Aerostack
Aerostack
AI Agent Management Platform

The computer use agent app
that runs everything from your phone.

OpenClaw is the iOS and Android app for managing your AI agents end to end. Monitor sessions live, approve or reject tool calls and handoffs, manage workspaces and bots, and keep a full audit trail — all from your phone. Your data stays on your devices.

Live agent dashboardMobile approvalsManage end-to-endLocal AI agent · zero server storageClaude computer use
Download on the
App Store
 Or pair your machine in 60 seconds
See

Your AI agent dashboard — live, from anywhere.

Sessions, tool calls, tokens, latency — streamed live from your machine to your phone. No polling. No delay. The same AI agent dashboard you'd open on your laptop, now in your pocket. Real-time monitoring without touching your desk.

  • Every prompt and every tool call, tagged and timestamped
  • Token counts and cost ticking up in real time
  • Status flips the moment they happen on your machine
  • Replay any session from history, frame by frame
Live session · claude-opus-4
14:32:01 fs.read("/src/index.ts")
14:32:01 read 342 lines
14:32:03 grep("buildMeta", ".")
14:32:03 7 matches found
14:32:05 fs.edit("/src/page.tsx")
14:32:05 approval required — tool gate
STREAMING
Tool gates
gmail__*
always ask
git push *
always ask
fs.read *
auto-approve
shell *
ask if unknown
Actions
Approve & run Reject Request changes
Control

Approve sensitive moves with a swipe.

Tool gates decide what needs human approval — by tool name or pattern, with a risk level and expiry you control. Edit the args before you approve. Reject to stop, or request changes to send feedback and let the agent revise. Audit trail on every action forever.

Not just approve or reject

Tell the agent what's wrong and it revises and resubmits — the decision loop stays open until it's right. And when a WhatsApp or Telegram bot escalates to a human, approve the handoff from your phone too.

Three layers of control

Catch the risky moves — even when there's no tool to gate.

Most platforms only allow or block named tools. OpenClaw stacks three layers so a sensitive action gets caught no matter how the agent tries it.

Workspace policies

Allow and deny lists that govern the whole workspace. Start from templates — Safe Agent, Production Guardrails, Read-Only Observer, Communication Safe, Developer Sandbox — or write your own with priorities and rate limits.

Tool gates

Intercept specific MCP tool calls by name or pattern before they reach the server. Each rule carries a risk level, an expiry, and optional auto-approve for trusted roles. The standard human-in-the-loop gate.

Local Guardian

Catches the agent by intent, not by tool name. Even if it never calls an MCP tool — just wants to run a shell command, write a file or deploy — Local Guardian asks you first. 25 templates across files, shell, git, deploy, database, comms, financial and infra.

Tool gates catch named calls. Policies enforce workspace rules. Local Guardian catches everything else — so "approve sensitive actions with a swipe" holds for shell commands, deploys, and emails, not just MCP tools.

Claude computer use

Run Claude computer use safely — with a human in the loop.

Claude computer use gives the model direct access to your machine: it reads files, runs commands, edits code, and calls APIs like a developer would. That power needs guardrails. OpenClaw is the mobile control plane for Claude computer use — you see every action the moment it happens, and approve or block the risky ones from your phone before they execute.

  • Every Claude tool call streamed to your phone in real time
  • Tool gates catch file writes, shell commands and deploys before they run
  • Local Guardian blocks dangerous intent — even without a named MCP tool
  • Request changes: guide Claude toward a safer approach instead of just blocking
  • Full audit trail of every action Claude took on your machine

Works with Claude Code, Claude Desktop, and any MCP-compatible client running on your machine. OpenClaw is model-agnostic — the same guardrail stack applies to GPT, Gemini and open-weight models too.

Claude computer use · approval pending
shell.run
rm -rf ./dist && git push --force origin main
Flagged: destructive + force push · Local Guardian
Approve & run
Request changes
Reject
Request changes

Don't just block it. Guide the agent to a better version.

Approve or reject are not your only options. Request changes keeps the loop open — tell the agent what's wrong, it revises its approach and resubmits. Every round is logged.

01
01

Agent requests approval

Your computer use agent tries a sensitive action — a shell command, a file edit, a deploy. OpenClaw intercepts it and sends a push notification to your phone.

02
02

You request changes

Instead of approving or rejecting outright, you send the agent a note: "Don't force-push. Open a PR instead." The approval decision stays open.

03
03

Agent revises and resubmits

The agent reads your feedback, adjusts its plan, and resubmits the request. You review the revised action. Repeat until it's right. Every round is logged with timestamps.

The round-trip is especially useful for Claude computer use, where a risky-but-necessary shell command can be rewritten to be safer instead of blocked entirely.

Chat threads

Talk to your agent. Pick up where you left off.

Persistent chat threads let you steer your agent across sessions. Each thread keeps full context — switch tasks on your phone, hand off to your laptop.

  • Threads persist across sessions automatically
  • Full context injected on resume
  • Switch between threads with one tap
active threads
Code review
12 msgs
Deploy pipeline
5 msgs
Bug triage
28 msgs
Deep Analytics

Know what your agent is doing — and what it's costing.

From a 60-second glance on your phone to a forensic deep-dive on your laptop. Every prompt, every token, every dollar. Every model. Every tool. Every error.

1.24M
tokens · 7d
$4.21
cost · 7d
147ms
p50 latency
83%
cache hit rate
Daily, weekly, monthly, lifetime windows
Per-session token + cost breakdown
Latency: p50, p95, p99 per tool
Cache hit rate by prompt and by tool
Top tools, top models, top callers
Error rate trend with stack traces
Cost projection vs current month
Export CSV for billing reconciliation
Tools & Channels

Decide what your agent can touch — and how it answers.

Plug in MCPs, skills, and functions from the marketplace. Wire up channels: chat, webhook, schedule, push. Push changes to the daemon instantly — no redeploy.

Browse the marketplace
Plugins
GitHub MCP
Filesystem
Slack MCP
Web Search
Channels
Chat
Webhook
Schedule
Push
Team sessions
N
Navin
watching
S
Sara
approved 3 tools
D
Dev
online
Team

Your OpenClaw, your team's control plane.

Invite teammates to the workspace. Anyone can monitor sessions live. Anyone with the right role can approve from their phone. Audit shows exactly who did what, when.

  • Invite by email or shareable link
  • Role-based approval permissions
  • See who is watching the same session
  • Per-action audit with member identity
Mobile + Web

The AI agent app and control plane — on every surface.

Everything you can do on the desktop AI agent dashboard, you can do on the phone. Pair, monitor, approve, manage tools, view usage. The phone is not a "lite" version — it's the full agent control plane. OpenClaw is the iOS and Android app built for teams who need real control, not just push notifications.

Agent · live
Agent · live
Sessions
Sessions
Tasks
Tasks
Usage
Usage
Channels
Channels
Approvals
Approvals
Download on the
App Store
Local-first

Local AI agent. Your data never leaves your machine.

Your prompts, tool calls, transcripts, audit log — never written to our database. Aerostack is a relay, not a data sink. OpenClaw runs as a local AI agent daemon on your machine; the gateway relays only the events needed to reach your phone. Zero server-side storage, by design.

Your machine
Data stays here
relay only
events only
Your phone
Receive & act

Aerostack only relays the events needed to sync between your devices. Prompts, transcripts, and audit logs never leave your machine.

Multiple machines

Pair laptops, desktops, servers. All under one agent control plane. Switch between machines in one tap.

Multiple workspaces

Different projects, different clients, different teams. Separate policies, separate audit, separate tool gates.

Push notifications

Approvals, errors, cost spikes, finished tasks. You decide what wakes the phone — no noise, no gaps.

Frequently asked questions

What is a computer use agent?
A computer use agent is an AI agent that operates a real machine the way a person would: running shell commands, reading and editing files, calling APIs, and using tools to get work done. Because it acts on your actual environment, you want to see what it is doing and stay in control of the sensitive steps. OpenClaw is the iOS and Android app for exactly that: it runs everything from your phone so you can watch your agent live and approve or reject the risky actions.
What can I do from the OpenClaw app?
Everything. OpenClaw is the full Aerostack control plane on your phone, not a lite companion. You can monitor agent sessions live with tool calls, tokens and latency, approve or reject tool calls and bot handoffs, pause, stop, restart or send commands to a session, install MCPs, skills and functions, wire up channels, manage workspaces and bots, view usage analytics, and read a full per-action audit trail. Whatever you can do on the dashboard, you can do from the app.
How does OpenClaw approve tool calls from my phone?
When your agent tries to run a sensitive action, an approval request is sent to your phone as a push notification. You open it, see the tool, the arguments and why it was flagged, and then approve, approve and run, or reject. Approvals are delivered over a real-time connection so you act on them the moment they happen, from anywhere.
What is the difference between a tool gate and Local Guardian?
A tool gate intercepts a specific MCP tool call by name or pattern before it reaches the server, using rules you set per workspace with a risk level, expiry and optional auto-approve for certain roles. Local Guardian works differently: it catches the agent by intent. Even when no MCP tool is involved, like running a shell command, writing a file or deploying, Local Guardian asks you first based on a semantic category. Tool gates catch named tool calls, Local Guardian catches everything else.
What is Local Guardian and what does it protect?
Local Guardian is the semantic approval layer that lives inside the agent. It ships with 25 pre-built rule templates across eight categories: file operations, shell and system, git and version control, deploy and release, database, communication, financial and billing, and infrastructure. You can enable any of them, add all in one click, or write custom rules. Before the agent does a matching operation it has to ask you, so dangerous intent is caught even when there is no named MCP tool to gate.
What is the difference between rejecting an action and requesting changes?
Rejecting stops the action outright. Requesting changes keeps the loop open: you send the agent a note about what is wrong, the agent reads your feedback, revises its approach and resubmits the request for another review. This multi-round back-and-forth is logged round by round, so instead of only blocking a risky but necessary step you can guide the agent toward a safer version of it.
Does my agent data leave my machine?
No. Your prompts, tool calls, transcripts and audit log are never written to the Aerostack database. Aerostack is a relay, not a data sink: it only handles the events needed to move your OpenClaw data between your own devices, which is where it lives.
Can my whole team approve agent actions?
Yes. Invite teammates to a workspace by email or shareable link. Anyone can monitor sessions live, and anyone with the right role can approve from their phone. Every approval and action is recorded in the audit trail with the member identity, so you can see exactly who did what and when.
Which AI agents and models does OpenClaw support?
OpenClaw connects to your Aerostack workspaces, which are compatible with Claude, GPT models, Gemini, Cursor, Windsurf and any MCP client. The usage analytics break down tokens and cost per model so you can see the split across whatever agents you run.
Is OpenClaw free and which platforms does it support?
OpenClaw is free to download for iOS and Android. It connects to your Aerostack account, which has a free tier with no credit card required. The pairing daemon is open source and pairs your machine in about a minute.
How does OpenClaw work with Claude computer use?
Claude computer use gives Claude direct access to your machine — it runs shell commands, edits files, and calls APIs. OpenClaw sits between Claude and your machine as the approval layer: every tool call is streamed to your phone in real time, and tool gates plus Local Guardian intercept the sensitive ones before they execute. You approve, reject, or request changes from your phone. This makes Claude computer use practical for production environments where you need a human in the loop without stopping work entirely.
What is an AI agent management platform?
An AI agent management platform is the control layer that sits above the agent runtime: it handles monitoring, approvals, tool governance, audit, team access, and workspace configuration. Without one, managing AI agents means reading terminal logs and hoping nothing breaks. OpenClaw is that platform — built as a native iOS and Android app so the control layer is with you wherever you are, not locked to a browser tab on a desk.

Related features

Agent Security MCP Workspaces Intelligent Bots Agent Automation

Pair your machine in 60 seconds.

Free to start. Open-source daemon. No card required.

Two commands. That's it.
1 $ npm install -g @aerostack/gateway
2 $ aerostack init
Pairs your machine with your workspace. Open the iOS app, scan the code, you're live.
Download on the
App Store
Install guide Open dashboard