Agentvalet
@AgentValet
IGA for AI agents. IETF AIMS-compliant identity, credential governance & MCP proxy. SPIFFE · RFC 7591 · AuthZEN · CIBA. npx @agentvalet/register
Overview
What is Agentvalet?
Agentvalet is an identity and credential governance broker for AI agents and MCP servers. It gives every agent its own cryptographic identity, scoped and short-lived credentials per platform, human approval gates on critical actions, and an immutable audit log. The open-source client surface (MCP server, CLI, Claude Desktop bundle, adapters) is MIT-licensed; the managed proxy runs the credential vault, policy engine, and audit store.
How to use Agentvalet?
Run npx @agentvalet/register to generate an RS256 keypair, register the agent, and wire up the configuration. Alternatively, manually add the MCP server to your client’s config with environment variables AGENT_ID, OWNER_ID, PROXY_URL, and AGENT_PRIVATE_KEY_PATH. The server exposes seven tools: list_platforms, use_platform, authzen_evaluate, agent_register, agent_status, list_my_pending_actions, and report_self_diagnostic.
Key features of Agentvalet
- Per-agent RS256 cryptographic identity with SPIFFE-format URIs
- Deny-by-default scopes and granular per‑agent‑per‑platform‑per‑action grants
- Human‑in‑the‑loop approval for destructive or financial scopes
- Immutable, append‑only audit log that is filterable and exportable
- Three‑strike circuit breaker that auto‑suspends misbehaving agents
- Native MCP server plus one‑command CLI (
@agentvalet/register) - Self‑hostable (PostgreSQL) and standards‑aligned (SPIFFE, RFC 7591, AuthZEN 1.0, IETF AIMS)
Use cases of Agentvalet
- Replace credential inheritance so each agent holds its own scoped, short-lived token
- Enable human approval gates on sensitive API calls (e.g., destructive or financial actions)
- Provide an immutable audit trail attributing every agent call to a single identity
- Fast onboarding for developers and small teams shipping agents without an enterprise identity provider
- Self-host credential governance for AI agents in your own infrastructure
FAQ from Agentvalet
What is credential inheritance and why does it matter?
Credential inheritance occurs when an AI agent runs on a developer’s token instead of its own. This gives every agent full scope on every platform the token touches and leaves no record of which agent did what. Agentvalet solves this by giving each agent its own scoped, short-lived credential.
How does Agentvalet compare to alternatives like Aembit, Akeyless, or Infisical Agent Vault?
Agentvalet focuses on agent‑first identity and governance, with self‑serve onboarding under five minutes and open‑source client components (MIT). Aembit and Akeyless are enterprise‑sales‑led; Infisical is open‑source core but network‑level. Agentvalet is built for developers and small teams shipping agents this week.
Is Agentvalet fully open source?
The client surface (MCP server, CLI, Claude Desktop bundle, adapters, and @agentvalet/mcp‑broker) is MIT‑licensed in this repo. The proxy (credential vault, policy engine, audit store) is a managed service today; a self‑host reference is on the roadmap.
What are the known limitations of Agentvalet?
The SSE stream for approval status can close prematurely on long waits (reconnect logic planned). CLI rate limiting is rudimentary. There is no clear or delete UI for expired pending registrations.
What transports and authentication does Agentvalet use?
The MCP server communicates over SSE (streaming) and uses RS256 JWTs (60‑second lifetime) signed by the agent’s private key. Private keys never leave the machine. Every platform call goes through the proxy with scope checks, audit logging, and human approval where required.