reaatech/agent-auth-proxy

★ 0Last commit: Jun 4, 2026GitHub →

These packages give you an identity-aware reverse proxy that sits between AI agents and downstream APIs like Google or GitHub, handling OAuth2 token management, API key vaulting, and scope enforcement. You would adopt them to solve the problem of securely authenticating and authorizing agent-to-service requests without embedding long-lived credentials in agent code or managing per-user OAuth flows yourself. The most distinctive thing is that the proxy is stateful and built as a Fastify plugin with a typed client SDK, so the server, client, and shared schemas are versioned together in a monorepo and the entire request pipeline—authentication, scope validation, credential decryption, and injection—runs in a single proxy hop.

agent-auth agent-proxy agentic-ai ai ai-agents developer-tools mcp oauth2 security typescript

Packages

Sort

3 packages

agent-auth-proxy-client

@reaatech/agent-auth-proxy-client

v2.0.0

Two typed HTTP clients for the agent-auth-proxy server: `AgentClient` exchanges an API key for a JWT and makes proxied requests to third-party APIs on behalf of a user, while `AdminClient` manages users, agents, grants, and tokens. Both decode server errors into typed error classes (`AuthError`, `ScopeError`, `ValidationError`, `UpstreamError`, `AppError`).

View package View on npm

status: published
published: 2 days ago

agent-auth-proxy-core

@reaatech/agent-auth-proxy-core

v2.0.0

Shared Zod schemas, error classes, and TypeScript types for OAuth2 proxy request validation, scope management, and error handling, exported as framework-agnostic primitives that only depend on `zod`.

View package View on npm

status: published
published: 2 days ago

agent-auth-proxy-server

@reaatech/agent-auth-proxy-server

v2.0.0

Fastify plugin and CLI that implements an identity-aware proxy server for agent-to-service communication, handling API key auth, OAuth2 with PKCE, JWT issuance, scope enforcement, credential injection, and audit logging. Exports `buildApp()` and `start()` functions, requires a PostgreSQL database and pairs with `@reaatech/agent-auth-proxy-core` for shared schemas.