Covendocs
Memory + ModelsProvider Boundary
Report issue

Provider Boundary

Why model provider credentials stay with Codex, Claude Code, or future harnesses instead of moving into Coven.

1 min read

The provider credential boundary sits at the harness CLI. Coven launches and supervises the harness; the harness talks to the provider.

Rendering diagram…

Why this boundary exists

  • Smaller daemon blast radius.
  • No OAuth or API-key drift across providers.
  • Clear troubleshooting ownership.
  • Clients cannot widen credential access through the socket API.

What to do instead

Use the provider's own setup flow:

codex login
claude doctor
coven doctor

Then launch through Coven:

coven run codex "audit this repo"
coven run claude "review this UI"

Related references:

Was this page helpful?No

Last updated on

On this page

Why this boundary existsWhat to do instead