Works with Claude Code

The missing auth layer
for Claude browser automation

Secure logins. Automatic MFA. Zero credential exposure.
Your passwords flow from 1Password to the browser—Claude never sees them.

Install Extension View on GitHub
$ npx vaultrunner setup
Built for the Claude ecosystem
The Problem

Auth breaks your terminal workflow

Claude browser automation works great—until a site asks you to log in. Session expirations, MFA challenges, and multi-step logins force you out of the terminal and into the browser.

Claude Code
VaultRunner
1Password
Browser
Credentials bypass Claude entirely. You get: { success: true }
Features

Everything you need for authenticated automation

1Password Integration

Credentials flow directly from your vault to the browser. Claude only receives success/failure—never your passwords.

Automatic MFA

Reads TOTP codes from 1Password, SMS from Messages, and verification emails from Gmail. Handles 2FA automatically.

Learning System

Improves login reliability over time. Learns site-specific patterns and remembers your preferred accounts per domain.

Multi-Step Flows

Handles username → password → 2FA sequences. Works with sites that split login across multiple pages.

Open Source

Fully auditable code. No hidden credential handling. Trust but verify—every line is on GitHub.

Fully Local

No servers. No cloud. Everything runs on your machine. Your credentials never leave your device.

Quick Start

Get running in 3 steps

1

Install Extension

Add VaultRunner to Chrome from the Web Store.

Chrome Web Store
2

Run Setup

Configure 1Password CLI integration.

npx vaultrunner setup
3

Add to Claude Code

Add VaultRunner to your MCP config.

~/.claude/claude_desktop_config.json
claude_desktop_config.json 
{
  "mcpServers": {
    "vaultrunner": {
      "command": "npx",
      "args": ["vaultrunner-mcp"]
    }
  }
}
Terminal 
You: Log into my AWS console and check EC2 instances

Claude: I'll log you into AWS.
        [VaultRunner fills credentials + handles MFA]

        You're now logged in. I can see 3 running EC2 instances...
Security

Built with security first

VaultRunner was designed so that Claude never handles your credentials directly. Everything flows through secure, local channels.

Credentials bypass Claude

1Password → Extension → DOM. Claude only receives success/failure confirmation.

Compliant with Claude's policies

Claude doesn't handle passwords. VaultRunner does, locally and securely.

Your vault, your control

Requires 1Password biometric auth. Nothing stored externally.

Fully local processing

No servers. No cloud. Everything runs on your machine.

What Claude sees 
// Claude's view of a login:
{
  "action": "fill_credentials",
  "result": {
    "success": true,
    "filledFields": ["username", "password"]
  }
}

// What Claude does NOT see:
// - Your actual password
// - Your TOTP secrets
// - Your email verification codes