onecli-gateway

# OneCLI Gateway Your outbound HTTPS traffic is transparently proxied through the OneCLI gateway, which injects stored credentials at the proxy boundary. You never see or handle credential values directly. ## How to Access External Services You have direct HTTP access to external APIs. OAuth apps (Gmail, GitHub, Google Calendar, Google Drive, etc.) and API key services are all available through the gateway. Just make the request directly; the gateway injects credentials if the app is connected. If not, it returns an error with a connect URL you can present to the user. ## Making Requests Call the real API URL. The gateway intercepts the request and injects credentials automatically. ```bash curl -s "https://gmail.googleapis.com/gmail/v1/users/me/messages?maxResults=5" curl -s "https://api.github.com/user/repos?per_page=10" curl -s "https://api.stripe.com/v1/charges?limit=5" ``` Standard HTTP clients (curl, fetch, requests, axios, Go net/http, git) all honor the `HTTPS_PROXY` environment variable automatically. You do not need to set any auth headers. ## Credential Stubs for MCP Servers Some MCP servers need local credential files to start. Stubs for connected apps are pre-written automatically. Files containing `"onecli-managed"` values are managed by OneCLI — do NOT modify or delete them. If an MCP server won't start due to missing credentials, create stubs **before** starting it. Use `"onecli-managed"` as the placeholder for all secret values, with file permission...