Agent copying and actions credential security

[falkenbt]

Hey folks,
I have two questions which I could not answer from the existing documentation or searching by searching on GitHub:

1. I can only copy agents that I have created. I cannot copy agents that are shared with all users (the button is missing). Is this intentional? If so, what's the reasoning behind this?
2. How is the authorization credential for Actions stored? I see it cannot be retrieved after it has been entered. Still I'm worried that it might be leaked to other users when sharing agents or by the llm, more info on this would be appreciated.

Thanks a lot!

[falkenbt]

any hints here will be appreciated. How do others deal with shared agents and credentials?

[danny-avila]

1. The thought behind this was only user who is the author can copy. This is changing pretty soon with the granular permissions for agents update, for which there is an open PR.

2. Right now, if you provided credentials from the frontend for a specific agent tool, the credentials will not be shared. Only if the credentials are provided via .env which is implicit authentication for all users.

On point 2, this usually leads to errors with a non-intuitive way to provide credentials if an agent was shared that uses user-provided credentials. This is also on my radar to address, as is already done when OAuth actions require authentication.