Context-Isolated Secret Management for Autonomous AI Software Engineering Agents
Project description
nvenv (No-View Env)
nvenv is a local-first cryptographic proxy tool designed to decouple raw credentials from the viewable workspace of autonomous AI software engineering agents (e.g., Cursor, Claude Code, Windsurf, Devin).
By replacing filesystem .env credentials with secure cryptographic URI placeholders and substituting the actual keys dynamically at the OS socket boundary in volatile memory during TLS handshakes, nvenv ensures your runtime applications execute flawlessly while leaving the autonomous LLM agent mathematically blind to the underlying credentials.
How It Works (The Core Mechanism)
[Application Process] (Reads env containing placeholder "nv://STRIPE_SECRET_KEY")
|
| 1. Dispatches HTTP POST packet
| Authorization Header: "Bearer nv://STRIPE_SECRET_KEY"
v
[Local nvenv Proxy Loopback Engine]
|
| 2. Intercepts outbound TLS request via Local CA
| 3. Queries volatile memory for the real credentials
| 4. Substitutes "nv://STRIPE_SECRET_KEY" with "sk_live_51Nx..."
v
[External Target API Endpoint] (e.g., api.stripe.com)
Core Security Features
- Contextual Blindness ($I(C_{\text{text}}; S) = 0$): Your code files, terminal logs, and system variables contain only hollow placeholders (e.g.,
nv://STRIPE_KEY). Secrets never enter the LLM's context window. - Hardware-Backed Vault: On Windows, secrets are stored in a local SQLite database (
~/.nv/vault.db) and encrypted using the Windows Data Protection API (DPAPI), binding them to your operating system user identity and TPM. - Active TLS Interception: Spawns a transient, local Man-in-the-Middle (MITM) loopback proxy that signs dynamic certificates on-the-fly, swapping placeholders in request headers and payloads during execution.
- AI Agent Anti-Scraping Defense: Prevents AI agents from scraping plaintext keys via shell commands (e.g.,
nvenv get). It blocks decryption in piped or redirected environments (isattycheck) and requires interactive, low-level OS keyboard confirmation (msvcrtconsole read) to print keys. - Git Credential Helper: Plugs directly into Git (
credential.helper) to intercept remote authentication commands, injecting GitHub Personal Access Tokens (PATs) at the OS socket pipe level without checking tokens into files.
Installation Options
1. Developer Python Source Installation (Recommended for testing)
Ensure you have pyinstaller and cryptography installed:
pip install -e .
This registers the global CLI script nvenv in your environment PATH.
2. NPM Distribution (Language-Agnostic JS Wrapper)
For developers using Node/NPM globally:
npm install -g nv-protocol
Note: This utilizes a global Node.js redirector script that routes requests directly to the precompiled platform-specific executable.
3. Windows Package Manager (Winget)
winget install OpenSourceSecurity.nv
4. Linux & macOS (Bash Installer)
curl -fsSL https://raw.githubusercontent.com/oss-security/nv-protocol/main/install.sh | bash
Quickstart Guide
Step 1: Initialize Vault
Create your secure database:
nvenv init
Step 2: Store Your Secrets
Save your API keys securely:
nvenv set STRIPE_KEY
(You will be securely prompted for the value. The CLI will output a copy-pasteable configuration line).
Step 3: Populate Your .env File
Replace the plaintext secrets in your project's .env with the placeholders generated:
STRIPE_KEY=nv://STRIPE_KEY
DATABASE_URL=nv://DATABASE_URL
Step 4: Run Your Code Wrapped in the Sandbox
Instead of booting your compiler or runtime directly, wrap the command in nvenv run --:
# Node.js Example
nvenv run -- npm run dev
# Python Example
nvenv run -- python main.py
# Curl Example
nvenv run -- curl -X GET https://httpbin.org/headers -H "Authorization: Bearer nv://STRIPE_KEY"
The application will run with the correct keys, but the shell, output logs, and system environment table will only see nv://STRIPE_KEY.
Git Integration Setup
Protect your repository push/pull pipelines from token scraping:
- Save your Personal Access Token (PAT) under the name
GITHUB_TOKEN:nvenv set GITHUB_TOKEN
- Enable the local Git Credential Helper for your repository:
git config --local credential.helper "!nvenv git-helper"
Now, Git will verify remote write operations by securely piping tokens from the hardware store, keeping files clean of credential details.
Troubleshooting & Verification
To verify that your installation is working correctly, run the internal test suite:
python test_nv.py
This tests:
- Native Windows DPAPI encryption stability.
- Local vault schema CRUD.
- Socket payload replacement over mock HTTP interception streams.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nv_protocol-0.1.9.tar.gz.
File metadata
- Download URL: nv_protocol-0.1.9.tar.gz
- Upload date:
- Size: 4.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1eff8fc31f19e33a614f047d46362ff08684b4558659c0a55f1108ba754c3ee8
|
|
| MD5 |
3ffc6d5e101386d463c11830fbc16a9c
|
|
| BLAKE2b-256 |
6b758d58302a3ad8f01e72a37829d3a4111e733d41690ab69b5540f7420eb1a1
|
File details
Details for the file nv_protocol-0.1.9-py3-none-any.whl.
File metadata
- Download URL: nv_protocol-0.1.9-py3-none-any.whl
- Upload date:
- Size: 4.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
40f709dfb43b7eb4ce6919bf6828b1f10c371b3bc626284e9d2812e22d97fc66
|
|
| MD5 |
7b161d8a05febc48ad5cfcd94bb6b9ed
|
|
| BLAKE2b-256 |
2af3cf307dc9663e98b09d876626aa5d9b00d87ae318bedf3bd18c97a8f0d50d
|