Documentation is the product manual. Start here, then keep moving.

What HASP is, what ships in the public repo, and how the local broker keeps secrets out of coding-agent context while still letting tools run.

How to think about HASP: vaults, repo boundaries, consumers, grants, sessions, audit, and redaction, and how the pieces fit into one model.

How coding agents use HASP handles, MCP tools, grants, and brokered runs to get real work done without ever reading a raw secret value.

The committed .hasp.manifest.json contract that declares requirements, targets, examples, delivery, and safety rules without storing any secret.

The shortest safe path to a working local HASP install: set up the vault, capture a secret, bind a repo, and prove one brokered run end to end.

Install, upgrade, and uninstall HASP through Homebrew, plus packaged release downloads and building the broker from source on macOS and Linux.

The common first-run path after installing HASP: initialize the vault, run setup, and confirm the daemon and keychain are working.

What each HASP command does, when to reach for it, and how it compares to nearby commands, organized so you can find the right one fast.

Environment variables, repo guardrails, audit logging, backup and restore, and the practices that keep a local HASP install safe to operate.

How opt-in CLI telemetry works in HASP: what the payload contains, consent and retention rules, how to erase data, and the privacy guarantees.

Value-free repo requirements, target-scoped secret delivery, worked examples, and how app and MCP targets resolve inside a bound project.

Scoped design for coupled credentials: atomic vault items, typed recipes, reviewed delivery, and safe interim manifests.

Run HASP in production: the local broker, OS keychain, background daemon, secret import, repo binding, and whole-program verification, end to end.

What a first-class agent profile guarantees, the expectations each one meets, and the generic broker path for agents without a profile.

Connect Codex CLI to HASP as a brokered MCP surface so it can run with project secrets without ever reading their plaintext values.

Connect Claude Code to HASP as a brokered MCP surface so it can use project secrets without ever reading their plaintext values.

Connect Cursor to HASP as a brokered MCP surface so the editor can run with project secrets without ever reading their plaintext values.

Connect Aider to HASP as a brokered MCP surface so the agent can run with project secrets without ever reading their plaintext values.

Connect Hermes to HASP as a brokered MCP surface so the agent can run with project secrets without ever reading their plaintext values.

Connect Pi to HASP through a generated package extension and brokered MCP surface, so it runs with project secrets without reading their values.

Connect OpenClaw to HASP as a brokered MCP surface so the agent can run with project secrets without ever reading their plaintext values.

Use HASP with any CLI- or MCP-capable agent that has no first-class profile yet, through the generic broker path that injects secrets safely.

Public release notes for shipped HASP versions, with the changes, fixes, and security updates included in each tagged release.

How HASP releases are distributed: build assets, hosted mirrors, checksums, signatures, and the Homebrew formula update flow operators rely on.

Operator-facing release verification and install details, including how to confirm checksums and signatures before trusting a HASP binary.

The HASP vocabulary used across CLI help, documentation, audit events, and error messages, defined in one place so terms stay consistent.

The exact help output generated by the installed hasp binary, covering every command, flag, and subcommand currently available.

HASP error messages, stable exit-code buckets, JSON error codes, the hints they carry, and recovery guidance for each failure mode.

Open the docs that match an installed HASP release.