{"id":"onecli-onecli","name":"onecli","af_score":35.8,"security_score":69.5,"reliability_score":16.2,"what_it_does":"OneCLI is an open-source gateway and dashboard that stores encrypted credentials for AI agents and transparently injects the right secrets into outbound HTTP requests made by those agents, so the agents never directly handle the real API keys. It uses a Rust HTTP gateway for request interception and a web dashboard for managing agents, secrets, and permissions; optionally it can integrate with external vaults (e.g., Bitwarden) for on-demand credential injection.","best_when":"You can run OneCLI as a trusted local/controlled network component (or self-hosted service) alongside your agents, and you need transparent HTTP credential injection with encryption at rest and per-agent access control.","avoid_when":"You cannot guarantee secure network placement, TLS configuration, and operational controls for a component that performs MITM-style HTTPS interception; or you need well-defined, documented REST/OpenAPI contracts for agent-to-service management.","last_evaluated":"2026-03-30T13:23:29.853455+00:00","has_mcp":false,"has_api":true,"auth_methods":["Proxy-Authorization header access tokens (gateway authentication)","Google OAuth (multi-user/team mode via NextAuth)","Single-user (no login) mode for local use"],"has_free_tier":false,"known_gotchas":["Gateway MITM interception for HTTPS may require careful TLS trust/cert handling; agents may fail to make outbound calls if the interception/certificate setup is not correct.","Host/path pattern matching determines which secrets are injected; misconfigured patterns can cause missing credentials or wrong credential injection.","Single-user (no login) mode is suitable for local development only; using it in less-trusted environments increases risk."],"error_quality":0.0}