JSPM

  • Created
  • Published
  • Downloads 1761
  • Score
    100M100P100Q114813F
  • License MIT

Permission hooks for AI coding agents — route tool approvals through Pushary push notifications

Package Exports

  • @pushary/agent-hooks
  • @pushary/agent-hooks/dist/src/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@pushary/agent-hooks) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@pushary/agent-hooks

npm version npm downloads license

Push notifications, questions, and permission approvals for AI coding agents. Get a push when your agent finishes work, answer its questions from your phone, and approve risky commands before they run. Works with Claude Code, Codex, Cursor, Gemini CLI, and Hermes.

Your agent froze waiting for a yes. This is how it reaches you.

npx @pushary/agent-hooks@latest setup

One command wires up the MCP server, the permission hooks, and the agent instruction files. Then you close your laptop and the agent still reaches you.

What it does

There are three things.

Notify. The agent sends a push when a long task finishes or when a build, test, or deploy fails. The notification can carry what changed, the error, and suggested next steps.

Ask. The agent asks you questions through push: yes/no, multiple choice, or free text. It waits for your answer. When Pushary is connected, the agent sends its questions to your phone instead of stalling in the terminal.

Gate. Risky shell commands (rm -rf, force pushes, history rewrites, database drops, deploys) are checked before they run. What happens is set by your dashboard policy: auto approve trusted read-only commands, push to your phone for approval, or hold for the phone and never auto-deny. If the check cannot run, the command is blocked instead of allowed. It fails closed.

Setup

You need an API key. Sign up at pushary.com, then run:

npx @pushary/agent-hooks@latest setup

The wizard detects which agents you have installed and configures each one. To skip the prompts:

npx @pushary/agent-hooks@latest setup --key pk_xxx.sk_xxx --skip-phone

Verify it worked:

npx @pushary/agent-hooks@latest doctor

Supported agents

Agent Notify Ask Gate
Claude Code yes yes yes
Codex yes yes yes
Cursor yes yes yes
Gemini CLI yes yes yes
Hermes yes yes yes

Any other MCP client can use notify and ask by pointing at the Pushary MCP endpoint directly.

Commands

setup    Configure Claude Code, Codex, Gemini CLI, Hermes, or Cursor with Pushary
doctor   Verify your Pushary installation is working
clean    Remove all Pushary configuration
mode     Switch approval mode (push_only, push_first, terminal_only)
wait     Show or set the "wait for your phone" ladder (pushary wait 45)
hook     Run as a PreToolUse hook (reads stdin, writes stdout)

Examples:

npx @pushary/agent-hooks@latest mode push_only --for 30m
npx @pushary/agent-hooks@latest wait 45
npx @pushary/agent-hooks@latest clean

Manual MCP setup

If you only want notifications and questions (no permission gating), add Pushary to your MCP config directly:

{
  "mcpServers": {
    "pushary": {
      "type": "http",
      "url": "https://pushary.com/api/mcp/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

The MCP server exposes send_notification, ask_user, wait_for_answer, and cancel_question. Full tool reference is in the docs.

Security

The permission gate fails closed. If a policy cannot be fetched or a hook errors, the command is blocked, not allowed. Secrets in command arguments and environment are redacted before anything is sent to a phone or stored. Read-only commands can be allowlisted so trusted work never interrupts you, while writes and destructive commands still route through approval.

License

MIT