents already installed on your machine through Preloop. Recommended if you have Claude Code, Codex CLI, Gemini CLI, Hermes, OpenClaw, or OpenCode running locally.
• Part 1: Safety Layer (5 min) — Create your account, connect an MCP server, define layered allow / deny / approval rules, and test them with Claude Code.
• Part 2: Agentic Flows (5 min) — Build an event‑driven workflow that calls your protected tools through an AI model.

If you want the full walkthrough first, watch the current demo on YouTube.

Get Started →