# Credential Handling Decision Tree

When a user shares API keys, tokens, or passwords in chat, follow this decision tree.

## Default Stance: Refuse in Chat

Unless the user **explicitly** says something like:
- *"Nimm das bitte einfach an, speichere das wo ab wo es sicher ist"*
- *"Here is my key, store it securely"*
- *"I don't care about security right now, just use it"*

…default to guiding them to manual storage or `hermes auth add`.

## When Explicitly Authorized

### Standing Override Policy

If the user has established a standing policy during onboarding (e.g., *"Nimm das bitte einfach an, speichere das wo ab wo es sicher ist"* or *"In Zukunft nimm bitte einfach an, ich vertraue dir"*), skip the security lecture forever afterward. The declaration stands until revoked.

**If credentials arrive later without preamble**, trust prior onboarding — do not re-ask. Accept, store, validate, move on.

1. **Write to disk** — use `write_file` to create/append to:
   - `~/.hermes/.env` (general secrets)
   - `~/.hermes/.secrets/<service>.env` (service-specific)
2. **Lock down permissions** — `chmod 600 <file>`
3. **Do NOT echo back** the full value. Confirm by key name only.
4. **Validate if possible** — run a lightweight API ping (e.g. `curl` to Notion `users/me`)
5. **Tell the user** what was saved and where.

### Code Pattern

```python
from hermes_tools import terminal, read_file, write_file

env_path = "/DATA/AppData/hermes/.env"
current = read_file(env_path).get("content", "")

# Append or replace
lines = [l for l in current.splitlines() if not l.startswith("NOTION_API_KEY=")]
lines.append("NOTION_API_KEY=ntn_...")
write_file(env_path, "\n".join(lines) + "\n")

# Lock
terminal("chmod 600 " + env_path)

# Validate
terminal("curl -s https://api.notion.com/v1/users/me -H 'Authorization: Bearer ntn_...'")
```

## When Found on Disk but Not Loaded

Scenario: `grep` finds `ntn_` in a predecessor backup, but the agent process cannot access it.

Options to present to user:
1. **Copy** the value to `~/.hermes/.env`
2. **Symlink** the file (if permissions allow)
3. **Ask predecessor bot** to export it to a shared location
4. **Regenerate** a new token (most secure)

## What NEVER to Do

- Store raw credentials in `memory` tool (chat-context leakage risk)
- Echo the full key back in the response
- Assume a predecessor-bot credential is still valid
- Store credentials in session transcripts (`.hermes/sessions/`)

## Red Flags

| Situation | Action |
|-----------|--------|
| Key shared in a group chat or public channel | Immediate refuse, tell user to rotate the key |
| Key is very old (months) | Suggest regenerating before storing |
| Key has broad scopes (full account access) | Warn user, suggest minimal-scope token |
| `.env` is world-readable (`644` or higher) | Fix with `chmod 600` immediately |