Broker credentials for downstream services (OpenAI, Anthropic, GitHub, Lark, custom APIs, SSH, MCP) so your agent never sees raw API keys or OAuth tokens. Use the nyxid CLI to discover services and make proxy requests, keeping secrets out of agent context.
Decide — honestly — whether a thing the user wants to build on Aevatar is possible, what its prerequisites are, or why it cannot be done, BEFORE anyone starts building. Use this first whenever a user describes a goal rather than a concrete artifact — "can aevatar do X", "I want a bot that…", "build me something that posts to Twitter / reads my GitHub / replies on Telegram", "is it possible to…", "automate … every day". It teaches the one hard premise (every third-party capability is brokered by NyxID), the two distinct surfaces (outbound connector vs inbound channel), how to check what is actually connectable, the prerequisite for each capability class, what is host-gated (and so not self-serve), and what is genuinely impossible without new NyxID/Aevatar platform work — so you can negotiate scope and give the user a straight answer plus next steps instead of over-promising. It scopes; it does not build (hand off to workflow-authoring / team-builder / service-publisher / scheduler).
Entry point, panorama, and router for the entire Aevatar skill family — load this FIRST whenever someone wants to build, run, publish, schedule, or operate anything on Aevatar ("create an agent team", "make a workflow / member", "publish or bind a service", "register it with NyxID", "set up a recurring / cron run", "invoke my service"), wants to know whether something is even possible ("can Aevatar do X?", "能不能用 aevatar 实现"), or just wants to know what Aevatar can do. It teaches the object model (scope → team → member[workflow|script|gagent] → service → schedule), how to authenticate as a NyxID-bearer REST client, how to resolve your scope, and the two caller modes (client REST vs in-session server-side tools). It does not do the work itself — it routes you to the right companion skill (feasibility-advisor, workflow-authoring, team-builder, service-publisher, scheduler, plus diagnostics probes and the safety-net fallback), held together by the shared `aevatar` tag.
Create and manage cron schedules that fire an Aevatar service on a recurring basis, authenticated as the scope owner via NyxID — over the REST API. Use when a user wants to "schedule", "run on a cron", "set up a recurring run", "run every day/hour/Monday", "automate this service on a timer", "preview a cron", "pause/resume/disable a schedule", or "run it now". It builds the schedule against a published service (identity + endpoint + payload + serving revision), uses scope-owner NyxID auth (which requires the owner's NyxID broker binding), and covers preview, enable/disable, run-now, update, and delete. Publish the service first with the service-publisher skill.
Publish an Aevatar member, team, or workflow as an invocable service and (host permitting) register it with NyxID, then verify and invoke it — all over the REST API. Use when a user wants to "publish/bind a service", "expose my workflow/team as a service", "register it with NyxID", "make it callable", "get the service slug/URL", "invoke my service", or "version/deploy/roll out a service". It covers the simple scope binding, reading back a member's published service, the full account-level service lifecycle (revision → publish → deploy → rollout), how to confirm the NyxID registration (slug + status), and how to invoke an endpoint. Build the team/member first with the team-builder skill.
Build an Aevatar agent team and its members over the REST API. Use when a user wants to "create a team", "add a member", "make a workflow member / script member / gagent member", "set the team's entry point", or "assemble agents into a team". It creates the team, creates members whose implementation is a workflow (most common), a script, or a hosted gagent, binds each member's concrete implementation (the workflow YAML is attached here), waits for the async binding to succeed, and sets the team entry member. Author the workflow YAML first with the workflow-authoring skill; publish the result as a service with the service-publisher skill.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Connect AI agents to any API, anywhere. Securely. Open-source Agent Connectivity Gateway.
NyxID lets your AI agents (Claude Code, Cursor, n8n) reach any API you have, public or private, and handles all the credentials so your agent never sees a raw key.
flowchart LR
subgraph Agents["AI Agents"]
CC[Claude Code]
CU[Cursor]
N8[n8n]
end
subgraph NyxID["NyxID Gateway"]
AUTH[OIDC and API Key Auth]
PROXY[Credential Injection Proxy]
MCP[MCP Tool Wrapping]
end
subgraph Connectivity["Private Reach"]
NODE[Credential Node]
end
subgraph Targets["Connected Services"]
PUB[Public APIs]
INT[Internal APIs]
LOC[Localhost Services]
end
CC --> AUTH
CU --> AUTH
N8 --> AUTH
AUTH --> PROXY
PROXY --> MCP
PROXY -->|Direct proxy| PUB
PROXY -->|Private network| INT
PROXY -->|NAT traversal| NODE
NODE --> LOC
classDef agents fill:#eef2ff,stroke:#4f46e5,color:#111827,stroke-width:1.5px;
classDef gateway fill:#111827,stroke:#22d3ee,color:#ffffff,stroke-width:2px;
classDef tooling fill:#e0f2fe,stroke:#0284c7,color:#0f172a,stroke-width:1.5px;
classDef node fill:#fef3c7,stroke:#f59e0b,color:#111827,stroke-width:1.5px;
classDef targets fill:#ecfeff,stroke:#14b8a6,color:#0f172a,stroke-width:1.5px;
class CC,CU,N8 agents;
class AUTH,PROXY gateway;
class MCP tooling;
class NODE node;
class PUB,INT,LOC targets;
NyxID proxies requests, injects credentials automatically, punches through NAT (Network Address Translation) to reach your local services, and wraps any REST API as MCP (Model Context Protocol) tools.
nyxid node). SSH (Secure Shell) tunneling (nyxid ssh) reaches remote hosts. No VPN (Virtual Private Network), no port forwarding.nyxid mcp config --tool cursor generates the config. Works with Claude Code, Cursor, VS Code, and any MCP client.The end-to-end loop is short: connect a service to NyxID once, then any AI agent pointed at your NyxID MCP endpoint can use it — without ever seeing the raw API key.
claude mcp add --transport http --scope user nyxid http://localhost:3001/mcp (or one-click install for Cursor in Settings → MCP).
Other tools solve parts of this — NyxID combines credential injection, NAT traversal, and MCP tooling in one open-source gateway:
| NyxID | 1Password Universal Autofill | Cloudflare Tunnel | Keycloak | |
|---|---|---|---|---|
| Open source | Yes | No | No | Yes |
| NAT traversal to localhost | Yes (nyxid node) | No | Yes (no credentials) | No |
| Credential injection | Yes (any API) | Partner integrations | No | No |
| REST to MCP auto-wrap | Yes | No | No | No |
| Per-agent isolation | Yes | No | No | No |
| OIDC / OAuth 2.0 | Yes | No | No | Yes |
npx claudepluginhub chronoaiproject/nyxid --plugin nyxid通用共识式研发 skills 库:偏置独立的多角度共识构建引擎,可注入 host 仓库做 repo-owned managed GitHub issue/PR 自治解决循环;audit/refactor 仅 fallback producer
Broadcast Kit skills for Claude-compatible agent workflows.
A portable cryptographic identity, encrypted credential vault, and logged-in browser for AI agents. The agent uses your credentials by name without ever seeing them, signs its git commits, and drives sites you're logged into. Works standalone; optionally link the identity to a verified human via Alien Network biometric SSO.
Build authentication systems with JWT, OAuth2, and API keys
Centralized Claude Code configuration: Docker-first guards, permissions, MCP gateway, and workflow skills
Run any model with an Anthropic- or OpenAI-compatible API (e.g. DeepSeek, GLM, Kimi, Qwen, MiniMax) — even your Codex subscription — as real Claude Code workflows, agent-team teammates, or one-shot subagents, driven exactly like native ones. Your main session's own auth is untouched (OAuth subscription or API key, either works); API-key providers bill the provider key via apiKeyHelper, while a Codex subscription bills through a local OAuth daemon — each worker receives its credential on demand, never through its env or argv. Requires the `cc-fleet` binary on PATH, installed separately.
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains
Harness-native ECC plugin for engineering teams - 67 agents, 277 skills, 93 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses