It’s understandable if you missed it, but coding agents are getting good [^1]. Throughout 2025 they went from interesting in limited circumstances, to nearly there, to being able to generate and review code at a surprisingly advanced level. As coding agents have been able to take on more and more complex tasks, it’s no surprise more and more folks want to bring them to work, even if their company’s tooling and policies are far from ready.
With growing interest in coding agents—not only from individual engineers, but also executives looking for force multipliers—security, IT, and engineering management are left with a difficult question: How can they enable secure, visible AI usage, without putting up roadblocks that engineers will work around?
We heard from countless customers that they don’t have a good answer to this. The thing is, neither did we. So we built one.
Aperture, currently in alpha release, is an AI gateway that provides visibility into coding agent usage across your entire organization without getting in the way of developers. It works great with most CLI or VS-Code-based AI coding tools, including Claude Code, Codex, Gemini CLI, and custom agent frameworks. It uses the underlying identity built into every Tailscale connection to eliminate distributing API keys to developer laptops, VMs, containers, CI/CD platforms (e.g. GitHub Actions), and other sandbox environments.
Any environment that can connect via Tailscale can use Aperture to eliminate keys and improve visibility. From an end-user perspective, setting up Aperture with an agent like Claude Code is as simple as adding the following to ~/.claude/settings.json , either manually or via MDM:
{ "apiKeyHelper" : "echo '-'" , "env" : { "ANTHROPIC_BASE_URL" : "http://ai" } }
Giving developers or agents within your organization access to new models or providers is as simple as adding a single API key and endpoint to Aperture's settings. Once a new provider is added, Aperture associates user and machine identities with API usage, while transparently passing along traffic to the LLM provider.
Since Aperture picks up identity information from your Tailscale network (tailnet), there is no need to set up user accounts or keys. Out of the gate, Aperture supports all major LLM providers using their native protocols, as well as most major cloud AI endpoints, self-hosted LLMs, and LLM inference providers that conform to the OpenAI v1 response or chat completions endpoint specifications.
The visibility provided by Aperture can be used in two main ways. The first is to understand AI adoption across an organization. The second is to look for signs of compromised or unapproved usage of agents or tools.
Models, agents, and AI usage best practices are constantly changing, and sometimes seemingly innocuous changes can have drastic impacts on tokens and, by extension, cost. By collecting usage information into a single place, engineering and IT leaders can get a complete picture into both user and agent token efficiency across the organization and providers.
... continue reading