Local-first agent access

Give agents permission,not passwords.

Boundveil keeps credentials encrypted on your device, binds every action to its exact project and approval, and leaves a redacted, tamper-evident receipt.

  • No raw-secret MCP tools
  • Local vault decryption
  • Account ≠ vault key
BOUNDVEIL / ACTION REQUESTBOUND
CX
Codexrequests a provider action
req_8f42
ACTIONDeploy preview to Vercel

nimbus-dashboard · preview · eu-central

Repository
acme/nimbus
Branch
fix/auth-flow
Environment
PREVIEW
Expires
in 08:42
PARAMETER BINDINGsha256: 7d18…c04b

The credential stays on the trusted device.

BUILT AROUND YOUR STACK
  • GitHub
  • Vercel
  • Cloudflare
  • Supabase
  • Codex
  • Claude Code
Access without exposure

A control plane with a hard local boundary.

Agents receive typed capabilities. Your trusted device supplies the credential only to the intended provider call.

01
Project context, not a credential drawer

Organize access by client, project, and environment so humans and agents operate inside the same boundary.

02
Approvals bound to the exact action

Actor, tool, provider, resource, parameters, time, and budget are hashed into one immutable approval record.

03
Receipts without secret leakage

See who requested, approved, and executed an action—plus its result—without logging reusable credentials.

  1. 01Agent requestNarrow typed operation
  2. 02Exact approvalImmutable parameter hash
  3. 03Local executionCredential never returned
  4. 04Redacted receiptResult without secret data
Security model

The hosted account is not your vault key.

Website login controls plans, devices, teams, and approvals. Vault decryption stays behind your local master password, trusted device, or recovery material.

Read the threat model
  1. 01
    Rust cryptographic boundary

    Vault keys and provider credentials remain outside ordinary browser and webview state.

  2. 02
    No secret-returning agent tools

    Provider-aware actions replace get-secret, arbitrary proxy, and unrestricted shell primitives.

  3. 03
    Honest revocation

    Revocation blocks future authority; it never promises impossible remote erasure of copied data.

Pricing hypothesis

Local access stays yours. SaaS adds coordination.

Preliminary monthly packages for validation—billing is not live and prices are not final.

Local
$0

Your encrypted local vault and essential offline workflows.

  • Encrypted desktop vault
  • Local backup and export
  • One primary device
Pro
MOST USEFUL
~$15/ month

One user · multi-device sync · approved agent operations

  • Encrypted multi-device sync
  • Approved agent operations
  • Expanded history
Studio
~$49/ month

Up to five seats · client workspaces · policy routing

  • Up to five seats
  • Shared workspaces and routing
  • Policy templates
Desktop first

Your trusted execution layer belongs on your device.

Windows desktop first. A signed, direct-download Android APK follows after its secure-storage and update gates pass.

macOS · Linux · Android later