Show HN: Overslash – an auth gateway for AI Agents
Overslash is an open-source authentication and authorization gateway for AI agents. It sits between agents and external services, handling secrets, OAuth, MCP, permission chains, human approvals, and authenticated HTTP execution. Agents never hold credentials, and administrators gain fine-grained control.
Overslash — Actions & auth gateway for AI agents
Your agent acts. Overs/ash controls.
One gateway to every service your agent touches. You decide: deny, approve once, or approve all.
Get startedread on↓
app.overslash.com / approvals
● connected
Approvals
3 waiting · auto-refresh 5s
Allow deploy-bot to create a pull request?
expires in 9m
Permission
github:create_pull_request:overfolder/app
Title: "Fix bug in payment retry logic"
Last action
2m agoagent:research-bot fetched github:list_repos — bubbled to henry
11m agoagent:ci-runner denied aws.s3.delete_object
What it does
One gateway between your agent and everything else.
Overslash sits between agents and the outside world. It handles secrets, OAuth, MCP, permission chains, human approvals, and authenticated HTTP execution. The agent doesn't hold keys. You don't hold your breath.
⊟
Agent identities, in a tree
Every agent gets an identity, a parent, and a blast radius. Sub-agents inherit rules from their parent — until you narrow them.
✓
Human approvals, on tap
The first time an agent wants a permission, you approve or deny. Allow & Remember at the scope ladder you choose.
◫
OAuth & secrets, handled
One place for client IDs, tokens, signing keys. Rotate, revoke, per-agent. No credentials ever touch the agent's context window.
☰
Audit that reads like prose
Every call, every bubble-up, every deny. Streaming, searchable, exportable.
⌘
MCP-native
Enroll any MCP client in a click — Claude Desktop, your own. Overslash brokers the tools, the credentials, and the approvals. The agent just asks.
◈
Permission chains
A sub-agent bubbles up to its parent when it hits an unknown scope. Parents bubble to humans. Denials are first-class and recorded.
How it works
Agents ask. Overslash mediates. Services respond.
Any MCP-capable agent — Claude Code, Overfolder, OpenClaw, or your own — connects to Overslash once. Overslash holds the credentials, enforces the rules, and hands each service an authenticated, audited request.
agent:henryagent:deploy-botagent:research-bot
GatewayOvers/ash
Checks rules. Injects credentials. Bubbles unknowns to parent agents or humans. Records every call.
authed request↓
Servicegithub.com
Receives a normal authenticated request. Knows nothing about the agent.
IdentityOverslash stamps every outbound call with a deterministic actor.
RulesRules live at the gateway. Not in prompts. Not in code. Editable by a human in one click.
Bubble-upUnknown scopes escalate up the agent tree, then to a human. Denials are recorded.
AuditEvery call, response status, bubble, and approval is streamed to the Audit log.
Integrations
A service registry your agent already knows.
First-class templates for the things agents actually touch. And a generic http service for anything else you can point a URL at.
GitHub
PRs, issues, actions
Slack
Messages, channels
AWS
S3, Lambda, IAM
Google Workspace
Drive, Gmail, Cal
Notion
Pages, databases
Linear
Issues, cycles
Vercel
Deploys, envs
PostgreSQL
Read, write, migrate
+
Any HTTP API
Generic service template
…
More landing soon
Stripe, Zendesk, Jira, Intercom
Pricing
Free in self-hosted. Cloud free for individuals. Paid for teams.
Three ways to use Overslash. Self-hosted gives you everything for free. Your Personal org on Cloud is free, forever. When you want to bring colleagues, create a Team org at €3 per seat.
SELF-HOSTED
Free
€0forever
Run it yourself. Full features — no gating, no license keys, no telemetry. Elastic License 2.0.
All features, no gating
Unlimited agents, actions, integrations
Local secrets vault
Clone the repo
PERSONAL
Free for one
€0forever
A hosted Personal org, just for you. Always free, no card required.
Personal org with all integrations
Hosted backups & upgrades
Personal audit log
All Cloud features for one user
Try Personal — free
TEAM
Per seat
€3.63/ month
1 seat · Every seat: €3 · + 21% VAT
1 seat20 seats
Create Team orgs and bring your colleagues. Every seat €3. Your own Personal org stays free.
Everything in Personal
Multiple Team orgs
SSO (Google, GitHub, SAML)
Shared connections & secrets
Audit log export
Pooled usage with metered overages
Start a Team
OSS, research, or education? Email [email protected] — we usually say yes.
Open source
Read it. Fork it. Run it.
The gateway core is licensed Elastic 2.0. The services registry — the part the community contributes to — is MIT. No telemetry. No phone-home. Written in Rust and SvelteKit.
github.com/overfolder/overslashRead the docs
MIT · Elastic-2.0 · no telemetry
terminal~/overslash
clone, build, run — local dev
$ git clone https://github.com/overfolder/overslash $ cd overslash $ make install $ overslash web
ready on http://localhost:7171
signing key generated · audit db initialised
paste the enrollment link into your MCP client
Install · get started
Give this to your agent.
Paste the block below into Claude, Cursor, Open Interpreter, or any MCP-capable agent. It will follow the skill, enroll itself under your Overslash account, and ask you for permissions as they come up.
skill · agent enrollment
Your Human wants to give you access to external services via Overslash. To connect, follow the instructions at: https://www.overslash.com/SKILL.md
Open Cloud ↗Contact sales
- Paste
Drop the block into any MCP-capable agent.
- Connect
Give the agent an identity and grant it services.
- Use
Start using integrations. Dangerous actions bubble up for approval.