One API for your AI agents to safely operate every app you connect.
Connect an app once. Grant it to an agent. Jidenka holds the credentials in an encrypted vault, turns one call into the real provider action, and records who did what — with the risk grade shown before it runs. Your agent gets reach; it never gets your passwords.
No passwords handed to agents. jide + nka — hold the craft.
Connect once. Grant deliberately. Let agents act — on the record.
You stay in control of what's connected and who may use it. Agents get one door, not a keyring.
Connect
Link an app through its own OAuth screen or an API key. The credential is envelope-encrypted and held in the vault — never handed to the agent.
Grant
Decide which agent may use which connection — including two accounts of the same app. Grants are explicit, least-privilege, and revocable at any moment.
Agents act
Your agent finds a tool, reads its schema, and executes — through one MCP or REST surface. Every call returns one envelope and writes one audit record.
Autonomy you can watch work.
Handing an agent real capability is a trust-critical act, so Jidenka is built to show its work: what's encrypted, what's isolated, who did what, and how risky an action is — before it runs. Below is the mechanism, described plainly.
Encrypted credential vault
Every secret is envelope-encrypted with AES-256-GCM. The ciphertext is cryptographically bound to its tenant, connection, and secret type, so it can't be moved to another record and decrypted out of context.
Agents never see secrets
Jidenka uses the stored credential server-side to call the provider on the agent's behalf. Raw tokens are never returned to the agent, and are masked (first characters, rest redacted) whenever shown to a person.
Per-tenant isolation
Data is separated with Postgres row-level security, forced under a non-owner role. Tenant and identity are derived server-side from the authenticated caller — never trusted from a value the client sends.
Decrypt only where it runs
Only the execution worker can unwrap a credential, and only in-band while performing your action. The API tier holds no decryption capability at all — a smaller, deliberately narrow surface.
Full audit trail
Every action writes one record: who acted, which tool ran, which connected account it used, the risk grade, and the outcome. Nothing consequential happens without a trace of who, what, and which account.
Least privilege, revocable
Connections request only the scopes the enabled tools need. A grant maps exactly which agent may use which connection — and you can revoke a grant, or disconnect an app entirely, at any time.
Risk ladder · R0 → R5
Read-only calls (R0) carry no side effects. Actions that move money or delete data (R4–R5) sit at the top of the ladder and are disabled by default. A tool's grade is set by its real side effects — an author can't quietly label it down.
Early-stage, and honest about it
Jidenka is in active development. Today it operates on the accounts its owner connects — the encrypted vault, per-tenant isolation, audit trail, and risk grading described above are how it is built and run right now. Deeper governance — human approval workflows, cloud-managed key custody, and broader multi-tenant hardening — is being rolled out as the platform matures. We would rather show you the mechanism than sell you a badge.
Give your agents reach.
Keep the craft of holding it safe.
Jidenka is in early access. If you want your agents to operate real apps without holding real passwords, get in touch and we'll set you up as connectors open.