Skip to main content

Documentation Index

Fetch the complete documentation index at: https://authsome.agentr.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

NanoClaw, OpenClaw, and HermesAgent are lightweight Python agent runners in the agentr ecosystem. They don’t bundle credential management. Authsome fills that gap. The same patterns work for any Python-native agent runner.

Run under the proxy

uvx authsome login github
uvx authsome login openai
uvx authsome run -- python -m <your_runner>
The runner sees placeholder env vars. Outbound HTTPS to matched providers is authenticated at the proxy layer. This is the recommended path.

Embedding the library

If you’re wiring authsome into a larger orchestrator and want explicit per-call control, call the library directly from your agent code: 
from authsome.server.dependencies import create_auth_service

auth = create_auth_service()

github_token = auth.get_access_token("github")
openai_key = auth.get_access_token("openai")

# Pass to your runner's agent constructor however it expects credentials
# (env vars, kwargs, config object: runner-specific).
Refresh is silent. The agent never holds an expired token long enough to matter. See Python library for the full surface.

When to use which

Use the proxyUse the library
You want a single layer that catches every outbound call.You want fine-grained control over which connection to use per agent.
You’re using third-party clients you can’t easily modify.The agent is yours and you can pass tokens directly.
You need transparent injection for shell tools the agent spawns.You don’t spawn shell tools.

What’s next

Run agents with the proxy

The proxy injection model.

Python library

AuthService and the auth-layer API.