All use cases

Monitor AI agent activity

Remote agents wake on cron, webhooks and chat. They can drift from your goals, burn money in an endless loop, and are subject to compromise. Visibility is crucial.

Most agent activity happens when you’re not watching

A coding agent used to mean a chat box you typed into. Not anymore. Cron jobs wake agents at 3 AM. Webhooks fire them on every pull request. Slack and WhatsApp route into OpenClaw gateways. CI runners spin up Cursor and Claude Code sessions for hours. MCP servers extend every agent with third-party tools that can change after you approve them.

The first signal that something’s wrong shouldn’t be a bill, a public post, or a Slack message from the colleague whose contacts your agent just emailed.

  • Drift is invisible without a feed. A scheduled or webhook-triggered agent can wake up, take an unexpected action, and finish — and you wouldn’t know until someone else noticed.
  • Loops only look fine until the bill arrives. Without live token-burn and tool-call signals, an agent in a retry storm can spend for days before a threshold alarm fires.
  • Every agent is a separate black box. Cursor, Claude Code, Gemini, Copilot, Codex, OpenClaw, OpenCode, Pi — each ships its own logs, UI, and retention rules. Five dashboards is the same as no dashboard.

Why visibility matters now

OWASP’s 2026 Agentic Top 10 puts it bluntly: strong observability becomes non-negotiable. The incidents below are different from each other, but they all rhyme — an agent was doing something important while no one was looking, and earlier visibility would have changed the outcome.

Industry research and standards

Beyond the headlines, security and observability organizations are converging on the same point: visibility into agent behavior — tools, prompts, decisions, and timing — is the foundation that everything else sits on.

How Agent Approve gives you visibility

Agent Approve installs hooks or plugins at the agent boundary, normalizes noisy hooks into a coherent model, and streams encrypted events to your devices.

Centralized activity feed

Wakeups, prompts, tool calls, MCP traffic, subagents, compactions, responses, and stops from all the major agentic applications stream into one feed instead of separate application windows or log files.

Observability on your wrist

The activity feed isn't trapped on the laptop where the agent is running. iPhone and Apple Watch keep you in the loop on a separate trust path — useful when the agent itself is the thing you're watching.

Hook up all your agents

Local laptop, remote server, CI runner, home Mac mini — Agent Approve installs hooks and plugins wherever the work runs and fans the activity into a single account view.

Live status updates

See every observed agent by instance, name, status, conversation, last seen time, and event count. Tell at a glance which agents are working, idle, looping, or waiting on you.

Push notifications

Important events arrive as notifications — wakeup, approval needed, drift detected, error — instead of dying in a log directory you would only check after something went wrong.

Search and filter

Slice by agent, decision, tool, MCP server, project, or time window. Event detail surfaces useful metadata — cwd, model, duration, paths, statuses, and the policy decision that fired.

What Agent Approve can see

Coverage depends on the agent platform and the hooks it exposes. Agent Approve maps every supported event into a normalized schema so a tool call looks the same whether it came from a Cursor shell hook, a Claude Code PreToolUse, or an OpenClaw plugin. Expand any event below to see which agents emit it, the hook file installed for each, and the schema fields surfaced in the UI.

Lifecycle

2 events

Session boundaries — when an agent starts and ends a conversation, including agents woken by cron, webhook, or chat trigger.

Prompts and model calls

3 events

What the agent was asked, and the model traffic on either side of every reasoning step.

Tools and MCP

8 events

Every tool call before it runs and after it finishes — built-in tools, shell commands, and MCP servers — plus failures and permission prompts.

Orchestration

3 events

Subagents the main agent spawns, and context compaction that quietly reshapes the conversation.

Responses and stops

5 events

What the agent said, when it stopped, and the in-progress thinking and plans on the way there.

Errors

1 event

Things that went wrong — the events that often disappear into log files when no one is watching.

Observability that’s private

We trust our data with Agent Approve every day, so we built it with security and privacy in mind. Event payloads are encrypted by the hooks, and can only be decrypted by your devices. Agent Approve is the courier, not the reader.

End-to-end encryption

Activity content is encrypted on your devices before it reaches the server. Only your devices hold the keys — we literally can't read your agents' work.

Org encryption at rest

The encrypted bytes are wrapped again with org-scoped keys at rest, so even the encrypted payload sits behind a second layer of isolation in the database.

Privacy tiers

Choose what leaves the device for stored history: tool name only, a redacted summary, or full content. The approval path always sees enough to decide; the log only keeps what you allow.

Retention you control

Pick your audit window — 1 day, 7 days, 30 days, 90 days, or 1 year. Anything older rolls off on a schedule, no manual cleanup required.