Home
AgentCordon sits between your AI agents and the secrets they need. Agents never hold long-lived credentials β instead, they authenticate with Ed25519 challenge-response, request credentials through Cedar policy checks, and receive per-request ECIES-encrypted envelopes that only their private key can decrypt.
| Capability | Description | |
|---|---|---|
| π | Zero-Trust Credential Vending | Credentials encrypted at rest (AES-256-GCM), vended via ECIES β agents never see raw secrets |
| π² | Cedar Policy Engine | Fine-grained authorization with deny-by-default, tag-based access, and per-tool granularity |
| π | MCP Server Bridge | Proxy MCP tool calls across workstations with automatic credential injection |
| π | Ed25519 + P-256 Identity | Challenge-response auth with short-lived JWTs β no passwords, no API keys |
| π | Full Audit Trail | Every credential vend, policy decision, and tool call is logged with correlation IDs |
| ποΈ | 3-Crate Rust Architecture | Core library + control-plane server + gateway CLI, backed by SQLite or PostgreSQL |
# 1. Start the server
docker compose up -d
# 2. Install the CLI
curl -fsSL https://your-server:3140/install.sh | sh
# 3. Enroll a workspace
agentcordon init --server https://your-server:3140
# 4. Proxy an API call with injected credentials
agentcordon proxy github-token GET https://api.github.com/userTip
For CI/CD environments without a browser, use provisioning tokens:
agentcordon init --server <URL> --token <TOKEN>
| Page | Description |
|---|---|
| Workspace Enrollment | How agents establish identity β Ed25519 keypairs, PKCE registration, provisioning tokens |
| Granting MCP Server Access | Connect workspaces to MCP servers across machines with Cedar policies |
| Upgrading | Zero-downtime upgrades for server and CLI β migrations, backups, rollback |
| Page | Description |
|---|---|
| System Architecture | 3-crate overview, API routes, middleware, data flow diagrams |
| Master Key | HKDF-SHA256 key derivation, zeroization, nonce safety, key rotation |
| Credential Encryption | AES-256-GCM at rest, ECIES vending, credential transforms, SSRF protection |
| Authorization & Cedar Policy | Entity types, actions, deny-by-default, default policy walkthrough |
| Page | Description |
|---|---|
| CLI Reference | Complete command reference β init, proxy, mcp-serve, and all flags |
βββββββββββββββββββββββ ββββββββββββββββββββββββββββββββ
β AI Agent β β AgentCordon Server (:3140) β
β (Claude, Cursor) β β β
β β β ββββββββββββββββββββββββββ β
β βββββββββββββββββ β β β Cedar Policy Engine β β
β β agentcordon β β Ed25519 β β (deny-by-default) β β
β β mcp-serve ββββΌββββββββββΌββΊβ β β
β β β β ECIES β β AES-256-GCM Vault β β
β βββββββββ¬ββββββββ β β β ES256 JWT Issuer β β
β β β β ββββββββββββββββββββββββββ β
β β JSON-RPC β β β
β βββββββββΌββββββββ β β βββββββββββ βββββββββββββ β
β β MCP Server β β β β SQLite β β Postgres β β
β β (subprocess) β β β βββββββββββ βββββββββββββ β
β βββββββββββββββββ β ββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββ
Key server configuration β see System Architecture for the full list.
| Variable | Default | Description |
|---|---|---|
AGTCRDN_LISTEN_ADDR |
127.0.0.1:3140 |
Server bind address |
AGTCRDN_MASTER_SECRET |
Auto-generated | Root encryption secret (details) |
AGTCRDN_DB_TYPE |
sqlite |
sqlite or postgres
|
AGTCRDN_SEED_DEMO |
true |
Seed demo data on first boot |