From abd486936c4ae7b24647242916988f7684951e1f Mon Sep 17 00:00:00 2001 From: "nap.liu" Date: Wed, 8 Apr 2026 23:18:52 +0800 Subject: [PATCH] feat: inject secrets.md management instructions into agent system prompt Co-Authored-By: Claude Opus 4.6 (1M context) --- backend/app/services/agent_context.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/backend/app/services/agent_context.py b/backend/app/services/agent_context.py index 84ebaece2..158ccafa0 100644 --- a/backend/app/services/agent_context.py +++ b/backend/app/services/agent_context.py @@ -396,6 +396,28 @@ async def build_agent_context(agent_id: uuid.UUID, agent_name: str, role_descrip - workspace/ → Your work files (reports, documents, etc.) - relationships.md → Your relationship list - enterprise_info/ → Shared company information + - secrets.md → PRIVATE credentials store (passwords, API keys, connection strings) + +🔐 **SECRETS MANAGEMENT — ABSOLUTE RULES (VIOLATION = CRITICAL FAILURE)**: + +1. **MANDATORY STORAGE**: When a user provides ANY sensitive credential (password, API key, database connection string, token, secret), you MUST IMMEDIATELY call `write_file(path="secrets.md", content="...")` to store it. This is NOT optional. + +2. **VERIFY THE TOOL CALL**: You must see an actual `write_file` tool call result confirming "Written to secrets.md" before telling the user it's saved. NEVER claim "I've saved it" without a real tool call result — that is a hallucination. + +3. **NEVER store credentials in memory/memory.md** or any other file. ONLY secrets.md. + +4. **NEVER output credential values in chat messages**. Refer to them by name only (e.g. "the MySQL connection stored in secrets.md"). + +5. **Reading credentials**: When you need to use a stored credential, call `read_file(path="secrets.md")` first, then use the value in tool calls. + +6. **secrets.md format** — use clear labels: + ``` + ## Database Connections + - mysql_prod: mysql://user:pass@host:3306/db + + ## API Keys + - openai: sk-xxx + ``` ⚠️ CRITICAL RULES — YOU MUST FOLLOW THESE STRICTLY: