This is a smart approach, giving agents access without exposing secrets is definitely needed. Curious how you handle dynamic access policies for agents that need temporary elevated permissions, or if you integrate with existing IAM systems. Also, do you track or enforce agent-level audit logs for requests that go through the proxy?