Local AI Agents (Claude & Cursor)
Connect local MCP clients with short-lived delegated access and Human-In-The-Loop approvals.
This guide is for local AI assistants (Claude Desktop, Cursor, Windsurf, Cline) using Envault MCP.
When you run envault mcp install, Envault provisions a project-scoped delegated JWT (envault_agt_) with a 1-hour lifetime. The agent gets only scoped access for that project, not unrestricted account-wide access.
AI agents can read context, but mutations always require explicit human approval.
For manual client JSON configuration and full tools/security reference, see MCP Advanced Setup & Reference.
1. Setup for local development
Prepare your project
In your project root:
envault init
envault loginenvault init maps the repo to the Envault project, and envault login establishes your secure user session.
Install MCP integration
For workspace-scoped setup (recommended):
envault mcp install --localFor machine-wide setup:
envault mcp installRestart your AI client
Restart Cursor/Claude (or reload VS Code) so the MCP server initializes with the new delegated token.
2. How HITL approval works
When an AI attempts a mutation (for example: creating or updating a secret using envault deploy tools), Envault enforces Human-In-The-Loop:
- The AI sends the mutation request through MCP.
- Envault CLI intercepts and forwards the request to the Envault API using the delegated
envault_agt_JWT. - The API responds with
202 Acceptedand creates a pending approval instead of executing immediately. - MCP surfaces a secure Approval Link back in your AI chat UI.
- You open the link, review the exact proposed keys/values in the dashboard, and click Approve.
- Envault then encrypts and applies the change.
No approval means no mutation is executed.
3. Quick verification
After setup, ask your AI assistant to run a read operation (for example status/context). Then ask for a mutation and confirm you receive the approval link flow.
This validates both delegated auth and HITL controls in your local environment.