give your agent the info it needs.
not your user's whole life story.
Decoy gives your agent the password, email code, passkey or personal detail the task needs. not all of the user's emails and passwords.
Decoy lets users choose what it can access, when it can access it, and for how long. Decoy records every data access.
# add Decoy to any MCP client $ npx decoy-mcp-server ready http://localhost:3001/mcp

the user sees exactly what your agent requested and decides what to allow.
the usual shortcut asks users to trust too much.
connecting Google or a password manager can expose far more than the task actually needs.
Your AI app wants access to your Google Account
This can let the app:
- read every message in Gmail
- send and delete email
- keep access until the user removes it
integrate Decoy once. complete the whole authenticated task.
Decoy handles passwords, email codes, passkeys and autofill through one MCP server or API.

passwords
give the agent an approved username and password.

email and 2fa
read an emailed code, generate a TOTP or send from a disposable address.

passkeys
sign on the user's phone without releasing the private key.

autofill
use an approved name, address, phone number or card.
users see the access and the activity.
clear before the task. reviewable after it.
Decoy records every data access so users can see what happened and revoke access.
what your agent can do with decoy.
sign into a website
use an approved password or passkey.
complete 2FA
read an emailed code or generate a live TOTP.
finish checkout
use an approved name, address and card.
read and reply to email
use a service-specific inbox without connecting Gmail.
what developers ask.
users install Decoy, add or import only what they need, and approve your agent. typical setup takes under one minute.
no. they can add only the accounts your agent needs. Decoy imports from Apple Passwords. passwords exported as CSV from other managers can be saved through the Decoy API. native CSV import is coming soon.
yes. after approval, the phone decrypts the password and encrypts it directly to the agent. the agent receives the plaintext password; Decoy's server never does. passkeys work differently: the phone signs the challenge and the private key never leaves the device.
Decoy keeps approved access working until it expires or the user revokes it. the phone is needed for new access and every passkey sign-in.
your agent gets a clear denied, expired or retryable error. it can ask the user, pause the task or take another path instead of failing silently.
let your agent act. let your user stay in control.
Decoy helps your agent complete authenticated tasks without asking for all of a user's emails, passwords and personal data.

