Dollar
Security & Privacy安全与隐私

A calm gatekeeper for your AI coding agents为你的 AI 编程助手把一道关

Dollar watches what Claude Code and Codex are about to do, grades each action, and holds the dangerous ones for your confirmation. It runs on your PC, local-first. Here is exactly what it does — and, just as honestly, what it does not.Dollar 会盯着 Claude Code 和 Codex 即将执行的每一步,为它分级,并在动手前把高风险操作交给你确认。它在你自己的电脑上本地运行。下面说清楚它能做什么,也同样坦诚地说清楚它做不到什么。

3
risk tiers: red / amber / green三级风险:红 / 黄 / 绿
127.0.0.1
local bridge listens only here本地桥接仅监听此地址
~60s
a pending approval times out if you're away你不在时,待确认请求约 60 秒后超时
How the gateway grades & holds网关如何分级与拦截

Every action gets a color before it runs每个操作执行前都会先打上颜色

Dollar reads the command your agent is about to run and sorts it into one of three tiers. Green flows through; amber pauses to ask; red is held until you say yes.Dollar 会读取助手即将运行的命令,并将其归入三个等级之一:绿色放行,黄色暂停询问,红色则一直等到你点头为止。

Green — auto-allowed绿色 — 自动放行

Read-only, test and build commands run without interrupting you — but only when there's no output redirection.只读、测试和构建类命令无需打扰你即可运行 —— 但仅限没有输出重定向的情况。

lscatgit statusnpm testnpm run build

A trailing > or >> that writes to a file pulls the command out of green.命令末尾若带有写入文件的 > 或 >>,就会被移出绿色档。

Amber — asks first黄色 — 先询问

Actions that change your project pause for a yes, unless you've chosen full-auto.会改动你项目的操作会暂停等你确认 —— 除非你选择了全自动模式。

npm installgit commit

One tap to approve, or let your policy mode decide.点一下即可批准,也可以交给你设定的策略模式自动决定。

Red — held for confirmation红色 — 拦下等你确认

Anything that could leak secrets, rewrite history, or reach outside your machine is held until you confirm.任何可能泄露密钥、改写历史或越出本机的操作,都会被拦下,直到你确认为止。

.env / .ssh / id_rsagit push --forcegit reset --hardkubectldocker pushnpm publishcurl | shsudo

Database migrations and reads of credential files land here too.数据库迁移、以及读取凭据文件的操作同样归入此档。

Local-first by design天生本地优先

Your code and logs stay on your machine你的代码和日志,留在你自己的机器上

Dollar runs on your PC. The only time anything leaves is when you explicitly ask for an avatar — and even then it's downscaled and stripped first.Dollar 在你的电脑上运行。唯一会有数据外发的情况,是你主动要求生成头像时 —— 而且在此之前也会先压缩并清除元信息。

What stays local留在本地的

  • Runs on your PC; the local bridge listens only on 127.0.0.1.在你的电脑上运行;本地桥接只监听 127.0.0.1
  • Key requests are authorized with a per-session token.密钥请求通过每次会话独立的令牌进行授权。
  • Your code and your Claude / Codex logs are not uploaded.你的代码、以及 Claude / Codex 的日志都不会被上传。
  • Your OpenAI API key is stored using your system's encryption.你的 OpenAI API 密钥使用系统级加密存储。

When you choose to share当你主动选择共享时

  • Exports auto-redact file paths, usernames, and keys.导出时会自动隐去文件路径、用户名和密钥。
  • Pet photos for avatar generation are downscaled to 1024px and stripped of EXIF before they go to OpenAI.用于生成头像的宠物照片,在发往 OpenAI 前会被压缩到 1024px 并清除 EXIF 信息。
  • Photos leave your machine only when you choose to generate an avatar — not at any other time.只有在你选择生成头像时,照片才会离开你的机器 —— 其他时候都不会。
Controls in your hands掌控权在你手里

Tune how cautious it is — and undo when needed调节它的谨慎程度 —— 需要时还能撤回

Set a policy mode, add your own keyword rules, approve or reject with a hotkey, and roll back with a pre-op snapshot.设定策略模式、添加你自己的关键词规则、用快捷键批准或拒绝,并通过操作前快照回滚。

Three policy modes三种策略模式

Careful, Standard, or Full-auto — pick how often Dollar pauses to ask. Switch any time as your trust grows.谨慎、标准、全自动 —— 自己决定 Dollar 多频繁地暂停询问。随着信任建立,随时可切换。

Custom keyword rules自定义关键词规则

Add your own danger and safe keywords so Dollar grades the way your project actually works.添加你自己的危险词与安全词,让 Dollar 的分级贴合你项目真实的工作方式。

F8 / F9 hotkeysF8 / F9 快捷键

Global F8 to approve and F9 to reject — decide without leaving your editor.全局 F8 批准、F9 拒绝 —— 无需离开编辑器即可做决定。

Pre-op snapshot操作前快照

Before a risky step, Dollar copies the affected files and drops a git stash checkpoint so you can roll back.在风险操作前,Dollar 会复制受影响的文件并打一个 git stash 检查点,方便你回滚。

Task Time Machine任务时光机

Roll back a whole task, not just a single file — rewind to where things were before the agent started.回滚的是整个任务,而非单个文件 —— 倒回到助手动手之前的状态。

A safety net, not a leash是安全网,不是束缚

Snapshots reduce surprises and give you a way to intervene — they are a backstop, not a replacement for Git or your own backups.快照能减少意外,给你一个介入的机会 —— 它是一道兜底防线,并不能替代 Git 或你自己的备份。

Honest limits坦诚的边界

What Dollar is notDollar 不是什么

Trust is built on candor. Here's where Dollar stops — so you know exactly what you're relying on.信任源于坦白。这里说清楚 Dollar 的止步之处,好让你心里有数,知道自己在依赖什么。

  • It reduces surprises, but it can't catch everything.它能减少意外,但无法拦下所有情况。
  • Green read-only commands aren't deeply inspected — Dollar is not a sandbox.绿色只读命令不会被逐一深入检查 —— Dollar 不是沙箱。
  • The AI agent ultimately executes the actions; Dollar asks before and helps you step in.真正执行操作的始终是 AI 助手;Dollar 只是在动手前询问,并帮你及时介入。
  • Snapshots are a safety net, not a replacement for Git or your backups.快照是一道安全网,并不能替代 Git 或你的备份。
  • Costs are estimated and actual billing may differ — except OpenAI usage, which Dollar measures directly.费用为估算值,实际账单可能有出入 —— OpenAI 用量除外,那部分 Dollar 会直接测量。
  • If you step away, a pending approval times out after about 60 seconds.如果你离开了,待确认的请求大约 60 秒后会超时。
  • Windows-first — that's where Dollar lives today.Windows 优先 —— 这是目前 Dollar 所在的平台。
Get Dollar on Steam在 Steam 上获取 Dollar See how it works看看它的运作方式