[wfinigan]

Love this. Our team has been frustrated that nothing like this exists. You run into this problem as soon as you start thinking seriously about capable cloud agents, but there was no generic solution. Existing options are either tied to a specific cloud vendor or protocol, like git or MCP. We had a design on the whiteboard for something like this when this release dropped in our laps--with lots of thoughtful choices we hadn't gotten to yet. Thank you Tony and team.

Would the proxy as designed double as a domain-based allowlist, separate from the credential brokering?

[dangtony98]

Yup it turns out many teams building their own custom agents end up stitching together their own solutions for this problem.

What we thought was basically: If everyone is making some version of this egress proxy, maybe we're actually missing a new infrastructure component that does not yet exist in a mainstream way for this use case. The form factor of this was very important in the design of it since it needed to fit in with the tools and workflows that agents are already using today.

Definitely regarding the domain-based allowlist and this is part of how it currently works. As an egress proxy it basically functions as a firewall and we intend to extend it with more capabilities that'll make it more useful.

[manojbajaj95]

I'm building https://github.com/manojbajaj95/authsome to solve similar problem. Would love to know your opinion.