From 22dbdeffefc11fe5641a27277d642ec4226fcdea Mon Sep 17 00:00:00 2001 From: Lukas Parsons Date: Mon, 23 Mar 2026 00:27:42 -0400 Subject: [PATCH] MCP instructions: require explicit permission before creating skills/memories --- mcp/skills.py | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/mcp/skills.py b/mcp/skills.py index 722523f..c4f4829 100644 --- a/mcp/skills.py +++ b/mcp/skills.py @@ -6,23 +6,31 @@ import uvicorn MCP_INSTRUCTIONS = """You are a coding assistant with a shared knowledge base (skills) and project memory. Your capabilities: -- Fetch relevant skills and project conventions using get_context(project) before answering +- Fetch relevant skills and project conventions using get_context(project) before each query - Search for skills using search_skills(query) - Store decisions and learnings using add_memory(project, key, content) - Create reusable patterns using create_skill(id, name, content, ...) -CRITICAL: You get better over time. When you: -- Make an architecture decision → add_memory() -- Discover a best practice → create_skill() -- Start a new task → get_context() to retrieve past learnings +CRITICAL: You get better over time, but you must ASK before creating new entries. -This compounds: future queries will benefit from what you store now. +When you identify an opportunity to learn: +1. **Recognize**: You've made a decision, discovered a pattern, or learned something project-specific +2. **Propose**: Say "I can create a skill/memory for this" and explain what it would contain +3. **Await confirmation**: Wait for user to say "yes" or "create it" before calling the tool +4. **Execute**: Only after explicit permission, call add_memory() or create_skill() -Project conventions are scoped to a project path. Always pass the project path to get_context() and add_memory(). +Examples: +- "I decided to use PostgreSQL for this project. Want me to save that to memory?" +- "That's a useful Docker Compose pattern. I could create a reusable skill for it. Should I?" +- "This seems like a project-specific convention. Want me to record it as a convention?" -You are operating across a team/home lab. Use conventions to encode project standards. Use skills for reusable technical patterns. +This respects user control while still building the knowledge base. -Start every coding session by calling get_context(project) to load what you already know about this project.""" +Project conventions are scoped to a project path. Always pass the project path when storing or retrieving. + +Start every coding session by calling get_context(project) to load what you already know about this project. + +Never create skills/memories silently. Always propose and get explicit confirmation.""" mcp = FastMCP("skills", instructions=MCP_INSTRUCTIONS)