Codezero
Credential containment for every workflow

Solutions

See how teams use Codezero to contain credentials across AI agents, developer environments, CI/CD pipelines, and applications.

Get StartedView Demo
AI Agentic Development Tools
Terminal

# Set up cordon for Claude Code

$ cordon setup claude-code --global --trust

 

[1/5] Generating CA certificate

[2/5] Writing cordon.yaml

[3/5] Adding CA to system trust store

[4/5] Configuring Claude Code settings

HTTPS_PROXY = http://127.0.0.1:6790

NODE_EXTRA_CA_CERTS = ~/.cordon/ca-cert.pem

[5/5] Installing background service

 

Setup complete.

The proxy is running as a background service.

To check status: cordon status

Claude Code

Claude Code

Anthropic's AI coding agent

Start using Codezero's Credential Management Layer with Claude Code using one simple command.

Claude Code calls external services through MCP tools, command-line tools, and direct API calls. Today, that means credentials end up everywhere — environment variables, .env files, MCP server configs, shell history, clipboard buffers. Even credentials that aren't actively in use sit on the developer's machine, accessible to any process, any agent, or any prompt injection that knows where to look.

Codezero eliminates the problem at its root. Credentials are never written to disk, never loaded into memory, and never passed through environment variables. Instead, Codezero intercepts outbound requests and injects credentials just-in-time — in transit, outside the agent's reach. Claude Code makes the call; Codezero handles the authentication. The credentials simply aren't there to steal.

Get StartedRead the Docs
Codex

Codex

OpenAI's AI coding agent

Same credential containment, same one-command setup. Codex gets the same protection as any other agent.

Codex reads and writes code, runs shell commands, and calls APIs on your behalf. Codezero ensures every outbound credentialed request is mediated — no secrets in environment variables, no tokens on disk.

Get StartedRead the Docs
Terminal

# Set up cordon for Codex

$ cordon setup codex --global

 

[1/5] Checking TLS certificates

[2/5] Detecting secret providers

[3/5] Checking proxy configuration

[4/5] Configuring trust store

[5/5] Configuring Codex settings

Target: ~/.codex/.env

HTTPS_PROXY = http://127.0.0.1:6790

SSL_CERT_FILE = ~/.cordon/ca-cert.pem

 

Setup complete.

To start the proxy: cordon start

Terminal

# Set up cordon for Hermes

$ cordon setup hermes --global

 

[1/6] Checking TLS certificates

[2/6] Detecting secret providers

[3/6] Checking proxy configuration

[4/6] Configuring trust store

[5/6] Generating combined CA bundle

Combined: ~/.cordon/combined-ca.pem

[6/6] Configuring Hermes settings

Target: ~/.hermes/.env

HTTPS_PROXY = http://127.0.0.1:6790

SSL_CERT_FILE = ~/.cordon/combined-ca.pem

 

Setup complete.

To start the proxy: cordon start

Hermes

Hermes

Nous Research's autonomous AI agent

40+ built-in tools, self-improving behavior, and the same credential containment from Codezero.

Hermes Agent calls web APIs, runs commands, and manages files autonomously. With Codezero, every outbound request is credential-contained — the agent works freely while secrets stay out of reach.

Get StartedRead the Docs

Get started in minutes

One command. No code changes. Credentials stay out of reach.

Get StartedRead the Docs