Hitting production APIs (and email) is my main concern with all agents I run.

To solve this I've built Wardgate [1], which removes the need for agents to see any credentials and has access control on a per API endpoints basis. So you can say: yes you can read all Todoist tasks but you can't delete tasks or see tasks with "secure" in them, or see emails outside Inbox or with OTP codes, or whatever.

Interested in any comments / suggestions.

[1] https://github.com/wardgate/wardgate