One tap. Your agent’s in.

Connecting an agent to a service on an open-source setup means creating your own OAuth client, figuring out whether there’s an MCP server, an API, or a CLI — then figuring out how to pass credentials without leaking them through the model context. All of it in a terminal. It’s tedious, insecure, and breaks constantly. Passkey replaces all of that.

Your agent can request a connection when it needs one, or you can set up integrations ahead of time. Either way, you get a push notification, tap to approve, and that’s it. No terminal, no redirect URIs, no client secrets. Otto handles the OAuth flow; you handle the tap.

Keys are stored at the device level — not in otto’s cloud, not in a database that can be breached. Credentials never pass through model context. We built auth from the ground up with custom CLI and harness tooling, specifically so that the credential path is controlled end-to-end. Multiple accounts per service, scoped and revocable any time from the app.

A credential is useless if the agent doesn’t know what to do with it. Passkey ships with first-party skills and tooling for every integration — MCP servers, API clients, CLI wrappers — so your agent knows where and how to use each connection, not just that it has access. Connecting a service connects everything you need to actually use it.