DEV Community

Igor Ganapolsky
Igor Ganapolsky

Posted on

The Safety Gap in Mobile Coding Agents: Stop the Tool Call Before It Runs

Remote control for coding agents is getting easier. The harder problem is what happens one second before an agent changes production.

A mobile client can start a task, stream output, or send a prompt. That is useful—but it is not an operator control plane unless it can stop a risky tool call before execution.

The control point belongs at the gateway

The approval decision should happen outside the model:

  1. The agent proposes a tool call.
  2. The gateway classifies it as read-only or side-effecting.
  3. Risky calls pause.
  4. A human sees the exact action on their phone.
  5. Approve continues execution; deny ends it without running the tool.

This matters because a model cannot reliably police its own side effects. The blocking boundary must sit where execution is actually enforced.

What stays local

For a self-hosted setup, credentials and agent sessions remain on the operator’s machine. The phone talks to the operator’s gateway rather than becoming a second place to store every development secret.

That is the architecture behind Hermes Mobile, an Android client I built for agents running behind your own Hermes gateway. It provides chat plus paid Leash approval cards for gated tool calls.

Android is live:
Hermes Mobile on Google Play

The broader lesson is product-independent: mobile agent access is convenient; enforceable human approval is control.

Top comments (0)