One approve button for every AI agent

Agents ask. You decide. It’s on record.

Claude Code, Codex, Cursor, Windsurf, Antigravity, and Gemini CLI move fast - until a command needs your judgment. Orbiter Dev pauses the agent and sends the ask to your iPhone or iPad as one tap-to-approve card, with Face ID for critical actions and a record of every decision.

Works with
Claude CodeCodexCursorWindsurfAntigravityGemini CLIVS CodeMCP

approval://agent-action

$ agent "clean up the old deployment"
Policy match: destructive infra command → route to phone

Decision required

terraform destroy

Deletes infrastructure in a protected workspace. This action is gated by your policy.

Face ID Critical workspace: prod
Deny Approve
Denied on iPhone. Agent stopped. Decision recorded.

What is Orbiter Dev?

Orbiter Dev puts one approve button on your phone for every AI coding agent. It connects to Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, and any MCP-compatible agent through local hooks or a hosted MCP server. When an agent reaches a risky action, Orbiter pauses it and asks you first - the way your banking app confirms a payment: a push, a glance, a tap. Every decision is recorded, so you always know what ran and why. One approval workflow - what security teams call an independent approval layer - across every agent you use.

Why it exists

An agent can destroy production in nine seconds.

Between October 2024 and February 2026, at least ten incidents of AI coding agents destroying real data were publicly documented - production databases dropped, home directories wiped, backups deleted - across six major agent tools. Not one shipped with an approval record that could fully reconstruct what happened.

10documented destructive incidents
6major AI coding tools involved
16months, Oct 2024 to Feb 2026
0vendor postmortems published

“Unacceptable and should never be possible.”

- the CEO of a major AI coding platform, after its agent deleted a live production database during a code freeze

“I violated every principle I was given.”

- an AI coding agent, asked to explain itself after wiping data it had been told not to touch

Incident pattern documented publicly, reviewed July 1, 2026 - “Ten AI Agents Destroyed Production. Zero Postmortems.” The lesson isn’t “don’t use agents.” It’s that risky actions need a hard gate and a real record.

Orbiter vs. remote control

Remote control moves your session. Orbiter moves the decision.

Claude Code Remote Control, the Codex app, and Copilot Mobile are excellent at one job: continuing your session from anywhere. Orbiter does a different job - and the two work best together.

Session surfaces

A window into the work.

The provider’s app streams you the whole conversation - every message, diff, and log - and lets you steer it. Powerful when you want to keep working. But a 40-minute session holds hundreds of messages and maybe three moments that actually needed you. You scroll the stream to find them.

Orbiter Dev

A signature on the decision.

Orbiter extracts only those three moments. Each arrives as one card - the exact action, the workspace, the risk level - asks exactly one question, checks it’s really you, and writes the answer into a record that outlives the session. No stream. No scrolling. No noise.

One is a window. The other is a signature. Use the provider app to continue the work - use Orbiter to clear the actions that matter, across every agent at once.

How it works

One flow, three steps, zero guesswork.

Orbiter turns scattered agent prompts into a deterministic pipeline: what the agent wants to do, what your policy says, and what you decide.

01 · Intercept

The agent hits a gated action

A hook or MCP tool catches the moment before it runs - a shell command, a file deletion, a deploy - in Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, or any MCP host.

02 · Apply policy

Your rules decide the route

Known-safe actions clear instantly. Protected actions pause the agent and route to your phone with workspace, command, and risk context attached.

03 · Decide & record

You approve once, with evidence

One card on iPhone or iPad. Face ID for critical actions. Approve or deny - the agent resumes or stops, and the decision joins your permanent record.

Policy, not vibes

The same action hits the same rule and gets the same answer - allow, deny, or ask. Every time, on every agent. Deterministic gates, not prompt-engineered guardrails.

In practice

Made for the way you already work.

An approval should be a glance, not a context switch. Here is how developers actually run Orbiter day to day.

iPad · second screen

Every ask on one screen

Prop an iPad next to your keyboard with Orbiter open, or use Split View. Approvals from every running agent land on that one screen: read, tap, back to work. No alt-tabbing across terminals to find which agent is waiting on you.

iPhone · away from desk

The ask follows you

Kick off a long task and leave. If the agent hits a gated action, the request finds you as a push notification wherever you are. Clear the routine stuff from the couch; Face ID guards the critical stuff.

Fleet · parallel agents

One queue, not five windows

Running several agents at once means several windows begging for attention. Orbiter merges every pending ask into one queue with context attached, so supervising five agents feels like supervising one.

Your rules, your record

Why not just use each agent’s own permission prompts?

Every agent vendor ships its own prompts, its own policy language, and its own logs. That works - for that vendor. The approve button and the record work better when no single agent vendor owns them.

The agent shouldn’t grade its own homework

A y/n prompt inside the agent’s own terminal is a reflex tap away from yes. Orbiter moves the question to a separate device, checks it’s really you, and keeps the answer somewhere the agent can’t touch.

One habit across every agent

Mix Claude Code, Codex, Cursor, and Antigravity without learning four different safety systems. One set of risk rules, one card, one muscle memory - however many agents you run.

The record survives

Sessions get compacted. Threads expire. Tools get swapped. The decision record is the part you need later - so it outlives all of them.

  • Every routed decision recorded: action, context, verdict, time
  • Face ID confirmation on critical approvals - it was really you
  • Scoped risk rules with custom severity per workspace
Connect your stack

Two ways in. Same phone. Same record.

Pick the integration that fits each tool - both routes end at the same card on your iPhone or iPad.

Local hooks

One command wires your IDE

The @orbiterdev/mcp-server npm package installs a pre-action hook for Claude Code, Codex, Antigravity, and Gemini CLI. Risky actions pause and ask your phone before they run - even when the agent runs unattended.

Hook setup guide →
Hosted MCP

No local install

Add https://mcp.orbiterdev.ai/mcp as a remote connector in Claude, Codex, or any remote-MCP client. Sign in once with GitHub or Google - the agent gets Orbiter’s approval tools instantly.

Hosted MCP guide →
Your phone

The approver

Both routes end here: a notification arrives on iPhone or iPad, you see exactly what the agent wants to do, and you approve or deny - with Face ID when it’s critical. The phone stays the only approver.

Get the app →
Mobile app

Download Orbiter Dev from the App Store.

Orbiter Dev is live on the App Store. Open the listing, or scan the QR code with your iPhone or iPad.

Download on the App Store Android coming soon
QR code for Orbiter Dev on the App Store

Scan to download

Opens the App Store listing.
FAQ

Questions developers ask.

What is Orbiter Dev?

Orbiter Dev puts one approve button on your phone for every AI coding agent. When Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, or any MCP-compatible agent reaches a risky action, Orbiter pauses it and asks you first: one clear card on your iPhone or iPad, Face ID for critical actions, and a permanent record of every decision.

How is Orbiter Dev different from Claude Code Remote Control or the Codex mobile app?

Remote control moves your session to your phone: the whole conversation, for one vendor’s agent. Orbiter moves the decision to your phone: only the moments that need a human, in one consistent card, across every agent you use - with policy, Face ID, and a decision record that no single agent vendor owns. Many developers use both: the provider app to continue work, Orbiter to clear risky actions.

Which AI coding agents does Orbiter Dev support?

Orbiter provides documented setup paths for Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, the Orbiter VS Code extension, and any MCP-compatible host - via local hooks (the @orbiterdev/mcp-server npm package) or the hosted MCP server at mcp.orbiterdev.ai.

Do I need to install anything on my computer?

Two paths. Hooks: one npx command wires your IDE or CLI so risky actions pause and ask your phone before they run. Hosted MCP: add https://mcp.orbiterdev.ai/mcp as a remote connector, sign in with GitHub or Google, and the agent gets Orbiter’s approval tools with no local install.

What happens when an agent hits a risky action?

Your policy decides deterministically: known-safe actions are cleared instantly, protected actions pause the agent and send a card to your phone showing the exact action, workspace, and risk level. You approve or deny - with Face ID for critical actions - and the agent resumes or stops. Either way, the decision is recorded.

Does Orbiter Dev replace my IDE or my coding agent?

No. Provider tools do the coding work and are great at it. Orbiter adds the shared approval workflow around them: one approve button, one policy, and one audit record across every agent - so you can switch or mix agents without losing control.

Is there a free plan?

Yes. Free includes 50 routed approvals per week, mobile review from iPhone and iPad, and basic approval history. Pro Monthly and Pro Annual unlock unlimited approvals, Face ID gates, risk rules, and richer decision history via Apple In-App Purchase.

Pricing

Simple plans for serious agent workflows.

Start free with a real weekly approval allowance. Upgrade when your agent workflow needs unlimited approvals, stronger policies, Face ID gates, and a richer decision history.

Free

Free 50 approvals/week

For trying Orbiter on real agent traffic before you scale up.

  • 50 routed approvals every week
  • Mobile review from iPhone and iPad
  • Basic approval history
  • MCP pairing for supported agent hosts
Start free

Pro Monthly

US $19.99* per month

For builders who want daily approval capacity and stronger control without annual lock-in.

  • Unlimited approval events
  • Face ID gates for critical actions
  • Risk rules and policy presets
  • Richer decision history across devices
Start with Pro

Enterprise

Contact us custom plan

For teams that need governance, rollout help, and a procurement path beyond individual App Store purchases.

  • Team approval workflows
  • Custom risk policies
  • Security and compliance review
  • Procurement and private onboarding support
Contact sales

* App Store subscription prices vary by region. Default prices are shown in US dollars, and Apple confirms your local storefront price, tax, and renewal terms before purchase.

Ready path

Keep your agents. Keep the final say.

Start with the mobile app, or go straight to setup and put one approve button - and one record - in front of every agent you already trust.

The table shows how Orbiter complements provider session surfaces: they continue the work, Orbiter clears and records the decisions.

Control question Orbiter Dev Claude Remote Control Codex app Copilot Mobile
Primary job Clear and record risky actions across agents Continue Claude Code sessions from any device Work with Codex threads from anywhere Start and track Copilot coding-agent work
What arrives on your phone One card: action, workspace, risk, approve/deny The full session stream Threads, diffs, logs, and approvals Issue, PR, and task progress
Agent scope Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, MCP hosts Claude Code Codex GitHub Copilot
Identity on approval Face ID gates on critical actions Device/account session Device/account session Device/account session
Decision record Independent record of every routed decision, across vendors Session history within Claude Thread history; enterprise logs where enabled Issues, PRs, enterprise audit events
Best together when You run multiple agents and want one approval workflow and one record Claude Code is your main agent Codex is your primary agent GitHub is your work queue

Based on publicly documented provider capabilities reviewed July 1, 2026. Provider products evolve quickly; Orbiter is positioned as the independent approval workflow around agent activity, not a replacement for provider tools.