Thanks for the link and the information, Per! We already looked at the CLI tool for inspiration but right now, it's not easy to implement that because of some architectural constraints.
But, if you feel adventurous, you could roll your own script and pull in LastPass information in a dynamic folder. We already have a couple of sample scripts for CyberArc, Bitwarden, PasswordState, etc. There you have full control over the implementation.
Check it out here: https://www.royalapps.com/go/dynamicfolder-samples
One thing I wanted to mention re 4)
If you are opening a LastPass vault and choose an existing credential from the list (not specifying username and password), you will not be prompted for credentials when you reload the LastPass vault.
So, creating a credential upfront with the LastPass username/password would make it much easier.
While LastPass does not have a documented API, they do have an open source CLI tool that interacts with their service. I think you can find this useful to find how to implement for example the "trust" feature that implements trusting a machine for not requiring 2FA.
This piece of the code is probably a good starting point, noting that the "trust" parameter to lastpass_login() is set to true if the user has specified to log in with the --trust parameter, which is the one that allows you to trust this device for further 2FA.
Thanks for the feedback.
We would love to further improve our LastPass integration but at the moment, improvements like you mentioned aren't possible. The reason for this is that LastPass doesn't offer an official API. Should LastPass offer this API (with all the features you mentioned), we will be happy to implement all that.
Sorry for the bad news.