> ## Documentation Index
> Fetch the complete documentation index at: https://authsome.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Roadmap

> What's available today, what's coming, and what's out of scope.

## Available today

* **One-command login** — authenticate with any of 45+ providers in one step. Works in the browser, over SSH, and in CI.
* **Headless credential access** — agents get a valid token with a single CLI call. No browser, no prompt, no secrets in env vars.
* **Automatic token refresh** — tokens are silently refreshed before they expire. Agents never see an auth error.
* **Zero-knowledge proxy** — run any agent or script behind a local proxy that injects credentials at request time, without exposing them in environment variables or process args.
* **Encrypted local vault** — all credentials are encrypted at rest on your machine. No cloud account, no SaaS dependency.
* **45+ bundled providers** — GitHub, Google, Linear, OpenAI, Slack, Notion, and more. Custom providers via a JSON file.
* **Multi-tenant provider support** — connect to GitHub Enterprise, self-managed GitLab, Okta, and other multi-tenant services with a custom `--base-url` at login time.
* **Multi-user identity model** — multiple identities can share a vault through a claim-and-accept flow. Each identity carries a cryptographic key pair and a proof-of-possession token on every request.
* **Vault key rotation** — rotate the vault master key at any time without losing stored credentials.
* **Environment-backed identities** — headless machines and CI runners can load an identity from environment variables with no local filesystem dependency.
* **Web dashboard** — view and manage all your connections in a local browser UI.
* **Audit log** — a structured SQLite record of every credential access, login, and logout.
* **Agent integrations** — drop-in setup guides for Claude Code, Codex, Cursor, LangChain, LlamaIndex, OpenAI Agents SDK, and Anthropic SDK.

## Coming next

* **Roles & admin routes** — explicit user and admin roles with role-scoped API routes. Admins manage identities, vaults, and provider configuration; users authenticate and access their own credentials.
* **Policy layer** — declarative rules that decide which agents are allowed to use which credentials, without changing the agent itself. Deny by default; rules grant access per agent, provider, and connection.
* **Hosted proxy** — a server-side proxy mode for teams where agents run on remote machines. Credential injection happens at the server, not on each agent's machine.
* **Audit export & OpenTelemetry** — export the audit log as structured OTLP traces and metrics. Connect to Grafana, Datadog, or any OpenTelemetry-compatible backend.
* **Improved UI** — a more capable web dashboard: connection health, audit log viewer, identity and role management, and hosted provider setup.
* **Homebrew** — `brew install authsome` for macOS.

## Considering

* **Native MCP tool** — use authsome as an MCP tool in any MCP-compatible agent, not just via the CLI.
* **GitHub Actions** — inject credentials directly into CI workflows without running a daemon.
* **Managed SaaS** — hosted credential management for teams who don't want to self-host. No timeline yet.
* **Windows** — first-class Windows support.

## Deliberately out of scope

* A cloud secrets manager — Authsome is local-first by design.
* An enterprise identity platform — Authsome handles credentials, not employee directories or SSO.

## Shape the roadmap

* [Open an issue](https://github.com/agentrhq/authsome/issues) to report a bug or request a feature.
* [Start a discussion](https://github.com/agentrhq/authsome/discussions) to share an idea.
* [Open a PR](https://github.com/agentrhq/authsome) — adding a new provider is the most common contribution.

<Columns cols={2}>
  <Card title="Changelog" icon="clock-rotate-left" href="/changelog">
    Recent releases.
  </Card>

  <Card title="Compared to alternatives" icon="balance-scale" href="/compared">
    Authsome vs hardcoded env tokens, SaaS secrets managers, and DIY.
  </Card>
</Columns>
