Open source · Self-hostable

The valet key
for AI agents.

Stop putting live API keys in .mcp.json and .env files. AgentValet sits between your agents and the SaaS platforms they call, enforcing scoped credentials, human approval, and a full audit trail. One revoke kills access instantly.

Try free — no signup → Get started See how it works →
<5min Time to first agent
25 Platforms governed

Free tier, no card. Live in under 5 minutes, or we'll wire your first agent with you on a call. 30-day money-back on paid plans.

Read the source on GitHub · Browse the docs · No signup to look

Agent
invoice-processor
RS256 · signs JWT
AgentValet
verify_sig
check_scope
inject_cred
audit_write
Platforms
stripe
gmail
slack
github
notion
hubspot
The valet key

A valet key starts the car and unlocks the driver's door. It won't open the trunk, the glovebox, or the front gate at home. AgentValet hands your AI agent the valet key - and keeps the rest on your hook.

How it works

Three steps. No keys in your repo.

01
Register your agent
Run npx @agentvalet/register from your agent project. We generate an RS256 keypair and record the public key in the registry. Your agent signs every request - the private key never leaves your machine.
02
Connect platforms
Your owner approves scopes in the dashboard. AgentValet stores encrypted credentials via envelope encryption: AES-256 DEK per credential, master key in Azure Key Vault HSM. Your agent never sees raw tokens.
03
Call via proxy
Agents call POST /v1/actions with a short-lived JWT. In one round trip, the proxy verifies the signature, checks scope grants, injects credentials in-memory, forwards the call, and writes an immutable audit record.
Architecture

Four things have to fail before a credential leaks.

A leaked .env file isn't enough. A compromised laptop isn't enough. A rogue agent isn't enough. Each layer below is independent — an attacker has to defeat all four to reach a live credential.

Identity
Stops a stolen agent file from impersonating a real one.
RS256 keypair per agent No shared secrets Entra ID federation
Governance
Stops a verified agent from doing something it shouldn't.
Deny-by-default scopes Human approval on writes One-click revocation
Integration
Stops a credential leak from being readable, even if our database leaks.
Envelope encryption Master key in Azure Key Vault HSM 25 platforms live, more weekly
Observability
Catches the breach you didn't prevent — so you can stop the next call.
Append-only audit log Push approval to phone Real-time anomaly alerts
Inside the dashboard

See what your agents are doing.

A single console for identity, permissions, platforms, and the audit trail. Built for owners who need to know - and prove - what every agent did.

AgentValet dashboard overview showing active agents, recent activity, and platform health
Overview At-a-glance health: active agents, recent calls, pending approvals, and platform status.
Agents page listing registered AI agents with their identity, status, and scopes
Agents
Every agent has its own RS256 identity and permission profile. Suspend, rotate, or revoke in one click.
Platforms page showing connected SaaS integrations and OAuth credentials
Platforms
Connect Slack, Gmail, Stripe, GitHub and more. Credentials encrypted in the vault, never in your repo.
Audit log showing every agent action with timestamp, scope, and outcome
Audit log
Immutable, append-only record of every call. Filter by agent, platform, scope, or outcome. Export anytime.
Settings page for owner profile, approval policies, and notification preferences
Settings
Configure approval policies, delegation, and notifications. Tune the guardrails to match your team.
Security model

Six layers. Defence in depth.

No credential ever touches a log. Six layers stand between your secrets and anything that goes wrong.

Cryptographic identity
Each agent holds an RS256 private key. The proxy verifies every JWT against the public key in the registry. No shared secrets, no API keys that can leak.
Deny-by-default permissions
No agent can access any platform unless a human explicitly grants a specific scope. Permissions are per-agent, per-platform, per-action - so a leak in one agent never spreads to another.
Envelope encryption
Each credential gets a unique AES-256 DEK, encrypted by a master key in Azure Key Vault HSM. Credentials are decrypted in-memory only at call time. Never logged, never stored plaintext.
Human-in-the-loop approval
Destructive or financial operations require explicit human approval before execution. Approvals expire, can be revoked, and every decision is recorded in the immutable audit log.
Circuit breaker
Three auth failures or five consecutive API errors auto-suspend the agent. Suspension triggers an immediate push notification. Human review required before reactivation.
Immutable audit log
Every proxy call is append-only via PostgreSQL row-level security. No UPDATE or DELETE. Logs include identity, scope used, response status, and latency. SIEM export is on the Enterprise roadmap.
Open source

Don't trust us. Read the code.

A credential broker you can't inspect is just another black box holding your keys. AgentValet is open source, so you can read exactly how credentials are sealed, when they are decrypted, and what gets logged. No signup to look.

Read the source →
The proxy, the envelope encryption, the append-only audit schema. All of it, on GitHub.
Read the docs →
How identity, scoping, approvals, and revocation actually work, in depth.
Or just try it
npx @agentvalet/register
One command wires your first agent. Free tier, no card.
Use cases

From your laptop to your studio. One way to govern both.

Same identity, scope, approval, and audit - whether it's one agent on one machine or fifty across a small team.

Solo
Personal agent stack
Register your coding assistant, email summariser, and calendar agent in minutes. Each gets its own identity and scoped credentials. No more shared API keys in .env files.
  • CLI registration in <2 min
  • Automatic CLAUDE.md injection
  • Free tier: 3 agents
Studio
Multi-client agent ops
Run agents across multiple client workspaces. Each agent is scoped to its client's platforms. Revoke access instantly when an engagement ends. No credential rotation ceremony.
  • Per-client credential isolation
  • Instant scope revocation
  • Shared audit log across team
Team
Small in-house agent crew
A few engineers shipping AI features in production. Each agent stays in its lane. Approval delegation lets someone sign off when the owner's offline. One-year audit log for the auditor.
  • 50 agents · 50K calls/mo
  • Approval delegation
  • 1-year audit log + export
Pricing

Early access pricing. Lock it in before launch.

AgentValet is in beta. Early-adopter pricing goes up at GA - sign up now and your rate is locked for life.

Live in 5 minutes or we set it up with you · 30-day money-back · Agents keep running, no mid-workflow cutoffs · Every call logged and auditable
Free
$0 forever
 
For your first agent. No card required.
  • 2 agents
  • 2 platform connections
  • 100 calls/month
  • 3-day audit log
  • Human approval flows
  • Community support
Start free
Solo
$19 /mo
 
Beta pricing
Get started and test the waters.
  • 3 agents
  • 3 platform connections
  • 1,000 calls/month included
  • $0.02 per call after that
  • 7-day audit log
  • Human approval flows
  • Email support
  • 30-day money-back guarantee
Get started
Team
$129 /mo
 
Beta rate - yours for life if you start now
For agencies and operators at scale.
  • 50 agents
  • Unlimited platform connections
  • 50,000 calls/month included
  • $0.01 per call after that
  • 1-year audit log + CSV/JSON export
  • Human approval flows
  • Approval delegation (3 emails)
  • Mobile push approvals
  • Custom monthly spend alert
  • Priority support
  • 30-day money-back guarantee
Get started
Agency · Per-client isolation
Run agents across client workspaces without sharing a single key

A separate scoped identity per client, instant offboarding the day an engagement ends, and an isolation trail each client's auditor will accept. Everything in Team, scaled to your whole book of clients.

From
$299/mo
Talk to us →
A leaked .env file should be a dead end, not a master key

One stolen key can drain a Stripe account or dump a customer database. With AgentValet, four independent layers have to fail first. Our promise: your first governed agent running in under 5 minutes, or we get on a call and wire it with you. If it isn't keeping live keys off your agents within 30 days, every paid plan is fully refundable. The free tier costs nothing to prove it first.

Need bring-your-own-key, SSO, or a security review? Talk to us about Enterprise →
How overage works

Your agents never stop mid-run. If you use more calls than your plan includes, we track the extra calls and add them to your next invoice at your plan's overage rate. You'll see the running total in your dashboard, and we'll email you before your bill grows significantly. No surprises. No cutoffs. Pay for what you use.

Pricing questions
Yes. Current pricing reflects where the product is right now. When AgentValet moves to GA, prices will go up. Any plan you start during beta locks in your rate for as long as you stay subscribed - no surprises, no grandfathering footnotes.
Yes. Every account starts on the Free plan - 2 agents, 100 calls/month, no card required. Stay on it as long as you like. Paid plans add a 30-day money-back guarantee on top.
Each time an AI agent makes an API request through AgentValet to an external platform (Slack, Stripe, Gmail, etc.) counts as one call. Read-only calls and write calls both count equally.
No. Your agents keep running. Calls beyond your included amount are tracked and billed at your plan's overage rate at the end of the month. You'll see the running overage cost in your dashboard in real time.
Yes. On the Team plan you can set a monthly spend alert. We'll notify you when your estimated bill reaches your chosen threshold. On Solo and Studio, you'll receive email alerts at 75% and 90% of your included calls, and again when overage starts.
Yes, any time. Upgrades take effect immediately. Downgrades take effect at the next billing cycle.
Not yet. Join the notify list and we'll reach out when Enterprise features (SSO, bring-your-own-key, dedicated support) are ready. Early access users get a discount.
Deployment

Your key. Your Key Vault.

Hold your own master key in a Key Vault you control, or let us handle the ops while you build.

Bring your own key - in development
Bring your own key
Point AgentValet at a Key Vault HSM you control. The master key that seals every credential lives in your tenancy, so we never hold your root key. We run the proxy and storage, you keep the key.
  • Your own Key Vault HSM holds the master key
  • Per-org envelope encryption, sealed with your key
  • Revoke the key in your vault to cut us off
  • Proxy and storage stay managed by us
In development, get notified
Hosted · Available now
We handle the ops
Get a production-grade AgentValet instance running in under 5 minutes. We manage availability, backups, and security patches. You focus on building agents.
  • Production-grade infrastructure on Azure
  • Automatic security updates
  • Regional data residency options
  • Security model documented in our Privacy Policy
Start in 5 minutes →
Works with your tools

Works with Claude Code, Cursor, and your own scripts.

One MCP endpoint. Connect it to Claude Code, Cursor, Codex CLI, Factory Droid, or Paperclip in minutes. Every agent gets cryptographic identity, scoped credentials, and a full audit trail - no matter which tool is running it.

Paperclip Beta
Company-of-agents orchestrator. AgentValet adds credential vault + per-agent scope enforcement.
Cursor
AI code editor. Add AgentValet MCP in .cursor/mcp.json - agent-mode tools governed from day one.
Claude Code
Anthropic's terminal-native coding agent. npx @agentvalet/register wires .mcp.json and CLAUDE.md for you.
Claude Desktop
Anthropic's desktop app. One-click MCPB bundle or paste the agentvalet server into claude_desktop_config.json.
Codex CLI
OpenAI's terminal agent. Add via codex mcp add or drop into .codex/config.toml.
Factory Droid
AI software engineering agents. Register AgentValet via droid mcp add or .factory/mcp.json.
OpenClaw Coming soon
Self-hosted personal agent gateway. Set AgentValet as the MCP backend in ~/.openclaw/openclaw.json.
See all integration guides →
FAQ
API keys are static secrets that can't prove who is using them. AgentValet uses per-agent RS256 keypairs. The private key never leaves the agent, so every request is cryptographically attributed to a specific agent identity. You also get scope enforcement, human approval, and an immutable audit trail on top.
Credentials never sit in plaintext anywhere a person can read them. Each one gets a unique AES-256 key, the master key lives in a Key Vault HSM, and decryption happens in-memory inside our isolated proxy only at call time. Nothing is logged. Nothing is stored decrypted. On Enterprise you can bring your own key: the master key that seals every credential lives in a Key Vault HSM you control, so we never hold your root key. The proxy and storage stay managed by us.
Revocation is immediate and cascading. The agent's public key is removed from the registry, all its scope grants are invalidated, and any in-flight requests are rejected. If you use CAEP/SSF, downstream platforms that support the standard receive a revocation signal within seconds.
Yes. AgentValet is agent-agnostic. The CLI registers any agent that can sign a JWT. For Claude Code specifically, npx @agentvalet/register automatically injects the correct CLAUDE.md configuration and hooks. Any agent that can make HTTP requests can use the proxy.
The audit log is backed by PostgreSQL with row-level security policies that allow only INSERT. No UPDATE or DELETE. Even if an attacker gains database credentials, they cannot modify historical records. On the enterprise tier you can additionally stream logs to an external SIEM for a second source of truth.
25 platform integrations are live today, including Airtable, Gmail, Slack, HubSpot, GitHub, Stripe, Notion, Google Calendar, Microsoft Outlook, Supabase, Clerk, Google Sheets, Google Tasks, Microsoft Teams, Google Drive, and Google Docs. Each has OAuth scope-level approval. New platforms ship weekly. See the full list →

Give your agents an identity you can prove.

Deploy in 5 minutes. 30-day money-back guarantee. Cancel any time.

Get started →

Want to hold your own key? Get notified when BYOK ships →