A private pager for your agent loops.
Run your agents full-auto in loops. When one actually needs a human, it pings your phone and waits.
Paste this. That's the whole setup.
No account, no API key, nothing to install or build. Drop this into your
mcp.json
and your phone is now a tool your agent can call.
{
"mcpServers": {
"ask-a-human": {
"command": "npx",
"args": ["-y", "@askahuman/mcp", "serve"]
}
}
}Works with your agents
If it speaks MCP, it can reach you. Same one-line config, zero extra setup.
This is what lands on your phone.
Pair once. After that, when an agent can't decide on its own, it rings your phone and waits: a yes or no, a choice, or a quick reply.
New agent
wants to pair
Open ask-a-human.ai/app on your phone and type the 10-character code it printed to connect.
Claude Code
stuck on a risky deploy
All tests pass, but this release also runs a migration that drops `orders.coupon_code` on prod. Ship it?
Codex
blocked, needs your call
`main` has been red for 20 min and 3 deploys are stuck behind it. How do I unblock it?
Cursor
needs your words
A customer is escalating in the support thread and demanding a refund I'm not allowed to approve. How should I reply?
Wall to phone to “keep going,” in seconds.
Why we built this
We run a lot of agents. Like a hundred of them, in loops, full-auto, full permissions, mostly while we're asleep or away from the keyboard. That's the whole point: they're not supposed to need us. Until, every so often, one of them does.
And when an agent on full-auto hits the one step it shouldn't take alone, it has no way to reach us. It can't pause a hundred loops and wait by the door. So the choices were both bad: babysit every step and kill the automation, or let it rip and hope nothing touches prod while we sleep. We wanted a third option. Let them all run wide open, and give the rare one that's stuck a way to tap us on the shoulder.
So we built a pager. Copy-paste one MCP server into your agent, pin this site to your iPhone home screen, and that's it. Nothing to install, no account, no API key. When any of your agents needs a yes or no, a choice, or a quick reply, it pings your phone and waits. A hundred agents, one place, one buzz at a time.
And it's private by design. The messages travel through a magic wormhole, end-to-end encrypted, so the relay in the middle is blind. We don't track anything, there's no database, and we pay for the hosting ourselves, all of it. No data to sell, no funnel, no catch. We built it because we needed it, and our only goal is for it to spread.
The crypto bit.
Pairing is a Magic-Wormhole-style SPAKE2 handshake:
that short code turns into a strong shared key, and even if someone shoulder-surfs it
they get exactly one online guess before it's useless.
After that, every message is sealed with NaCl
secretbox
(XSalsa20-Poly1305). The relay only ever sees base64(nonce‖ciphertext) and which room is
talking to which, never the contents.
Built so it can't betray you.
Not a privacy policy you have to trust. A design that can't betray you. No accounts to
breach, no database to leak, no logs to subpoena. The relay is RAM-only: restart it and
you simply re-pair. And if you still don't trust us, the source is right there and you
can host your own relay with
--relay /
--public-relay.
Content-blind relay
The server only ever sees base64(nonce‖ciphertext) and which room talks to which. It's a dumb pipe: never the data, never a decision.
SPAKE2 pairing
A short pairing code becomes a strong shared key via a Magic-Wormhole-style SPAKE2 handshake. No relay-in-the-middle can read or forge it.
End-to-end encrypted
Your agent and your phone hold the keys. Approvals are sealed on one side and opened on the other. Nowhere in between.
No DB, open-source
RAM-only, no accounts, no database. Restart means re-pair. Self-host the relay and web with a flag, or read every line on GitHub.