@agentapprove/pi
Agent Approve extension for Pi - approve or deny AI agent tool calls from your iPhone and Apple Watch
Package details
Install @agentapprove/pi from npm and Pi will load the resources declared by the package manifest.
$ pi install npm:@agentapprove/pi- Package
@agentapprove/pi- Version
0.1.9- Published
- Jul 4, 2026
- Downloads
- 92/mo · 26/wk
- Author
- jbeno
- License
- SEE LICENSE IN LICENSE
- Types
- extension
- Size
- 73.6 KB
- Dependencies
- 0 dependencies · 0 peers
Pi manifest JSON
{
"extensions": [
"./dist/index.js"
]
}Security note
Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.
README
@agentapprove/pi
Agent Approve extension for Pi. Approve or deny Pi tool calls from your iPhone or Apple Watch. Get the app on the App Store.
Install
Run the Agent Approve installer and select Pi:
npx agentapprove
If Agent Approve is already paired on this machine, you can install the Pi package directly:
pi install npm:@agentapprove/pi@0.1.9
What It Covers
tool_callblocking approval- native tool completion events
- MCP tool approvals and completion events grouped by MCP server
- prompt, response, thinking, compaction, stop, and session-end events
- optional follow-up input from Agent Approve when Pi finishes a turn
Runtime Mapping
| Pi event | Agent Approve event |
|---|---|
session_start |
session_start |
before_agent_start |
user_prompt |
tool_call |
blocking approval request |
tool_result |
command_executed, tool_complete, or mcp_complete |
tool_execution_end |
completion fallback if tool_result was not observed |
message_end |
thought, response, or plan_generated |
session_compact |
context_compact |
agent_end |
stop, with optional follow-up input |
session_shutdown |
session_end |
Approval requests include:
{
agent: "pi",
hookType: "tool_call",
toolName: string,
toolType: string,
toolInput?: object,
command?: string,
conversationId: string,
generationId?: string,
toolCallId?: string,
model?: string,
mcpServer?: RuntimeMcpServer,
metadata: {
sessionId: string,
piEventName: "tool_call",
cwd?: string,
workspaceRoots?: string[],
turnId?: string,
messageId?: string,
provider?: string,
model?: string,
toolCallId?: string
},
timestamp: number
}
Events use the same Agent Approve event envelope with agent: "pi", eventType, conversationId, optional generationId, optional tool metadata, optional mcpServer, optional sessionStats, metadata, and timestamp.
Configuration
The extension reads the standard Agent Approve config from ~/.agentapprove/env.
| Variable | Default | Description |
|---|---|---|
AGENTAPPROVE_API |
https://api.agentapprove.com |
Agent Approve API URL |
AGENTAPPROVE_API_VERSION |
v001 |
API version |
AGENTAPPROVE_TOKEN |
keychain or config token | CLI API token |
AGENTAPPROVE_PRIVACY |
full |
minimal, summary, or full |
AGENTAPPROVE_FAIL_BEHAVIOR |
ask |
allow, deny, or ask if Agent Approve is unreachable |
AGENTAPPROVE_AGENT_NAME |
Pi |
Display name for this Pi agent |
AGENTAPPROVE_PI_NAME |
Pi |
Legacy Pi-specific display name fallback |
Security
Requests are signed with Agent Approve HMAC headers and include the SHA256 hash of the installed package bundle. The API allowlists published bundle hashes by hook version.