Integrations
See how teams use Cordon to contain credentials across AI agents, developer environments, CI/CD pipelines, and applications.
# Set up cordon for Claude Code
$ cordon setup claude-code
Setting up cordon for Claude Code
Checking TLS certificates
✓ CA certificate: ~/.config/cordon/certs/ca-cert.pem
Detecting secret providers
✓ 1Password CLI added to config
Configuring Claude Code settings
Target: .claude/settings.local.json
HTTPS_PROXY = http://127.0.0.1:6790
NODE_EXTRA_CA_CERTS = ~/.config/cordon/certs/ca-cert.pem
✓ Wrote .claude/settings.local.json
✓ Setup complete
NEXT STEPS
Start the proxy cordon start
Verify status cordon status
Claude Code
Anthropic's AI coding agent
Start using Cordon, Codezero's Credential Containment Layer, with Claude Code using one simple command.
Claude Code calls external services through MCP tools, command-line tools, and direct API calls. Today, that means credentials end up everywhere — environment variables, .env files, MCP server configs, shell history, clipboard buffers. Even credentials that aren't actively in use sit on the developer's machine, accessible to any process, any agent, or any prompt injection that knows where to look.
Cordon eliminates the problem at its root. Credentials are never written to disk, never loaded into memory, and never passed through environment variables. Instead, Cordon intercepts outbound requests and injects credentials just-in-time — in transit, outside the agent's reach. Claude Code makes the call; Cordon handles the authentication. The credentials simply aren't there to steal.
Codex
OpenAI's AI coding agent
Same credential containment, same one-command setup. Codex gets the same protection as any other agent.
Codex reads and writes code, runs shell commands, and calls APIs on your behalf. Cordon ensures every outbound credentialed request is mediated — no secrets in environment variables, no tokens on disk.
# Set up cordon for Codex
$ cordon setup codex
Setting up cordon for Codex
Checking TLS certificates
✓ Using existing CA certificate
Detecting secret providers
✓ 1Password CLI added to config
Configuring Codex settings
Target: .codex/.env
HTTPS_PROXY = http://127.0.0.1:6790
SSL_CERT_FILE = ~/.config/cordon/certs/combined-ca.pem
✓ Wrote .codex/.env
✓ Setup complete
NEXT STEPS
Start the proxy cordon start
Verify status cordon status
# Set up cordon for Hermes
$ cordon setup hermes
Setting up cordon for Hermes Agent
Checking TLS certificates
✓ CA certificate: ~/.config/cordon/user/certs/ca-cert.pem
Detecting secret providers
✓ 1Password CLI added to config
Configuring Hermes settings
Target: ~/.hermes/.env
HTTPS_PROXY = http://127.0.0.1:6790
SSL_CERT_FILE = ~/.config/cordon/user/certs/combined-ca.pem
✓ Wrote ~/.hermes/.env
✓ Setup complete
NEXT STEPS
Start the proxy cordon start
Verify status cordon status
Hermes
Nous Research's autonomous AI agent
40+ built-in tools, self-improving behavior, and the same credential containment from Cordon.
Hermes Agent calls web APIs, runs commands, and manages files autonomously. With Cordon, every outbound request is credential-contained — the agent works freely while secrets stay out of reach.
Get started in minutes
One command. No code changes. Credentials stay out of reach.