Editor pass
AST-aware edits for supported languages so refactors respect code structure, not naive text replacement.
AST-aware edits for supported languages…Evidence
Trust
Security controls
Kodus separates “the model guessed code” from “that code is allowed to ship.” Before a task can finish, edits pass automated security scans. While the agent works, blunt-instrument edits and dangerous shell patterns are refused. Your reviewers and tests still decide what merges - think of Kodus as a second line behind your policies, not a replacement for them.
- Command refusal: The CLI rejects command shapes that look like classic host compromise patterns - reverse shells, piping remote scripts straight into bash, recursive deletes of system paths, fork bombs, and similar.
- Sandboxed execution (default): With sandboxing on, the agent cannot escalate privileges, install packages system-wide, open outbound SSH, spawn arbitrary containers, or read files outside the active project tree. When the CLI exits, helper processes…
- Linux hardening: On Linux, bash work can run inside an OS-level sandbox so the task cannot see unrelated processes or escape the working directory.
security-controls-overview.md - operating view
EditorCommand refusal
DiffSandboxed execution (default)
DesignLinux hardening
StructuredYour org still owns policy
Trust
Blocking security scan before close
When a run prepares to wrap up, Kodus analyzes the files it touched. Certain classes of issues are fatal: they must be fixed or the completion flow stays red. Typical categories include unparameterized database access with user-derived input, XSS-prone templating patterns, risky process execution, traversal-prone filesystem calls, redirects built from unchecked inputs, secrets committed to source, and browser-native dialogs that block the UI.
- Command refusal: The CLI rejects command shapes that look like classic host compromise patterns - reverse shells, piping remote scripts straight into bash, recursive deletes of system paths, fork bombs, and similar.
- Sandboxed execution (default): With sandboxing on, the agent cannot escalate privileges, install packages system-wide, open outbound SSH, spawn arbitrary containers, or read files outside the active project tree. When the CLI exits, helper processes…
- Linux hardening: On Linux, bash work can run inside an OS-level sandbox so the task cannot see unrelated processes or escape the working directory.
- Your org still owns policy: Lock down secrets management, CI rules, and production access the way you always have. Kodus accelerates coding; it does not replace your governance.
- Editor pass: AST-aware edits for supported languages so refactors respect code structure, not naive text replacement.
Active focus:
Trust
Scope
Risk
Output
security-controls-overview.md
Capturing...
// Focus:
Blocking security scan before close
1) Run a poisoned prompt lab: Try to make the agent exfiltrate secrets or torch files. Watch the gates trip and the diff sidebar stay honest. 2) Pair with your SAST stack: Compare Kodus findings with the tools you already trust. Note overlap and gaps, then tune Review or Strategy modes for your riskiest paths. 3) Document exception paths: If a workflow needs temporary relief, handle it through your normal change process - not by turning off human review. 4) Measure escaped defects: Track incidents attributable to AI output month over month. That number should guide how wide you roll.
1Editor
2Diff
3Design
4Structured
5Review
What Trust stakeholders get operationally
Diff visibility
Every touched file shows up in a sidebar so humans can reject a change in two clicks.
Every touched file shows up in a sideba…Evidence
Design audit
With Design mode on, UI work must pass an automated design checklist before the task closes.
With Design mode on, UI work must pass…Evidence
High-signal placements
Trust rollout focus
When a run prepares to wrap up, Kodus analyzes the files it touched. Certain classes of issues are fatal: they must be fixed or the completion flow stays red. Typical categories include unparameterized database access with user-derived input, XSS-prone templating patterns, risky process execution, traversal-prone filesystem calls, redirects built from unchecked inputs, secrets committed to source, and browser-native…
Editor pass
AST-aware edits for supported languages s…Diff visibility
Every touched file shows up in a sidebar…Design audit
With Design mode on, UI work must pass an…Structured review pass
Review mode adds a configurable quality c…Command refusal
Buyer-ready evidence
Pilot
Review
Evidence
Scale
How it works
When a run prepares to wrap up, Kodus analyzes the files it touched
When a run prepares to wrap up, Kodus analyzes the files it touched. Certain classes of issues are fatal: they must be fixed or the completion flow stays red. Typical categories include unparameterized database access with user-derived input, XSS-prone templating patterns, risky process execution, traversal-prone filesystem calls, redirects built from unchecked inputs, secrets…
1) Run a poisoned prompt lab
Try to make the agent exfiltrate secrets or torch files. Watch the gates trip and the diff sidebar stay honest.
2) Pair with your SAST stack
Compare Kodus findings with the tools you already trust. Note overlap and gaps, then tune Review or Strategy modes for your riskiest paths.
3) Document exception paths
If a workflow needs temporary relief, handle it through your normal change process - not by turning off human review.
FAQ
FAQ
Does Kodus replace our AppSec program?
No. It blocks a meaningful slice of AI-driven mistakes early, but your secure SDLC, pen tests, and monitoring still run the show.
Can developers bypass the scan?
Not inside the product flow for task completion. If someone edits files outside Kodus, your normal repo controls apply.
How does this interact with regulated environments?
Pair these controls with your internal policies. For data residency questions, read the privacy boundary page and talk to your compliance lead.
What should we log for auditors?
Diffs, reviewer sign-off, CI results, and incident tickets tied to shipped commits - the same evidence you already collect.
How should we pilot?
Pick one bottlenecked workflow with named reviewers, run two cadence loops, revisit metrics.
Does tooling replace approvals?
No - Kodus complements review, scanners, budgets, and your escalation paths.
Pricing
Pricing
Use the same Kodus plans, tokens, and routing controls across workflows and posture.
Best to Start
Starter
For individual usage.
$20/mo
- 10M tokens / month
- 300 iterations / month
- Standard model routing
- Chat history + projects
- Community support
Team
For small teams.
$100/mo
- 70M tokens / month
- 2,500 iterations / month
- Full routing + Review + Strategy
- Bring your own local model
- Teams (up to 2 members)
- Priority support
- Audit log access
Scale
For larger organizations.
$200/mo
- 300M tokens / month
- 7,500 iterations / month
- Unlimited team members
- All models + custom routing
- Dedicated support channel
- Early access to beta features
- No annual contract
- Tokens reset monthly
- Switch plans anytime
Have invite code? Get Access Now