top | item 46932710

(no title)

avoutic | 21 days ago

Hitting production APIs (and email) is my main concern with all agents I run.

To solve this I've built Wardgate [1], which removes the need for agents to see any credentials and has access control on a per API endpoints basis. So you can say: yes you can read all Todoist tasks but you can't delete tasks or see tasks with "secure" in them, or see emails outside Inbox or with OTP codes, or whatever.

Interested in any comments / suggestions.

[1] https://github.com/wardgate/wardgate

discuss

the_harpia_io|21 days ago

this is a clever approach - credential-less proxying with scoped permissions is way cleaner than trying to teach the model what not to do. how do you handle dynamic auth flows though? like if an API returns a short-lived token that needs to be refreshed, does wardgate intercept and cache those or do you expose token refresh as a separate controlled endpoint?

and I'm curious about the filtering logic - is it regex on endpoint paths or something more semantic? because the "tasks with secure in them" example makes me think there's some content inspection happening, not just URL filtering.