I’ve been looking at how different agents are handling creds and while looking at the NanoClaw code I learnt that they refactored at the beginning of March to use OneCLI for credential handling. OneCLI is a lightweight proxy that sits outside the agent runtime, intercepts all agent requests to your control plane and then patches in the right credentials. This means the agent only ever sends placeholders and has no access to say, API keys. It also has a rules layer, so you can deterministically block certain classes of actions (e.g. “don’t delete when using Gmail”. It’s written in Rust so the overhead is likely pretty tiny. Handy.