Grantlet Get started

Grantlet

A local MCP credential broker for coding agents. Approve the policy, route provider requests, and keep long-lived secrets out of model context. The signed broker only accepts access from the expected signed Grantlet process.

Start with a policy See the boundary

macOS-first desktop console / MCP over HTTPS or stdio / provider direct operations

Grantlet Desktop policy editor showing a valid project policy and allowed request tools.
5 provider families
0 long-lived secrets returned
10 min single-use run approvals
15 min local secret delivery expiry

01 / How it works

The agent asks.
Grantlet decides.

01

Commit a project policy.

Declare which MCP tools, providers, request paths, response fields, and delivery targets are allowed for a workspace.

02

Approve it locally.

Grantlet Desktop shows the policy diff and signs the approval. Formatting changes produce a new policy hash.

03

Route provider work.

The MCP server receives the tool call, the broker evaluates policy, then Grantlet calls GitHub, AWS, Cloudflare, GCP, or SSH.

04

Return safe results.

Secrets, signing headers, bearer tokens, cookies, and high-risk response bodies stay out of model-visible output.

02 / Provider operations

Use credentials without delivering credentials.

01

Cloudflare actions stay provider-direct.

Deploy Workers, ensure DNS records, turn on proxying, and configure Email Routing through first-class Grantlet tools instead of shell-visible API tokens.

cloudflare.worker.deploy cloudflare.dns.ensureRecords cloudflare.email.ensureDestination
02

App credentials are scoped at creation.

Grantlet can create deploy keys, AWS access keys, Cloudflare account tokens, R2 keys, and GCP API keys with operation-defined boundaries.

GitHub deploy key AWS IAM user key Cloudflare R2 key GCP API key
03

Production env updates preserve the file.

ssh.env.ensureEntries merges approved entries into a remote env file while preserving unrelated values and comments.

+ API_URL + MAPS_BROWSER_KEY = existing comments = unrelated values
04

MCP clients get the same boundary.

Codex can connect over HTTPS with a LaunchAgent. Claude and local clients can use stdio. Project roots stay explicit when more than one workspace is registered.

[mcp_servers.grantlet]
url = "https://127.0.0.1:17348/mcp"

03 / Security model

A local boundary built for agent workflows.

Grantlet reduces accidental credential exposure by moving provider auth, policy enforcement, token minting, request execution, and audit logging into a local broker.

The production broker is code signed and verifies the client boundary, so credential operations can only be reached by the expected signed Grantlet process instead of arbitrary local callers.

MCP server
grantlet-mcp, stdio or HTTPS
Broker
Signed grantletd, restricted to the signed client process
Desktop
Provider setup, policy review, run approvals
Secrets
Keychain-backed storage, helper mode in production
Worker
Native secret worker owns credential delivery paths
Audit
Every request returns a Grantlet request id

04 / Quickstart

Start local. Keep the policy close.

Install and build 
npm install
npm run build
Validate policy 
grantlet policy check
npm run mcp:start
npm run mcp:status
Policy templates: realtime-local-env maps-browser-key cloudflare-r2-access-key cloudflare-worker-form-endpoint

Give agents the narrow path.

Keep productive automation moving while Grantlet keeps secret material out of prompts, shell args, logs, and tool results.

Start with Grantlet