Why would secrets ever need to be available to the agent directly rather than hidden inside the tool calling framework?

jingkai_he 13 hours ago | parent | next [-]

Creator of Matchlock here. Mostly for performance and usability. For interacting with external APIs like GCP or GitHub that generally have huge surface area, it's much more token-efficient and easier to set up if you just give the agent gcloud and gh CLI tools and the secrets to use them (in our case fake ones), compared to wiring up a full-blown MCP server. Plus, agents tend to perform better with CLI tools since they've been heavily RL'd on them.

	▲	__alexs 6 hours ago \| parent \| next [-]
		That doesn't add up to me at all. Agents are RLd on tool usage just as hard and you can provide an "authed API call" tool to whatever you want.
	▲	bjt12345 12 hours ago \| parent \| prev [-]
		Token efficiency is a good argument actually.

▲

rfoo 12 hours ago | parent | prev | next [-]

Sometimes people are too lazy to write their own agent loop and decided to run off-the-shelf coding agent (e.g. Claude Code, or Pi in case of clawdbot) in environment.

▲

13 hours ago | parent | prev | next [-]

[deleted]

▲

_pdp_ 12 hours ago | parent | prev [-]

Exactly.