Janee — Secure API access for AI agents

# Janee > Secrets management for AI agents. Local-first CLI with MCP integration, enforcement-based security, and exec mode for CLI tools. ## Overview Janee is a secrets management tool designed specifically for AI agents. It solves the problem of giving agents raw API keys by providing: - **Local-first storage**: API keys never leave your machine (stored encrypted in ~/.janee/) - **MCP integration**: Native plugin for OpenClaw and other MCP-compatible AI platforms - **Enforcement-based security**: Server-side path-based policies that agents cannot bypass - **Audit logging**: Every request is logged with full context - **Exec mode**: Agents can run whitelisted CLI commands with credentials injected via env vars - **Agent-scoped credentials**: Per-agent identity and permission scoping ## Installation ```bash npm install -g @true-and-useful/janee janee init ``` ## Key Features - **HTTP proxy (execute)**: Agent calls `execute(service, method, path, body)` — Janee injects auth, enforces rules, returns response - **CLI proxy (exec)**: Agent calls `exec(service, args)` — Janee injects credentials as env vars, runs the whitelisted command, scrubs secrets from output - **Path-based request policies**: Define allow/deny rules for specific API endpoints - **Command whitelisting**: Only explicitly allowed CLI commands can run; shell metacharacters blocked - **Agent-scoped credentials**: Transport-bound identity resolution — each agent gets its own credential scope - **Encrypted key storage**: AES-256-GCM encryption for all stored credentials - **MCP server mode**: Expose tools (`janee_list_services`, `janee_execute`, `janee_exec`) for AI agents - **Docker-ready**: Multi-stage Dockerfile with health checks for containerized deployment - **janee status**: One command to check services, sessions, audit log, encryption status (JSON output available) - **Interactive CLI**: Easy setup with `janee add` and `janee add --exec` for configuring services ## Links - GitHub: