Open source · Self-hostable

The valet key
for AI agents.

Stop putting live API keys in .mcp.json and .env files. AgentValet sits between every agent and every SaaS platform — scoped credentials, human approval, full audit trail. One revoke kills access instantly.

Get started → Self-host - coming soon
$ npx @agentvalet/register --name "My Agent" --scope slack:chat:write
RS256 No shared secrets
16 live Platforms. More weekly. ↗
MIT Open source
<5min Time to first agent
Agent
invoice-processor
RS256 · signs JWT
AgentValet
verify_sig
check_scope
inject_cred
audit_write
Platforms
stripe
gmail
slack
github
notion
hubspot
How it works

Setup in minutes. Govern from day one.

Three steps to deploy a fully governed agent that your whole team can audit.

01
Register your agent
Run npx @agentvalet/register from your agent project. We generate an RS256 keypair and record the public key in the registry. Your agent signs every request — the private key never leaves your machine.
02
Connect platforms
Your owner approves scopes in the dashboard. AgentValet stores encrypted credentials via envelope encryption: AES-256 DEK per credential, master key in Azure Key Vault HSM. Your agent never sees raw tokens.
03
Call via proxy
Agents call POST /v1/actions with a short-lived JWT. The proxy verifies the signature, checks scope grants, injects credentials in-memory, forwards the call, and writes an immutable audit record, in one round trip.
Architecture

Every agent. Every call. Every action logged.

Each agent gets its own identity. Every call is checked against what it's allowed to do. Credentials are decrypted in memory only at call time — never written, never logged.

Identity
Who is the agent?
RS256 keypair Per-agent identity No shared secrets Entra ID federation OAuth 2.1
Governance
What can it do?
Deny-by-default Scope matrix Human approval Circuit breaker Scope delegation Instant revocation
Integration
Reach platforms
Envelope encryption OAuth 2.0 credential storage 16 platforms live, more weekly Azure Key Vault HSM Immutable audit log
Observability
Did it work safely?
Supabase RLS log Anomaly detection Push notifications Real-time dashboard Audit export
Security model

Six layers. Defence in depth.

Every request passes through a layered gauntlet. No credential ever touches a log.

Cryptographic identity
Each agent holds an RS256 private key. The proxy verifies every JWT against the public key in the registry. No shared secrets, no API keys that can leak.
Deny-by-default permissions
No agent can access any platform unless a human explicitly grants a specific scope. The permission matrix is per-agent, per-platform, per-action, not role-level blobs.
Envelope encryption
Each credential gets a unique AES-256 DEK, encrypted by a master key in Azure Key Vault HSM. Credentials are decrypted in-memory only at call time. Never logged, never stored plaintext.
Human-in-the-loop approval
Destructive or financial operations require explicit human approval before execution. Approvals expire, can be revoked, and every decision is recorded in the immutable audit log.
Circuit breaker
Three auth failures or five consecutive API errors auto-suspend the agent. Suspension triggers an immediate push notification. Human review required before reactivation.
Immutable audit log
Every proxy call is append-only via Supabase RLS. No UPDATE or DELETE. Logs include identity, scope used, response status, and latency. SIEM export available on enterprise tier.
Use cases

From solo tinkerer to enterprise fleet.

AgentValet scales with you. One config file to hundreds of governed agents across teams.

Solo
Personal agent stack
Register your coding assistant, email summariser, and calendar agent in minutes. Each gets its own identity and scoped credentials. No more shared API keys in .env files.
  • CLI registration in <2 min
  • Automatic CLAUDE.md injection
  • Free tier: 3 agents
Agency
Multi-client agent ops
Run agents across multiple client workspaces. Each agent is scoped to its client's platforms. Revoke access instantly when an engagement ends. No credential rotation ceremony.
  • Per-client credential isolation
  • Instant scope revocation
  • Shared audit log across team
Enterprise
Governed agent fleet
Deploy AgentValet on your own infrastructure (Azure / GCP / AWS). Integrate with Entra ID for agent identity. Every call goes through your security team's approval workflow.
  • Self-hostable on any cloud
  • Entra / SPIFFE identity federation
  • SIEM export + SOC integration
Pricing

Early access pricing. Lock it in before launch.

AgentValet is in beta. These prices are for early adopters and they go up at GA. Sign up now and your rate is locked for life.

30-day money-back guarantee · Beta pricing locks in at signup · No increases for early members · Agents keep running, no mid-workflow cutoffs · Every call logged and auditable
Starter
$9 /mo
 
Beta pricing
Get started and test the waters.
  • 3 agents
  • 3 platform connections
  • 1,000 calls/month included
  • $0.02 per call after that
  • 7-day audit log
  • Human approval flows
  • Email support
  • 30-day money-back guarantee
Get started
Business
$79 /mo
 
Beta rate — yours for life if you start now
For agencies and operators at scale.
  • 50 agents
  • Unlimited platform connections
  • 50,000 calls/month included
  • $0.01 per call after that
  • 1-year audit log + CSV/JSON export
  • Human approval flows
  • Approval delegation (3 emails)
  • Mobile push approvals
  • Custom monthly spend alert
  • Priority support
  • 30-day money-back guarantee
Get started
Coming Soon
Enterprise
Custom
 
Self-hosted and team features in the works.
  • Unlimited agents
  • Unlimited calls
  • Custom audit retention
  • SAML SSO
  • Team seats
  • Self-hosted vault option
  • Dedicated support
Get started
How overage works

Your agents never stop mid-run. If you use more calls than your plan includes, we track the extra calls and add them to your next invoice at your plan's overage rate. You'll see the running total in your dashboard, and we'll email you before your bill grows significantly. No surprises. No cutoffs. Pay for what you use.

Pricing questions
Yes. Current pricing reflects where the product is right now. When AgentValet moves to GA, prices will go up. Any plan you start during beta locks in your rate for as long as you stay subscribed — no surprises, no grandfathering footnotes.
Every plan comes with a 30-day money-back guarantee. Try it risk-free and get a full refund if it's not right. No questions asked.
Each time an AI agent makes an API request through AgentValet to an external platform (Slack, Stripe, Gmail, etc.) counts as one call. Read-only calls and write calls both count equally.
No. Your agents keep running. Calls beyond your included amount are tracked and billed at your plan's overage rate at the end of the month. You'll see the running overage cost in your dashboard in real time.
Yes. On the Business plan you can set a monthly spend alert. We'll notify you when your estimated bill reaches your chosen threshold. On Starter and Pro, you'll receive email alerts at 75% and 90% of your included calls, and again when overage starts.
Yes, any time. Upgrades take effect immediately. Downgrades take effect at the next billing cycle.
Not yet. Join the notify list and we'll reach out when Team and Enterprise features are ready. Early access users get a discount.
Deployment

Your data. Your infrastructure.

Run AgentValet anywhere, or let us handle the ops while you build.

Self-host - coming soon
Run it yourself
Deploy to Azure, GCP, AWS, or any VPS. One Docker image. Your database, your key vault, your audit trail. Zero vendor lock-in.
  • Supabase (self-hosted or cloud)
  • Azure Key Vault for HSM master keys
  • AgentValet credential vault for OAuth token storage
  • Docker Compose for the proxy
In development, get notified
Hosted · Available now
We handle the ops
Get a production-grade AgentValet instance running in under 5 minutes. We manage availability, backups, and security patches. You focus on building agents.
  • Production-grade infrastructure on Azure
  • Automatic security updates
  • Regional data residency options
  • Security model documented at /docs/security
Start in 5 minutes →
Works with your tools

Plugs into the agent runtimes you already use.

One MCP endpoint. Connect it to Cursor, VS Code, Codex CLI, Factory Droid, OpenClaw, or Paperclip in minutes. Every agent gets cryptographic identity, scoped credentials, and a full audit trail — no matter which tool is running it.

Paperclip
Company-of-agents orchestrator. AgentValet adds credential vault + per-agent scope enforcement.
Cursor
AI code editor. Add AgentValet MCP in .cursor/mcp.json — agent-mode tools governed from day one.
VS Code
Configure in .vscode/mcp.json. Works with Copilot Agent mode, Cline, Continue, and any MCP-aware extension.
Codex CLI
OpenAI's terminal agent. Add via codex mcp add or drop into .codex/config.toml.
Factory Droid
AI software engineering agents. Register AgentValet via droid mcp add or .factory/mcp.json.
OpenClaw
Self-hosted personal agent gateway. Set AgentValet as the MCP backend in ~/.openclaw/openclaw.json.
See all integration guides →
FAQ

Common questions.

API keys are static secrets that can't prove who is using them. AgentValet uses per-agent RS256 keypairs. The private key never leaves the agent, so every request is cryptographically attributed to a specific agent identity. You also get scope enforcement, human approval, and an immutable audit trail on top.
On the self-hosted tier: never. Credentials stay in your Supabase instance, encrypted by a master key in your Azure Key Vault. On the hosted tier, credentials are encrypted before leaving your agent and are only decrypted in-memory at call time inside our isolated proxy. They are never stored in plaintext or logged.
Revocation is immediate and cascading. The agent's public key is removed from the registry, all its scope grants are invalidated, and any in-flight requests are rejected. If you use CAEP/SSF, downstream platforms that support the standard receive a revocation signal within seconds.
Yes. AgentValet is agent-agnostic. The CLI registers any agent that can sign a JWT. For Claude Code specifically, npx @agentvalet/register automatically injects the correct CLAUDE.md configuration and hooks. Any agent that can make HTTP requests can use the proxy.
The audit log is backed by Supabase with Row Level Security policies that allow only INSERT. No UPDATE or DELETE. Even if an attacker gains database credentials, they cannot modify historical records. On the enterprise tier you can additionally stream logs to an external SIEM for a second source of truth.
11 platform integrations are live today: GitHub, Slack, Gmail, Stripe, Notion, HubSpot, Airtable, Google Calendar, Microsoft Outlook, Supabase, and Clerk. Each has OAuth scope-level approval. More integrations are added weekly. See the full roadmap →

Give your agents an identity they deserve.

Deploy in 5 minutes. 30-day money-back guarantee. Cancel any time.

Get started → Self-host - coming soon