Protection against different attack vectors, password manager

I’m a software dev working on an open-sourced password manager(dev lib, gui and cli) for educational and eventually usefulness purposes. There doesn’t seem to be all that much information regarding vault-based password managers and the security they build on/attack vectors and common practices to protect against them.
So I was wondering what the application(especially the GUI app) can take for safety precautions for keeping the data secure?

For unlocking and adding/removing entries in the vault

  • 1/2FA to unlock the vault
  • It uses AesGsm + Argon2ID for password hashing/validation and data encryption.
  • Sensitive data is stored in libsodium sodium_malloc memory space and sodium_mprotect_noaccess no matter encrypted or not
  • It’ll offer password/word generation as well as warning against passwords existing in password lists
  • Data is zeroized before deallocation/dropped
  • Vault is locked based on in-activity

To summarize my questions,

  • While I’ve understood that memory handling could only ever be relatively safer by using Intel SGX & Amd SEV enclaves, are there possibly any glaring flaws that I should know about in any category of the protection a password manager is supposed to offer?
  • Are there generally any safety precautions that can be taken when presenting the sensitive information to the user, except for proper cleanup? It will support “revealing”/readable the password, clipboard and QR code generation?