_delimit_secret_impl
Manage just-in-time credential access through the local Delimit secrets broker. Store, retrieve, list, revoke, or audit credentials with scope enforcement and access logging.
Instructions
Unified secrets-broker entry point — dispatches to one of five actions.
Manages just-in-time credential access through the local Delimit secrets broker (ai.secrets_broker) instead of bare environment variables or .env files: store a credential once with an access scope, fetch it at execution time with every read recorded to an audit trail, inventory credential metadata without exposing values, revoke on rotation/leak, and read the access log.
When to use: as the single MCP-registered secrets surface (delimit_secret) when the caller wants to pick the operation by name in one call rather than choosing a specific delimit_secret_* alias. When NOT to use: from internal code paths — prefer the specific alias (delimit_secret_store, delimit_secret_get, delimit_secret_list, delimit_secret_revoke, delimit_secret_access_log) so each operation's docstring and arg schema show up at the right call site. Do not use the broker as a general key/value store — it is credential-scoped and every read is audited.
Sibling contrast: each delimit_secret_ wrapper below is a thin alias over this implementation; they exist so the action's docstring lives at the right name. This is the dispatch core. Versus delimit_context_* / delimit_memory_*: those persist plans and notes; this persists access-controlled credentials with a read audit trail.
Storage & access model: credentials are persisted to the local broker store under ~/.delimit/secrets/ (encoded at rest) and returned in cleartext to an authorized caller — the host filesystem is the trust boundary, so protect it accordingly. Scope is enforced at READ time: scope="all" permits any caller; otherwise the requester's agent_type or tool must appear in the credential's comma-separated allow-list. The access log records who/what/when and whether access was granted — it never stores the credential value, and "list" returns metadata only, never values.
Side effects (per action):
"store": WRITES/overwrites the credential under ~/.delimit/secrets/ with its scope and description. A same-name store overwrites silently; there is no version history.
"get": returns the credential value to an authorized requester and appends an access-log entry (granted true/false); on success it updates the credential's access counter / last-accessed timestamp. A scope denial, a missing name, or a revoked credential is logged and returns without a value.
"list": READ-ONLY. Returns credential metadata (name, scope, description, created_by, access_count, revoked, timestamps) — never values. Wrapped via _with_next_steps.
"revoke": WRITES a revoked flag + timestamp and appends a revoke entry to the access log; subsequent "get" calls are denied. Does NOT hard-delete the stored file.
"access_log": READ-ONLY. Returns the access trail (newest first), optionally filtered to one credential name. Wrapped via _with_next_steps. No action is license-gated. Errors are deterministic ({"error": "..."}): a missing required argument or an unknown action short-circuits before the backend call.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | No | Which secret operation to perform. One of "store", "get", "list", "revoke", "access_log". Default "list". Case- insensitive (lowered + stripped). Other values return a deterministic error. | list |
| name | No | Credential name / key. Required for "store", "get", "revoke"; optional filter for "access_log" (empty = all); ignored for "list". Sanitized for filesystem safety. | |
| value | No | The credential to store. Required for action="store"; ignored otherwise. Never echoed back by "store". | |
| scope | No | Comma-separated agent/tool identities permitted to read this credential, or "all" for any requester. Used only by action="store". Default "all". Enforced at read time. | all |
| description | No | Human-readable description (action="store" only). Optional but recommended; surfaces in "list" and the audit trail. | |
| agent_type | No | Identity of the requesting agent (action="get" only), checked against scope. | |
| tool | No | Name of the requesting tool (action="get" only), checked against scope. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||