Skip to main content
A Proposal is a request from an agent to add, update, or remove credentials and services within a specific vault. Each Proposal must be approved by a member of the vault with sufficient permissions in order for changes to take effect. Each Proposal may include:
  • Services: Host access changes that define which services the agent wants to reach and how Agent Vault should authenticate to them. These merge into the vault’s services on approval. For example, a service entry might grant access to api.stripe.com using a bearer token.
  • Credential slots: Credential operations covering keys the agent needs a human to supply, values the agent wants to store back, or credentials to delete. For example, a credential slot might ask the human to provide a STRIPE_KEY at approval time.
  • Messages: A developer-facing message and a human-facing user_message shown on the browser approval page.
When an agent needs access to a new service, it creates a proposal and shares an approval link in chat. If SMTP is configured, the link is also emailed to vault members. You click the link, provide any required credentials, and approve or deny. Once approved, the agent picks up the new credentials and continues its work.

Lifecycle

Every proposal moves through a simple state machine: 
pending → applied    (approved by a privileged vault member)
pending → rejected   (rejected by a privileged vault member)
pending → expired    (7-day TTL elapsed)
Approval atomically merges services into the vault’s service configuration and upserts/deletes credentials in a single transaction.

Approve proposals

When an agent needs access to a service, it shares an approval link in chat (e.g. http://localhost:14321/approve/3?token=av_appr_...).
1

Click the link

The approval token grants read access to the proposal details: requested services, credential slots, and the agent’s message. Token TTL: 24 hours.
2

Log in if needed

Submitting the approval requires a valid Agent Vault session. If you’re not logged in, the page shows an inline login form first.
3

Provide credentials and approve

Fill in any credential values the agent requested, review the proposed services, and click Allow.
Agents poll the proposal status automatically after creating one. Once you approve, the agent retries its original request. No further action needed on your part.

Reject proposals

The browser approval page includes a Deny option alongside the approval form.

List and inspect

# List all proposals
agent-vault vault proposal list --vault my-vault

# Filter by status
agent-vault vault proposal list --vault my-vault --status pending

# View full details
agent-vault vault proposal show 3 --vault my-vault

# Walk through all pending proposals interactively
agent-vault vault proposal review --vault my-vault
The review command presents each pending proposal one by one. For each, choose Approve, Reject, Skip, or Quit. At the end, a summary shows the count and IDs of approved, rejected, and skipped proposals.

How agents raise proposals

Agents handle this flow automatically. This section describes what happens under the hood.
When an agent hits a 403 on a host not in /discover, the response includes a proposal_hint with the denied host and the endpoint to create a proposal. The agent then sends: 
POST /v1/proposals
{
  "services": [
    {
      "action": "set",
      "host": "api.stripe.com",
      "description": "Stripe API",
      "auth": { "type": "bearer", "token": "STRIPE_KEY" }
    }
  ],
  "credentials": [
    {
      "action": "set",
      "key": "STRIPE_KEY",
      "description": "Stripe API key",
      "obtain": "https://dashboard.stripe.com/apikeys",
      "obtain_instructions": "Developers → API Keys → Reveal test key"
    }
  ],
  "message": "Need Stripe API access for billing feature",
  "user_message": "I need access to your Stripe account to build the checkout page."
}
The response includes an approval_url that the agent presents to the user in chat.

Actions

Each service and credential slot carries an action field:
  • set: idempotent upsert (add or replace). Services require host + auth; credential slots require key.
  • delete: remove an existing entry. Services only need host; credential slots only need key.

Credential slots

A credential slot can work in three ways:
Scenariovalue fieldWhat happens
Human supplies the credentialomittedHuman enters the value at approval time
Agent stores a credential backincludedValue is encrypted at creation; human confirms at approval
Delete a credentialn/aaction: "delete" removes the key
Every credential key referenced in a service’s auth config must resolve to either a credential slot in the proposal or an existing credential in the vault. Credential keys use UPPER_SNAKE_CASE format.

Limits

ConstraintValue
Max services per proposal10
Max credential slots per proposal10
Max pending proposals per vault20
message length2,000 chars
user_message length5,000 chars
description length500 chars
obtain length500 chars
obtain_instructions length1,000 chars
Proposal TTL7 days