It's a local daemon + CLI + skills.md.
The agent only ever works with refs like ss://stripe/prod/STRIPE_KEY; a local daemon resolves the real value at the last moment and blacks the agent out during the secret moment.
Two ways it works:
- CLI templates: push a secret to Vercel / GitHub Actions / Cloudflare / Supabase, etc. through the vendor's own CLI.
- Universal browser handoff: your agent drives ANY vendor dashboard with its normal browser tool, and at the secret moment hands off to the daemon. No per-vendor integration — it works on a portal nobody's ever heard of. (I am now focusing on this part)
I built it from scratch using Claude Code, Superpowers skills, and custom review skill where I have Claude Code use Codex with fresh context to review each small piece of work.
Try it: npx secret-shuttle init
Or just tell your Claude Code / Codex to set it up:
Repo: https://github.com/pdumicz/secret-shuttle
It's v0.5 and open source and I have zero intention to offer any commercial version of this product. This is my first contribution to the OSS community.