# Quick Start

**Code Agent Control Plane** is Highflame's governance layer for AI coding assistants. It sits alongside your IDE, not in the network path, and watches every prompt, tool call, file operation, shell command, and MCP interaction in real time. Developers keep their normal workflow. Security and platform teams get visibility, policy enforcement, and an audit trail across the organization.

### The Highflame Difference

Most AI security products were designed for chatbots and retrofitted to coding agents. Code Agent Control Plane was built for code agents from day one. That shows up in three places:

**No gateways. No proxies. No added latency.**\
Guardrails run on the developer's machine through the IDE's own hook system. There is no traffic to reroute, no certificate to install, no VPN to maintain, and nothing in the request path that can slow developers down or break when it's down. Optional AI-powered semantic checks run remotely and are opt-in at the organization level.

**Built for code agents, not retrofitted.**\
Because we live inside the agent's hook surface, not between it and the model, we see things gateway products can't, which MCP servers a developer connected to, which tools each server exposes, the actual file and shell operations the agent is about to run, and the prompts that triggered them. That's what makes meaningful discovery and tool-level policy possible.

**Discover first, then govern.**\
Code Agent Control Plane gives administrators a real inventory of the AI assistants, MCP servers, and tools in active use across the organization before asking them to write a single policy. Decisions are grounded in observed usage rather than guesses.

### What You Get

<table><thead><tr><th width="140">Capability</th><th>Description</th></tr></thead><tbody><tr><td><strong>Discover</strong></td><td>See every coding assistant, MCP server, tool, and skill in use across the organization, and who is using what.</td></tr><tr><td><strong>Govern</strong></td><td>Enforce policies on prompts, tool calls, shell commands, and file operations in real time. Run in <strong>audit mode</strong> to log without blocking, or <strong>enforce mode</strong> to stop violations before they execute.</td></tr><tr><td><strong>Defend</strong></td><td>Layered detection: <strong>rule-based</strong> patterns for secrets and known-bad commands, <strong>Cedar</strong> for policy-as-code, and optional <strong>semantic</strong> AI-powered checks for prompt injection and contextual threats.</td></tr><tr><td><strong>Protect</strong></td><td>Scan MCP servers configured in developers' IDEs for tool poisoning, indirect prompt injection, path traversal, tool shadowing, and other supply-chain risks, before they reach production work.</td></tr></tbody></table>

### Key Features

* **IDE-agnostic:** One install. Universal hook integration. No IDE plugin or extension to maintain.
* **Zero lock-in:** Uses each IDE's native hook configuration. Uninstalling removes the hooks cleanly.
* **Studio dashboard:** Organization-wide view of code agent usage — sessions, threats, MCP scans, command analysis, and policy decisions — in [Highflame Studio](https://studio.highflame.ai).
* **Cross-product correlation:** Code agent events also flow into Observatory, where they can be correlated with gateway, browser, and other agent activity for the same user or session.

### Who It's For

* **Security teams and administrators** who need to enforce guardrails, monitor threats, and produce an audit trail for AI usage on developer workstations.
* **Developers and AI engineers** who want to keep using their preferred AI coding assistant — Cursor, Claude Code, Copilot, Gemini, Codex — without changing how they work.
* **Platform and DevOps teams** who need a clean install, sensible defaults, and CLI-driven configuration that fits existing tooling.

### Supported Code Agents

Code Agent Control Plane works with the AI coding assistants that developers are actually using today:

<table><thead><tr><th width="314.7421875">Agent</th><th>Integration</th></tr></thead><tbody><tr><td><strong>Cursor</strong></td><td>Native hooks</td></tr><tr><td><strong>Claude Code</strong></td><td>Native hooks (also available as a Claude Code plugin)</td></tr><tr><td><strong>GitHub Copilot</strong></td><td>Per-repository hooks</td></tr><tr><td><strong>Gemini CLI</strong></td><td>Native hooks</td></tr><tr><td><strong>OpenAI Codex</strong></td><td>Native hooks</td></tr><tr><td><strong>Windsurf</strong></td><td>Native hooks</td></tr><tr><td><strong>Tailscale Aperture agents</strong></td><td>Webhook integration (covers Roo Code, Cline, Continue, and other Aperture-routed agents)</td></tr></tbody></table>

{% columns %}
{% column %}

{% endcolumn %}

{% column %}

{% endcolumn %}

{% column %}

{% endcolumn %}
{% endcolumns %}

### Next Steps

* [Installation Guide](/code-agents/installation-guide.md) — get Overwatch running on developer workstations
* [Code Agent Policies](/code-agents/setting-up-policies.md) — define and deploy guardrails across your organization
* [Discovery and Metrics](/code-agents/discovery-and-metrics.md) — see what's actually running in your environment
* [Threat Response](/code-agents/threat-response.md) — triage and respond when something fires

***

<sup>†</sup> *AI-powered semantic analysis runs remotely and is optional. Administrators control whether it's enabled for the organization. All other guardrails run locally on the developer's machine.*


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.highflame.ai/code-agents/quick-start.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.