u/s-gw

I built a local credential gateway so AI coding agents don't need raw secrets

AI coding agents are getting useful enough to run real commands, which means they eventually need API tokens, SSH keys, cloud credentials, or access to local MCP tools. The usual options felt wrong to me: paste the token into a prompt, leave it in a broad environment variable, or let every subprocess inherit it.

I built s-gw to put a local approval boundary between the agent and the credential.

The flow:

• The agent receives a typed handle, never the raw value.

• An action request shows the command, credential, policy, working directory, and destination.

• You approve it locally.

• s-gw injects the credential into one bounded child process.

• Output is sanitized before returning to the agent.

• Local activity history keeps the request, decision, and destination without recording the raw secret.

The clip is the live overview UI. The project is open source and early preview software. macOS is the primary path today, Windows is preview, and Linux is experimental.

I would value feedback on the trust boundary: what information would you need to see before allowing a coding agent to use a real credential?

I’ll put the repository and demo links in a comment, following the community rules.

u/s-gw — 1 day ago