Pushary

Security & privacy

Pushary sends decisions, not your code.

Pushary is built on data minimization. To ask you to approve or answer, it needs the question and the tool name, nothing more. Your code, files, and transcript stay on your machine. Here is exactly what that means.

What leaves your machine

  • The question your agent is asking (for example, "Run git push origin main?")
  • The tool name involved (Bash, Edit, Write, and so on)
  • Minimal notification text (a title and body) so the push is readable
  • Your decision (approve, deny, or your typed answer) and when you made it

What never leaves your machine

  • Your source code and file contents
  • Diffs and the full agent transcript
  • Environment variables, secrets, and API keys
  • Anything the agent reads or writes on your machine

How a decision flows

1

The hook intercepts

A lightweight hook runs in your agent (Claude Code, Codex, Cursor, Hermes, or any MCP client) when a tool call needs a decision. The agent and your code stay on your machine.

2

Only the decision is sent

Pushary forwards the question and the tool name to its API, applies your per-tool policy, and if a human decision is needed, sends a push to your phone. Your code is never part of that payload.

3

You answer in place

You approve, deny, or answer from your lock screen. The decision page links are HMAC-signed so they cannot be forged.

4

The agent continues

Your answer returns to the hook and the agent keeps working. The question, tool, and your decision are written to an audit trail, never your code.

Honest about encryption

Pushary is not end-to-end encrypted, and that is deliberate. An end-to-end-encrypted tool cannot keep a server-side, queryable, exportable audit trail, which is the thing teams and compliance owners actually need. So instead of encrypting everything, Pushary minimizes what is sent in the first place: the decision, never your code. Traffic is over HTTPS, decision links are HMAC-signed, and pending questions expire from cache on a short timer.

Frequently asked questions

Does Pushary see my code?

No. Pushary sends only the decision: the question text, the tool name, and minimal notification metadata. Your source code, file contents, diffs, transcript, and secrets never leave your machine. The agent runs locally; the hook only forwards the prompt that needs a decision.

Is Pushary end-to-end encrypted?

No, and that is a deliberate trade-off. An end-to-end-encrypted tool cannot keep a server-side, queryable, exportable audit trail, which is exactly what teams and compliance owners need. Instead of encrypting everything, Pushary minimizes what is sent: only the decision, never your code. Traffic is over HTTPS.

What does Pushary store, and for how long?

Pending questions are held briefly in Redis with a short time-to-live and then expire. The audit trail records each question, the tool involved, and the human decision (who decided, when, and under which policy), so you and your team have a record. It does not store your code.

Can a stranger approve my agent?

No. Decisions are scoped to your account and site, and the decision page URLs are signed with an HMAC secret, so a link cannot be forged or replayed by someone else.

Control your agents without handing over your code

Approve from your phone, set guardrails once, and keep an exportable audit trail. Works with Claude Code, Codex, Cursor, Hermes, and any MCP client. 7-day free trial.