This is a critical topic as AI agents get more tool access. I build MCP-based automation tools and the credential isolation problem is something I think about constantly — especially when agents can chain tool calls autonomously. The approach of keeping secrets in a separate execution layer that the agent orchestrates but never directly reads feels like the right pattern. Does Aegis handle credential rotation as well, or is that out of scope?