# OneCLI ## Docs - [Create an agent](https://onecli.sh/docs/api-reference/agents/create-an-agent.md): Creates a new agent in the current project. The identifier must be lowercase alphanumeric with hyphens, starting with a letter (max 50 chars). - [Delete an agent](https://onecli.sh/docs/api-reference/agents/delete-an-agent.md) - [Get default agent](https://onecli.sh/docs/api-reference/agents/get-default-agent.md): Returns the default agent for the current project. - [List agents](https://onecli.sh/docs/api-reference/agents/list-agents.md): Returns all agents in the current project with secret and connection counts. - [List agent's assigned secrets](https://onecli.sh/docs/api-reference/agents/list-agents-assigned-secrets.md): Returns the IDs of secrets assigned to this agent (relevant when secret mode is `selective`). - [Regenerate agent token](https://onecli.sh/docs/api-reference/agents/regenerate-agent-token.md): Generates a new access token for the agent. The previous token is immediately invalidated. - [Rename an agent](https://onecli.sh/docs/api-reference/agents/rename-an-agent.md) - [Set default agent](https://onecli.sh/docs/api-reference/agents/set-default-agent.md): Marks the specified agent as the project's default agent. - [Update agent secret mode](https://onecli.sh/docs/api-reference/agents/update-agent-secret-mode.md): Controls which secrets the agent can access: - `all` — the agent can use every secret in the project. - `selective` — only secrets explicitly assigned via `PUT /agents/{agentId}/secrets`. - [Update agent's assigned secrets](https://onecli.sh/docs/api-reference/agents/update-agents-assigned-secrets.md): Replaces the full list of secrets assigned to this agent. - [Connect app with credentials](https://onecli.sh/docs/api-reference/apps/connect-app-with-credentials.md): Connects an app using direct credentials (API key, service account, etc.) rather than OAuth. - [Delete app configuration](https://onecli.sh/docs/api-reference/apps/delete-app-configuration.md) - [Disconnect an app connection](https://onecli.sh/docs/api-reference/apps/disconnect-an-app-connection.md): Permanently removes a specific app connection by ID. - [Get app configuration](https://onecli.sh/docs/api-reference/apps/get-app-configuration.md): Returns the non-secret configuration for a BYOC (Bring Your Own Credentials) app. - [Get app details](https://onecli.sh/docs/api-reference/apps/get-app-details.md): Returns detailed information about a specific app, including setup instructions. - [List apps](https://onecli.sh/docs/api-reference/apps/list-apps.md): Returns all available apps with their current configuration and connection status. - [List connections](https://onecli.sh/docs/api-reference/apps/list-connections.md): Returns all app connections in the current project. - [List connections by provider](https://onecli.sh/docs/api-reference/apps/list-connections-by-provider.md): Returns app connections filtered by provider. - [Set app configuration](https://onecli.sh/docs/api-reference/apps/set-app-configuration.md): Creates or updates the BYOC configuration for an app. Existing connections may be disconnected when credentials change. - [Start OAuth flow](https://onecli.sh/docs/api-reference/apps/start-oauth-flow.md): Redirects the user to the app's OAuth authorization page. After the user authorizes, they are redirected back to the callback URL. - [Errors](https://onecli.sh/docs/api-reference/errors.md): Error codes, response format, and troubleshooting guidance for the OneCLI API. - [API Reference](https://onecli.sh/docs/api-reference/index.md): Authenticate and interact with the OneCLI API to manage agents, secrets, policy rules, and app connections programmatically. - [Delete organization app configuration](https://onecli.sh/docs/api-reference/organization-app-config/delete-organization-app-configuration.md): Requires admin role. Cloud only. - [Get organization app configuration](https://onecli.sh/docs/api-reference/organization-app-config/get-organization-app-configuration.md): Returns the non-secret configuration for a BYOC app at the organization level. Cloud only. - [List configured providers](https://onecli.sh/docs/api-reference/organization-app-config/list-configured-providers.md): Returns provider IDs with an enabled app configuration at the organization level. Cloud only. - [Set organization app configuration](https://onecli.sh/docs/api-reference/organization-app-config/set-organization-app-configuration.md): Creates or updates the BYOC configuration for an app at the organization level. Requires admin role. Cloud only. - [Toggle organization app configuration](https://onecli.sh/docs/api-reference/organization-app-config/toggle-organization-app-configuration.md): Enables or disables an organization app configuration. Requires admin role. Cloud only. - [Disconnect an organization connection](https://onecli.sh/docs/api-reference/organization-connections/disconnect-an-organization-connection.md): Requires admin role. Cloud only. - [List organization connections](https://onecli.sh/docs/api-reference/organization-connections/list-organization-connections.md): Returns all app connections scoped to the organization. Cloud only. - [List organization connections by provider](https://onecli.sh/docs/api-reference/organization-connections/list-organization-connections-by-provider.md): Returns organization connections filtered by provider. Cloud only. - [Create an organization rule](https://onecli.sh/docs/api-reference/organization-rules/create-an-organization-rule.md): Creates a new policy rule at the organization level. Organization rules apply across all projects and cannot be assigned to specific agents. Requires admin role. Cloud only. - [Delete an organization rule](https://onecli.sh/docs/api-reference/organization-rules/delete-an-organization-rule.md): Requires admin role. Cloud only. - [Get an organization rule](https://onecli.sh/docs/api-reference/organization-rules/get-an-organization-rule.md): Cloud only. - [Get app permissions](https://onecli.sh/docs/api-reference/organization-rules/get-app-permissions.md): Returns the tool-level permission states for a provider at the organization level. - [List organization rules](https://onecli.sh/docs/api-reference/organization-rules/list-organization-rules.md): Returns all policy rules scoped to the organization. Cloud only. - [Set app permissions](https://onecli.sh/docs/api-reference/organization-rules/set-app-permissions.md): Updates tool-level permissions for a provider. Requires admin role. - [Update an organization rule](https://onecli.sh/docs/api-reference/organization-rules/update-an-organization-rule.md): Requires admin role. Cloud only. - [Create an organization secret](https://onecli.sh/docs/api-reference/organization-secrets/create-an-organization-secret.md): Creates a new secret at the organization level. Organization secrets apply across all projects. Requires admin role. Cloud only. - [Delete an organization secret](https://onecli.sh/docs/api-reference/organization-secrets/delete-an-organization-secret.md): Requires admin role. Cloud only. - [List organization secrets](https://onecli.sh/docs/api-reference/organization-secrets/list-organization-secrets.md): Returns all secrets scoped to the organization. Secret values are never returned. Cloud only. - [Update an organization secret](https://onecli.sh/docs/api-reference/organization-secrets/update-an-organization-secret.md): Updates one or more fields on an organization secret. Requires admin role. Cloud only. - [Create a project](https://onecli.sh/docs/api-reference/projects/create-a-project.md): Creates a new project in the organization. Requires admin role. - [Delete a project](https://onecli.sh/docs/api-reference/projects/delete-a-project.md): Permanently deletes a project and all its data (agents, secrets, connections, rules, audit logs). Requires admin role. Cannot delete the last project in the organization. - [Get a project](https://onecli.sh/docs/api-reference/projects/get-a-project.md): Returns a single project by ID. - [List projects](https://onecli.sh/docs/api-reference/projects/list-projects.md): Returns all projects in the authenticated user's organization. Cloud only. - [Update a project](https://onecli.sh/docs/api-reference/projects/update-a-project.md): Updates a project's name and slug. Requires admin role. - [Create a policy rule](https://onecli.sh/docs/api-reference/rules/create-a-policy-rule.md): Creates a new policy rule. Rules control how agents interact with external services: - [Delete a policy rule](https://onecli.sh/docs/api-reference/rules/delete-a-policy-rule.md) - [Get a policy rule](https://onecli.sh/docs/api-reference/rules/get-a-policy-rule.md): Returns a single policy rule by ID. - [List policy rules](https://onecli.sh/docs/api-reference/rules/list-policy-rules.md): Returns all policy rules for the current project. - [Update a policy rule](https://onecli.sh/docs/api-reference/rules/update-a-policy-rule.md): Updates one or more fields on a rule. At least one field must be provided. - [Create a secret](https://onecli.sh/docs/api-reference/secrets/create-a-secret.md): Creates a new secret. The gateway uses secrets to inject credentials into outbound requests matching the host and path patterns. - [Delete a secret](https://onecli.sh/docs/api-reference/secrets/delete-a-secret.md) - [List secrets](https://onecli.sh/docs/api-reference/secrets/list-secrets.md): Returns all secrets in the current project. Secret values are never returned. - [Update a secret](https://onecli.sh/docs/api-reference/secrets/update-a-secret.md): Updates one or more fields on a secret. At least one field must be provided. - [Get API key](https://onecli.sh/docs/api-reference/user/get-api-key.md): Returns the current API key for the authenticated user in the current project. - [Get current user](https://onecli.sh/docs/api-reference/user/get-current-user.md): Returns the profile of the authenticated user. - [Regenerate API key](https://onecli.sh/docs/api-reference/user/regenerate-api-key.md): Generates a new API key, immediately invalidating the previous one. - [Update user profile](https://onecli.sh/docs/api-reference/user/update-user-profile.md) - [CLI Reference: Commands, Flags & Configuration](https://onecli.sh/docs/cli/onecli-cli.md): Full reference for the OneCLI command-line tool: installation, every command with flags, environment variables, and configuration. - [OneCLI Plugin for Claude Code](https://onecli.sh/docs/guides/claude-code-plugin.md): Install the OneCLI plugin for Claude Code to connect to external APIs with zero credential management. No CLI required. - [Set Up Coding Agents: Claude Code, Cursor & Windsurf](https://onecli.sh/docs/guides/coding-agents.md): Configure Claude Code, Cursor, Windsurf, and other coding agents to route through the OneCLI gateway. One command to set up. - [Credential Stubs for MCP Servers](https://onecli.sh/docs/guides/credential-stubs/general-app.md): Create placeholder credential files so MCP servers can start without real secrets. The gateway fills in values at request time. - [Gmail Credential Stubs](https://onecli.sh/docs/guides/credential-stubs/gmail.md): Set up Gmail credential stubs so MCP servers that need Google OAuth tokens can start without manual auth flows or token files. - [Vertex AI Credential Stubs](https://onecli.sh/docs/guides/credential-stubs/vertex-ai.md): Set up Vertex AI credential stubs so MCP servers that need Google Cloud service account keys can start without manual setup. - [GitHub App Setup: Fine-Grained Repo Access](https://onecli.sh/docs/guides/github-app.md): Install and configure the OneCLI GitHub App for fine-grained repo access. Supports org-level approval and per-repo scoping. - [Guides: Set Up Agents and Configure OneCLI](https://onecli.sh/docs/guides/index.md): Step-by-step guides for connecting AI agents, configuring projects, setting rules, and managing credentials with OneCLI. - [NanoClaw: Agent Orchestration with the Gateway](https://onecli.sh/docs/guides/nanoclaw.md): Run NanoClaw agents with OneCLI handling credential injection and policy enforcement. No code changes needed in the agent. - [Projects: Organize Agents & Connections](https://onecli.sh/docs/guides/projects.md): Group agents, connections, and rules into projects. Each project has its own dashboard, audit log, and team members. - [Rules: Control What Agents Can Do](https://onecli.sh/docs/guides/rules.md): Define allow/block/rate-limit rules that are evaluated before credential injection. Block destructive operations, require approval, or cap usage. - [User Provisioning: Add Team Members Programmatically](https://onecli.sh/docs/guides/user-provisioning.md): Add team members to OneCLI with pre-configured roles, API keys, and project access. Supports programmatic provisioning via the API. - [How the Gateway Works: Credential Injection & Signing](https://onecli.sh/docs/how-it-works.md): OneCLI runs a transparent proxy that intercepts outgoing HTTP requests, checks them against your rules, and injects credentials from an encrypted vault. - [Credential & Policy Layer for AI Agents](https://onecli.sh/docs/index.md): Give your AI agents secure access to external services. Store credentials once, inject them at request time, and control what your agents can do. Your agents never see the keys. - [Anthropic Integration: Claude API Key Injection](https://onecli.sh/docs/integrations/anthropic.md): Inject your Anthropic API key into agent requests so they can call Claude models without ever seeing or handling the key. - [Apollo.io Integration: Sales Intelligence for Agents](https://onecli.sh/docs/integrations/apollo-io.md): Agents can search contacts, enrich leads, manage sequences, and work with deals in Apollo.io. OAuth credentials are injected automatically. - [App Connections: How OAuth & API Keys Work](https://onecli.sh/docs/integrations/app-connections.md): How OneCLI stores and injects OAuth tokens and API keys for connected apps. Token refresh, credential encryption, and the connection lifecycle. - [AWS for AI Agents: S3, EC2, Lambda & More](https://onecli.sh/docs/integrations/aws.md): Connect agents to AWS with automatic SigV4 request signing. Supports IAM access keys and cross-account roles with per-agent session policies. - [Cloudflare Integration: DNS & Workers for Agents](https://onecli.sh/docs/integrations/cloudflare.md): Agents can manage DNS records, deploy Workers, and configure page rules. API tokens are injected at the gateway. - [Confluence: Wiki & Docs for AI Agents](https://onecli.sh/docs/integrations/confluence.md): Search, read, and create pages in Confluence spaces. Agents can reference internal documentation or publish content automatically. - [Datadog Integration: Monitoring & Logs for Agents](https://onecli.sh/docs/integrations/datadog.md): Let agents query Datadog metrics, check monitor status, and read incident timelines. API keys are injected by the gateway. - [Dropbox Integration: Cloud Storage for Agents](https://onecli.sh/docs/integrations/dropbox.md): Agents can browse, download, upload, and share files in Dropbox. OAuth credentials are injected automatically. - [Fly.io Integration: Deploy & Manage Apps for Agents](https://onecli.sh/docs/integrations/flyio.md): Agents can deploy and manage applications, Machines, volumes, and secrets on Fly.io. API tokens are injected at the gateway. - [GitHub for AI Agents: Repos, PRs & Actions](https://onecli.sh/docs/integrations/github.md): Connect agents to GitHub via OAuth or a GitHub App. The gateway injects tokens into API calls and git-over-HTTPS, with per-action allow/ask/block controls. - [GitHub App Integration: Org-Approved Repository Access](https://onecli.sh/docs/integrations/github-app.md): Fine-grained, organization-approved access to repositories through GitHub App installation tokens. Tokens are refreshed and injected automatically. - [Gmail Integration: Let Agents Read, Draft & Send Email](https://onecli.sh/docs/integrations/gmail.md): Search, read, draft, and send emails through the Gmail API. The gateway handles OAuth and token refresh so agents just make HTTP calls. - [Google Admin Integration: Workspace User Management](https://onecli.sh/docs/integrations/google-admin.md): Manage users, groups, and organizational units in Google Workspace. Requires admin privileges on the Google account. - [Google Analytics: Traffic & Reporting for AI Agents](https://onecli.sh/docs/integrations/google-analytics.md): Query traffic reports, read key metrics, and pull audience data from GA4 properties. OAuth credentials injected by the gateway. - [Google Calendar Integration: Scheduling for Agents](https://onecli.sh/docs/integrations/google-calendar.md): Agents can list events, create meetings, check availability, and manage RSVPs. OAuth credentials are injected automatically. - [Google Classroom: Education Access for AI Agents](https://onecli.sh/docs/integrations/google-classroom.md): Manage courses, assignments, and student rosters through the Classroom API. OAuth credentials injected by the gateway. - [Google Docs Integration: Read & Edit Documents](https://onecli.sh/docs/integrations/google-docs.md): Read and edit Google Docs programmatically. Agents can create documents, insert text, and format content via the Docs API. - [Google Drive Integration: File Access for Agents](https://onecli.sh/docs/integrations/google-drive.md): Search, read, create, and organize files and folders in Google Drive. Supports Docs, Sheets, and uploaded files. - [Google Forms: Form & Response Access for AI Agents](https://onecli.sh/docs/integrations/google-forms.md): Agents can create forms, read submissions, and analyze response data through the Google Forms API. OAuth handled by the gateway. - [Google Meet Integration: Meetings & Recordings](https://onecli.sh/docs/integrations/google-meet.md): Create meeting links, list upcoming calls, and read recording metadata through the Google Meet API. OAuth handled by the gateway. - [Google Photos Integration: Albums & Media Access](https://onecli.sh/docs/integrations/google-photos.md): Search, browse, and manage photos and albums. Agents can read image metadata, list albums, and upload media via the Photos API. - [Google Search Console Integration: SEO Data Access](https://onecli.sh/docs/integrations/google-search-console.md): Query search performance, inspect URLs, and check indexing status. Agents can pull click/impression data and identify crawl issues. - [Google Sheets: Spreadsheet Access for AI Agents](https://onecli.sh/docs/integrations/google-sheets.md): Read and write spreadsheet data through the Google Sheets API. Extract data, generate reports, or update tracking sheets. - [Google Slides Integration: Create & Edit Presentations](https://onecli.sh/docs/integrations/google-slides.md): Create and edit presentations through the Slides API. Agents can add slides, insert text and images, and update layouts. - [Google Tasks: Task Management for AI Agents](https://onecli.sh/docs/integrations/google-tasks.md): Create, complete, and organize tasks and task lists through the Google Tasks API. OAuth credentials injected by the gateway. - [HubSpot Integration: CRM for Agents](https://onecli.sh/docs/integrations/hubspot.md): Agents can manage contacts, companies, deals, and tickets in HubSpot CRM. OAuth credentials are injected automatically. - [Integrations: Connect Agents to External Services](https://onecli.sh/docs/integrations/index.md): Connect AI agents to external services through the OneCLI gateway. OAuth apps, API keys, and cloud platforms, all from one dashboard. - [Jira Integration: Issues, Sprints & Project Boards](https://onecli.sh/docs/integrations/jira.md): Create, update, and search Jira issues. Agents can manage sprints, transition statuses, and read project boards. - [LinkedIn Integration: Social Engagement for Agents](https://onecli.sh/docs/integrations/linkedin.md): Agents can read your profile and create posts on LinkedIn. OAuth credentials are injected automatically. - [LLM Providers: Route Agents to Any Model](https://onecli.sh/docs/integrations/llms.md): Route AI agent traffic to Anthropic, OpenAI, Vertex AI, or any LLM provider. The gateway injects API keys so agents never see them. - [Microsoft OneNote Integration: Notebooks for Agents](https://onecli.sh/docs/integrations/microsoft-onenote.md): Agents can read and manage notebooks, sections, and pages in Microsoft OneNote. OAuth credentials are injected automatically. - [Monday.com Integration: Project Management for Agents](https://onecli.sh/docs/integrations/monday.md): Agents can manage boards, items, docs, and workspaces in Monday.com. OAuth credentials are injected automatically. - [MongoDB Atlas Integration: Database Administration for Agents](https://onecli.sh/docs/integrations/mongodb-atlas.md): Agents can manage clusters, users, and projects via the Atlas Administration API. Client credentials are injected automatically. - [Notion Integration: Pages & Database Access](https://onecli.sh/docs/integrations/notion.md): Search, read, and write Notion pages and databases through the API. Agents connect via internal integration, credentials injected. - [OpenAI Integration: API Key & Codex OAuth](https://onecli.sh/docs/integrations/openai.md): Inject your OpenAI API key or Codex OAuth credentials into agent requests so they can call GPT, DALL-E, and embeddings without handling the key. - [Outlook Calendar Integration: Scheduling for Agents](https://onecli.sh/docs/integrations/outlook-calendar.md): Let agents view, create, and manage calendar events in Microsoft 365. Works with shared calendars and room resources. - [Outlook Mail Integration: Email for Agents](https://onecli.sh/docs/integrations/outlook-mail.md): Agents can read, send, and organize email in Microsoft 365 mailboxes. OAuth tokens are managed and refreshed automatically. - [Resend: Transactional Email for AI Agents](https://onecli.sh/docs/integrations/resend.md): Send transactional emails and check delivery status via the Resend API. API keys injected by the gateway automatically. - [Sentry Integration: Error Tracking for Agents](https://onecli.sh/docs/integrations/sentry.md): Agents can read errors, manage issues, and track releases in Sentry. OAuth credentials are injected automatically. - [Supabase Integration: Database & Auth for Agents](https://onecli.sh/docs/integrations/supabase.md): Agents can manage Supabase projects, databases, edge functions, and storage. OAuth credentials are injected automatically. - [Todoist Integration: Task Management for Agents](https://onecli.sh/docs/integrations/todoist.md): Create, complete, and organize tasks and projects in Todoist. API tokens are injected by the gateway. Agents never see them. - [Vertex AI: Route Agents to Claude & Gemini on GCP](https://onecli.sh/docs/integrations/vertex-ai.md): Route agent requests to Vertex AI models on Google Cloud, including Claude and Gemini. Supports service account and ADC authentication. - [YouTube Integration: Videos, Playlists & Analytics](https://onecli.sh/docs/integrations/youtube.md): List channels, search videos, manage playlists, and read analytics. The gateway injects YouTube Data API credentials. - [Zoom Integration: Meetings & Recordings for Agents](https://onecli.sh/docs/integrations/zoom.md): Agents can list meetings, schedule calls, access cloud recordings, and manage your Zoom calendar. OAuth credentials are injected automatically. - [Quickstart](https://onecli.sh/docs/quickstart.md): Sign up for OneCLI and connect your first agent to external services in under five minutes. No code changes needed. - [Environment Variables](https://onecli.sh/docs/reference/environment-variables.md): All environment variables recognized by the OneCLI gateway, CLI, and Docker image. Proxy config, auth, logging, and feature flags. - [Telemetry: What We Collect & How to Opt Out](https://onecli.sh/docs/reference/telemetry.md): What OneCLI collects, why, and how to opt out. No request bodies, credentials, or PII are ever transmitted. Fully transparent. - [.NET SDK (Coming Soon)](https://onecli.sh/docs/sdks/dotnet.md): .NET SDK for configuring containers to route through the OneCLI gateway. Works with C# and F# applications. Coming soon. - [Go SDK (Coming Soon)](https://onecli.sh/docs/sdks/go.md): Go SDK for configuring containers to route through the OneCLI gateway. Currently in development. Follow GitHub for updates. - [SDKs: Route AI Agent Containers Through the Gateway](https://onecli.sh/docs/sdks/index.md): Route AI agent containers through the OneCLI gateway with official SDKs. Node.js available now, more languages coming soon. - [Java / Kotlin SDK (Coming Soon)](https://onecli.sh/docs/sdks/java.md): Java SDK for configuring containers to route through the OneCLI gateway. Works with Kotlin and any JVM language. - [Node.js SDK: Container Config, Provisioning & Approval](https://onecli.sh/docs/sdks/node.md): Configure Docker containers to route through the OneCLI gateway from Node.js. Handles proxy setup, CA certs, and approval. - [Python SDK (Coming Soon)](https://onecli.sh/docs/sdks/python.md): Python SDK for configuring Docker containers to route through the OneCLI gateway. Currently in development. Coming soon. - [Ruby SDK (Coming Soon)](https://onecli.sh/docs/sdks/ruby.md): Ruby SDK for configuring containers to route through the OneCLI gateway. Currently in development. Follow GitHub for updates. - [Rust SDK (Coming Soon)](https://onecli.sh/docs/sdks/rust.md): Rust SDK for configuring containers to route through the OneCLI gateway. Currently in development. Follow GitHub for updates. - [1Password Vault: Service Account Integration](https://onecli.sh/docs/vaults/1password.md): Connect 1Password to OneCLI using Service Accounts. AI agents resolve secrets at runtime via op:// references. Credentials never leave your vault until the moment they're needed. - [Bitwarden Vault: Sync Secrets to the Gateway](https://onecli.sh/docs/vaults/bitwarden.md): Sync secrets from Bitwarden into OneCLI. Agents can access vault items without the Bitwarden CLI or direct API calls. - [External Vaults: Connect Password Managers](https://onecli.sh/docs/vaults/overview.md): Connect OneCLI to Bitwarden and other password managers. Pull credentials from vaults you already use. Agents never see the secrets. ## OpenAPI Specs - [openapi](https://onecli.sh/docs/openapi.yaml) ## Optional - [GitHub](https://github.com/onecli)