Open source · Self-hostable

Your agents. Your rules.
Agents you can actually trust.

AgentValet sits between your AI agents and every SaaS platform. Cryptographic identity. Granular permissions. Human approval when it matters.

Deploy in 5 minutes → Self-host — coming soon
RS256 Cryptographic identity
400+ Integrations on roadmap ↗
MIT Open source license
<5min Time to first agent
Agent
invoice-processor
RS256 · signs JWT
AgentValet
verify_sig
check_scope
inject_cred
audit_write
Platforms
stripe
gmail
slack
github
notion
hubspot
How it works

Setup once. Secure forever.

Three steps to deploy a fully governed agent that your whole team can audit.

01
Register your agent
Run agentvalet-register from your agent project. We generate an RS256 keypair and record the public key in the registry. Your agent signs every request — forgery is impossible.
02
Connect platforms
Your owner approves scopes in the dashboard. AgentValet stores encrypted credentials via envelope encryption — AES-256 DEK per credential, master key in Azure Key Vault HSM. Your agent never sees raw tokens.
03
Call via proxy
Agents call POST /v1/actions with a short-lived JWT. The proxy verifies the signature, checks scope grants, injects credentials in-memory, forwards the call, and writes an immutable audit record — in one round trip.
Architecture

Three layers. Zero gaps.

A clean separation of identity, governance, and integration — each independently auditable.

Identity
Who is the agent?
RS256 keypair CIMD identity doc SPIFFE SVID ZeroID / Entra OAuth 2.1
Governance
What can it do?
Deny-by-default Scope matrix Human approval Circuit breaker RFC 8693 delegation SSF/CAEP revocation
Integration
Reach platforms
Envelope encryption OAuth 2.0 credential storage 400+ integrations on roadmap Azure Key Vault HSM Immutable audit log
Observability
Did it work safely?
Supabase RLS log Anomaly detection Push notifications Real-time dashboard Audit export
Security model

Six layers. Defence in depth.

Every request passes through a layered gauntlet. No credential ever touches a log.

🔑
Cryptographic identity
Each agent holds an RS256 private key. The proxy verifies every JWT against the public key in the registry — no shared secrets, no API keys that can leak.
🛡️
Deny-by-default permissions
No agent can access any platform unless a human explicitly grants a specific scope. The permission matrix is per-agent, per-platform, per-action — not role-level blobs.
🔒
Envelope encryption
Each credential gets a unique AES-256 DEK, encrypted by a master key in Azure Key Vault HSM. Credentials are decrypted in-memory only at call time — never logged, never stored plaintext.
👤
Human-in-the-loop approval
Destructive or financial operations require explicit human approval before execution. Approvals expire, can be revoked, and every decision is recorded in the immutable audit log.
Circuit breaker
Three auth failures or five consecutive API errors auto-suspend the agent. Suspension triggers an immediate push notification. Human review required before reactivation.
📋
Immutable audit log
Every proxy call is append-only via Supabase RLS — no UPDATE or DELETE. Logs include identity, scope used, response status, and latency. SIEM export available on enterprise tier.
Use cases

From solo tinkerer to enterprise fleet.

AgentValet scales with you — one config file to hundreds of governed agents across teams.

Solo
Personal agent stack
Register your coding assistant, email summariser, and calendar agent in minutes. Each gets its own identity and scoped credentials — no more shared API keys in .env files.
  • CLI registration in <2 min
  • Automatic CLAUDE.md injection
  • Free tier: 3 agents
Agency
Multi-client agent ops
Run agents across multiple client workspaces. Each agent is scoped to its client's platforms. Revoke access instantly when an engagement ends — no credential rotation ceremony.
  • Per-client credential isolation
  • Instant scope revocation
  • Shared audit log across team
Enterprise
Governed agent fleet
Deploy AgentValet on your own infrastructure (Azure / GCP / AWS). Integrate with Entra ID for agent identity. Every call goes through your security team's approval workflow.
  • Self-hostable on any cloud
  • Entra / SPIFFE identity federation
  • SIEM export + SOC integration
Pricing

Simple pricing. No hidden fees.

Every tier includes the core security model — agent identity, credential proxy, human approvals, and audit logging. Pay for what you use.

30-day money-back guarantee on all plans · Agents keep running — no mid-workflow cutoffs · Every call logged and auditable
Starter
$9 /mo
 
Get started and test the waters.
  • 3 agents
  • 3 platform connections
  • 1,000 calls/month included
  • $0.02 per call after that
  • 7-day audit log
  • Human approval flows
  • Email support
  • 30-day money-back guarantee
Start Starter
Business
$79 /mo
 
For agencies and operators at scale.
  • 50 agents
  • Unlimited platform connections
  • 50,000 calls/month included
  • $0.01 per call after that
  • 1-year audit log + CSV/JSON export
  • Human approval flows
  • Approval delegation (3 emails)
  • Mobile push approvals
  • Custom monthly spend alert
  • Priority support
  • 30-day money-back guarantee
Start Business
Coming Soon
Enterprise
Custom
 
Self-hosted and team features in the works.
  • Unlimited agents
  • Unlimited calls
  • Custom audit retention
  • SAML SSO
  • Team seats
  • Self-hosted vault option
  • Dedicated support
Notify me
How overage works

Your agents never stop mid-run. If you use more calls than your plan includes, we track the extra calls and add them to your next invoice at your plan's overage rate. You'll see the running total in your dashboard — and we'll email you before your bill grows significantly. No surprises. No cutoffs. Pay for what you use.

Pricing questions
Every plan comes with a 30-day money-back guarantee. Try it risk-free and get a full refund if it's not right — no questions asked.
Each time an AI agent makes an API request through AgentValet to an external platform (Slack, Stripe, Gmail, etc.) counts as one call. Read-only calls and write calls both count equally.
No. Your agents keep running. Calls beyond your included amount are tracked and billed at your plan's overage rate at the end of the month. You'll see the running overage cost in your dashboard in real time.
Yes. On the Business plan you can set a monthly spend alert — we'll notify you when your estimated bill reaches your chosen threshold. On Starter and Pro, you'll receive email alerts at 75% and 90% of your included calls, and again when overage starts.
Yes, any time. Upgrades take effect immediately. Downgrades take effect at the next billing cycle.
Not yet. Join the notify list and we'll reach out when Team and Enterprise features are ready. Early access users get a discount.
Deployment

Your data. Your infrastructure.

Run AgentValet anywhere — or let us handle the ops while you build.

Self-host — coming soon
Run it yourself
Deploy to Azure, GCP, AWS, or any VPS. One Docker image. Your database, your key vault, your audit trail. Zero vendor lock-in.
  • Supabase (self-hosted or cloud)
  • Azure Key Vault for HSM master keys
  • AgentValet credential vault for OAuth token storage
  • Docker Compose for the proxy
🚧 In development — get notified
Hosted · Available now
We handle the ops
Get a production-grade AgentValet instance running in under 5 minutes. We manage availability, backups, and security patches — you focus on building agents.
  • 99.9% uptime SLA on Pro+
  • Automatic security updates
  • Regional data residency options
  • SOC 2 report on request
Start in 5 minutes →
For Paperclip Companies

Paperclip runs your agents.
AgentValet keeps them honest.

Paperclip orchestrates who does the work. AgentValet controls what they're allowed to touch — and proves it. Every platform call is credentialed, scoped, rate-limited, and logged. One revoke to stop any agent, instantly, across your whole company.

Connect AgentValet to Paperclip → Read the integration docs →
The gap Paperclip leaves open
🔑
Credentials everywhere
Every Paperclip agent config that touches a SaaS platform holds a live credential. One leaked config file, one breach.
📋
No audit trail per agent
Paperclip logs what tasks ran. It doesn't log what your Slack agent actually sent, or what your Stripe agent actually charged.
Kill switch is too slow
Revoking an agent in Paperclip stops future runs. It doesn't stop the credential the agent already holds from being used right now.
What AgentValet adds

AgentValet sits between your Paperclip agents and every SaaS platform they touch. Agents never hold real credentials — they hold a scoped valet key that AgentValet controls.

🛡️
One credential, zero exposure
Your Paperclip agents authenticate via AgentValet using a short-lived, scoped token. The real API key never leaves AgentValet's vault.
🎯
Per-agent permission matrix
Set exactly which platforms each Paperclip agent can touch and which actions it can take. Your Finance agent gets Stripe read-only. Your Marketing agent gets Buffer write. Nothing bleeds across.
Human-in-the-loop for high-stakes calls
Flag specific scopes — stripe:charge, mail:send — as requiring your approval. AgentValet holds the call and only proceeds when you say so.
📊
Full audit trail, per agent, per call
Every platform call any Paperclip agent makes is logged with the agent identity, platform, scope, timestamp, and outcome. Export to CSV. Compliance-ready.
Why AgentValet
Paperclip alone Paperclip + AgentValet
Agent orchestration
Budget controls
Credential vault
Per-agent scope enforcement
Human approval for sensitive calls
Per-call audit log
One-click agent revoke Suspends future runs Revokes credentials now
IETF AIMS compliant identity

"Paperclip is the company. AgentValet is the security desk at the door."

Why now
97M
MCP monthly downloads — and 66% of MCP servers have known security findings
The ecosystem is moving faster than the security layer. Every week more agents go into production touching real platforms with real credentials.
53K
Paperclip GitHub stars in 6 weeks
The "company of agents" model is not a thought experiment. Developers are running real autonomous businesses on Paperclip today — those businesses need a security layer.
Mar 2026
IETF published the agent auth draft
The industry is converging on standards — SPIFFE identity, RFC 7591, AuthZEN 1.0. AgentValet is built on these standards. Getting ahead of them is the window.
How it works
1
Agent wakes in Paperclip
Task fires. Agent needs to call Slack, Stripe, or Gmail.
2
AgentValet issues scoped valet key
Short-lived token scoped to exactly the platforms and actions the agent needs.
3
Agent calls platforms via AgentValet proxy
Every call is validated, scoped, and forwarded. Unapproved actions are held for review.
4
Call logged, credentials never exposed
Append-only audit entry. You stay in control. One revoke kills access instantly.

"The agent does the work. AgentValet holds the keys."

How to connect

Three steps. One setup. Every agent covered.

STEP 1
Install the adapter
npm install @agentvalet/paperclip-adapter
One npm package. Register it in your Paperclip server, UI, and CLI registries.
STEP 2
Set three env vars
AGENTVALET_PROXY_URL=https://api.agentvalet.ai
AGENTVALET_OWNER_ID=your-owner-id
AGENTVALET_COMPANY_KEY=your-rs256-key
Set once per Paperclip company. Every agent inherits automatically.
STEP 3
Agents register themselves
On first heartbeat, each agent auto-registers with AgentValet. You approve it in the dashboard — set which platforms it can touch and what it's allowed to do. Done.

No per-agent config. No credential juggling. One setup, every agent in your Paperclip company covered.

"I've been running 12 Paperclip agents across 3 companies. Before AgentValet I had API keys in 12 different config files. Now I have one dashboard and one revoke button."

— Early access user

Give your Paperclip company a security desk.

Start free. Connect in minutes. Approve your first agent before your next heartbeat fires.

Start Free → Read the docs →
FAQ

Common questions.

API keys are static secrets that can't prove who is using them. AgentValet uses per-agent RS256 keypairs — the private key never leaves the agent, so every request is cryptographically attributed to a specific agent identity. You also get scope enforcement, human approval, and an immutable audit trail on top.
On the self-hosted tier: never. Credentials stay in your Supabase instance, encrypted by a master key in your Azure Key Vault. On the hosted tier, credentials are encrypted before leaving your agent and are only decrypted in-memory at call time inside our isolated proxy — they are never stored in plaintext or logged.
Revocation is immediate and cascading. The agent's public key is removed from the registry, all its scope grants are invalidated, and any in-flight requests are rejected. If you use CAEP/SSF, downstream platforms that support the standard receive a revocation signal within seconds.
Yes. AgentValet is agent-agnostic. The CLI registers any agent that can sign a JWT. For Claude Code specifically, agentvalet-register automatically injects the correct CLAUDE.md configuration and hooks. Any agent that can make HTTP requests can use the proxy.
The audit log is backed by Supabase with Row Level Security policies that allow only INSERT — no UPDATE or DELETE. Even if an attacker gains database credentials, they cannot modify historical records. On the enterprise tier you can additionally stream logs to an external SIEM for a second source of truth.
10 integrations are live today — including Slack, Gmail, GitHub, Stripe, Notion, HubSpot, Airtable, Google Calendar, Outlook, and Supabase. 400+ more are on our roadmap, spanning every category from CRM and HR to payments, analytics, and dev tools. See the full roadmap →

Give your agents an identity they deserve.

Deploy in 5 minutes. Start from $9/month. 30-day money-back guarantee on all plans.

Get started free → Self-host — coming soon