Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.agent-vault.dev/llms.txt

Use this file to discover all available pages before exploring further.

This guide covers connecting coding agents like Claude Code, Cursor, or any agent that accepts prompts in a chat interface. These agents handle the Agent Vault protocol automatically — you just paste a prompt and they take care of the rest.
For agents that don’t have a chat interface or need raw environment variables, see Connect a custom agent.

Prerequisites

Option 1: Wrap with agent-vault vault run

The simplest approach for local development. Wraps your agent process with the environment variables it needs — no invite, no token management. vault run also pre-configures HTTPS_PROXY and the CA trust chain on the child, so the agent calls upstream URLs directly and Agent Vault transparently injects credentials. 
agent-vault vault run -- claude    # Claude Code
agent-vault vault run -- agent     # Cursor
agent-vault vault run -- codex     # Codex
agent-vault vault run -- hermes    # Hermes Agent
agent-vault vault run -- opencode  # OpenCode
The agent can immediately make authenticated requests and raise proposals. Use --vault to target a specific vault: 
agent-vault vault run --vault my-vault -- claude
vault run is a convenience wrapper, not a sandbox. A child process can unset HTTPS_PROXY or bypass the injected CA and reach the network directly — local credentials and network access are still fully available to the agent. Stronger isolation for local development is on the roadmap.

Option 2: Paste an invite prompt

For agents you can’t wrap with vault run (e.g. cloud-hosted agents, or when you want to paste into an existing session).
1

Open the Agents tab

Navigate to the Agents tab in the home view.
2

Create an invite

Click Invite agent, enter a name, and optionally pre-assign vault access.
3

Copy the prompt

Copy the invite prompt that appears.
4

Paste into the agent

Paste the prompt into your agent’s chat. The agent redeems the invite automatically and receives an agent token.

What happens next

Once connected, the agent follows the Agent Vault protocol automatically:
  1. Calls upstream APIs normally — HTTPS_PROXY and CA trust are pre-wired so Agent Vault transparently intercepts the call
  2. If a service isn’t configured yet, the agent creates a proposal and shares an approval link
  3. You click the link, provide any required credentials, and approve
  4. The agent retries and the request succeeds
You don’t need to pre-configure anything. The agent discovers what it needs, asks for approval, and handles the rest.

For long-lived agents

Invited agents are instance-level entities with named identities that persist across sessions. You can manage vault access, rotate agent tokens, and revoke agents at any time. See Agents overview for the full lifecycle.

Next steps

Agents overview

How agents work, vault access, and management commands.

Proposals

How agents request access to new services.