MCP Integration
Built-in MCP server gives AI agents structured awareness of their credentials — capabilities, constraints, expiration, rotation — without exposing secret values. Works with Claude, Cursor, VS Code, and any MCP client.
envpacket
Structured metadata for every secret — capabilities, constraints, expiration, and fleet health — so agents operate within their boundaries instead of flying blind.
Three-Tier Security
Architecturally enforced trust boundaries. The MCP server never has access to secret values. Runtime injection stays outside the LLM context. Fleet-wide audit trails for full visibility.
Metadata + Sealed Secrets
Every credential gets structured metadata — service, purpose, capabilities, expiration, rotation URL — plus optional age-encrypted sealed packets, safe to commit to git.
Environment Scanning
Auto-discover credentials from your shell with envpkt env scan. Matches ~45 known services, ~13 suffix patterns,
and ~29 value shapes with confidence scoring.
Fleet Health
Scan an entire directory tree of agents with envpkt fleet. Get aggregated health status, expiration warnings, and
stale credential detection across your fleet.
Functional API
TypeScript library built on functype. All functions return Either or Option — no thrown exceptions. Use
programmatically for boot, audit, fleet scan, and more.