OkaiDokai — Your AI agent asks. You decide.

Security firewall for AI agents

YourAIagentasks.
Youdecide.

OkaiDokai intercepts every tool call — shell commands, HTTP requests, file writes, messages — and sends you a push notification to Allow or Deny in real time.

OkaiDokai — Approval Required

web_fetch → api.wise.com/transfers

{ "account": 13967081,
  "amount": 2500.00,
  "currency": "EUR" }

OkaiDokai — Auto-Denied

exec → rm -rf /

Agent: openclaw

Rule hit: #34

Time: 3 min ago

auto-denied

TheProblem

AI agents are powerful. They execute shell commands, make HTTP requests, read and write files, send messages, and control browsers. Most of the time that's what you want. But sometimes it's not.

×A malicious plugin exfiltrates your SSH keys via curl

×An agent runs rm -rf on the wrong directory

×A tool call sends a message to the wrong Slack channel

×An agent initiates a fiat or crypto transaction you didn't authorize

×A dependency install pulls in a compromised package

HowItWorks

Install the plugin

One command. Works with OpenClaw and any agent framework with a hook system.

Your agent runs — you stay in control

Every tool call is intercepted. If a rule matches, it's auto-decided in <1ms. Otherwise, you get a push notification.

Build your firewall over time

Every decision can become a rule. Your ruleset grows smarter with every interaction — like training a spam filter.

OkaiDokai — Approval Required

send_email → [email protected]

{ "subject": "Invoice #1042",
  "body": "Hi Alice, please find..." }

Features

Real-Time Approval Flow

Push notifications with Allow/Deny actions. Respond from your lockscreen, Apple Watch, or browser. Sub-second delivery.

Smart Rules Engine

Glob-based pattern matching with priority ordering. Scope rules by tool, session, agent, or time. Rules are checked in <1ms.

Full Audit Trail

Every decision is logged — who approved what, when, why, and which rule matched. Searchable, filterable, exportable.

Works Everywhere

iOS, Android, Apple Watch, Web. Push notifications via APNs, FCM, and Web Push. Approve from wherever you are.

One-Command Setup

npx okaidokai — installs the plugin, opens OAuth in your browser, pairs your device. No config files to edit.

Deny on Timeout

If you don't respond, the action is automatically denied. Your agent can't just wait you out. Configurable per-user.

HowIt'sDifferent

	Static Policies	Docker Sandbox
Per-request approval
Mobile notifications
Learning ruleset
Audit trail	Partial	Logs only
Sub-second overhead
Works with any agent

Architecture

Your AI Agent
    │
    ▼
┌─────────────┐     ┌──────────────┐       ┌──────────┐
│  OkaiDokai  │────▶│  OkaiDokai   │──────▶│ Your     │
│  Plugin     │◀────│  API         │       │ Phone /  │
│  (via hook) │     │              │◀──────│ Watch /  │
└─────────────┘     └──────────────┘       │ Browser  │
                                           └──────────┘
  Intercepts          Evaluates rules,       You tap
  every tool call     sends push if needed   Allow or Deny

End-to-end encrypted — all communication secured via HTTPS

Pricing

Free

500 approvals/month
1 device
Push notifications
Rules engine
Audit log (30 days)

Personal

$9/mo

Unlimited approvals
Unlimited devices
Apple Watch support
Audit log (unlimited)
Priority support

Team plan with shared rulesets and approval chains coming soon.

Setitupin60seconds.

# 2. Install the plugin + pair your device
$ npx okaidokai
# detects your agent, installs the hook,
# and walks you through pairing

# 3. That's it.
# Your agent asks, you decide.

YourAIagentasks.Youdecide.