Credential permissions for AI agents

AgentPass Local

Your agent can log in. Your password never enters the conversation.

A local broker for the moment an autonomous workflow hits a login screen: domain-scoped access, OS-protected secrets, and agent-visible outcomes instead of agent-visible passwords.

See the flow

Codex skill + desktop app + local broker source. One-time license.

AgentPass Local desktop app showing a GitHub credential with allowed domains, protected password field, and local controls.

The login bottleneck

Agent autonomy breaks the second a private account appears.

Either the human takes over, or the password gets copied into a place that was never designed to protect it. AgentPass Local creates a third option.

Without a boundary

Credentials leak into prompts, logs, screenshots, browser history, or improvised scripts.

With AgentPass

The agent can use approved fields for approved domains while the raw secret stays local.

The real unlock

Agents can finish useful authenticated work without teaching you to paste passwords into chat.

How it works

A permission check at the exact moment an agent needs access.

AgentPass is not a cloud vault and not a new place to sync every password. It is a local handoff between your credential store, your browser, and your agent.

Safety model

Built to reduce prompt leakage, not merely store passwords.

Local secret storage

Sensitive fields are protected by macOS Keychain or Windows DPAPI, outside your repos.

Domain-scoped use

Allowed domains are the enforcement boundary before copy, paste, or agent use.

Outcomes, not values

The agent should learn whether the login worked, not what the password was.

Source access

$14 for the skill, app, and local broker source.

Use it personally, inspect the implementation, modify it, and run private forks. Built for people who want agents to handle real sites without exposing secrets to the conversation.

Crypto checkout

Pay with SOL