theres no oauth here, why call it that? its a single source local ephemeral key manager
or have i missed something entirely?
I’ve been experimenting with AI agents lately, and one problem kept coming up: they either get a raw API key with full access or nothing at all. That’s risky, especially if you’re testing agents that can make arbitrary calls.
So I hacked this together.
It lets you wrap agent actions with scoped, short-lived tokens instead of handing over your real API keys.
Right now it:
- Generates scoped, expiring tokens (default 10s)
- Logs every action to kage-keys.log
- Works as a drop-in wrapper for async functions
It’s just an MVP (tokens are fake UUIDs), but I want to see if developers find this helpful before building the production version with real crypto + proxy enforcement.
You didn't answer OP's questions. It's not authentication at all.