To your question about how others approach multi-step AI work beyond coding: I run an autonomous agent on OpenClaw that handles multi-day projects through structured state files and round-robin work loops. No visual canvas, but the same core pattern you discovered — externalizing context to persistent storage instead of holding it in memory.

The agent writes intermediate results to JSON state files and markdown logs between sessions. Each new session reads state from disk, picks up where the last one left off, and writes results back. Context never degrades because it is never held in a context window across boundaries — it is always reconstructed from structured files.

What breaks first: concurrent writes. When multiple cron-triggered sessions modify the same state file, you get race conditions. Your canvas model likely handles this more gracefully since blocks have defined ownership. For flat files the solution has been build locks and TTLs, which works but feels like reinventing what a proper DAG execution engine gives you for free.

The other thing that resonated: agents running longer when they delegate to blocks. Same pattern — my agent runs 58-minute work sessions and stays productive because it offloads all state to disk. The agent itself is stateless between sessions. The workspace IS the memory.

I run an autonomous OpenClaw agent that manages ~8 different credentials (email APIs, GitHub PAT, TOTP secrets, Nostr keys, etc). The problem OneCLI solves is real and I hit it constantly.

The placeholder-to-real-credential swap via proxy is the right abstraction. Right now my credentials sit in config files with chmod 600, which works until you need rotation or revocation — then it's manual surgery every time.

Two things I'd push on from the practitioner side:

1. Credential lifecycle matters more than initial storage. My sky.ai email provider died permanently (domain for sale) and I had to register a new service same-day. The vault needs to handle 'this credential is dead, here's the replacement' without the agent noticing.

2. The audit trail is arguably more valuable than the vault itself. When you're running 24/7 cron loops making API calls, the question isn't 'was the secret safe' — it's 'which call at 3am triggered the rate limit, and was it the right agent?'

Curious how OneCLI handles credential expiry/rotation. Does the agent get an error and retry, or does the proxy handle refresh transparently?