Roadmap

7-step pipeline: validate agent token, lookup app, check consent, validate scopes, check cached token, refresh if expired, return short-lived access token. RFC 6749-compliant with PKCE enforcement (RFC 7636).

Google, GitHub, Slack, Notion, and Salesforce. Each adapter handles provider-specific OAuth quirks (offline access, token formats, refresh behavior).

User-controlled delegation grants with scope validation. Users can view and revoke any grant from their dashboard. Revocation cascades to invalidate all issued tokens.

Background refresh of expiring tokens before they expire. Agents always receive valid access tokens without manual intervention.

Jira, Linear, Asana, Dropbox, Microsoft 365, and more based on demand.

OAuth 2.0 PKCE client, delegation helpers, DID agent identity (Ed25519/did:key), and consent flow handling. ConsentRequiredError with redirect URL for first-time authorization.

Full parity with TypeScript SDK. Delegation, identity, and receipt verification.

Drop-in credential provider for LangChain agents. Automatic token refresh and consent handling.

Credential delegation for CrewAI multi-agent workflows.

Credential provider for OpenAI Agents SDK.

Public npm registry availability.

Public PyPI registry availability.

Claude Desktop integration with 4 tools: cred_delegate (request access), cred_use (make authenticated API call), cred_status (check active delegations), cred_revoke (revoke access).

LLM receives a delegation handle, never the actual access token. The cred_use tool makes authenticated API calls server-side, preventing prompt injection from extracting credentials.

Allowlist-based URL validation for cred_use. Only requests to known provider domains are permitted.

Ed25519/did:key cryptographic agent identification. Agents generate keypairs and register DIDs for verifiable identity.

JWS/Ed25519 signed receipts for each delegation event. Cryptographically verifiable audit trail.

SDK methods to verify delegation receipts against Cred public key.

Server-side receipt generation on every delegation. Currently client-side only.

Refresh tokens encrypted at rest with unique random IV per token. Authentication tags verify integrity. Decrypted only in-memory during token refresh.

Envelope encryption with KMS-managed master keys. Master keys never leave KMS (FIPS 140-2 Level 3 HSM).

PBKDF2-derived unique encryption keys per account. Cross-account access requires possession of the account DEK.

Agent tokens (cred_at_*) are SHA-256 hashed before storage. Plaintext never written to database.

Append-only audit trail for delegation requests, token issuances, and consent changes. Credential values redacted.

External penetration test and audit of the full credential delegation stack.

App management, agent management with scoped credentials, analytics dashboard, and OAuth application configuration.

OAuth connection management, delegation grant review and revocation, activity monitoring.

6x5 test matrix for integration testing. Pipeline trace visualization, request inspector, and error mode simulation. No real credentials needed.

Comprehensive docs covering delegation flow, SDK usage, MCP setup, and provider configuration.

Production domain cutover and public availability.

WorkOS, Supabase, Clerk, NextAuth, and Better Auth adapters for seamless integration with existing auth.

Run your own Cred vault for teams that need on-premise credential storage.

Multi-user developer accounts with role-based access control.

SAML/OIDC single sign-on for enterprise accounts.