Clavis

Name: Clavis
Author: KN0WBOT

KN0WBOT/clavis-mcp

Store and serve agent API tokens and OAuth credentials from an encrypted vault with refresh, limits, and audit logs instead of pasting keys into chat.

Overview

io.github.KN0WBOT/clavis is a Ship-phase MCP server that provides an encrypted agent credential vault with OAuth refresh, rate limiting, and audit logging.

What is this MCP server?

Encrypted credential vault purpose-built for AI agent workflows
Automatic OAuth token refresh to reduce midnight expiry failures
Rate limiting on credential use to blunt runaway agent loops
Audit logging for who accessed which secret and when
npm package @clavisagent/mcp-server v0.1.2 with stdio transport
npm package @clavisagent/mcp-server version 0.1.2
Documented capabilities: encrypted vault, OAuth auto-refresh, rate limiting, audit logging

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Agent workflows tempt you to paste live API keys into sessions, with no rotation story or visibility when something leaks.

Who is it for?

Solo builders shipping agent-powered SaaS who connect many OAuth APIs and need centralized secret governance.

Skip if: Throwaway local prototypes with no real credentials, or teams that already enforce a mature enterprise secrets manager with non-MCP agents.

What do I get? / Deliverables

Agents retrieve credentials through a audited vault with refreshed OAuth tokens and usage limits instead of raw secrets in prompts.

Centralized encrypted credential access for agent tools
OAuth tokens kept fresh with automated refresh flows
Audit and rate-limit telemetry for secret usage

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Credential handling becomes critical in ship when agents touch production-adjacent services and you must control leakage, rotation, and abuse. Security is the shelf because Clavis is a secrets and OAuth control plane, not a feature integration for end-user product logic.

How it compares

Agent-focused secrets MCP vault, not fake-data prototyping or audio analysis.

Common Questions / FAQ

Who is clavis for?

Indie and small-team builders running MCP agents against multiple third-party APIs who need encrypted storage, OAuth refresh, and audit trails.

When should I use clavis?

Use it in ship/security when moving from mock integrations to real tokens and you want rate limits and logging before launch.

How do I add clavis to my agent?

Install the npm package @clavisagent/mcp-server, configure the stdio MCP entry in Claude Code or Cursor, and point agent tools at the vault per the clavis-mcp GitHub documentation.

Clavis

KN0WBOT/clavis-mcp

Store and serve agent API tokens and OAuth credentials from an encrypted vault with refresh, limits, and audit logs instead of pasting keys into chat.

Overview

io.github.KN0WBOT/clavis is a Ship-phase MCP server that provides an encrypted agent credential vault with OAuth refresh, rate limiting, and audit logging.

What is this MCP server?

Encrypted credential vault purpose-built for AI agent workflows
Automatic OAuth token refresh to reduce midnight expiry failures
Rate limiting on credential use to blunt runaway agent loops
Audit logging for who accessed which secret and when
npm package @clavisagent/mcp-server v0.1.2 with stdio transport
npm package @clavisagent/mcp-server version 0.1.2
Documented capabilities: encrypted vault, OAuth auto-refresh, rate limiting, audit logging

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Agent workflows tempt you to paste live API keys into sessions, with no rotation story or visibility when something leaks.

Who is it for?

Solo builders shipping agent-powered SaaS who connect many OAuth APIs and need centralized secret governance.

Skip if: Throwaway local prototypes with no real credentials, or teams that already enforce a mature enterprise secrets manager with non-MCP agents.

What do I get? / Deliverables

Agents retrieve credentials through a audited vault with refreshed OAuth tokens and usage limits instead of raw secrets in prompts.

Centralized encrypted credential access for agent tools
OAuth tokens kept fresh with automated refresh flows
Audit and rate-limit telemetry for secret usage

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Agent-focused secrets MCP vault, not fake-data prototyping or audio analysis.

Common Questions / FAQ

Who is clavis for?

Indie and small-team builders running MCP agents against multiple third-party APIs who need encrypted storage, OAuth refresh, and audit trails.

When should I use clavis?

Use it in ship/security when moving from mock integrations to real tokens and you want rate limits and logging before launch.

How do I add clavis to my agent?

Install the npm package @clavisagent/mcp-server, configure the stdio MCP entry in Claude Code or Cursor, and point agent tools at the vault per the clavis-mcp GitHub documentation.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is clavis for?

When should I use clavis?

How do I add clavis to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is clavis for?

When should I use clavis?

How do I add clavis to my agent?