Skip to Content
Install paths

Install paths

There are three ways to bring an agent online with AgentValet today, plus a fourth in development. Pick the one that matches how the agent runs.

MCPB (Claude Desktop, Claude Code)

The MCPB is a single-file extension bundle that installs into Claude Desktop. Download agentvalet-latest.mcpb, drag it into Claude’s extensions window (or install it via Settings → Extensions → Advanced settings → Install extension on Windows 11 Store builds), and Claude can now call AgentValet tools.

Best for:

  • Claude Desktop users wanting governed access to their platforms
  • Personal automations where the agent runs on your machine
  • Non-developers — the install is GUI-only

CLI

The CLI is npx @agentvalet/register. Run it in your project root; it walks you through:

  1. Sign in (browser pops to Clerk; CLI receives a session token via /cli-auth)
  2. Generate an RS256 keypair, register the agent under your account
  3. Write the private key to ~/.agentvalet/agent.key (0600) and project-level configs for whatever IDE/framework it detects
  4. Wait for you to approve the registration in the dashboard

It detects and writes config for: Claude Code, Cursor, Codex, OpenClaw, Factory Droid. After registration you have a working .mcp.json (or equivalent) wired up to your new agent.

Available subcommands:

  • (no args) — interactive registration wizard
  • refresh — pull the latest granted-permissions list into .claude/agentvalet-permissions.md
  • mcp-server — run the MCP server over stdio (for IDEs that launch it themselves)
  • list — list locally-configured agents
  • revoke — revoke an agent
  • inject — write env vars to a file for shell injection
  • uninstall — remove local config

Best for:

  • Developers integrating AgentValet into a codebase
  • Headless agents (servers, CI jobs, cron) where you need env-var injection
  • Multi-environment setups (one agent per env, each with its own key)

Claude web (claude.ai): no install

If the agent is Claude itself (web, Cowork, or Desktop), you do not install anything. Add AgentValet to claude.ai as a custom connector using your per-owner MCP URL (https://api.agentvalet.ai/mcp/v1/<owner-id>), leave the OAuth fields blank, and approve once. Claude authenticates over OAuth, so there is no private key on disk and nothing to paste back.

Because custom connectors live at your Claude account level, adding it once makes AgentValet available across Claude on the web, Claude Cowork, and Claude Desktop. (Claude Code inherits account connectors when signed in, though the CLI/MCPB paths below give it a stronger per-agent key.)

Best for:

  • Claude users who want governed platform access without a Desktop or CLI install
  • Trying AgentValet quickly from a browser
  • Anyone who would rather not manage a key file

Approving provisions a fresh, deny-by-default agent for that connector; grant it scopes in the dashboard before Claude can do anything. Full walkthrough: Connect Claude web (claude.ai).

Invite (coming soon)

A planned fourth path: a manager invites a teammate by email, the teammate clicks a link to claim, installs MCPB or runs the CLI, and the agent self-binds to the manager’s pre-configured scopes. No back-and-forth, no copy-pasting owner IDs.

The design is documented in docs/roadmap/invite-flow.md. It’s not shipped yet; when it is, this page will have a section of its own.

Picking a path

You are…Use
Using Claude in the browser (claude.ai) with nothing to installClaude web
Using Claude Desktop on a personal machineMCPB
Working in an IDE (Cursor, Claude Code, Codex) on a projectCLI
Deploying an agent to a server, container, or CICLI
A non-developer with no terminalClaude web or MCPB
Running multiple agents from one codebaseCLI
Onboarding a teammate who isn’t technicalWait for Invite, or Claude web + walk them through

The MCPB and CLI paths converge once registered: an agent is an agent, and the only difference is how the keypair gets generated and where it lives on disk. The Claude-web path is the exception, with no keypair at all; Claude holds a short-lived OAuth token instead.

Next

Last updated on