watch.ly - Access Control for AI Agents

Notification Channels

Get notified of access requests through the channels you already use.

Email

Receive detailed access request notifications in your inbox with one-click approve or deny.

watch.ly 2:34 PM

Access Request: api.stripe.com

Agent “Claude” requests access to api.stripe.com:443

Approve Deny

Push Notifications

Instant notification on your phone. Respond with a tap to approve or deny.

watch.ly NOW

Request: api.openai.com:443

Coming Soon

More channels on the way to fit your workflow.

SMS

Slack

Discord

How It Works

The watch.ly agent runs alongside your AI — rules are enforced locally.
Your traffic never touches our servers.

YOUR INFRASTRUCTURE

AI Agent

Request

watch.ly Agent

Rules evaluated here

Direct

Destination

Notifications only

WATCH.LY CLOUD

Dashboard & Alerts

Optional logging: Enable request/response logging for full audit trails when you need visibility into what your agents send and receive.

Agent Requests Access

Your AI agent attempts to reach a network endpoint or access a file. The watch.ly agent, running locally on your infrastructure, intercepts the request.

>>> CONNECTING TO api.stripe.com...

Rules Evaluated on the Agent

The watch.ly agent checks the request against your rules right on the machine — no external calls needed. Traffic never leaves your infrastructure for evaluation.

— Rule #1: LLM APIs No Match

— Rule #2: Internal No Match

? Unknown Destination Pending Approval

You Get Notified

If no rule matches, a notification is sent through your preferred channel.

Email App SMS Soon Slack Soon Discord Soon

You Decide

Approve once, create a permanent rule, or deny with guidance for the agent.

Reason (sent to agent):

Agent Proceeds

Traffic flows directly from your agent to the destination — never through our servers. The entire flow takes seconds.

✓ CONNECTION ESTABLISHED

Feature Set

Everything you need to maintain full control over your AI agents' access.

Sub-Second Latency

Notifications arrive in under 500ms. Your agent barely notices the checkpoint.

Flexible Rules

Create allow/deny rules with wildcards and patterns. Simple rules or JavaScript for advanced logic.

Team Approvals

Route requests to the right team members. Require multiple approvals for sensitive access.

Time-Limited Access

Grant temporary permissions that expire automatically. Perfect for one-off tasks.

Full Audit Log

Every request, every decision, every access event recorded and searchable.

Auto-Approve Mode

Auto-approve trusted destinations during off-hours. Get alerts only for unknown access.

Use Cases

Allow your coding agent access to package registries and repositories, nothing more. Get notified of unexpected network requests.

Permit web browsing for research, but prevent file modifications or data exfiltration. Approve new domains as needed.

Connect agents to internal systems with confidence. Require team approval for sensitive endpoints. Maintain complete audit trails.

See It In Action

Watch a real approval flow from request to resolution.

1. Agent requests api.stripe.com

2. SMS notification received

3. Reply "Y" to approve

4. Agent proceeds in <2 seconds

Get Started Free

SMS NOTIFICATION

ACCESS REQUEST

Agent: Claude
Destination: api.stripe.com
Protocol: HTTPS

Reply Y to approve, N to deny, or A to create a rule.

14:34

ACCESS APPROVED

Access to api.stripe.com authorized for this session.

14:34

WATCH.LY

Pricing

Start free. Scale as you grow.

Free / Local

Perfect for open source credibility

Local traffic filter only
Static rules (allow/deny lists)
Logs stored locally
No cloud, no SMS, no phone

View on GitHub ↗

Personal

$4.99/month

3 protected machines

Cloud dashboard
SMS notifications
Manual approve/deny via web
Simple & advanced rules
7 days of logs

Get Started

Pro

$14.99/month

For teams & power users

Up to 15 agents
90 days of logs
Request/response storage
All Personal features