Trusty Squire
OfficialAllows setting up Google OAuth for an application by driving multi-step console configurations.
Allows creating scoped, revocable OpenAI API keys that are injected via proxy without exposing the raw secret.
Allows provisioning a PostHog account and vaulting its API key for product analytics.
Allows signing up for Resend and vaulting the API key for secure use.
Allows migrating away from SendGrid by provisioning a new email service and switching with zero downtime.
Allows provisioning a Sentry account and vaulting its API key for error monitoring.
Allows rotating Stripe API keys, creating scoped revocable grants, and managing key usage.
Trusty Squire plugs into your AI coding agent — Claude Code, Cursor, Codex — and takes over the credential grunt work that slows you down and leaks secrets. Your agent signs up for the services your project needs, locks every key in a vault it never leaves, and drives the multi-step setup behind any login. You ship at your agent's speed; your secrets stay put.
Why developers run it
Your agent handles signups & SaaS provisioning. Ask for a service — your squire creates the account and brings back the API key. No fifteen-tab signup detour.
No secret ever leaves the vault. Stop scattering keys across
.envfiles and cloud secret stores. Keys go in write-only; your code uses them through a proxy that injects the value server-side and never hands it back — so there's nothing to leak.Operate anything behind a login. Complete complex tasks hidden behind auth walls with one prompt — wire up OAuth across consoles, configure webhooks, stand up projects. Your squire does the click-work; the secret never crosses into chat.
The store-vs-act difference: everyone else stores the keys you already have. Your squire gets them, wires them up, and rotates them.
What you can ask your squire
Plain-English asks. Your squire drives the browser, signs in with your identity, and never hands a raw secret back to the agent.
"Sign me up for Resend and vault the API key." An account is created — or signed in with your own Google/GitHub — and the key is extracted, encrypted, and stored. You never see it, and neither does the model.
"Stand up my whole stack." Resend, Sentry, PostHog, a Postgres host — provisioned in one ask, every key vaulted, your app handed one scoped, revocable grant per service. Day-one setup, zero keys on the box.
"Add Google OAuth to my app." A multi-step setup driven across consoles — GCP → OAuth Playground — where a secret captured in one console is sealed in-session and typed into the next. The client secret never touches the agent.
"Give my deployed app a scoped, revocable OpenAI key." An egress grant: your code calls the provider through a proxy that injects the real key server-side. The raw secret never leaves the vault — your app holds a downgraded, rate-limited, instantly-revocable token instead.
"My local agent should hold no keys." Point a CLI loop's base URL at the grant; it makes real provider calls holding nothing. The key stays vaulted, every call metered, the leash cut whenever you want.
"Give the contractor a key for a week." A rate-limited, spend-capped, revocable grant instead of your real key. They get a leash; you keep the secret and revoke on the spot when they're done.
"Rotate my Stripe key everywhere it's used." Rotated in the vault and picked up transparently by every grant and proxied call — no redeploy, no hunting through configs. Honest about the copies you've pasted into systems we can't reach.
"Something leaked — kill that key now." Revoke the grant instantly; the next call through it is rejected and the app fails closed. Re-mint a fresh grant to recover — no key rotation required.
"Show me everything that touched my keys." The audit ledger — every store, retrieval, rotation, and proxied call, newest first, never a secret value — plus a nudge on anything overdue for rotation.
"Move me off SendGrid with zero downtime." Sign up for the new vendor, vault the key, dual-send through both during cutover, then revoke the old grant when you've switched. No redeploy, no outage.
Related MCP server: Access
Install
Trusty Squire runs as a local MCP server. Point your coding agent at it:
npx @trusty-squire/mcp connectThat issues your account, signs you in (Google/GitHub), and writes the MCP config for your agent. Then ask your agent to do any of the above in plain language. Full install notes (Claude Code, Cursor, Codex, Goose, Cline, Continue) live in the npm package README.
How it works
acquire ───▶ store ───▶ use (scoped) ───▶ observe ───▶ rotate
sign up & write-only egress grant audit best-attempt,
set up vault (injecting proxy) ledger honest failuresThe raw secret is never handed back to the agent — it's stored write-only and only ever injected server-side by the proxy. A successful run is captured as a learned skill and published to the registry, so the next person provisioning that service replays it in ~30s instead of the agent re-figuring it out.
Development
git clone https://github.com/Trusty-Squire/trusty-squire.git
cd trusty-squire
./scripts/bootstrap.sh # workspace deps + local Postgres/Redis via DockerAfter it finishes, pnpm typecheck and pnpm test should pass cleanly.
Stop services: docker compose -f docker-compose.dev.yml down · reset data: add -v.
Requirements: Node 20.11.0 (.nvmrc), pnpm 8.15+, Docker + Docker Compose.
Repository structure
trusty-squire/
├── apps/
│ ├── api/ Backend API — accounts, OAuth, machine tokens, LLM proxy, inbox, vault, billing
│ ├── mcp/ The MCP server coding agents install; bundles the universal signup bot + operator surface
│ ├── registry/ Skill registry — signed learned-skill recipes + the housekeeper backplane
│ └── web/ Public site + vault UI (trustysquire.ai)
└── packages/
├── vault/ Encrypted credential vault (envelope encryption, per-credential KEK, audit log)
├── inbox/ Inbound email — alias allocation, MIME parsing, OTP/link extraction
└── skill-schema/ Learned-skill wire contract (Zod), shared by the mcp client and the registry serverSee docs/ARCHITECTURE.md for the canonical architecture
and security model. The rest of docs/ is limited to current public
runbooks and product notes.
Conventions
TypeScript strict (
noUncheckedIndexedAccess,exactOptionalPropertyTypes); noany.ESM with
.jsimport extensions. Tests in__tests__/next to source (vitest).Comments explain why, not what.
License
MIT © Trusty Squire
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Trusty-Squire/trusty-squire'
If you have feedback or need assistance with the MCP directory API, please join our Discord server