Imbue launches Latchkey: local agents call HTTP APIs without exposing tokens

• Imbue launched Latchkey, a library for local agents that can call "any API" over HTTP while keeping credentials on the developer machine instead of exposing raw tokens to the agent Latchkey launch.
• The core integration is simple: agents prepend Latchkey to ordinary curl calls, and the tool detects the service and injects credentials without custom connectors or embedded secrets How it works.
• Imbue says Latchkey already works with Claude Code, OpenCode, and Codex, and the project is open-source with more detail in its product page Supported agents.
• The pitch lands because agent builders keep running into API and ops friction; one developer said they already avoid web dashboards when agents can use CLIs instead Practitioner reaction.

Latchkey is a local library that lets agents use services like Slack, GitHub, AWS, Linear, Notion, Stripe, and self-hosted HTTP tools through a single command path. Imbue's launch thread frames the key security boundary plainly: "credentials stay on your machine," not in logs or chat transcripts.

The mechanism is narrower and more practical than a new agent protocol. According to Imbue's implementation thread, agents prepend Latchkey to normal curl requests; Latchkey identifies the target service, injects the right credentials, and forwards the request without custom code or an intermediary. Imbue also says it works with Claude Code, OpenCode, and Codex, and points to its project page for setup details.

The implementation target is the messy part of agent automation: not code generation, but stitching together the APIs and operational systems around it. A practitioner reacting to the launch said they "pretty much refuse to use web dashboards" when agents can use CLIs instead, which captures the workflow Latchkey is trying to generalize from CLI-only tooling to arbitrary HTTP services dashboard complaint.

That fits a broader engineering view that the hard part is the surrounding stack, not just writing code. In Karpathy's DevOps context framing, real autonomy means handling services, payments, auth, databases, security, and deployment without humans clicking through admin pages; Latchkey addresses one slice of that problem by making authenticated HTTP calls agent-accessible without handing over the secrets themselves.