(<.>)

OAuth2 credential delegation for AI agents

Delegation, not exposure.

Open-source, self-hosted credential delegation for AI agents. Cred brokers OAuth tokens so agents get short-lived credentials while refresh tokens stay locked in the vault.

Get Started View GitHub

npm install @credninja/sdk

How it works

Three actors, one secure handshake

(✧_✧)

Developer registers an app

Deploy the self-hosted broker, configure your OAuth providers (Google, GitHub, Slack, etc.), and hand your agent a bearer token plus server URL. Cred handles the authorization flow, PKCE, and token exchange.

(⌐■_■)

End user grants consent

The user connects their Google/GitHub/Slack account through a standard OAuth flow. They choose exactly which scopes to grant to your app. Revocable anytime.

(^▽^)

Agent gets short-lived tokens

Your agent calls cred.delegate() and receives a short-lived access token. The refresh token never leaves the vault. Cryptographic receipts log every delegation.

The delegation pipeline

Seven steps from request to token. Watch the data flow.

🤖

Your Agent

🔐

Cred Vault

☁️

Google

delegate("google")

Verify agent token

Check consent

Decrypt vault

Token exchange

Fresh access token

Return token

(<.>)

Your agent asks Cred for a Google token. Cred verifies the agent, checks consent, decrypts the refresh token from the vault, exchanges it for a fresh access token, and hands it back. The refresh token never leaves the vault. Total time: ~150ms.

Built for security

🔐

AES-256-GCM Vault

Refresh tokens encrypted at rest with per-account key isolation. AWS KMS HSM for key management.

📜

Delegation Receipts

Ed25519-signed receipts for every token issuance. Append-only cryptographic audit trail.

🛡

PKCE + State

RFC 7636 PKCE S256 for all OAuth flows. Cryptographic state prevents CSRF.

⚡

Instant Revocation

Revoke access anytime. Tokens invalidated immediately across all agents.

Launch providers

Seven adapters and counting.

GoogleGitHubSlackNotionSalesforceLinearHubSpot

Packages

@credninja/oauth@credninja/vault@credninja/sdk@credninja/mcp@credninja/aicred-auth (Python)cred-langchaincred-crewaicred-openai-agentscred-autogencred-semantic-kernel

Simple API

Ship the feature, not the plumbing.

// OAuth flow + encrypted local vault

import { OAuthClient, GoogleAdapter } from '@credninja/oauth'

import { CredVault } from '@credninja/vault'

const client = new OAuthClient({

adapter: new GoogleAdapter(),

clientId: process.env.GOOGLE_CLIENT_ID,

clientSecret: process.env.GOOGLE_CLIENT_SECRET,

})

// Get authorization URL, exchange code, store encrypted

const { url } = client.getAuthorizationUrl({ scopes: ['calendar.readonly'] })

const tokens = await client.exchangeCode(code)

await vault.store('google', tokens)

(<.>)ノ

Ready to delegate?

Read the docs, try the sandbox, or browse the source.

Read Quickstart ⭐ Star on GitHub

(<.>)

OAuth2 credential delegation for AI agents

Delegation, not exposure.

Open-source, self-hosted credential delegation for AI agents. Cred brokers OAuth tokens so agents get short-lived credentials while refresh tokens stay locked in the vault.

Get Started View GitHub

npm install @credninja/sdk

How it works

Three actors, one secure handshake

(✧_✧)

Developer registers an app

(⌐■_■)

End user grants consent

The user connects their Google/GitHub/Slack account through a standard OAuth flow. They choose exactly which scopes to grant to your app. Revocable anytime.

(^▽^)

Agent gets short-lived tokens

Your agent calls cred.delegate() and receives a short-lived access token. The refresh token never leaves the vault. Cryptographic receipts log every delegation.

The delegation pipeline

Seven steps from request to token. Watch the data flow.

🤖

Your Agent

🔐

Cred Vault

☁️

Google

delegate("google")

Verify agent token

Check consent

Decrypt vault

Token exchange

Fresh access token

Return token

(<.>)

Built for security

🔐

AES-256-GCM Vault

Refresh tokens encrypted at rest with per-account key isolation. AWS KMS HSM for key management.

📜

Delegation Receipts

Ed25519-signed receipts for every token issuance. Append-only cryptographic audit trail.

🛡

PKCE + State

RFC 7636 PKCE S256 for all OAuth flows. Cryptographic state prevents CSRF.

⚡

Instant Revocation

Revoke access anytime. Tokens invalidated immediately across all agents.

Launch providers

Seven adapters and counting.

GoogleGitHubSlackNotionSalesforceLinearHubSpot

Packages

@credninja/oauth@credninja/vault@credninja/sdk@credninja/mcp@credninja/aicred-auth (Python)cred-langchaincred-crewaicred-openai-agentscred-autogencred-semantic-kernel

Simple API

Ship the feature, not the plumbing.

// OAuth flow + encrypted local vault

import { OAuthClient, GoogleAdapter } from '@credninja/oauth'

import { CredVault } from '@credninja/vault'

const client = new OAuthClient({

adapter: new GoogleAdapter(),

clientId: process.env.GOOGLE_CLIENT_ID,

clientSecret: process.env.GOOGLE_CLIENT_SECRET,

})

// Get authorization URL, exchange code, store encrypted

const { url } = client.getAuthorizationUrl({ scopes: ['calendar.readonly'] })

const tokens = await client.exchangeCode(code)

await vault.store('google', tokens)

(<.>)ノ

Ready to delegate?

Read the docs, try the sandbox, or browse the source.

Read Quickstart ⭐ Star on GitHub