DEV Community

Bento Maker
Bento Maker

Posted on

Your coding agent can build your whole app — except sign up for the services it needs

AI writes most of my code now. The agent builds the integration, the migration, the test — I stay on product decisions. But every new dependency still breaks the flow the exact same way: the agent writes the integration in thirty seconds, then stops and says:

Add your RESEND_API_KEY to .env.

So I alt-tab out of the editor, find the dashboard, sign up, click through onboarding, verify an email, create a key, paste it into .env — and now there's a live secret sitting in plaintext that I have to remember not to commit, that the agent forgets about and asks me for again next session. Every service. Every project.

It's the last manual chore in AI-assisted coding, and it's the one thing the agent couldn't do for me. So I built the thing that does it.

What it does

You ask once — "sign me up for Resend and wire it in," or "stand up my whole stack." Your coding agent (Claude Code, Cursor, Codex, Goose) drives a scoped browser that signs up for the service, handles the email verification, grabs the API key, and drops it into an encrypted vault.

Provision a whole backend — email, database, analytics, error tracking, deploy — in one ask, without opening a single dashboard. If your stack leans on a pile of third-party services, this collapses the setup-and-configuration slog from an afternoon into a couple of minutes.

I tried OpenAI's Operator and browser-use for this first. They can drive a browser, but they're general-purpose bots built to be watched, and they punt the moment there's a login, a captcha, or an API key to handle — which is the entire task. The insight that made this work: the coding agent you already have is a great planner; what it's missing is a driver — a scoped browser and a safe place to put what it finds.

Where the key goes (the part I actually care about)

Getting the key is the easy half. The interesting question is where it lands — because the default answer, a .env file, is genuinely bad and everyone reading this has felt it. .env files get committed to GitHub. They get lost. They get pasted into three services and rotated in none of them. And in the AI-coding era there's a new worst case: the key ends up in the agent's context window, the single least contained place a secret can be.

So the design principle is: the raw secret is never handed back to the agent, and never lands in your repo.

  • The vault is write-only. The key goes straight in; the agent can't read it back out. There's deliberately no "give me the plaintext" API — if you want the value for a .env, you read it from the web vault yourself.
  • When your code needs the key, it doesn't get the value — it calls through a proxy. You write ${SECRET} in the request; the proxy injects the real key server-side and returns only the response. The secret goes to the provider, never to you.
  • For a deployed app you mint an egress grant: a scoped, rate-limited, instantly-revocable token. The app holds that, not the real key. So the vault becomes a control plane — rotate once and every grant picks it up; something leaks, you revoke the grant and the next call fails closed. No re-rotation scramble.

The piece I'm quietly proud of is multi-console setup — wiring up Google OAuth, say, where you create a client in the GCP console and paste its secret into a different console. The driver captures the secret in console A, seals it in-session (a handle, not the value), and types it into console B — and the plaintext never materializes in the agent's context or the chat transcript at any point.

Getting past the signup gates

Modern signup forms are aggressively bot-gated now (Cloudflare Turnstile, Clerk, DataDome) — which is exactly where the general-purpose browser agents stall. Getting reliably through those gates, headless and unattended, was most of the actual engineering. It's handled behind the scenes; if you enjoy anti-bot debugging war-stories, the repo's STATE.md is a graveyard of every hypothesis I falsified getting there.

It gets faster the more it's used

The first successful signup for a given service gets distilled into a replayable recipe and shared. The next time anyone provisions that service, it replays in about thirty seconds instead of the agent re-figuring the flow from scratch. A chore-removal tool that gets faster with use is a nice property to have.

What's still hard (because it is)

I'd rather tell you the edges than let you find them:

  • It works best with OAuth signups (Google/GitHub) — most of the modern SaaS I reach for, but not all of it.
  • Some services still win — the heaviest captcha stacks, phone-verification gates, the most aggressive anti-bot dashboards. When manual signup is genuinely the realistic call, I try to say so.
  • Single-use magic links are a race, and datacenter-IP session invalidation is an ongoing operational reality.

It's beta, and free during the beta.

Try it

Trusty Squire is an open-source MCP server your coding agent drives. It plugs into Claude Code, Cursor, and Codex; you can get started here, or read the code on GitHub. Would love feedback — especially on the secret model.

Top comments (0)