docs(decisions): ADR 0003 — system prompts stay user-directed #103

Merged

didericis merged 1 commits from docs/adr-0003-prompt-autogen into main 2026-05-29 00:42:38 -04:00

Conversation 0 Commits 1 Files Changed 1

+43

didericis commented 2026-05-29 00:40:55 -04:00

Owner

Copy Link

Copy Source

Summary

Record the decision (ADR 0003) that we considered auto-generating an agent's system prompt from its bottle's egress + git config — so the agent would automatically know what it has access to — but opted to keep prompts user-directed.

Why

• We may deliberately want to withhold access information from the agent (keep the prompt silent about an allowlisted host even though egress permits it).
• The agent can infer its own access regardless (try a request, read env / git remote -v / gitconfig), so auto-injection is a convenience, not a capability.
• Accepted cost: operators restate access in the prompt when they want the agent to know it (as just done for the Gitea instance), with possible config↔prompt drift.

Docs-only.

## Summary Record the decision (ADR 0003) that we considered auto-generating an agent's system prompt from its bottle's egress + git config — so the agent would automatically know what it has access to — but opted to keep prompts **user-directed**. ## Why - We may deliberately want to withhold access information from the agent (keep the prompt silent about an allowlisted host even though egress permits it). - The agent can infer its own access regardless (try a request, read env / `git remote -v` / gitconfig), so auto-injection is a convenience, not a capability. - Accepted cost: operators restate access in the prompt when they want the agent to know it (as just done for the Gitea instance), with possible config↔prompt drift. Docs-only.

didericis added 1 commit 2026-05-29 00:40:56 -04:00

docs(decisions): ADR 0003 — system prompts stay user-directed ... 2ea73e40a8

Record that we considered auto-generating an agent's system prompt from
its bottle's egress/git config (so it would know its access up front)
but opted to keep prompts operator-authored: we may want to withhold
that information from the agent directly, and the agent can infer its
access on its own regardless.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

didericis merged commit 2ea73e40a8 into main 2026-05-29 00:42:38 -04:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

1

The priority is critical

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: didericis/bot-bottle#103