ssh agent on Mac Os - no prompt for password after the first connection

Our concerns with that approach are still, that if someone is knowledgeable with how it works, could argue that, when people get away from their workplace (forgetting to lock their Machine or Vault) - someone else could use their machine by just closing the lid, and and they can establish new connections to every other system, just by clicking the "authorize" button.
I think either a toggle-able option which makes it to prompt for the password for all new connections when no Touch ID is available, or a function with locks the vault on lid closure would solve this.

We have considered that, but adding in Touch ID to approve SSH key usage would not protect against a malicious actor physically present in the room getting hold of the workstation while 1Password is unlocked, because they could simply export the private key within the 1Password app, or reveal/export other vault items from that could allow them to control the server's authorized_keys, such as GitHub or AWS credentials.

So having good automated locking rules set up (which are already configured by default) is very important regardless of the SSH agent.