Open source · Self-hostable

The valet key
for AI agents.

Stop putting live API keys in .mcp.json and .env files. AgentValet sits between every agent and every SaaS platform - scoped credentials, human approval, full audit trail. One revoke kills access instantly.

Get started → See how it works →
<5min Time to first agent
Agent
invoice-processor
RS256 · signs JWT
AgentValet
verify_sig
check_scope
inject_cred
audit_write
Platforms
stripe
gmail
slack
github
notion
hubspot
The valet key

A valet key starts the car and unlocks the driver's door. It won't open the trunk, the glovebox, or the front gate at home. AgentValet hands your AI agent the valet key — and keeps the rest on your hook.

How it works

Three steps. No keys in your repo.

01
Register your agent
Run npx @agentvalet/register from your agent project. We generate an RS256 keypair and record the public key in the registry. Your agent signs every request - the private key never leaves your machine.
02
Connect platforms
Your owner approves scopes in the dashboard. AgentValet stores encrypted credentials via envelope encryption: AES-256 DEK per credential, master key in Azure Key Vault HSM. Your agent never sees raw tokens.
03
Call via proxy
Agents call POST /v1/actions with a short-lived JWT. The proxy verifies the signature, checks scope grants, injects credentials in-memory, forwards the call, and writes an immutable audit record, in one round trip.
Architecture

Every agent. Every call. Every action logged.

Each agent gets its own identity. Every call is checked against what it's allowed to do. Credentials are decrypted in memory only at call time - never written, never logged.

Identity
Who is the agent?
RS256 keypair Per-agent identity No shared secrets Entra ID federation OAuth 2.1
Governance
What can it do?
Deny-by-default Scope matrix Human approval Circuit breaker Scope delegation Instant revocation
Integration
Reach platforms
Envelope encryption OAuth 2.0 credential storage 14 platforms live, more weekly Azure Key Vault HSM Immutable audit log
Observability
Did it work safely?
Supabase RLS log Anomaly detection Push notifications Real-time dashboard Audit export
Security model

Six layers. Defence in depth.

No credential ever touches a log. Six layers stand in the way of one that tries.

Cryptographic identity
Each agent holds an RS256 private key. The proxy verifies every JWT against the public key in the registry. No shared secrets, no API keys that can leak.
Deny-by-default permissions
No agent can access any platform unless a human explicitly grants a specific scope. The permission matrix is per-agent, per-platform, per-action, not role-level blobs.
Envelope encryption
Each credential gets a unique AES-256 DEK, encrypted by a master key in Azure Key Vault HSM. Credentials are decrypted in-memory only at call time. Never logged, never stored plaintext.
Human-in-the-loop approval
Destructive or financial operations require explicit human approval before execution. Approvals expire, can be revoked, and every decision is recorded in the immutable audit log.
Circuit breaker
Three auth failures or five consecutive API errors auto-suspend the agent. Suspension triggers an immediate push notification. Human review required before reactivation.
Immutable audit log
Every proxy call is append-only via Supabase RLS. No UPDATE or DELETE. Logs include identity, scope used, response status, and latency. SIEM export available on enterprise tier.
Use cases

From your laptop to your studio. One way to govern both.

Same identity, scope, approval, and audit — whether it's one agent on one machine or fifty across a small team.

Solo
Personal agent stack
Register your coding assistant, email summariser, and calendar agent in minutes. Each gets its own identity and scoped credentials. No more shared API keys in .env files.
  • CLI registration in <2 min
  • Automatic CLAUDE.md injection
  • Free tier: 3 agents
Studio
Multi-client agent ops
Run agents across multiple client workspaces. Each agent is scoped to its client's platforms. Revoke access instantly when an engagement ends. No credential rotation ceremony.
  • Per-client credential isolation
  • Instant scope revocation
  • Shared audit log across team
Team
Small in-house agent crew
A few engineers shipping AI features in production. Each agent stays in its lane. Approval delegation lets someone sign off when the owner's offline. One-year audit log for the auditor.
  • 50 agents · 50K calls/mo
  • Approval delegation
  • 1-year audit log + export
Pricing

Early access pricing. Lock it in before launch.

AgentValet is in beta. These prices are for early adopters and they go up at GA. Sign up now and your rate is locked for life.

30-day money-back guarantee · Beta pricing locks in at signup · No increases for early members · Agents keep running, no mid-workflow cutoffs · Every call logged and auditable
Free
$0 forever
 
For your first agent. No card required.
  • 2 agents
  • 2 platform connections
  • 100 calls/month
  • 3-day audit log
  • Human approval flows
  • Community support
Start free
Solo
$19 /mo
 
Beta pricing
Get started and test the waters.
  • 3 agents
  • 3 platform connections
  • 1,000 calls/month included
  • $0.02 per call after that
  • 7-day audit log
  • Human approval flows
  • Email support
  • 30-day money-back guarantee
Get started
Team
$129 /mo
 
Beta rate - yours for life if you start now
For agencies and operators at scale.
  • 50 agents
  • Unlimited platform connections
  • 50,000 calls/month included
  • $0.01 per call after that
  • 1-year audit log + CSV/JSON export
  • Human approval flows
  • Approval delegation (3 emails)
  • Mobile push approvals
  • Custom monthly spend alert
  • Priority support
  • 30-day money-back guarantee
Get started
Need self-hosted, SSO, or a security review? Talk to us about Enterprise →
How overage works

Your agents never stop mid-run. If you use more calls than your plan includes, we track the extra calls and add them to your next invoice at your plan's overage rate. You'll see the running total in your dashboard, and we'll email you before your bill grows significantly. No surprises. No cutoffs. Pay for what you use.

Pricing questions
Yes. Current pricing reflects where the product is right now. When AgentValet moves to GA, prices will go up. Any plan you start during beta locks in your rate for as long as you stay subscribed - no surprises, no grandfathering footnotes.
Yes. Every account starts on the Free plan — 2 agents, 100 calls/month, no card required. Stay on it as long as you like. Paid plans add a 30-day money-back guarantee on top.
Each time an AI agent makes an API request through AgentValet to an external platform (Slack, Stripe, Gmail, etc.) counts as one call. Read-only calls and write calls both count equally.
No. Your agents keep running. Calls beyond your included amount are tracked and billed at your plan's overage rate at the end of the month. You'll see the running overage cost in your dashboard in real time.
Yes. On the Team plan you can set a monthly spend alert. We'll notify you when your estimated bill reaches your chosen threshold. On Solo and Studio, you'll receive email alerts at 75% and 90% of your included calls, and again when overage starts.
Yes, any time. Upgrades take effect immediately. Downgrades take effect at the next billing cycle.
Not yet. Join the notify list and we'll reach out when Enterprise features (SSO, self-hosted vault, dedicated support) are ready. Early access users get a discount.
Deployment

Your data. Your infrastructure.

Run AgentValet anywhere, or let us handle the ops while you build.

Self-host - coming soon
Run it yourself
Deploy to Azure, GCP, AWS, or any VPS. One Docker image. Your database, your key vault, your audit trail. Zero vendor lock-in.
  • Supabase (self-hosted or cloud)
  • Azure Key Vault for HSM master keys
  • AgentValet credential vault for OAuth token storage
  • Docker Compose for the proxy
In development, get notified
Hosted · Available now
We handle the ops
Get a production-grade AgentValet instance running in under 5 minutes. We manage availability, backups, and security patches. You focus on building agents.
  • Production-grade infrastructure on Azure
  • Automatic security updates
  • Regional data residency options
  • Security model documented in our Privacy Policy
Start in 5 minutes →
Works with your tools

Works with Claude Code, Cursor, and your own scripts.

One MCP endpoint. Connect it to Claude Code, Cursor, Codex CLI, Factory Droid, or Paperclip in minutes. Every agent gets cryptographic identity, scoped credentials, and a full audit trail - no matter which tool is running it.

Paperclip Beta
Company-of-agents orchestrator. AgentValet adds credential vault + per-agent scope enforcement.
Cursor
AI code editor. Add AgentValet MCP in .cursor/mcp.json - agent-mode tools governed from day one.
Claude Code
Anthropic's terminal-native coding agent. npx @agentvalet/register wires .mcp.json and CLAUDE.md for you.
Codex CLI
OpenAI's terminal agent. Add via codex mcp add or drop into .codex/config.toml.
Factory Droid
AI software engineering agents. Register AgentValet via droid mcp add or .factory/mcp.json.
OpenClaw Coming soon
Self-hosted personal agent gateway. Set AgentValet as the MCP backend in ~/.openclaw/openclaw.json.
See all integration guides →
FAQ
API keys are static secrets that can't prove who is using them. AgentValet uses per-agent RS256 keypairs. The private key never leaves the agent, so every request is cryptographically attributed to a specific agent identity. You also get scope enforcement, human approval, and an immutable audit trail on top.
Credentials never sit in plaintext anywhere a person can read them. Each one gets a unique AES-256 key, the master key lives in Azure Key Vault's HSM, and decryption happens in-memory inside our isolated proxy only at call time. Nothing is logged. Nothing is stored decrypted. Self-hosted deployments are available on Enterprise — same encryption model, running entirely in your own infra.
Revocation is immediate and cascading. The agent's public key is removed from the registry, all its scope grants are invalidated, and any in-flight requests are rejected. If you use CAEP/SSF, downstream platforms that support the standard receive a revocation signal within seconds.
Yes. AgentValet is agent-agnostic. The CLI registers any agent that can sign a JWT. For Claude Code specifically, npx @agentvalet/register automatically injects the correct CLAUDE.md configuration and hooks. Any agent that can make HTTP requests can use the proxy.
The audit log is backed by Supabase with Row Level Security policies that allow only INSERT. No UPDATE or DELETE. Even if an attacker gains database credentials, they cannot modify historical records. On the enterprise tier you can additionally stream logs to an external SIEM for a second source of truth.
14 platform integrations are live today: Airtable, Gmail, Slack, HubSpot, GitHub, Google Calendar, Microsoft Outlook, Supabase, Clerk, Google Sheets, Google Tasks, Microsoft Teams, Google Drive, and Google Docs. Each has OAuth scope-level approval. More integrations are added regularly. See the full list →

Give your agents an identity they deserve.

Deploy in 5 minutes. 30-day money-back guarantee. Cancel any time.

Get started → Self-host - coming soon