Cursor, Claude Code, Aider, and the MCP servers behind them call AI straight from the terminal. Northbeams sees every one and governs each MCP call in-path, on-device, per tool. Keep shipping. Keep the guardrails.
The riskiest AI in the building has no browser tab.
A coding agent reads your source, calls a Stripe refund, writes to the filesystem, deletes a branch. None of it shows up in a proxy log. The MCP Gateway puts it back in view.
Every coding agent, seen
Cursor, Claude Code, Aider, Cline, and Windsurf on dev laptops, from the same install. Which agent, which user, which tool.
Every MCP call, governed
The MCP Gateway inspects each call in path. Stripe blocks refunds and cancellations. Filesystem blocks writes. GitHub warns on delete. Ten catalogued servers ship with recommended policies.
Models on a leash
Allow, warn, or block by LLM model. No silent rerouting. The allow, warn, block path never runs an LLM, so it stays deterministic and audit-logged.
On the device, not on the wire
Deep inspection without a man in the middle.
Arguments are classified on the laptop. Only labels, counts, and a hashed snippet leave it. Raw prompts and MCP argument values stay on the device. No proxy, no MITM cert, no network to re-architect.
•In-path: the gateway sits between the agent and its MCP servers
•On-device: argument values never leave the laptop
•Per-tool: one policy for Stripe, another for GitHub, another for the filesystem
See every coding agent. Govern every call.
One install. On-device. No network change to start.