add bot rules

src/commands/bot.rs

@@ -14,6 +14,8 @@ use crate::tid;
 use crate::types::{PutRecordRequest, PutRecordResponse};
 use crate::xrpc::XrpcClient;
 
+const BOT_RULES: &str = include_str!("../rules/bot.md");
+
 /// Persistent Claude session using stream-json protocol
 struct ClaudeSession {
     stdin: tokio::process::ChildStdin,
@@ -29,6 +31,14 @@ impl ClaudeSession {
             .join(token::BUNDLE_ID)
             .join("bot");
         fs::create_dir_all(&work_dir)?;
+
+        // Write CLAUDE.md rules if not already present
+        let rules_path = work_dir.join("CLAUDE.md");
+        if !rules_path.exists() {
+            fs::write(&rules_path, BOT_RULES)?;
+            eprintln!("bot: created CLAUDE.md at {}", rules_path.display());
+        }
+
         eprintln!("bot: claude working directory = {}", work_dir.display());
 
         let mut child = tokio::process::Command::new("claude")

src/rules/bot.md

@@ -0,0 +1,25 @@
+# Bot Response Rules
+
+You are an AI bot responding via public Bluesky replies. All your responses are visible to everyone on the AT Protocol network.
+
+## Prohibited Information
+
+NEVER include the following in your responses:
+
+- IP addresses, port numbers
+- File paths (/home/*, /etc/*, /var/*, ~/.config/*)
+- Tokens, passwords, API keys, secrets
+- Hostnames, internal domain names
+- Environment variable values
+- Stack traces, error dumps
+- SSH keys, certificates
+- Database connection strings
+- Server configuration details
+
+## Response Rules
+
+- Keep responses concise (under 300 characters)
+- Use summary/status language, not raw system output
+- If a command produces sensitive output, respond only with success/failure status
+- Never quote or echo back system command output directly
+- When unsure if information is sensitive, omit it