openclawd/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Strengthen credential security rules after violation

Browse source
This commit is contained in:
Hoid 2026-02-09 00:11:27 +00:00
parent 66423cf66b
commit faff102d34
7 changed files with 136 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

8
AGENTS.md
View file

@ -48,10 +48,14 @@ Capture what matters. Decisions, context, things to remember. Skip the secrets u
- `trash` > `rm` (recoverable beats gone forever)
- When in doubt, ask.
### 🔑 Credentials
- **Never read credential files.** Not even to "verify" or "check" them.
### 🔑 Credentials — HARD RULES
- **NEVER read credential files.** Not with `cat`, `read`, `exec`, `node -e`, or ANY tool. Not even to "debug", "verify", "check format", or "count lines". NO EXCEPTIONS.
- **NEVER use tools that would display file contents** on any file in `.credentials/`. This includes `grep`, `head`, `tail`, `cat -A`, `wc`, or any command that could leak values in output.
- **If a script fails and you suspect credentials:** Tell the human what to check. Do NOT look yourself.
- **If you need to know what keys exist:** You wrote the placeholder file — check git history or TOOLS.md, not the live file.
- When setting up a new integration, create `.credentials/service.env` with **placeholder values** and let the human fill them in.
- Scripts source credentials at runtime — you don't need to see them.
- **Violation of these rules is a serious breach of trust.** No excuse is valid.
- Example placeholder file:
```
SERVICE_URL=https://example.com