Approve Claude Code from your phone.
A local-first approval mesh. Auto-allow the safe calls. Deny the dangerous ones. Push only the ambiguous middle to your pocket — two taps and Claude continues.
Five Claude sessions, five places to babysit.
Approval fatigue
Every `Bash`, `Edit`, `WebFetch` prompts you for permission. Across 4–6 parallel sessions that's hundreds of prompts a day, and the only way to clear them is to be staring at the terminal.
Context-switching tax
You're in another window. You hear the bell. You switch back, squint at the diff, type 'yes'. Five times an hour. Each switch costs minutes of focus.
Sleepy 'yes'
Tired humans approve recklessly. The whole point of asking is lost. A tool that pushes everything to you isn't safety — it's noise.
Classify, then route.
- 01
Local policy decides
A small daemon runs on your machine. Claude's PreToolUse hook routes every approval through it. Your `policy.yaml` matches read-only commands → allow, dangerous patterns → deny, the rest → ask.
- 02
Only 'ask' reaches you
Allow and deny resolve in milliseconds — Claude keeps moving. The 'ask' bucket pushes to your phone via web push or Live Activity. Two taps to approve, swipe to deny.
- 03
The policy grows with you
Each manual approval is a candidate rule. The daily digest surfaces patterns: 'You allowed 7 `git push` this week — promote?' One tap to fold it into your policy.
Your code never leaves the machine.
LAN-direct by default
When your phone is on the same network, the Mac daemon talks to the iOS app directly over Bonjour. No relay, no cloud, no third party in the middle.
Optional cloud relay for outside
Away from your LAN? An optional managed relay routes by pairing-id without authenticating against your code. You can also self-host it — the relay is OSS.
Fail-safe deny
If the daemon dies or the policy file fails to parse, the gate exits with deny. We never auto-allow when the supervisor is down.