A modular TypeScript SDK for agent credential security. Encryption, vault management, permission grants, and response filtering—all zero-knowledge by design.
The agent never touches raw credentials. Davy.Locker sits between the agent and your services, injecting authentication via secure proxy.
Each package is independently useful. Use just the crypto layer, or go full-stack with the complete agent auth pipeline.
Real integration patterns. Copy, paste, ship.
// Create a vault, add a credential, and proxy your first request import { createVault, unlockVault, addItem } from '@davy/vault' import { createGrant, proxyRequest, startSession } from '@davy/agent-auth' // 1. Create an encrypted vault const { vault, serialized } = await createVault('my-master-password') // 2. Add your Stripe API key addItem(vault, { id: 'stripe-live', type: 'api-key', name: 'Stripe Live Key', service: 'Stripe', keyValue: 'sk_live_...', environment: 'production', authType: 'bearer', tags: ['payments'], createdAt: new Date(), modifiedAt: new Date() }) // 3. Grant an agent USE_ONLY access (agent never sees the key) const grant = createGrant({ agentId: 'claude-session-1', credentialId: 'stripe-live', permission: 'USE_ONLY', scope: 'session', allowedMethods: ['GET', 'POST'], allowedDomains: ['api.stripe.com'] }) // 4. Agent makes a request — credentials injected automatically const result = await proxyRequest( { agentId: 'claude-session-1', url: 'https://api.stripe.com/v1/invoices', method: 'GET' }, { grants: [grant], vault, auditLog } ) // result.response.status === 200 — agent got the data, never saw the key
// The proxy is the core of Davy.Locker's security model // It injects auth headers so the agent never handles credentials directly import { proxyRequest } from '@davy/agent-auth' // The agent submits a plain request — no auth headers const request = { agentId: 'claude-session-1', url: 'https://api.stripe.com/v1/charges', method: 'POST', body: JSON.stringify({ amount: 2000, currency: 'usd' }) } // Davy.Locker validates the grant, injects the credential, proxies the call const result = await proxyRequest(request, { grants, // active permission grants vault, // unlocked vault with credentials auditLog, // automatic logging lenses, // optional: response field redaction patterns // optional: pattern-based redaction (SSN, CC, etc.) }) if (result.allowed) { console.log(result.response.status) // 200 console.log(result.response.body) // response with sensitive fields redacted } else { console.log(result.reason) // "NO_GRANT" | "BLOCKED" | "METHOD_NOT_ALLOWED" | "DOMAIN_NOT_ALLOWED" }
// Grants control exactly what an agent can and cannot do import { createGrant, startSession, endSession, AuditLog } from '@davy/agent-auth' const auditLog = new AuditLog() // Start a session — grants auto-revoke when it ends const session = startSession('claude-deploy-agent', 3600000) // 1 hour timeout // USE_ONLY: agent can make authenticated requests, but never reads the key const deployGrant = createGrant({ agentId: 'claude-deploy-agent', credentialId: 'vercel-token', permission: 'USE_ONLY', scope: 'session', allowedMethods: ['POST'], // deploy only, no GET/DELETE allowedDomains: ['api.vercel.com'], // locked to Vercel's API approvedBy: 'tyler' }) // READ: agent can read the credential value (use sparingly) const readGrant = createGrant({ agentId: 'claude-deploy-agent', credentialId: 'project-config', permission: 'READ', scope: 'timed', durationMs: 600000 // 10 minutes then auto-revoke }) // When the agent is done, clean everything up const { revokedGrants } = endSession(session, [deployGrant, readGrant]) console.log(`Revoked ${revokedGrants.length} grants`) // Full audit trail console.log(auditLog.getByAgent('claude-deploy-agent'))
// Response lenses let you control what data the agent sees back import { getService, applyRedaction, REDACTION_PATTERNS } from '@davy/catalog' // Look up a service from the catalog const stripe = getService('stripe') // Each service has pre-built lenses for common use cases const readOnlyLens = stripe.lenses.find(l => l.id === 'read-only') // Lens: { allowedMethods: ['GET'], redactFields: ['bank_account', 'tax_id'] } // Apply lens + pattern redaction to an API response const apiResponse = `{ "id": "cus_123", "email": "user@example.com", "name": "Jane Doe", "ssn": "123-45-6789", "bank_account": "****4242", "tax_id": "12-3456789" }` const { body, redactedCount, redactions } = applyRedaction( apiResponse, readOnlyLens, // field-level redaction from the lens REDACTION_PATTERNS // SSN, credit card, private key patterns ) console.log(body) // { "id": "cus_123", "email": "[REDACTED]", "name": "Jane Doe", // "ssn": "[SSN REDACTED]", "bank_account": "[REDACTED]", "tax_id": "[REDACTED]" } console.log(`${redactedCount} fields redacted`) // 4 fields redacted
Agents make requests. The proxy injects credentials. The agent never handles, stores, or sees the raw secret.
USE_ONLY, READ, or BLOCKED per credential. Scope by session, time, HTTP method, and domain. Auto-revoke on expiry.
Field-level redaction per service. Pre-built lenses for Stripe, AWS, Vercel, and more. Custom patterns for SSNs, credit cards, private keys.
Every agent action logged. Query by agent, credential, or time range. Know exactly what happened and when.
DEPLOY_ONLY, DB_READ_ONLY, FULL_DEV, NO_ACCESS. Match credentials by tags. Apply policies across agents in one line.
15+ pre-configured services with auth patterns, risk tiers, and lenses. Stripe, GitHub, AWS, Vercel, Railway, and more.
Every function, every return value, every option—typed end to end. No guessing.
| Type | Package | Description |
|---|---|---|
| Permission | agent-auth | 'USE_ONLY' | 'READ' | 'BLOCKED' — the three access levels |
| Grant | agent-auth | Permission grant with agent, credential, scope, methods, domains, and expiry |
| AgentSession | agent-auth | Timed agent session—grants auto-revoke when the session ends |
| ProxyRequest | agent-auth | Agent's outbound request: URL, method, headers, body (no auth) |
| UnlockedVault | vault | In-memory decrypted vault with items, folders, and derived key |
| ApiKey | vault | API key credential: service, key value, environment, auth type |
| Credential | vault | Login credential: URL, domain, username, password, optional TOTP |
| LensDefinition | catalog | Response filter: allow/redact fields, allowed methods and paths |
| ServiceDefinition | catalog | Pre-built service config: domains, auth pattern, risk tier, lenses |
| EncryptedPayload | crypto | AES-256-GCM ciphertext with prepended IV and auth tag |
Install the packages, create a vault, grant your agent access. That's it. Full TypeScript, full documentation, zero vendor lock-in.