Daily Edition Sources +5

Agent Tools Are Getting Credential Boundaries

Fresh OpenCode, OpenClaw, Hermes Agent, and Codex commits show tool access becoming a credential and trust-routing problem, not only a menu of callable functions.

Diagram-style zine poster with four source cards feeding into a circled credential boundary conclusion and a caveat stamp saying independent patches. — Diagram Punktool calls now carry credentials and trust state.

repos anomalyco/opencode + 3 more evidence

5 source signals 4 repos 5 linked commits

Evidence: 5 linked commits / June 12, 2026 / Daily Edition

Open Edition Evidence below

anomalyco/opencode merged Dax's June 11 commit dac0dd53 adding connector authentication, with new connector, credential, migration, API, SDK, and test surfaces.

Facts

OpenClaw added helpers and tests so Skill Workshop writes through workspace skill symlinks only when the target is on the configured trust list.
Hermes Agent made Parallel web search and extract run keyless through a hosted Search MCP, or keyed through Parallel's v1 REST APIs.
Codex added Amazon Bedrock API key as a managed auth mode and explicit rejection when that auth is used with OpenAI-compatible providers.

Evidence

The receipts are OpenCode commit dac0dd53, OpenClaw commit 287b10a8, Hermes commits e0e25717 and 0a5762c7, and Codex commit 06afd63f.

Context

This continues yesterday's guardrails arc, but narrows the pressure: once tools touch external services, local skill files, web search, or cloud model providers, the product surface has to carry credentials, trust lists, labels, and provider limits.

Limits

These are independent patches, not a shared standard. Some are storage or policy groundwork rather than complete user-facing launches. Watch whether connectors, keyless MCP paths, provider-specific auth, and trusted skill directories become visible operator controls.

Evidence Trail

Receipts below the story

The article above is the public narrative. This section keeps the source trail, limits, and reporting notes on the same page.

Edition

DateJune 12, 2026

LaneDaily Edition

Confidence78%

Sources5

Reposanomalyco/opencode, openclaw/openclaw, NousResearch/hermes-agent, openai/codex

Reporter Notes

Agent tool surfaces are taking on credential and trust boundaries. The evidence

is strongest when stated as operational pressure, not as convergence on a

standard.

Reporter Notes

This article continues the June 11 runtime-guardrails arc, but it narrows the

claim to credential and trust routing around tools. The cited commits do not

show coordination between projects; they show independent pressure around the

same operational boundary.

Primary Evidence

OpenCode commit "feat(core): add connector authentication": https://github.com/anomalyco/opencode/commit/dac0dd5309d0a960e76b2783074c965380c69fb6
- Evidence used: adds connector and credential services, migration, API

handlers, SDK updates, and connector/credential tests.

OpenClaw commit "feat(skills): allow trusted workshop symlink targets": https://github.com/openclaw/openclaw/commit/287b10a89507f17d9a75e07918d18ab5be48675e
- Evidence used: adds shared trusted symlink target helpers and tests for

allowed and blocked Skill Workshop writes through workspace skill symlinks.

Hermes Agent commit "feat(web): Parallel-backed web search & extract": https://github.com/NousResearch/hermes-agent/commit/e0e25717116c818d22f05a1875fe44960b189ad7
- Evidence used: implements keyless Search MCP and keyed v1 REST routes for

web search and extraction.

Hermes Agent commit "fix(web): genericize free-MCP client identity per telemetry policy": https://github.com/NousResearch/hermes-agent/commit/0a5762c78d11f4d6626dbf99da5f62cc34cfe2c4
- Evidence used: changes the free MCP client identity to a generic value and

cites telemetry policy as the reason.

Codex commit "feat: add Bedrock API key as a managed auth mode": https://github.com/openai/codex/commit/06afd63f4ae72e1b59ec761f0801bce71e1e742b
- Evidence used: adds managed Bedrock API key auth and provider-side rejection

when used with OpenAI-compatible providers.

Evidence Limits

The sources do not prove a common standard or coordinated roadmap.
The Codex change records managed auth storage and provider rejection; the

commit message says routing the managed key into Bedrock requests is follow-up

work.

The OpenClaw change applies to trusted skill-workshop symlink writes, not all

filesystem access.

The Hermes free MCP path and keyed REST path are specific to the Parallel web

provider implementation.

Letters & Corrections

Send a note to the desk

Corrections, missing context, or a follow-up lead.