[dangtony98]

Thanks for this feedback! Will keep in mind all of these points as we iterate on Agent Vault.

We're pretty swarmed on requests at the moment but I've noted these down as improvements to AV; it's a work in progress, we'll be molding it into the right shape over the next few months.

A few thoughts for each of the above:

1. AV doesn't consider OAuth2 tokens atm but this is definitely a next step.

2. Agree which is why there is a "passthrough" mode; for each endpoint, you need to explicitly specify what credential is used for it.

3. That's correct. This is a MITM architecture with credential brokering capabilities added on top.

4. Agree. The idea here is that AV can function both as a proxy and vault but in a true production setting, it should pull credentials from a secure secrets store like Infisical. This way credentials cached in memory in AV can even be made ephemeral.

Great observations all around and we have plans for them :)