# Authsome > Local credential broker and vault for AI agents. Open-source. Runs on your laptop. 45 bundled OAuth2 and API key providers. No SaaS, no cloud, no account. Authsome stores credentials in an encrypted local vault, then injects them at the proxy boundary so agents never see secret values. It refreshes OAuth2 tokens automatically and supports headless flows like device code, so agents can run in CI, over SSH, in cron jobs, and in background workers without a human in the loop. ## Docs - [Quickstart](https://authsome.ai/docs/quickstart): Install authsome and log in to your first provider in five minutes. - [Architecture](https://authsome.ai/docs/concepts/architecture): The five layers and how the proxy ties them together. - [CLI reference](https://authsome.ai/docs/reference/cli): Commands, flags, and exit codes. - [Bundled providers](https://authsome.ai/docs/reference/bundled-providers): The 45 providers that ship out of the box. - [Custom providers](https://authsome.ai/docs/guides/custom-providers): How to add a JSON provider definition. - [Threat model](https://authsome.ai/docs/security/threat-model): What authsome protects against and what it doesn't. - [Troubleshooting](https://authsome.ai/docs/troubleshooting/doctor): The doctor command and common failure modes. ## Agent integrations - [Claude Code](https://authsome.ai/docs/integrations/agents/claude-code) - [Codex](https://authsome.ai/docs/integrations/agents/codex) - [Cursor](https://authsome.ai/docs/integrations/agents/cursor) - [OpenCode](https://authsome.ai/docs/integrations/agents/opencode) - [LangChain](https://authsome.ai/docs/integrations/agents/langchain) - [LlamaIndex](https://authsome.ai/docs/integrations/agents/llamaindex) - [OpenAI Agents SDK](https://authsome.ai/docs/integrations/agents/openai-agents-sdk) - [Anthropic SDK](https://authsome.ai/docs/integrations/agents/anthropic-sdk) ## Blog - [The agent auth wave: auth.md, ID-JAG, AAuth, CIMD, and why OAuth is finally growing up in 2026](https://authsome.ai/blog/agent-auth-wave-2026): Six months ago, agent authentication was a gap in the OAuth ecosystem. As of May 2026, five separate efforts are converging on a coherent shape. Here is the map, the timeline, and what is still missing. - [MCP gateways in 2026, compared: the twelve you should actually know about](https://authsome.ai/blog/mcp-gateways-2026-compared): Twelve real MCP gateways in 2026, sorted by deployment model and use case. Self-hosted open source first, then hosted SaaS, then cloud-platform managed. With an honest take on what is and isn't actually a gateway. - [MCP server authentication in 2026: seven approaches, ranked by where the credential lives](https://authsome.ai/blog/mcp-server-authentication-2026-ranked): From no-auth localhost to CIMD to credential brokers, seven ways MCP servers handle auth in 2026. Real ranking criteria, current spec status, and an honest look at what production servers actually ship. - [Building a self-hosted MCP server: the auth checklist nobody publishes](https://authsome.ai/blog/self-hosted-mcp-server-auth-checklist): Every blog post tells you how to use an MCP server. This is the post about how to build one that does not show up on a security report. Stdio and HTTP, OAuth and env-var, with a real checklist. - [What is auth.md? WorkOS's open agent registration protocol, explained](https://authsome.ai/blog/workos-auth-md-open-agent-registration-protocol): WorkOS just shipped auth.md, a markdown file your service hosts at /auth.md that tells AI agents how to register on behalf of a user. Here is what it actually does, what it builds on, and what it does not solve. - [Top agent proxy tools in 2026: what each one does and what to know before picking one](https://authsome.ai/blog/top-agent-proxy-tools-what-to-know): Eight tools that sit between AI agents and the services they call. Not a comparison post. A walking tour of the category so you know what each is for, what it's good at, and where it'll bite you. - [What is MCP? A developer's primer on the Model Context Protocol](https://authsome.ai/blog/what-is-mcp-a-developer-primer): The protocol that connects AI agents to external tools. What MCP actually is, how the architecture works, what to build with it, and the auth questions nobody answers. - [AI agent security in 2026: the four threat models you actually need to think about](https://authsome.ai/blog/ai-agent-security-in-2026-four-threat-models): Prompt injection, credential exfiltration, runaway autonomy, supply chain. What each one looks like in practice, how attacks actually unfold, and which defenses work. - [Running agents without losing my keys: a month with authsome](https://authsome.ai/blog/running-agents-without-losing-my-keys): Five weeks with a local-first credential broker. What worked, what bit me, and the things the docs don't tell you up front. - [Claude Code: the production-ready setup guide](https://authsome.ai/blog/claude-code-production-ready-setup): Beyond the install screen. Skills, MCP servers, multi-account auth, CI usage, and the credential layer that keeps it from leaking. The setup I wish someone had handed me on day one. - [Agent credential brokers in 2026: Authsome vs Agent Vault vs Clawvisor vs OneCLI](https://authsome.ai/blog/agent-credential-brokers-in-2026): Four open-source credential brokers built for AI agents. What each one optimizes for, who they're built for, and how to pick. - [AWS Secrets Manager isn't built for AI agents](https://authsome.ai/blog/aws-secrets-manager-isnt-built-for-ai-agents): AWS Secrets Manager is great at what it was designed for: serving long-lived service credentials to AWS workloads. AI agents need something different. Here's why, and what to use instead. - [Managing multiple GitHub accounts for AI agents](https://authsome.ai/blog/managing-multiple-github-accounts-for-ai-agents): Work and personal GitHub identities, both reachable from the same shell, with the right one picked per task. The actual mechanics, not the wishful version. - [Headless agent OAuth: the device code flow explained](https://authsome.ai/blog/headless-agent-oauth-the-device-code-flow-explained): How OAuth2 device authorization works, why it's the right pattern for SSH sessions and CI runners, and what the RFC doesn't quite tell you. - [Wiring Claude Code to GitHub, Linear, and Stripe with one local broker](https://authsome.ai/blog/wiring-claude-code-to-github-linear-and-stripe): Authenticate once per service, then let Claude Code reach all three without holding raw tokens. A literal walk-through with the real authsome commands. - [Running AI agents in production: what nobody tells you about credentials](https://authsome.ai/blog/running-ai-agents-in-production-credentials): Seven credential failure modes that don't show up until you've shipped. Notes from running agents past the demo stage. - [How prompt injection becomes credential exfiltration](https://authsome.ai/blog/how-prompt-injection-becomes-credential-exfiltration): Six real attacks from 2025-2026, the common thread between them, and why filter-the-input defenses can't fix it. - [Stop putting API keys in environment variables](https://authsome.ai/blog/stop-putting-api-keys-in-environment-variables): The tutorial pattern that everyone copies has six known leak vectors. Here's how each one fires in production, and what to do instead. ## Source - [GitHub](https://github.com/agentrhq/authsome): Source, issues, releases. - [PyPI](https://pypi.org/project/authsome/): Install via pip or uvx. - [Discord](https://discord.gg/9YP2C9tvMp): Community support. ## Optional - [RSS](https://authsome.ai/blog/feed.xml): Blog RSS feed. - [Sitemap](https://authsome.ai/sitemap.xml): XML sitemap of all indexable pages.