diff --git a/memory/2026-02-27-signet-secrets-mcp-integration.md b/memory/2026-02-27-signet-secrets-mcp-integration.md
new file mode 100644
index 000000000..4c21f8333
--- /dev/null
+++ b/memory/2026-02-27-signet-secrets-mcp-integration.md
@@ -0,0 +1,23 @@
+# 2026-02-27 Session Notes
+
+## Signet Secrets MCP Integration
+
+The session began implementing a plan to make Signet secrets usable by agents. The core problem: agents are told about secrets but cannot actually use them because the documentation references a non-existent `signet secret get` CLI command, session start provides no secret discovery, and no MCP tools exist for secrets interaction.
+
+The solution maintains the security model—agents never see raw values. Instead, secrets are injected into subprocess environment variables with output automatically redacted.
+
+Four coordinated changes were planned:
+
+1. **Documentation Fix**: Update the Signet block in `packages/core/src/markdown.ts` to remove the broken CLI reference and document the actual workflow: `secret_list` and `secret_exec` MCP tools for discovery and usage.
+
+2. **MCP Tools**: Add two tools to `packages/daemon/src/mcp/tools.ts`:
+   - `secret_list`: queries `GET /api/secrets` to return available secret names
+   - `secret_exec`: runs commands with injected secrets, takes command string and env var → secret name mapping
+
+3. **Backend Endpoint**: Create `POST /api/secrets/exec` in `packages/daemon/src/daemon.ts` accepting `{ command, secrets }` payload. Must register BEFORE parameterized `/:name/exec` route to prevent Hono routing conflicts.
+
+4. **Session Start Integration**: Call `listSecrets()` in `packages/daemon/src/hooks.ts` after status update (~line 862) to surface available secret names with usage instructions at session start.
+
+Deliberate non-action: no `signet secret get` CLI implementation—exposing raw values violates security model.
+
+The session began reading existing source files to understand implementation patterns before writing changes.
\ No newline at end of file
diff --git a/memory/memories.db-wal b/memory/memories.db-wal
index eb837b2c4..b9698cd0a 100644
Binary files a/memory/memories.db-wal and b/memory/memories.db-wal differ