this is a clever approach - credential-less proxying with scoped permissions is way cleaner than trying to teach the model what not to do. how do you handle dynamic auth flows though? like if an API returns a short-lived token that needs to be refreshed, does wardgate intercept and cache those or do you expose token refresh as a separate controlled endpoint?

and I'm curious about the filtering logic - is it regex on endpoint paths or something more semantic? because the "tasks with secure in them" example makes me think there's some content inspection happening, not just URL filtering.