Free
For trying Orbiter on real agent traffic before you scale up.
- 50 routed approvals every week
- Mobile review from iPhone and iPad
- Basic approval history
- MCP pairing for supported agent hosts
Claude Code, Codex, Cursor, Windsurf, Antigravity, and Gemini CLI move fast - until a command needs your judgment. Orbiter Dev pauses the agent and sends the ask to your iPhone or iPad as one tap-to-approve card, with Face ID for critical actions and a record of every decision.
Decision required
Deletes infrastructure in a protected workspace. This action is gated by your policy.
Orbiter Dev puts one approve button on your phone for every AI coding agent. It connects to Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, and any MCP-compatible agent through local hooks or a hosted MCP server. When an agent reaches a risky action, Orbiter pauses it and asks you first - the way your banking app confirms a payment: a push, a glance, a tap. Every decision is recorded, so you always know what ran and why. One approval workflow - what security teams call an independent approval layer - across every agent you use.
Between October 2024 and February 2026, at least ten incidents of AI coding agents destroying real data were publicly documented - production databases dropped, home directories wiped, backups deleted - across six major agent tools. Not one shipped with an approval record that could fully reconstruct what happened.
“Unacceptable and should never be possible.”
- the CEO of a major AI coding platform, after its agent deleted a live production database during a code freeze
“I violated every principle I was given.”
- an AI coding agent, asked to explain itself after wiping data it had been told not to touch
Incident pattern documented publicly, reviewed July 1, 2026 - “Ten AI Agents Destroyed Production. Zero Postmortems.” The lesson isn’t “don’t use agents.” It’s that risky actions need a hard gate and a real record.
Claude Code Remote Control, the Codex app, and Copilot Mobile are excellent at one job: continuing your session from anywhere. Orbiter does a different job - and the two work best together.
The provider’s app streams you the whole conversation - every message, diff, and log - and lets you steer it. Powerful when you want to keep working. But a 40-minute session holds hundreds of messages and maybe three moments that actually needed you. You scroll the stream to find them.
Orbiter extracts only those three moments. Each arrives as one card - the exact action, the workspace, the risk level - asks exactly one question, checks it’s really you, and writes the answer into a record that outlives the session. No stream. No scrolling. No noise.
One is a window. The other is a signature. Use the provider app to continue the work - use Orbiter to clear the actions that matter, across every agent at once.
Orbiter turns scattered agent prompts into a deterministic pipeline: what the agent wants to do, what your policy says, and what you decide.
A hook or MCP tool catches the moment before it runs - a shell command, a file deletion, a deploy - in Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, or any MCP host.
Known-safe actions clear instantly. Protected actions pause the agent and route to your phone with workspace, command, and risk context attached.
One card on iPhone or iPad. Face ID for critical actions. Approve or deny - the agent resumes or stops, and the decision joins your permanent record.
The same action hits the same rule and gets the same answer - allow, deny, or ask. Every time, on every agent. Deterministic gates, not prompt-engineered guardrails.
An approval should be a glance, not a context switch. Here is how developers actually run Orbiter day to day.
Prop an iPad next to your keyboard with Orbiter open, or use Split View. Approvals from every running agent land on that one screen: read, tap, back to work. No alt-tabbing across terminals to find which agent is waiting on you.
Kick off a long task and leave. If the agent hits a gated action, the request finds you as a push notification wherever you are. Clear the routine stuff from the couch; Face ID guards the critical stuff.
Running several agents at once means several windows begging for attention. Orbiter merges every pending ask into one queue with context attached, so supervising five agents feels like supervising one.
Every agent vendor ships its own prompts, its own policy language, and its own logs. That works - for that vendor. The approve button and the record work better when no single agent vendor owns them.
A y/n prompt inside the agent’s own terminal is a reflex tap away from yes. Orbiter moves the question to a separate device, checks it’s really you, and keeps the answer somewhere the agent can’t touch.
Mix Claude Code, Codex, Cursor, and Antigravity without learning four different safety systems. One set of risk rules, one card, one muscle memory - however many agents you run.
Sessions get compacted. Threads expire. Tools get swapped. The decision record is the part you need later - so it outlives all of them.
Pick the integration that fits each tool - both routes end at the same card on your iPhone or iPad.
The @orbiterdev/mcp-server npm package installs a pre-action hook for Claude Code, Codex, Antigravity, and Gemini CLI. Risky actions pause and ask your phone before they run - even when the agent runs unattended.
Add https://mcp.orbiterdev.ai/mcp as a remote connector in Claude, Codex, or any remote-MCP client. Sign in once with GitHub or Google - the agent gets Orbiter’s approval tools instantly.
Both routes end here: a notification arrives on iPhone or iPad, you see exactly what the agent wants to do, and you approve or deny - with Face ID when it’s critical. The phone stays the only approver.
Get the app →Orbiter Dev puts one approve button on your phone for every AI coding agent. When Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, or any MCP-compatible agent reaches a risky action, Orbiter pauses it and asks you first: one clear card on your iPhone or iPad, Face ID for critical actions, and a permanent record of every decision.
Remote control moves your session to your phone: the whole conversation, for one vendor’s agent. Orbiter moves the decision to your phone: only the moments that need a human, in one consistent card, across every agent you use - with policy, Face ID, and a decision record that no single agent vendor owns. Many developers use both: the provider app to continue work, Orbiter to clear risky actions.
Orbiter provides documented setup paths for Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, the Orbiter VS Code extension, and any MCP-compatible host - via local hooks (the @orbiterdev/mcp-server npm package) or the hosted MCP server at mcp.orbiterdev.ai.
Two paths. Hooks: one npx command wires your IDE or CLI so risky actions pause and ask your phone before they run. Hosted MCP: add https://mcp.orbiterdev.ai/mcp as a remote connector, sign in with GitHub or Google, and the agent gets Orbiter’s approval tools with no local install.
Your policy decides deterministically: known-safe actions are cleared instantly, protected actions pause the agent and send a card to your phone showing the exact action, workspace, and risk level. You approve or deny - with Face ID for critical actions - and the agent resumes or stops. Either way, the decision is recorded.
No. Provider tools do the coding work and are great at it. Orbiter adds the shared approval workflow around them: one approve button, one policy, and one audit record across every agent - so you can switch or mix agents without losing control.
Yes. Free includes 50 routed approvals per week, mobile review from iPhone and iPad, and basic approval history. Pro Monthly and Pro Annual unlock unlimited approvals, Face ID gates, risk rules, and richer decision history via Apple In-App Purchase.
Start free with a real weekly approval allowance. Upgrade when your agent workflow needs unlimited approvals, stronger policies, Face ID gates, and a richer decision history.
For trying Orbiter on real agent traffic before you scale up.
For builders who want daily approval capacity and stronger control without annual lock-in.
Best value for daily AI-agent workflows and long-running projects.
For teams that need governance, rollout help, and a procurement path beyond individual App Store purchases.
* App Store subscription prices vary by region. Default prices are shown in US dollars, and Apple confirms your local storefront price, tax, and renewal terms before purchase.
Start with the mobile app, or go straight to setup and put one approve button - and one record - in front of every agent you already trust.
The table shows how Orbiter complements provider session surfaces: they continue the work, Orbiter clears and records the decisions.
| Control question | Orbiter Dev | Claude Remote Control | Codex app | Copilot Mobile |
|---|---|---|---|---|
| Primary job | Clear and record risky actions across agents | Continue Claude Code sessions from any device | Work with Codex threads from anywhere | Start and track Copilot coding-agent work |
| What arrives on your phone | One card: action, workspace, risk, approve/deny | The full session stream | Threads, diffs, logs, and approvals | Issue, PR, and task progress |
| Agent scope | Claude Code, Codex, Cursor, Windsurf, Antigravity, Gemini CLI, MCP hosts | Claude Code | Codex | GitHub Copilot |
| Identity on approval | Face ID gates on critical actions | Device/account session | Device/account session | Device/account session |
| Decision record | Independent record of every routed decision, across vendors | Session history within Claude | Thread history; enterprise logs where enabled | Issues, PRs, enterprise audit events |
| Best together when | You run multiple agents and want one approval workflow and one record | Claude Code is your main agent | Codex is your primary agent | GitHub is your work queue |
Based on publicly documented provider capabilities reviewed July 1, 2026. Provider products evolve quickly; Orbiter is positioned as the independent approval workflow around agent activity, not a replacement for provider tools.