.agents/memory/2026-02-27-signet-secrets-mcp-integration.md

2026-02-27 Session Notes

Signet Secrets MCP Integration

The session began implementing a plan to make Signet secrets usable by agents. The core problem: agents are told about secrets but cannot actually use them because the documentation references a non-existent signet secret get CLI command, session start provides no secret discovery, and no MCP tools exist for secrets interaction.

The solution maintains the security model—agents never see raw values. Instead, secrets are injected into subprocess environment variables with output automatically redacted.

Four coordinated changes were planned:

1. Documentation Fix: Update the Signet block in packages/core/src/markdown.ts to remove the broken CLI reference and document the actual workflow: secret_list and secret_exec MCP tools for discovery and usage.

2. MCP Tools: Add two tools to packages/daemon/src/mcp/tools.ts:

   • secret_list: queries GET /api/secrets to return available secret names
   • secret_exec: runs commands with injected secrets, takes command string and env var → secret name mapping

3. Backend Endpoint: Create POST /api/secrets/exec in packages/daemon/src/daemon.ts accepting { command, secrets } payload. Must register BEFORE parameterized /:name/exec route to prevent Hono routing conflicts.

4. Session Start Integration: Call listSecrets() in packages/daemon/src/hooks.ts after status update (~line 862) to surface available secret names with usage instructions at session start.

Deliberate non-action: no signet secret get CLI implementation—exposing raw values violates security model.

The session began reading existing source files to understand implementation patterns before writing changes.