DangerouslyDangerously skip permissions

Auto-approve the 98% of safe actions, escalate the 2% that matter

Keep track and manage multiple Claude Code sessions at once

Runs locally using Apollo's cloud monitoring platform

git clone https://github.com/ApolloResearch/watcher.git
cd watcher
./watcher.sh

FAQ

How much does it cost to use Watcher?
Using Watcher is free. We're in alpha and focused on making this a great product — we only ask that you give us feedback.
What happens to my data?
You can opt out of us seeing your data by toggling the setting in your dashboard. Otherwise, we may use your coding agent trajectories to inform our monitoring research on failure modes. If you have different enterprise needs and want to use Watcher, please get in touch over email at product@apolloresearch.ai.
Do I need to bring an API key?
Nope. We run the monitors on our cloud monitoring platform. Our servers are based in Western Europe.
What about future integrations?
We're actively working on coding integrations with Codex and Cursor. If you want to use Watcher with another coding agent, let us know — if we see enough demand we can prioritise.
What features are coming next?
We're actively working on auto-improvements to Claude.md, better rulesets, better agent steering for your org from grading historical trajectories. If there's something you wish Watcher would do, we'd love to know.
How reliable are the monitors?
We've configured these based on our monitoring research and found them to be extremely useful — our whole team uses Watcher day-to-day. We talk more in detail in our technical blog post. We cannot guarantee that Watcher will catch 100% of dangerous commands.
Can I configure the monitors and rules?
Yes, and we've found this to be best practice. Different teams have different policies you may want to adhere to. You can find more information in our docs.
How is this different from auto-mode?

Products like Claude Code's auto-mode and Codex's auto-review mode address the same core problem: reducing permission fatigue while maintaining safety. We think these are good products and are glad the labs are investing in safety by default.

Watcher comes at the problem from a different angle:

  • Consistent rules across all coding agents. Watcher integrates across Claude Code and Codex. Your security policies are defined once and applied everywhere, rather than configured separately in each tool.
  • Organization-wide visibility. Auto-mode and auto-review are designed for a single developer using a single agent. Watcher gives teams centralized policy management, multi-session supervision, and Analyzer for reviewing failure patterns across all developers and sessions.
  • Cross-model monitoring. Built-in safety features use models from the same company as monitors. In practice, we've found that different models have different blind spots and biases. GPT models tend to be overly suspicious, Claude models can be too trusting of their own reasoning. Watcher lets you mix models across the pipeline (e.g., Gemini Flash for fast triage, Claude Sonnet for gateway) to get monitoring that doesn't share the agent's biases.
  • Admin-managed policy. Built-in modes are developer-controlled. Watcher supports locked settings, admin-distributed rules, and MDM deployment so that security teams can enforce policy, not just suggest it.

Apollo is working directly with the auto-mode and auto-review teams at Anthropic and OpenAI to ensure Watcher integrates well with these features as they evolve. The goal is not to replace built-in controls, but to provide the organizational layer on top of them that security teams need.

For more details on our enterprise offering, please see Enterprise.

Join our Slack