Agentic Safe Access

Overview

Agentic Safe Access lets a Safe admin create a dedicated UnoLock access key for an AI agent. This allows an agent to connect to an existing Safe through the UnoLock MCP while preserving the same core zero-knowledge model used for normal access keys.

Agent keys are intended for:

• AI assistants that need read-only access to selected Safe data
• automation that must work within strict Safe and Space permissions
• customer-controlled agent workflows where the user remains in control of registration and PIN entry

Agentic Safe Access does not let an agent create a Safe. A human user still creates the Safe and creates the agent key.

The official UnoLock Agent MCP is available at:

• https://github.com/TechSologic/unolock-agent-mcp

Get Started

If you want to use Agentic Safe Access:

1. Install the UnoLock Agent MCP from the official GitHub repository.
2. Create an Agent Key in the UnoLock client.
3. Give the generated #/agent-register/... connection URL to your AI host.
4. Follow Connect an AI Agent to a Safe for the full setup flow.

How It Works

• A Safe admin creates a dedicated Agent Key in the UnoLock client.
• The admin assigns that key:
• a name
• a permission level such as ro, rw, or admin
• optional Space restrictions
• UnoLock generates a one-time agent key connection URL.
• The user gives that URL to the AI host using the UnoLock MCP.
• The MCP registers a device-bound credential on the agent host.
• On later startups, the agent re-authenticates with that credential and, if configured, asks the user for the agent PIN.

Security Model

Agentic Safe Access is designed to stay as close as possible to UnoLock’s normal access-key model:

• Zero-knowledge: the server stores wrapped key material, not plaintext Safe secrets
• Device-bound authentication: the MCP uses TPM, vTPM, or platform key storage when available
• One-time registration URL: the connection URL is for enrollment only and cannot be reused after successful registration
• PIN protection: the agent can require a PIN on each authentication, and the MCP sends only a challenge-bound hash rather than the raw PIN
• Same Safe ACL model: agent keys use the same access model as other device keys, including ro, rw, admin, and Space restrictions

Permissions

Agent keys are normal UnoLock device access keys with agent-specific registration and authentication behavior layered on top.

That means:

• an agent key can be limited to selected Spaces
• a read-only agent key can see only the Spaces and records granted to it
• an admin agent key can access the whole Safe

This follows the same access model described in Access Keys & Safe Access.

User Experience

From the user’s perspective, the flow is:

1. Create an Agent Key in UnoLock.
2. Give the generated agent key connection URL to the AI host.
3. If the Safe requires an agent PIN, provide it when the AI host asks.
4. The agent can then read the Safe data allowed by that key.

If the MCP restarts later:

• the agent remains registered
• the PIN is not kept in memory
• the agent asks the user for the PIN again before re-authenticating

Current Scope

The current customer-facing MCP slice is focused on read-only access.

That includes:

• listing visible Spaces
• listing notes
• listing checklists
• retrieving individual records in an agent-friendly format

Write support for notes, checklists, and files can be added later without changing the core registration and authentication model.

Why It Matters

This feature gives customers a way to use UnoLock as a secure data source for AI agents without turning Safe access into a reusable API-key or password model.

It keeps the main UnoLock principles intact:

• customer-controlled access
• strong cryptographic authentication
• Space-scoped permissions
• zero-knowledge storage

FAQs

Can an AI agent create a Safe?

No. A human user must create the Safe first. Agent keys are for registering and accessing an existing Safe.

Can an agent be limited to one Space?

Yes. Agent keys use the same Safe and Space permission model as other UnoLock access keys.

Does the server see the agent bootstrap secret or PIN?

No. The one-time bootstrap material is client-side only, and the agent PIN is sent as a challenge-bound hash rather than a raw PIN value.

Does the MCP have to stay running forever?

No. The agent stays registered across restarts. After restart, the agent re-authenticates and asks for the PIN again if needed.

Integration with Other Features

• Access Keys & Safe Access: agent keys use the same Safe access model
• Biometric and FIDO2 Access: human access still uses WebAuthn-style authenticators, while agent access uses device-bound host credentials
• PIN Code: agent PIN protection preserves the owner-consent part of the access model
• Spaces: agent keys can be restricted to selected Spaces
• Connect an AI Agent to a Safe: step-by-step setup guide for customers

---