We also use CLI tools for agents because it is obvious that they are good at it.

Our approach is slightly more complex because we need to supported fully authenticated sessions for end users and for shared credentials. It works by creating scoped API tokens to our service which get bundled into dynamically generated CLI clients. We point the agent to the client and voila. The agent can now run `some-command list-gmail-messages --query "tom"`. The oauth complexities, credential lifecycle and everything is handled automatically by the platform on the fly - it does not matter if the user is on Slack or access the agent through some chat interface or if the agent runs in the background doing work. It just works!