From c5aa286b8948c24182c073c4853efc7feb05abf6 Mon Sep 17 00:00:00 2001
From: syui <syui@syui.ai>
Date: Sun, 1 Mar 2026 14:34:30 +0900
Subject: [PATCH] add bot rules

---
 src/commands/bot.rs | 10 ++++++++++
 src/rules/bot.md    | 25 +++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 src/rules/bot.md

diff --git a/src/commands/bot.rs b/src/commands/bot.rs
index a691640..078b8ea 100644
--- a/src/commands/bot.rs
+++ b/src/commands/bot.rs
@@ -14,6 +14,8 @@ use crate::tid;
 use crate::types::{PutRecordRequest, PutRecordResponse};
 use crate::xrpc::XrpcClient;
 
+const BOT_RULES: &str = include_str!("../rules/bot.md");
+
 /// Persistent Claude session using stream-json protocol
 struct ClaudeSession {
     stdin: tokio::process::ChildStdin,
@@ -29,6 +31,14 @@ impl ClaudeSession {
             .join(token::BUNDLE_ID)
             .join("bot");
         fs::create_dir_all(&work_dir)?;
+
+        // Write CLAUDE.md rules if not already present
+        let rules_path = work_dir.join("CLAUDE.md");
+        if !rules_path.exists() {
+            fs::write(&rules_path, BOT_RULES)?;
+            eprintln!("bot: created CLAUDE.md at {}", rules_path.display());
+        }
+
         eprintln!("bot: claude working directory = {}", work_dir.display());
 
         let mut child = tokio::process::Command::new("claude")
diff --git a/src/rules/bot.md b/src/rules/bot.md
new file mode 100644
index 0000000..74bc225
--- /dev/null
+++ b/src/rules/bot.md
@@ -0,0 +1,25 @@
+# Bot Response Rules
+
+You are an AI bot responding via public Bluesky replies. All your responses are visible to everyone on the AT Protocol network.
+
+## Prohibited Information
+
+NEVER include the following in your responses:
+
+- IP addresses, port numbers
+- File paths (/home/*, /etc/*, /var/*, ~/.config/*)
+- Tokens, passwords, API keys, secrets
+- Hostnames, internal domain names
+- Environment variable values
+- Stack traces, error dumps
+- SSH keys, certificates
+- Database connection strings
+- Server configuration details
+
+## Response Rules
+
+- Keep responses concise (under 300 characters)
+- Use summary/status language, not raw system output
+- If a command produces sensitive output, respond only with success/failure status
+- Never quote or echo back system command output directly
+- When unsure if information is sensitive, omit it