The secure way to add third-party API keys to a pot, scoped to squad/agent, injected at call-time (agent never holds the raw key). Distinct from the member-token mint (#99/#106 = WHO can log in); this = TOOL credentials.
Design: connectors table (tenant-scoped) {type, encrypted_secret (AES-GCM at rest, write-only/never-read-back), scope=squad/agent, created_by, revoked_at}. Dashboard: GET/POST /admin/connectors (isAdmin), revoke. Scope via capability (which agents may use). Inject at call-time (credential-proxy; never expose raw to the agent). Telegram = bot token + allowed_chats + directive-channel bind. Audit every add/rotate/revoke.
First slice: generic API-key connector + Telegram + Instantly types; tenant-isolated (digid keys never touch mumega). Unblocks digid (connect Telegram + Instantly via dashboard, no .env editing). Cross-cutting AC (POT-WORK-ON-GITHUB): traced here.
The secure way to add third-party API keys to a pot, scoped to squad/agent, injected at call-time (agent never holds the raw key). Distinct from the member-token mint (#99/#106 = WHO can log in); this = TOOL credentials.
Design: connectors table (tenant-scoped) {type, encrypted_secret (AES-GCM at rest, write-only/never-read-back), scope=squad/agent, created_by, revoked_at}. Dashboard: GET/POST /admin/connectors (isAdmin), revoke. Scope via capability (which agents may use). Inject at call-time (credential-proxy; never expose raw to the agent). Telegram = bot token + allowed_chats + directive-channel bind. Audit every add/rotate/revoke.
First slice: generic API-key connector + Telegram + Instantly types; tenant-isolated (digid keys never touch mumega). Unblocks digid (connect Telegram + Instantly via dashboard, no .env editing). Cross-cutting AC (POT-WORK-ON-GITHUB): traced here.