Skip to main content
OneCLI gives agents secure access to external services through a transparent gateway, policy engine, encrypted secret store, and web dashboard. Together, these form the Agent Vault: a layer that handles credential injection, access policies, and enforcement so agents never hold raw API keys.

Architecture overview

Connecting agents

There are two ways to route agent traffic through the gateway:
PathHow it worksBest for
onecli runCLI wraps a local process with proxy env vars and CA certsCoding agents on your machine (Claude Code, Cursor, Codex)
SDK / DockerSDK injects proxy config into Docker container argsContainer-based orchestrators (NanoClaw, custom)
Both paths use the same gateway, secrets, and policy rules.

Rust gateway

The gateway (apps/proxy) is an HTTP gateway built in Rust that intercepts outbound requests, enforces rules, and injects credentials. Agents authenticate with access tokens via Proxy-Authorization headers. How it works:
  1. Your agent makes a normal HTTP request (e.g., GET https://www.googleapis.com/calendar/v3/events)
  2. The request goes through the gateway instead of directly to the internet
  3. The gateway evaluates rules. If a rule blocks or rate-limits the request, the agent receives a 403 or 429 response immediately
  4. If allowed, the gateway matches the target host and path against stored secrets, decrypts the matching credentials, and injects the appropriate auth headers (Bearer token, API key, etc.)
  5. The request is forwarded to the service with credentials attached
  6. The response passes back through to your agent unchanged
Details:
  • Runs on port 10255
  • Agents authenticate with access tokens (each agent gets its own scoped token)
  • Rules are evaluated before credential injection, so blocked requests never touch your secrets
  • Host and path pattern matching routes secrets to the right API endpoints
  • MITM interception for HTTPS traffic
  • Built in Rust for low-latency proxying

Rules engine

The rules engine enforces policies on every request that passes through the gateway. Rules match requests by host, path, HTTP method, and agent, then apply an action:
  • Block: Deny the request entirely (403)
  • Rate Limit: Allow up to N requests per time window, then block (429)
Rules are evaluated before credentials are injected. A blocked request never decrypts or touches your secrets; the agent is denied at the policy layer. See Rules for the full guide on creating and managing rules.

Secret store

The secret store uses AES-256-GCM encryption at rest. Secrets are decrypted only at request time, matched by host and path patterns, and injected by the gateway as headers. Credentials are never stored in plain text. The encryption key is auto-generated on first run or can be set via the SECRET_ENCRYPTION_KEY environment variable.

Web dashboard

The dashboard (apps/web) runs on port 10254 and is where you manage everything:
  • Create agents with scoped access tokens
  • Add, rotate, and revoke secrets for any service
  • Configure host and path patterns for credential matching
  • Create rules to block or rate-limit specific operations
  • See which agent accessed which service and when (audit logs)

Auth modes

OneCLI supports two authentication modes:
ModeWhen to useConfiguration
Single-user (default)Local development, personal useNo config needed
Google OAuthTeams, shared instancesSet NEXTAUTH_SECRET, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET

Stack

ComponentTechnology
GatewayRust (port 10255)
Web dashboardNext.js (port 10254)
DatabasePostgreSQL (bundled via Docker Compose)
Secret storageAES-256-GCM encrypted
ORMPrisma

Project structure

apps/
  web/            # Next.js app (dashboard + API, port 10254)
  proxy/          # Rust gateway (credential injection, port 10255)
packages/
  db/             # Prisma ORM + migrations
  ui/             # Shared UI components (shadcn/ui)
docker/
  Dockerfile      # Single-container build (gateway + web)
  docker-compose.yml