Open source · Free during early access

Your agent could be doing this.

All it needs is access. TAP holds your keys and pings you to approve the scary stuff.

Get started How it works

Day one

Paste these on day one.

"Check my email for any unpaid invoices and pay them on Wise."

Gmail → Wise · it really pays them

"Migrate all our company domains to Cloudflare DNS, update the SSL certificates on AWS, and trigger Vercel redeployments for any affected services."

Cloudflare · AWS · Vercel

"Check my Mercury balance. If it's over $50k, move the excess into the highest-yield account."

Mercury · waits for your approval

"Give me a morning briefing: Mercury balance and any large transactions, unread emails that need action, and whether any Vercel deployments failed overnight."

Mercury · Gmail · Vercel · unattended

No integrations to build. All ten prompts →

The blocker

Your agents shouldn't
hold the keys.

🔓

Keys get stolen

One malicious prompt and your key walks out the door.

⚠️

No human in the loop

Raw keys let an agent pay, post, and delete with nothing stopping it.

👁

Keys end up in context

APIs echo credentials. Once in context, it's in every future prompt.

What you get

Your agents get hands.
You keep the keys.

No MCP servers. No skills to write. No setup steps per service.

Your agent gets two lines and teaches itself every service you've added: 

TAP key: <your key>
TAP instructions: https://proxy.tap.human.tech/instructions

Adding a service means pasting a key into the dashboard. And your context stays clean: no wall of tool definitions riding along in every conversation, your agent looks things up only when it needs them. Works from Claude Code, OpenClaw, or anything else that speaks HTTP.

Approve from your phone

Risky requests show up in Telegram with the exact payload. One tap either way.

Reads don't bother you

Checking balances, reading inboxes, listing deploys: all of that just runs.

One dashboard for the team

Everyone's agents, credentials, and approval rules in one place, isolated per team.

A full paper trail

Every request is logged: which agent, which credential, who approved it.

Under the hood

Don't take our word for it.

Keys nobody can read, including us

Credentials live in a hardware-attested enclave. Microsoft's HSM releases them only to verified TAP code, and every release's measurement is published. Verify it →

Your agent never holds a secret

It only ever sees a name like mercury. TAP swaps in the real key on the way out and scrubs any echoes on the way back.

Fails closed

Approval rules are checked on every request. If nothing matches, the request waits for a human.

Open code

Source-available under FSL: read it, audit it, self-host it. GitHub →

Want the request flow, policy engine, and attestation details? How it works, in the docs →

Early access

Deploy today.

Free during early access. Credentials live in a hardware-attested enclave — unreadable even to us. Verify it.

Get started

Or self-host — without the enclave guarantees

Running in five minutes.

Source-available under FSL. Use our managed hosting or run it yourself in Docker.

1

Sign up and add your credentials

Slack, GitHub, Mercury, Stripe, AWS, or whatever else your agent needs.

2

Create an agent and copy the API key

Pick which credentials it can touch. The key shows once.

3

Paste two lines into your agent's prompt

TAP key: <your key>
TAP instructions: https://proxy.tap.human.tech/instructions

It fetches that URL and works out how to use your services on its own.

Read the docs View on GitHub