Show HN: AVP – an agent can't leak a secret it never had https://ift.tt/f70qDpY

Show HN: AVP – an agent can't leak a secret it never had A process can't leak a secret it never had. Shai-hulud, prompt-injection - you name it. They cannot steal what your agent (or an process) don't have. I run coding agents (Claude Code, Codex) on my own machines most of the day. Every one of them wants real API keys in env and I was scratching my head for the last few months how to contain it. The usual answer to this is a firewall. I don't buy it. A firewall tries to contain a secret the process is still holding, and the rules are painful to maintain. AVP gives the agent a placeholder and injects the real value at the last moment, on the wire: ``` # the agent's env holds only a placeholder STRIPE_API_KEY=avp-placeholder # agent sends: Authorization: Bearer avp-placeholder # AVP forwards upstream: Authorization: Bearer sk_live_...real... ``` Keep your passwords in your vault where they belong. AVP initially relies on Bitwarden as a secret manager. It's MIT licensed. Appreciate any feedback. https://ift.tt/V5yC7rZ June 12, 2026 at 12:40AM