Your AI agent needs
permission to run tools.
You're not at your desk.
farmer is a real-time permission management server for AI coding agents. When your agent wants to run a command, edit a file, or access a resource — you see a card on your phone and tap Approve or Deny. Mobile-first. Agent-agnostic. Zero external dependencies.
Requires Node.js 20+. Works with Claude Code, extensible to any agent via the adapter pattern.
What is farmer?
When you run an AI coding agent like Claude Code, it sometimes needs your permission before executing commands or editing files. Normally you have to be sitting at your terminal. farmer removes that constraint.
It runs a local server that intercepts tool calls via hooks, streams permission requests to a web dashboard over SSE, and waits for your decision. You can approve from your phone, a different tab, or through a Cloudflare tunnel from anywhere in the world. Multi-session, trust-tiered, fully audited.
The adapter pattern means farmer is not locked to Claude Code. Any agent that can POST a JSON permission request to an HTTP endpoint can use it.
Start the server
Launch farmer from your project directory. It prints a token-authenticated URL you can open on any device.
$ npx @grainulation/farmer startConnect your agent
Use wheat connect farmer to auto-configure all four hook URLs, or set them manually in your Claude Code settings.
$ npx @grainulation/wheat connect farmer
# Or configure manually:
// .claude/settings.json
{
"hooks": {
"PreToolUse": [{ "type": "command", "command": "curl -sf ..." }],
"PostToolUse": [{ "type": "command", "command": "curl -sf ..." }],
"Notification": [{ "type": "command", "command": "curl -sf ..." }],
"Stop": [{ "type": "command", "command": "curl -sf ..." }]
}
}Approve from anywhere
Open the dashboard URL on your phone. Permission cards stream live as your agent works. One tap to approve, one tap to deny.
# From your phone, via tunnel, or another tab
# Cards appear the instant your agent
# requests a tool call. No polling delay.You're in a meeting. Your agent needs help.
Your Claude Code agent is running a research sprint. It wants to run tests and edit a file. You glance at your phone and tap through the decisions in seconds.
You tap Approve on the test run. The agent continues. You tap Deny on the edit. The agent stops and explains why it wanted to make the change. All from your phone, in 3 seconds, without leaving the meeting.
Four hooks. Full lifecycle coverage.
farmer intercepts every stage of the agent tool-call lifecycle. Each hook receives a JSON payload via stdin and returns a JSON decision.
PreToolUse
Fires before a tool executes. This is where permission decisions happen — approve, deny, or modify the request. The agent blocks until you respond.
PostToolUse
Fires after a tool completes. Carries the result back so the dashboard can show what happened. Used for audit logging and result display.
Notification
Non-blocking messages from the agent. Status updates, progress indicators, errors. Streams to the dashboard without requiring a response.
Lifecycle
Session start and stop events. Tracks when agents connect and disconnect. Enables multi-session management and trust inheritance.
Agent-agnostic by design
The adapter pattern separates the protocol layer from agent-specific details. Swap adapters to support any AI coding agent.
SSE is the primary transport for the dashboard with polling as fallback. Zero npm dependencies. The hook endpoints use plain HTTP POST — any agent that can curl can integrate.
Control how much your agent can do
Set per-session trust. New sessions inherit the trust level of their parent. Change it any time from the dashboard.
Every call reviewed
Nothing executes without explicit approval. Read, Write, Bash — everything requires a tap. Paranoid mode overrides per-session trust rules, ensuring no auto-approvals slip through. Best for sensitive repos or unfamiliar agents.
Read auto-approved
Read operations (file reads, glob, grep) are auto-approved. Write and execute operations require your approval. The default for most workflows.
Agent runs free
Everything is auto-approved. The dashboard still streams cards for monitoring, but nothing blocks. Use when you trust the agent fully.
Control without context-switching
Zero external dependencies. No framework, no build step.
Auth + Roles
Admin token for full control, viewer token for read-only monitoring. HMAC-signed invite links for sharing access. Tokens persist across server restarts.
SSE + Polling
Server-Sent Events for real-time streaming with polling as automatic fallback. Permission cards appear the instant they are requested.
Multi-Session
Run multiple AI agents at once. Each gets its own session with independent trust levels and rules. New sessions inherit trust from their parent.
Mobile-First
Designed for phone screens. Swipe cards for fast permission decisions, syntax-highlighted diffs, large tap targets. Add to home screen for native-like experience.
Adapter Pattern
Agent-specific logic is isolated in adapters. Ships with a Claude Code adapter. Swap in your own for other agents — the core protocol stays the same.
Audit Logging
Every approve, deny, and auto-decision is logged to JSONL with timestamps and session IDs. harvest can analyze these logs for usage patterns.
Cloudflare Tunnel
Built-in cloudflared support. Expose your local server securely and approve agent actions from anywhere in the world.
Sprint Detection
Watches claims.json and compilation.json for changes. The dashboard shows which wheat sprint your agent is working in.
Feedback Queue
Send feedback to your agent without switching to the terminal. Poll/ack delivery ensures messages arrive even if the agent is mid-task.
No. farmer ships with a Claude Code adapter, but the architecture is agent-agnostic. Any tool that can POST a JSON permission request to an HTTP endpoint can use farmer. Write an adapter for your agent and plug it in.
Three options: (1) If your phone is on the same network, bind to 0.0.0.0 and use your machine's local IP. (2) Use a Cloudflare tunnel — farmer has built-in support. (3) Use ngrok, tailscale, or any tunnel of your choice. Once connected, the /connect page shows dual QR codes — scan the admin QR for full control, or the viewer QR for monitoring-only access. You can also generate invite links as an alternative to QR codes.
The agent blocks. It waits until you approve or deny. There is no timeout by default — your agent will not proceed without your decision. You can configure auto-approve rules per tool type via trust levels.
Yes. farmer works with any Claude Code session, not just wheat sprints. The sprint detection features are a bonus — the core permission management works independently.
The ecosystem
farmer supervises AI agents across the entire grainulation ecosystem — or any Claude Code session.