tryaudex 0.1.5

CLI for issuing short-lived, scoped cloud credentials to AI coding agents
tryaudex-0.1.5 is not a library.

tryaudex

Stop giving your AI agent full cloud access.

Audex wraps any command with temporary cloud credentials scoped to only the permissions needed. When the command exits, credentials are automatically revoked.

# AWS — S3 read-only for 5 minutes
tryaudex run --ttl 5m --allow "s3:GetObject,s3:ListBucket" -- aws s3 ls

# GCP — Storage read-only
tryaudex run --provider gcp --allow "storage.objects.list" -- gcloud storage ls

# Azure — Storage account list
tryaudex run --provider azure --allow "Microsoft.Storage/storageAccounts/read" -- az storage account list

One command. Scoped access. Auto-revoked. Full audit trail.

Install

cargo install tryaudex

Quick start

# 1. Set your IAM role
export AUDEX_ROLE_ARN="arn:aws:iam::123456789:role/AgentRole"

# 2. Run with scoped credentials
tryaudex run --allow "s3:GetObject" -- aws s3 cp s3://bucket/file .

# 3. Use built-in profiles
tryaudex run --profile lambda-deploy -- ./deploy.sh

# 4. View audit trail
tryaudex audit recent

Features

  • Multi-cloud — AWS, GCP, and Azure with unified policy syntax
  • Policy engine — Action parsing, wildcard matching, deny lists, 20+ built-in profiles
  • Smart TTL — Estimates session duration from the command (aws s3 ls → 2m, terraform apply → 30m)
  • Auto-suggest — On AccessDenied, suggests the missing permission
  • MCP server — Native Claude Code / Cursor / Windsurf integration via tryaudex mcp
  • TUI dashboard — Interactive terminal UI with session overview, audit trail
  • Audit logging — Append-only JSONL with HMAC integrity chain
  • Credential security — Encrypted at rest, leak detection, automatic rotation
  • Team features — SSO, approval workflows, role mapping, rate limiting
  • Observability — OpenTelemetry traces, Prometheus metrics, Grafana dashboards

CLI reference

tryaudex run [OPTIONS] -- <COMMAND>...
  --provider <PROVIDER>     aws, gcp, or azure [default: aws]
  --allow <ACTIONS>         Comma-separated IAM actions
  --profile <NAME>          Named policy profile (e.g. s3-readonly)
  --ttl <DURATION>          Session time-to-live [default: 15m]
  --budget <USD>            Advisory budget limit
  --account <NAME>          Multi-account alias
  --role-arn <ARN>          AWS role [env: AUDEX_ROLE_ARN]
  --service-account <EMAIL> GCP SA [env: AUDEX_GCP_SERVICE_ACCOUNT]

tryaudex sessions list         List all sessions
tryaudex sessions kill <ID>    Revoke a session
tryaudex audit recent          Recent audit entries
tryaudex audit verify          Check audit log integrity
tryaudex mcp                   Start MCP server
tryaudex health                Check provider connectivity
tryaudex                    Launch TUI dashboard

Documentation

Full docs at tryaudex.adityaps.work/docs. Source at github.com/Aditya-PS-05/tryaudex.

License

MIT