2026-02-27T05-37-59_auto_memory/memories.db-wal, memory/2026-02-27-signet-s

memory/2026-02-27-signet-secrets-mcp-integration.md

@@ -0,0 +1,23 @@
+# 2026-02-27 Session Notes
+
+## Signet Secrets MCP Integration
+
+The session began implementing a plan to make Signet secrets usable by agents. The core problem: agents are told about secrets but cannot actually use them because the documentation references a non-existent `signet secret get` CLI command, session start provides no secret discovery, and no MCP tools exist for secrets interaction.
+
+The solution maintains the security model—agents never see raw values. Instead, secrets are injected into subprocess environment variables with output automatically redacted.
+
+Four coordinated changes were planned:
+
+1. **Documentation Fix**: Update the Signet block in `packages/core/src/markdown.ts` to remove the broken CLI reference and document the actual workflow: `secret_list` and `secret_exec` MCP tools for discovery and usage.
+
+2. **MCP Tools**: Add two tools to `packages/daemon/src/mcp/tools.ts`:
+   - `secret_list`: queries `GET /api/secrets` to return available secret names
+   - `secret_exec`: runs commands with injected secrets, takes command string and env var → secret name mapping
+
+3. **Backend Endpoint**: Create `POST /api/secrets/exec` in `packages/daemon/src/daemon.ts` accepting `{ command, secrets }` payload. Must register BEFORE parameterized `/:name/exec` route to prevent Hono routing conflicts.
+
+4. **Session Start Integration**: Call `listSecrets()` in `packages/daemon/src/hooks.ts` after status update (~line 862) to surface available secret names with usage instructions at session start.
+
+Deliberate non-action: no `signet secret get` CLI implementation—exposing raw values violates security model.
+
+The session began reading existing source files to understand implementation patterns before writing changes.