@geekbeer/minion 3.55.1 → 3.57.0

package/core/db/migrations/20260510100000_secrets_workspace.js

@@ -0,0 +1,36 @@
+/**
+ * Move minion secrets from `.env.secrets` (flat file) into SQLite with
+ * workspace scoping.
+ *
+ * Design:
+ * - PRIMARY KEY (workspace_id, key); workspace_id='' is the minion-wide bucket.
+ * - Same key can exist at multiple scopes; at execution time the runner merges
+ *   minion-wide + current-workspace secrets, with the WS-scoped value winning.
+ * - The actual data migration from `.env.secrets` is performed by
+ *   variable-store at server start (it needs filesystem access which sits
+ *   outside the DB transaction). See `migrateLegacySecretsFile()`.
+ *
+ * Secrets stay minion-local — they are NEVER persisted in HQ DB, by design.
+ * HQ→minion APIs only pass values through to the minion's local store.
+ */
+
+module.exports = {
+  version: 9,
+  name: 'secrets_workspace',
+
+  up(db, { tableExists }) {
+    if (tableExists(db, 'secrets')) return
+
+    db.exec(`
+      CREATE TABLE secrets (
+        workspace_id TEXT NOT NULL DEFAULT '',
+        key TEXT NOT NULL,
+        value TEXT NOT NULL,
+        updated_at INTEGER NOT NULL,
+        PRIMARY KEY (workspace_id, key)
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_secrets_workspace ON secrets(workspace_id);
+    `)
+  },
+}

package/core/db/migrations/20260511100000_variables_workspace.js

@@ -0,0 +1,37 @@
+/**
+ * Move minion variables from `.env.variables` (flat file) into SQLite with
+ * workspace scoping — mirrors the secrets workspace migration.
+ *
+ * Design:
+ * - PRIMARY KEY (workspace_id, key); workspace_id='' is the minion-wide bucket.
+ * - Same key can exist at multiple scopes; at execution time the
+ *   template-expander merges minion-wide + current-workspace variables, with
+ *   the WS-scoped value winning.
+ * - Variables are non-sensitive — values are returned by the API (unlike
+ *   secrets) — but they still benefit from scoping so a single minion serving
+ *   multiple workspaces doesn't leak per-tenant config across runs.
+ * - Actual data migration from `.env.variables` is performed by variable-store
+ *   at first use (filesystem access lives outside this transaction). See
+ *   `migrateLegacyVariablesFile()`.
+ */
+
+module.exports = {
+  version: 10,
+  name: 'variables_workspace',
+
+  up(db, { tableExists }) {
+    if (tableExists(db, 'variables')) return
+
+    db.exec(`
+      CREATE TABLE variables (
+        workspace_id TEXT NOT NULL DEFAULT '',
+        key TEXT NOT NULL,
+        value TEXT NOT NULL,
+        updated_at INTEGER NOT NULL,
+        PRIMARY KEY (workspace_id, key)
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_variables_workspace ON variables(workspace_id);
+    `)
+  },
+}

package/core/lib/session-env.js

@@ -0,0 +1,96 @@
+/**
+ * Session environment builder
+ *
+ * Builds workspace-scoped environment variable injection for runners.
+ * Resolves minion-wide + workspace-scoped secrets, and exposes both
+ * `tmux -e` flags (Linux/macOS) and a node-pty env object (Windows).
+ *
+ * Why this exists:
+ *   Before this module, all secrets were loaded once into `process.env`
+ *   at server start and inherited by every child process — fine for a
+ *   single-workspace minion but a leakage path for multi-workspace
+ *   setups. Each runner now passes the effective env explicitly for the
+ *   workspace it is running on; workspace-scoped values override
+ *   minion-wide ones at this layer.
+ */
+
+const variableStore = require('../stores/variable-store')
+
+/**
+ * Shell-escape a value for a `KEY=VALUE` argument passed via `-e` to tmux.
+ * We use single-quote wrapping; the surrounding shell sees one literal arg.
+ * @param {string} s
+ * @returns {string}
+ */
+function singleQuote(s) {
+  return "'" + String(s).replace(/'/g, "'\\''") + "'"
+}
+
+/**
+ * Build an array of `-e 'KEY=VALUE'` shell-safe flags for tmux new-session.
+ *
+ * @param {string|null|undefined} workspaceId - The session's workspace scope
+ * @param {Record<string,string>} [extraEnv] - Per-execution identifiers (e.g.
+ *   MINION_EXECUTION_ID). Layered on top so they always win.
+ * @returns {string[]} List of `-e <quoted>` fragments to splice into a shell command
+ */
+function buildTmuxEnvFlags(workspaceId, extraEnv = {}) {
+  const merged = { ...variableStore.getEffectiveSecrets(workspaceId), ...extraEnv }
+  const flags = []
+  for (const [k, v] of Object.entries(merged)) {
+    if (v == null) continue
+    flags.push(`-e ${singleQuote(`${k}=${v}`)}`)
+  }
+  return flags
+}
+
+/**
+ * Build a `tmux new-session` invocation line including all secret env vars.
+ *
+ * Caller typically does:
+ *   `${buildTmuxNewSessionCommand({sessionName, workspaceId, extraEnv, width, height})}`
+ *
+ * The session is created detached (`-d`) with no command so we can configure
+ * `remain-on-exit` and `pipe-pane` before injecting the real workload via
+ * `send-keys`.
+ *
+ * @param {object} opts
+ * @param {string} opts.sessionName
+ * @param {string|null|undefined} opts.workspaceId
+ * @param {Record<string,string>} [opts.extraEnv]
+ * @param {number} [opts.width]
+ * @param {number} [opts.height]
+ * @returns {string}
+ */
+function buildTmuxNewSessionCommand({ sessionName, workspaceId, extraEnv = {}, width = 200, height = 50 }) {
+  const envFlags = buildTmuxEnvFlags(workspaceId, extraEnv)
+  return [
+    'tmux new-session -d',
+    `-s "${sessionName}"`,
+    `-x ${width} -y ${height}`,
+    ...envFlags,
+  ].join(' ')
+}
+
+/**
+ * Build an env object for node-pty / child_process.spawn that contains the
+ * caller's `process.env` plus the workspace-effective secrets and any extra
+ * per-execution identifiers (extraEnv wins last).
+ *
+ * @param {string|null|undefined} workspaceId
+ * @param {Record<string,string>} [extraEnv]
+ * @returns {Record<string,string>}
+ */
+function buildSpawnEnv(workspaceId, extraEnv = {}) {
+  return {
+    ...process.env,
+    ...variableStore.getEffectiveSecrets(workspaceId),
+    ...extraEnv,
+  }
+}
+
+module.exports = {
+  buildTmuxEnvFlags,
+  buildTmuxNewSessionCommand,
+  buildSpawnEnv,
+}

package/core/lib/step-poller.js

@@ -104,6 +104,7 @@ async function executeStep(step) {
     skill_name,
     revision_feedback,
     template_vars,
+    workspace_id,
   } = step
 
   console.log(
@@ -135,11 +136,15 @@ async function executeStep(step) {
 
     // 2. Fetch the skill from HQ to ensure it's deployed locally
     //    Merge minion variables into template_vars so HQ expands {{VAR_NAME}} in SKILL.md.
-    //    Merge order: minion vars < project vars < workflow vars (template_vars already merged by HQ)
+    //    Resolution order: workspace < project < workflow < minion (minion wins).
+    //    template_vars already merges workspace/project/workflow on HQ side; we
+    //    layer effective minion vars (minion-wide ∪ WS-scoped) on top so any
+    //    conflicting key resolves to the minion-local value before HQ rewrites
+    //    the SKILL.md.
     if (skill_name) {
       try {
-        const minionVars = variableStore.getAll('variables')
-        const mergedVars = { ...minionVars, ...(template_vars || {}) }
+        const minionVars = variableStore.getEffectiveVariables(workspace_id || '')
+        const mergedVars = { ...(template_vars || {}), ...minionVars }
         const varsParam = Object.keys(mergedVars).length > 0
           ? `?vars=${Buffer.from(JSON.stringify(mergedVars)).toString('base64')}`
           : ''

package/core/lib/template-expander.js

@@ -32,17 +32,31 @@ function expandTemplateVars(content, vars) {
 
 /**
  * Expand templates in SKILL.md files for the given skill names.
- * Reads each SKILL.md, expands {{VAR}} with minion variables, writes back.
+ * Reads each SKILL.md, expands {{VAR}} with the merged variable set, writes back.
  * Returns the original contents for restoration after execution.
  *
+ * Resolution order (later entries override earlier ones):
+ *   extraVars (e.g., HQ workspace vars passed by the caller)
+ *     < minion-wide variables
+ *     < workspace-scoped minion variables for the given workspaceId
+ *
+ * The minion-local layer always wins at this stage, which mirrors the
+ * cross-scope rule (workspace < project < workflow < minion). For workflow
+ * execution, project/workflow scopes are pre-expanded by HQ before the
+ * SKILL.md reaches the minion; for routine execution the caller can pass
+ * workspace-scoped HQ vars via `extraVars`.
+ *
  * @param {string[]} skillNames - Skill slugs to expand
+ * @param {Record<string, string>} [extraVars] - Additional vars (lowest priority of the three layers)
+ * @param {string|null|undefined} [workspaceId] - Workspace context for resolving minion variables (defaults to minion-wide only)
  * @returns {Promise<Map<string, string>>} Map of skillName -> original content (for restoration)
  */
-async function expandSkillTemplates(skillNames) {
-  const minionVars = variableStore.getAll('variables')
+async function expandSkillTemplates(skillNames, extraVars = {}, workspaceId = '') {
+  const minionVars = variableStore.getEffectiveVariables(workspaceId)
+  const mergedVars = { ...extraVars, ...minionVars }
 
-  // If no variables defined, skip
-  if (Object.keys(minionVars).length === 0) return new Map()
+  // If nothing to expand, skip
+  if (Object.keys(mergedVars).length === 0) return new Map()
 
   // originals key: `${root}::${name}` so we restore the right copy in each
   // plugin's skill dir (multi-plugin distribution).
@@ -55,7 +69,7 @@ async function expandSkillTemplates(skillNames) {
       const skillMdPath = path.join(root, name, 'SKILL.md')
       try {
         const original = await fs.readFile(skillMdPath, 'utf-8')
-        const expanded = expandTemplateVars(original, minionVars)
+        const expanded = expandTemplateVars(original, mergedVars)
         if (expanded !== original) {
           originals.set(`${root}::${name}`, { skillMdPath, original })
           await fs.writeFile(skillMdPath, expanded, 'utf-8')

package/core/routes/variables.js

@@ -32,14 +32,26 @@ function isValidValue(value) {
 }
 
 function variableRoutes(fastify, _opts, done) {
-  // ─── Variables (non-sensitive) ───────────────────────────────────────
+  function readWorkspaceId(request) {
+    const rawWs = request.query?.workspace_id
+    return (typeof rawWs === 'string') ? rawWs : ''
+  }
+
+  // ─── Variables (non-sensitive, workspace-scoped) ──────────────────────
+  //
+  // Variables are scoped per workspace just like secrets. Pass
+  // ?workspace_id=<uuid> to target a specific workspace's bucket; omit it
+  // (or pass '') for the minion-wide bucket. At skill execution time the
+  // template-expander merges minion-wide + current-workspace variables, with
+  // WS-scoped values overriding minion-wide ones.
 
   fastify.get('/api/variables', async (request, reply) => {
     if (!verifyToken(request)) {
       return reply.code(401).send({ error: 'Unauthorized' })
     }
-    const variables = variableStore.getAll('variables')
-    return { success: true, variables }
+    const workspaceId = readWorkspaceId(request)
+    const variables = variableStore.getVariablesForScope(workspaceId)
+    return { success: true, workspace_id: workspaceId, variables }
   })
 
   fastify.get('/api/variables/:key', async (request, reply) => {
@@ -47,11 +59,12 @@ function variableRoutes(fastify, _opts, done) {
       return reply.code(401).send({ error: 'Unauthorized' })
     }
     const { key } = request.params
-    const value = variableStore.get('variables', key)
+    const workspaceId = readWorkspaceId(request)
+    const value = variableStore.getVariable(workspaceId, key)
     if (value === null) {
       return reply.code(404).send({ error: `Variable not found: ${key}` })
     }
-    return { success: true, key, value }
+    return { success: true, key, value, workspace_id: workspaceId }
   })
 
   fastify.put('/api/variables/:key', async (request, reply) => {
@@ -60,6 +73,7 @@ function variableRoutes(fastify, _opts, done) {
     }
     const { key } = request.params
     const { value } = request.body || {}
+    const workspaceId = readWorkspaceId(request)
 
     if (!isValidKey(key)) {
       return reply.code(400).send({ error: 'Invalid key. Use alphanumeric characters and underscores (1-100 chars).' })
@@ -68,8 +82,8 @@ function variableRoutes(fastify, _opts, done) {
       return reply.code(400).send({ error: 'Invalid value. Must be a string, no newlines, max 2000 chars.' })
     }
 
-    variableStore.set('variables', key, value)
-    return { success: true, key, value }
+    variableStore.setVariable(workspaceId, key, value)
+    return { success: true, key, value, workspace_id: workspaceId }
   })
 
   fastify.delete('/api/variables/:key', async (request, reply) => {
@@ -77,22 +91,45 @@ function variableRoutes(fastify, _opts, done) {
       return reply.code(401).send({ error: 'Unauthorized' })
     }
     const { key } = request.params
-    const removed = variableStore.remove('variables', key)
+    const workspaceId = readWorkspaceId(request)
+    const removed = variableStore.removeVariable(workspaceId, key)
     if (!removed) {
       return reply.code(404).send({ error: `Variable not found: ${key}` })
     }
-    return { success: true, key }
+    return { success: true, key, workspace_id: workspaceId }
   })
 
-  // ─── Secrets (sensitive) ─────────────────────────────────────────────
+  // List the workspace scopes (workspace_ids) that currently hold any
+  // variable. '' represents the minion-wide bucket.
+  fastify.get('/api/variables/scopes', async (request, reply) => {
+    if (!verifyToken(request)) {
+      return reply.code(401).send({ error: 'Unauthorized' })
+    }
+    return { success: true, scopes: variableStore.listVariableScopes() }
+  })
+
+  // ─── Secrets (sensitive, workspace-scoped) ────────────────────────────
+  //
+  // Secrets are scoped per workspace. Pass ?workspace_id=<uuid> to target a
+  // specific workspace's bucket; omit it (or pass '') for the minion-wide
+  // bucket. At skill execution time, the runner merges minion-wide +
+  // current-workspace secrets, with WS-scoped values overriding.
+  //
+  // Values are never returned via the API by design — only key names. Secrets
+  // never leave the minion: the HQ proxy is a pure pass-through.
+
+  function readWorkspaceId(request) {
+    const rawWs = request.query?.workspace_id
+    return (typeof rawWs === 'string') ? rawWs : ''
+  }
 
   fastify.get('/api/secrets', async (request, reply) => {
     if (!verifyToken(request)) {
       return reply.code(401).send({ error: 'Unauthorized' })
     }
-    // Return keys only — never expose secret values via API
-    const keys = variableStore.listKeys('secrets')
-    return { success: true, keys }
+    const workspaceId = readWorkspaceId(request)
+    const keys = variableStore.listSecretKeys(workspaceId)
+    return { success: true, workspace_id: workspaceId, keys }
   })
 
   fastify.put('/api/secrets/:key', async (request, reply) => {
@@ -101,6 +138,7 @@ function variableRoutes(fastify, _opts, done) {
     }
     const { key } = request.params
     const { value } = request.body || {}
+    const workspaceId = readWorkspaceId(request)
 
     if (!isValidKey(key)) {
       return reply.code(400).send({ error: 'Invalid key. Use alphanumeric characters and underscores (1-100 chars).' })
@@ -109,8 +147,8 @@ function variableRoutes(fastify, _opts, done) {
       return reply.code(400).send({ error: 'Invalid value. Must be a string, no newlines, max 2000 chars.' })
     }
 
-    variableStore.set('secrets', key, value)
-    return { success: true, key }
+    variableStore.setSecret(workspaceId, key, value)
+    return { success: true, key, workspace_id: workspaceId }
   })
 
   fastify.delete('/api/secrets/:key', async (request, reply) => {
@@ -118,11 +156,23 @@ function variableRoutes(fastify, _opts, done) {
       return reply.code(401).send({ error: 'Unauthorized' })
     }
     const { key } = request.params
-    const removed = variableStore.remove('secrets', key)
+    const workspaceId = readWorkspaceId(request)
+    const removed = variableStore.removeSecret(workspaceId, key)
     if (!removed) {
       return reply.code(404).send({ error: `Secret not found: ${key}` })
     }
-    return { success: true, key }
+    return { success: true, key, workspace_id: workspaceId }
+  })
+
+  // List the scopes (workspace_ids) that currently hold any secret.
+  // '' represents the minion-wide bucket. Useful for the dashboard secrets
+  // editor to populate the workspace selector even when a workspace has no
+  // active minion membership yet.
+  fastify.get('/api/secrets/scopes', async (request, reply) => {
+    if (!verifyToken(request)) {
+      return reply.code(401).send({ error: 'Unauthorized' })
+    }
+    return { success: true, scopes: variableStore.listSecretScopes() }
   })
 
   done()

package/core/stores/variable-store.js

@@ -1,34 +1,69 @@
 /**
  * Variable Store
  *
- * Manages minion-local secrets and variables stored in .env-style files.
- * - Secrets: ~/.minion/.env.secrets (or DATA_DIR/.env.secrets)
- * - Variables: ~/.minion/.env.variables (or DATA_DIR/.env.variables)
+ * Manages minion-local variables and secrets — both workspace-scoped.
  *
- * Files use standard .env format: KEY=value (one per line, # for comments).
- * Secrets never leave the minion; variables are non-sensitive configuration.
+ * Storage: SQLite tables `variables(workspace_id, key, value, updated_at)`
+ * and `secrets(workspace_id, key, value, updated_at)`. `workspace_id=''` is
+ * the minion-wide bucket; any other value is a workspace-specific bucket.
+ *
+ * At skill execution time the runner / template-expander merges
+ * minion-wide + current-workspace entries for the relevant scope, with the
+ * WS-scoped value winning on conflict.
+ *
+ * Migration: on first read after the SQLite tables are created, any legacy
+ * `.env.variables` / `.env.secrets` flat files are imported into the
+ * minion-wide bucket and renamed to `.env.variables.migrated` /
+ * `.env.secrets.migrated` (kept as one-time backups).
+ *
+ * Secrets never leave the minion and are never persisted in HQ DB. Variables
+ * are non-sensitive and may also be defined at HQ scopes (workspace /
+ * project / workflow); see packages/docs-internal/src/content/docs/design/
+ * variables-and-secrets.md for the full resolution model.
  */
 
 const fs = require('fs')
 const path = require('path')
 const { DATA_DIR } = require('../lib/platform')
 const { config } = require('../config')
+const { getDb } = require('../db')
 
 /**
- * Resolve file path for a given store type.
- * @param {'secrets' | 'variables'} type
+ * Resolve the legacy `.env.variables` path (for one-time migration).
  * @returns {string}
  */
-function getFilePath(type) {
-  const filename = type === 'secrets' ? '.env.secrets' : '.env.variables'
+function getLegacyVariablesFilePath() {
   try {
     fs.accessSync(DATA_DIR, fs.constants.W_OK)
-    return path.join(DATA_DIR, filename)
+    return path.join(DATA_DIR, '.env.variables')
   } catch {
-    return path.join(config.HOME_DIR, '.minion', filename)
+    return path.join(config.HOME_DIR, '.minion', '.env.variables')
   }
 }
 
+/**
+ * Resolve the legacy `.env.secrets` path (for one-time migration).
+ * @returns {string}
+ */
+function getLegacySecretsFilePath() {
+  try {
+    fs.accessSync(DATA_DIR, fs.constants.W_OK)
+    return path.join(DATA_DIR, '.env.secrets')
+  } catch {
+    return path.join(config.HOME_DIR, '.minion', '.env.secrets')
+  }
+}
+
+/**
+ * Normalize a workspace identifier to its canonical string form.
+ * '' (empty string) represents the minion-wide bucket.
+ * @param {string|null|undefined} workspaceId
+ * @returns {string}
+ */
+function normalizeWorkspaceId(workspaceId) {
+  return workspaceId == null ? '' : String(workspaceId)
+}
+
 /**
  * Parse a .env file into a key-value object.
  * @param {string} filePath
@@ -54,105 +89,272 @@ function parseEnvFile(filePath) {
   return result
 }
 
+// ─── Legacy flat-file → SQLite migration ────────────────────────────────────
+
+let _legacyVariablesMigrationDone = false
+let _legacySecretsMigrationDone = false
+
+function migrateLegacyFile(legacyPath, table, doneFlagRef) {
+  if (doneFlagRef.done) return
+  doneFlagRef.done = true
+
+  let entries
+  try {
+    entries = parseEnvFile(legacyPath)
+  } catch {
+    return
+  }
+  const keys = Object.keys(entries)
+  if (keys.length === 0) return
+
+  const db = getDb()
+  const now = Date.now()
+  const insert = db.prepare(
+    `INSERT OR IGNORE INTO ${table} (workspace_id, key, value, updated_at) VALUES (?, ?, ?, ?)`
+  )
+  const tx = db.transaction(() => {
+    for (const k of keys) {
+      insert.run('', k, String(entries[k] ?? ''), now)
+    }
+  })
+  tx()
+
+  try {
+    fs.renameSync(legacyPath, `${legacyPath}.migrated`)
+    console.log(`[VariableStore] Migrated ${keys.length} legacy ${table} entry/ies from ${legacyPath} into SQLite (minion-wide scope)`)
+  } catch (err) {
+    console.error(`[VariableStore] Migrated ${table} to SQLite but failed to rename ${legacyPath}: ${err.message}`)
+  }
+}
+
+const _variablesFlag = { done: false }
+const _secretsFlag = { done: false }
+
+function migrateLegacyVariablesFile() {
+  migrateLegacyFile(getLegacyVariablesFilePath(), 'variables', _variablesFlag)
+}
+
+function migrateLegacySecretsFile() {
+  migrateLegacyFile(getLegacySecretsFilePath(), 'secrets', _secretsFlag)
+}
+
+// ─── Generic table operations (variables and secrets share the shape) ───────
+
+function getRowsForScope(table, workspaceId) {
+  const wsId = normalizeWorkspaceId(workspaceId)
+  const db = getDb()
+  return db.prepare(`SELECT key, value FROM ${table} WHERE workspace_id = ? ORDER BY key`).all(wsId)
+}
+
+function getScopeAsObject(table, workspaceId) {
+  const rows = getRowsForScope(table, workspaceId)
+  const out = {}
+  for (const r of rows) out[r.key] = r.value
+  return out
+}
+
+function getEffective(table, workspaceId) {
+  const wide = getScopeAsObject(table, '')
+  if (!workspaceId) return wide
+  const scoped = getScopeAsObject(table, workspaceId)
+  return { ...wide, ...scoped }
+}
+
+function upsertEntry(table, workspaceId, key, value) {
+  const wsId = normalizeWorkspaceId(workspaceId)
+  const db = getDb()
+  db.prepare(`
+    INSERT INTO ${table} (workspace_id, key, value, updated_at) VALUES (?, ?, ?, ?)
+    ON CONFLICT(workspace_id, key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at
+  `).run(wsId, key, String(value ?? ''), Date.now())
+  return wsId
+}
+
+function deleteEntry(table, workspaceId, key) {
+  const wsId = normalizeWorkspaceId(workspaceId)
+  const db = getDb()
+  const info = db.prepare(`DELETE FROM ${table} WHERE workspace_id = ? AND key = ?`).run(wsId, key)
+  return { removed: info.changes > 0, wsId }
+}
+
+function listScopes(table) {
+  const db = getDb()
+  const rows = db.prepare(`SELECT DISTINCT workspace_id FROM ${table}`).all()
+  return rows.map(r => r.workspace_id)
+}
+
+// ─── Variables (workspace-scoped) ────────────────────────────────────────────
+
+function getVariablesForScope(workspaceId) {
+  migrateLegacyVariablesFile()
+  return getScopeAsObject('variables', workspaceId)
+}
+
 /**
- * Write a key-value object to a .env file.
- * @param {string} filePath
- * @param {Record<string, string>} data
+ * Merge minion-wide and workspace-scoped variables. Workspace-scoped values
+ * override minion-wide values when the key is the same.
  */
-function writeEnvFile(filePath, data) {
-  const dir = path.dirname(filePath)
-  fs.mkdirSync(dir, { recursive: true })
+function getEffectiveVariables(workspaceId) {
+  migrateLegacyVariablesFile()
+  return getEffective('variables', workspaceId)
+}
+
+function getVariable(workspaceId, key) {
+  const all = getVariablesForScope(workspaceId)
+  return all[key] ?? null
+}
 
-  const lines = Object.entries(data).map(([key, value]) => `${key}=${value}`)
-  fs.writeFileSync(filePath, lines.join('\n') + '\n', 'utf-8')
+function setVariable(workspaceId, key, value) {
+  migrateLegacyVariablesFile()
+  const wsId = upsertEntry('variables', workspaceId, key, value)
+  console.log(`[VariableStore] Set variable (scope=${wsId || 'minion-wide'}): ${key}`)
+}
+
+function removeVariable(workspaceId, key) {
+  migrateLegacyVariablesFile()
+  const { removed, wsId } = deleteEntry('variables', workspaceId, key)
+  if (removed) {
+    console.log(`[VariableStore] Removed variable (scope=${wsId || 'minion-wide'}): ${key}`)
+  }
+  return removed
+}
+
+function listVariableKeys(workspaceId) {
+  migrateLegacyVariablesFile()
+  const rows = getRowsForScope('variables', workspaceId)
+  return rows.map(r => r.key)
+}
+
+function listVariableScopes() {
+  migrateLegacyVariablesFile()
+  return listScopes('variables')
+}
+
+// ─── Secrets (workspace-scoped, sensitive) ───────────────────────────────────
+
+function getSecretsForScope(workspaceId) {
+  migrateLegacySecretsFile()
+  return getScopeAsObject('secrets', workspaceId)
+}
+
+function getEffectiveSecrets(workspaceId) {
+  migrateLegacySecretsFile()
+  return getEffective('secrets', workspaceId)
+}
+
+function listSecretKeys(workspaceId) {
+  migrateLegacySecretsFile()
+  const rows = getRowsForScope('secrets', workspaceId)
+  return rows.map(r => r.key)
 }
 
 /**
- * Get all key-value pairs for a store type.
- * @param {'secrets' | 'variables'} type
- * @returns {Record<string, string>}
+ * Set (insert or update) a secret value in the given scope.
+ *
+ * For minion-wide secrets (workspace_id=''), the value is also synced into
+ * `process.env` so in-process consumers (chat plugin sessions, ad-hoc Bash
+ * commands) see the change immediately without restarting the server.
+ *
+ * WS-scoped secrets are NEVER written to `process.env` to prevent cross-WS
+ * leakage; runners must call `getEffectiveSecrets(workspaceId)` and inject
+ * them explicitly into the session env.
  */
+function setSecret(workspaceId, key, value) {
+  migrateLegacySecretsFile()
+  const wsId = upsertEntry('secrets', workspaceId, key, value)
+  if (wsId === '') {
+    process.env[key] = String(value ?? '')
+  }
+  console.log(`[VariableStore] Set secret (scope=${wsId || 'minion-wide'}): ${key}`)
+}
+
+function removeSecret(workspaceId, key) {
+  migrateLegacySecretsFile()
+  const { removed, wsId } = deleteEntry('secrets', workspaceId, key)
+  if (removed) {
+    if (wsId === '') {
+      delete process.env[key]
+    }
+    console.log(`[VariableStore] Removed secret (scope=${wsId || 'minion-wide'}): ${key}`)
+  }
+  return removed
+}
+
+function listSecretScopes() {
+  migrateLegacySecretsFile()
+  return listScopes('secrets')
+}
+
+// ─── Generic / legacy dispatchers (back-compat) ─────────────────────────────
+//
+// The original API used `getAll('variables')` / `getAll('secrets')` etc. with
+// no workspace awareness. We retain the same names but route them to the
+// minion-wide bucket so any straggler caller keeps working.
+
 function getAll(type) {
-  return parseEnvFile(getFilePath(type))
+  if (type === 'secrets') return getSecretsForScope('')
+  return getVariablesForScope('')
 }
 
-/**
- * Get a single value by key.
- * @param {'secrets' | 'variables'} type
- * @param {string} key
- * @returns {string | null}
- */
 function get(type, key) {
-  const data = getAll(type)
-  return data[key] ?? null
+  if (type === 'secrets') {
+    const all = getSecretsForScope('')
+    return all[key] ?? null
+  }
+  return getVariable('', key)
 }
 
-/**
- * Set a key-value pair (creates or updates).
- * Only secrets are synced to process.env (for child process inheritance).
- * Variables use {{VAR}} template expansion in skill content instead.
- * @param {'secrets' | 'variables'} type
- * @param {string} key
- * @param {string} value
- */
 function set(type, key, value) {
-  const filePath = getFilePath(type)
-  const data = parseEnvFile(filePath)
-  data[key] = value
-  writeEnvFile(filePath, data)
-  // Only sync secrets to process.env; variables use template expansion instead
   if (type === 'secrets') {
-    process.env[key] = value
+    setSecret('', key, value)
+    return
   }
-  console.log(`[VariableStore] Set ${type} key: ${key}`)
+  setVariable('', key, value)
 }
 
-/**
- * Remove a key.
- * @param {'secrets' | 'variables'} type
- * @param {string} key
- * @returns {boolean} true if key existed
- */
 function remove(type, key) {
-  const filePath = getFilePath(type)
-  const data = parseEnvFile(filePath)
-  if (!(key in data)) return false
-  delete data[key]
-  writeEnvFile(filePath, data)
-  // Only sync secrets to process.env; variables use template expansion instead
-  if (type === 'secrets') {
-    delete process.env[key]
-  }
-  console.log(`[VariableStore] Removed ${type} key: ${key}`)
-  return true
+  if (type === 'secrets') return removeSecret('', key)
+  return removeVariable('', key)
 }
 
-/**
- * List all keys for a store type.
- * @param {'secrets' | 'variables'} type
- * @returns {string[]}
- */
 function listKeys(type) {
-  return Object.keys(getAll(type))
+  if (type === 'secrets') return listSecretKeys('')
+  return listVariableKeys('')
 }
 
 /**
- * Build environment object from minion secrets only.
- * Variables are no longer injected as env vars; they use {{VAR}} template
- * expansion in skill content (same mechanism as project/workflow variables).
- *
- * @returns {Record<string, string>} Secret key-value pairs for process.env
+ * @deprecated Use `getEffectiveSecrets(workspaceId)` instead. Retained so any
+ * stragglers continue compiling; returns minion-wide secrets only.
  */
 function buildEnv() {
-  return getAll('secrets')
+  return getSecretsForScope('')
 }
 
 module.exports = {
+  // Generic (back-compat)
   getAll,
   get,
   set,
   remove,
   listKeys,
   buildEnv,
-  getFilePath,
+
+  // Variables (workspace-scoped)
+  getVariablesForScope,
+  getEffectiveVariables,
+  getVariable,
+  setVariable,
+  removeVariable,
+  listVariableKeys,
+  listVariableScopes,
+  migrateLegacyVariablesFile,
+
+  // Secrets (workspace-scoped)
+  getSecretsForScope,
+  getEffectiveSecrets,
+  listSecretKeys,
+  setSecret,
+  removeSecret,
+  listSecretScopes,
+  migrateLegacySecretsFile,
 }

package/docs/api-reference.md

@@ -849,15 +849,30 @@ Response:
 
 #### 変数とシークレットの違い
 
-**変数**（ミニオン変数・プロジェクト変数）はスキル本文の `{{VAR_NAME}}` テンプレートとして実行時に展開される。スキル作成時にパラメータ化したい値は `{{変数名}}` で記述する。
+**変数**（ワークスペース変数・プロジェクト変数・ワークフロー変数・ミニオン変数）はスキル本文の `{{VAR_NAME}}` テンプレートとして実行時に展開される。スキル作成時にパラメータ化したい値は `{{変数名}}` で記述する。
 
-**シークレット**（ミニオンシークレット）は環境変数 `$SECRET_NAME` としてプロセスに注入される。APIキーやパスワード等の機密情報に使用する。テンプレート展開は行われない。
+**シークレット**は環境変数 `$SECRET_NAME` としてプロセスに注入される。APIキーやパスワード等の機密情報に使用する。テンプレート展開は行われない。ワークスペース別にスコープ可能(後述)。
 
 #### テンプレート変数の展開優先順位
 
-同名の変数が複数のスコープで定義されている場合、以下の順序で上書きされる:
-1. ミニオン変数（最低優先）
-2. プロジェクト変数（最優先）
+同名の変数が複数のスコープで定義されている場合、以下の順序で上書きされる(後者が優先):
+1. ワークスペース変数（最低優先・全ワークスペース配下で共有）
+2. プロジェクト変数
+3. ワークフロー変数
+4. ミニオン変数（最優先・実行マシン固有の最終オーバーライド）
+
+ワークスペース／プロジェクト／ワークフロー変数はHQ側で展開された SKILL.md がミニオンに配信され、最後にミニオンローカルでミニオン変数が展開される。
+
+#### シークレットのワークスペーススコープ
+
+1つのミニオンが複数ワークスペースを担当する場合、シークレットはワークスペース別に管理される:
+
+| スコープ | 保存形式 | 注入先のセッション |
+|---------|---------|---------------------|
+| ミニオン全体 | SQLite `secrets` テーブル `workspace_id=''` | すべて（サーバー起動時 `process.env` にロード、子プロセスが継承） |
+| ワークスペース別 | SQLite `secrets` テーブル `workspace_id=<uuid>` | そのワークスペースのコンテキストで動くランナーのみ（実行時注入、`process.env` には載らない） |
+
+同名キーがある場合はワークスペース別が優先される。`/api/secrets/*` エンドポイントは `?workspace_id=<uuid>` クエリパラメータでスコープを指定する。省略または空文字でミニオン全体を操作する。シークレット値はHQ DBには保存されず、HQ APIはpass-throughとして中継するのみ。
 
 ### Project Tasks
 

package/linux/routine-runner.js

@@ -16,12 +16,14 @@ const crypto = require('crypto')
 const fs = require('fs').promises
 const execAsync = promisify(exec)
 
-const { config } = require('../core/config')
+const { config, isHqConfigured } = require('../core/config')
+const api = require('../core/api')
 const executionStore = require('../core/stores/execution-store')
 const routineStore = require('../core/stores/routine-store')
 const logManager = require('../core/lib/log-manager')
 const runningTasks = require('../core/lib/running-tasks')
 const { expandSkillTemplates, restoreSkillTemplates } = require('../core/lib/template-expander')
+const { buildTmuxNewSessionCommand } = require('../core/lib/session-env')
 const { getActivePrimary } = require('../core/llm-plugins/lib/active')
 const os = require('os')
 const path = require('path')
@@ -40,6 +42,32 @@ function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms))
 }
 
+/**
+ * Fetch workspace-scoped variables for a routine from HQ.
+ * Returns an empty object when the routine isn't bound to a workspace or HQ
+ * is unreachable; the runner continues with minion-local vars only.
+ *
+ * Workspace secrets are NOT fetched — secrets remain minion-local only (the
+ * HQ DB never stores secret values, by design).
+ *
+ * @param {string} workspaceId - Routine.workspace_id (may be falsy)
+ * @returns {Promise<Record<string, string>>}
+ */
+async function fetchWorkspaceVars(workspaceId) {
+  if (!workspaceId || !isHqConfigured()) return {}
+  try {
+    const result = await api.request(`/workspaces/${workspaceId}/variables`)
+    const vars = {}
+    for (const v of (result?.variables || [])) {
+      if (v && typeof v.key === 'string') vars[v.key] = String(v.value ?? '')
+    }
+    return vars
+  } catch (err) {
+    console.error(`[RoutineRunner] Failed to fetch workspace vars (${workspaceId}): ${err.message}`)
+    return {}
+  }
+}
+
 /**
  * Generate tmux session name from routine ID and execution ID
  * Format: rt-{routineId first 8}-{executionId first 4}
@@ -90,10 +118,15 @@ async function executeRoutineSession(routine, executionId, skillNames) {
   console.log(`[RoutineRunner] tmux session: ${sessionName}`)
   console.log(`[RoutineRunner] Log file: ${logFile}`)
 
-  // Expand {{VAR}} templates in SKILL.md files with minion variables
+  // Fetch HQ workspace variables when the routine is bound to a workspace.
+  // Minion variables (minion-wide ∪ WS-scoped, resolved inside the expander
+  // via workspaceId) override these as the final layer.
+  const workspaceVars = await fetchWorkspaceVars(routine.workspace_id)
+
+  // Expand {{VAR}} templates in SKILL.md files
   let expandedOriginals = new Map()
   try {
-    expandedOriginals = await expandSkillTemplates(skillNames)
+    expandedOriginals = await expandSkillTemplates(skillNames, workspaceVars, routine.workspace_id || '')
     if (expandedOriginals.size > 0) {
       console.log(`[RoutineRunner] Expanded templates in ${expandedOriginals.size} skill(s)`)
     }
@@ -142,14 +175,19 @@ async function executeRoutineSession(routine, executionId, skillNames) {
     )
     await execAsync(`chmod +x "${execScript}"`)
 
-    const tmuxCommand = [
-      'tmux new-session -d',
-      `-s "${sessionName}"`,
-      '-x 200 -y 50',
-      `-e "MINION_EXECUTION_ID=${executionId}"`,
-      `-e "MINION_ROUTINE_ID=${routine.id}"`,
-      `-e "MINION_ROUTINE_NAME=${routine.name.replace(/"/g, '\\"')}"`,
-    ].join(' ')
+    // Build tmux invocation with workspace-effective secrets + per-execution
+    // identifiers. Secrets come from variable-store (minion-wide ∪ WS-scoped,
+    // with WS values winning); identifiers always override on top.
+    const tmuxCommand = buildTmuxNewSessionCommand({
+      sessionName,
+      workspaceId: routine.workspace_id || '',
+      extraEnv: {
+        MINION_EXECUTION_ID: executionId,
+        MINION_ROUTINE_ID: routine.id,
+        MINION_ROUTINE_NAME: routine.name,
+        MINION_ROUTINE_WORKSPACE_ID: routine.workspace_id || '',
+      },
+    })
 
     await execAsync(tmuxCommand, { cwd: homeDir })
 

package/linux/workflow-runner.js

@@ -22,6 +22,7 @@ const workflowStore = require('../core/stores/workflow-store')
 const logManager = require('../core/lib/log-manager')
 const runningTasks = require('../core/lib/running-tasks')
 const { expandSkillTemplates, restoreSkillTemplates } = require('../core/lib/template-expander')
+const { buildTmuxNewSessionCommand } = require('../core/lib/session-env')
 const { getActivePrimary } = require('../core/llm-plugins/lib/active')
 const os = require('os')
 const path = require('path')
@@ -139,10 +140,13 @@ async function executeWorkflowSession(workflow, executionId, skillNames, options
   console.log(`[WorkflowRunner] Log file: ${logFile}`)
   console.log(`[WorkflowRunner] HOME: ${homeDir}`)
 
-  // Expand {{VAR}} templates in SKILL.md files with minion variables
+  // Expand {{VAR}} templates in SKILL.md files with minion variables effective
+  // for this workflow's workspace (minion-wide ∪ WS-scoped, WS wins). HQ has
+  // already expanded workspace/project/workflow scopes before delivering the
+  // SKILL.md, so this layer only resolves remaining placeholders.
   let expandedOriginals = new Map()
   try {
-    expandedOriginals = await expandSkillTemplates(skillNames)
+    expandedOriginals = await expandSkillTemplates(skillNames, {}, workflow.workspace_id || '')
     if (expandedOriginals.size > 0) {
       console.log(`[WorkflowRunner] Expanded templates in ${expandedOriginals.size} skill(s)`)
     }
@@ -200,12 +204,19 @@ async function executeWorkflowSession(workflow, executionId, skillNames, options
     )
     await execAsync(`chmod +x "${execScript}"`)
 
-    // PATH, HOME, DISPLAY, and minion secrets are already set in
-    // process.env at server startup, so child processes inherit them automatically.
-    await execAsync(
-      `tmux new-session -d -s "${sessionName}" -x 200 -y 50`,
-      { cwd: homeDir },
-    )
+    // PATH, HOME and DISPLAY are inherited from process.env (set at startup);
+    // workspace-scoped secrets are passed explicitly via `-e` here so each
+    // session only sees secrets relevant to its workspace context.
+    const tmuxCommand = buildTmuxNewSessionCommand({
+      sessionName,
+      workspaceId: workflow.workspace_id || '',
+      extraEnv: {
+        MINION_EXECUTION_ID: executionId,
+        MINION_WORKFLOW_ID: workflow.id || '',
+        MINION_WORKFLOW_WORKSPACE_ID: workflow.workspace_id || '',
+      },
+    })
+    await execAsync(tmuxCommand, { cwd: homeDir })
 
     // Keep session alive after command completes (for debugging via terminal mirror)
     await execAsync(`tmux set-option -t "${sessionName}" remain-on-exit on`)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekbeer/minion",
-  "version": "3.55.1",
+  "version": "3.57.0",
   "description": "AI Agent runtime for Minion - manages status and skill deployment on VPS",
   "main": "linux/server.js",
   "bin": {

package/rules/core.md

@@ -220,10 +220,11 @@ Routine 実行中は以下もtmuxセッション環境で利用可能:
 - `MINION_EXECUTION_ID` — 実行UUID
 - `MINION_ROUTINE_ID` — ルーティンUUID
 - `MINION_ROUTINE_NAME` — ルーティン名
+- `MINION_ROUTINE_WORKSPACE_ID` — ルーティンが特定ワークスペースにバインドされている場合のワークスペースUUID（未バインドなら空文字）
 
-**変数**（ミニオン変数・プロジェクト変数）はスキル本文の `{{VAR_NAME}}` テンプレートとして実行時に展開される。スキル作成時にパラメータ化したい値は `{{変数名}}` で記述すること。展開優先順位: ミニオン変数 < プロジェクト変数（後者が優先）。
+**変数**（ワークスペース変数・プロジェクト変数・ワークフロー変数・ミニオン変数）はスキル本文の `{{VAR_NAME}}` テンプレートとして実行時に展開される。スキル作成時にパラメータ化したい値は `{{変数名}}` で記述すること。展開優先順位: ワークスペース < プロジェクト < ワークフロー < ミニオン（後者が優先）。ミニオンが最終オーバーライドとなる設計で、ミニオン運用者がHQ側のデフォルトを差し替えられる経路を保証する。ミニオン変数はさらにミニオン全体スコープとワークスペース別スコープに分かれ、当該ワークスペースのコンテキストで動く実行時はWS別がミニオン全体を上書きする。`/api/variables/*` は `?workspace_id=<uuid>` でスコープ指定（省略時はミニオン全体）。
 
-**シークレット**（ミニオンシークレット）はサーバー起動時に `process.env` にロードされ、全子プロセスで環境変数 `$SECRET_NAME` として利用可能。APIキーやパスワード等の機密情報に使用する。シークレットは `{{VAR}}` テンプレートでは展開されない。
+**シークレット**はワークスペース別にスコープされ、ミニオンローカルのSQLite (`secrets(workspace_id, key, value)`) に保存される。ワークスペース未指定（`workspace_id=''`）はミニオン全体のスコープで、サーバー起動時に `process.env` にロードされ全子プロセスで `$SECRET_NAME` として利用可能。ワークスペース別シークレット（`workspace_id=<uuid>`）は `process.env` にはロードされず、当該ワークスペースのコンテキストで動くランナー（ワークフロー/WSバインドされたルーティン/チャットセッション）にのみ実行時注入される。同名キーが両スコープに存在する場合はワークスペース別が優先。スキル側は常に `$KEY` で参照すればよく、どちらのスコープから来た値かを意識する必要はない。シークレット値はHQ DBに保存されることはなく、HQはpass-throughとして中継するのみ。
 
 デイリーログやメモリーから変数・シークレットの値を推測して使用してはならない。変数は `{{VAR_NAME}}` テンプレートとして定義し、シークレットは環境変数として参照すること。
 

package/win/routine-runner.js

@@ -12,12 +12,14 @@ const { stripAnsi } = require('../core/lib/strip-ansi')
 const fs = require('fs').promises
 const fsSync = require('fs')
 
-const { config } = require('../core/config')
+const { config, isHqConfigured } = require('../core/config')
+const api = require('../core/api')
 const executionStore = require('../core/stores/execution-store')
 const routineStore = require('../core/stores/routine-store')
 const logManager = require('../core/lib/log-manager')
 const { activeSessions } = require('./workflow-runner')
 const { expandSkillTemplates, restoreSkillTemplates } = require('../core/lib/template-expander')
+const { buildSpawnEnv } = require('../core/lib/session-env')
 const { getActivePrimary } = require('../core/llm-plugins/lib/active')
 const os = require('os')
 
@@ -28,6 +30,25 @@ function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms))
 }
 
+/**
+ * Fetch workspace-scoped variables for a routine from HQ.
+ * Mirrors the Linux runner; see that file for full docs.
+ */
+async function fetchWorkspaceVars(workspaceId) {
+  if (!workspaceId || !isHqConfigured()) return {}
+  try {
+    const result = await api.request(`/workspaces/${workspaceId}/variables`)
+    const vars = {}
+    for (const v of (result?.variables || [])) {
+      if (v && typeof v.key === 'string') vars[v.key] = String(v.value ?? '')
+    }
+    return vars
+  } catch (err) {
+    console.error(`[RoutineRunner] Failed to fetch workspace vars (${workspaceId}): ${err.message}`)
+    return {}
+  }
+}
+
 function generateSessionName(routineId, executionId) {
   const routineShort = routineId ? routineId.substring(0, 8) : 'manual'
   const execShort = executionId ? executionId.substring(0, 4) : ''
@@ -67,10 +88,15 @@ async function executeRoutineSession(routine, executionId, skillNames) {
   console.log(`[RoutineRunner] Session: ${sessionName}`)
   console.log(`[RoutineRunner] Log file: ${logFile}`)
 
-  // Expand {{VAR}} templates in SKILL.md files with minion variables
+  // Fetch HQ workspace variables when the routine is bound to a workspace.
+  // Minion variables (minion-wide ∪ WS-scoped, resolved inside the expander
+  // via workspaceId) override these as the final layer.
+  const workspaceVars = await fetchWorkspaceVars(routine.workspace_id)
+
+  // Expand {{VAR}} templates in SKILL.md files
   let expandedOriginals = new Map()
   try {
-    expandedOriginals = await expandSkillTemplates(skillNames)
+    expandedOriginals = await expandSkillTemplates(skillNames, workspaceVars, routine.workspace_id || '')
     if (expandedOriginals.size > 0) {
       console.log(`[RoutineRunner] Expanded templates in ${expandedOriginals.size} skill(s)`)
     }
@@ -101,14 +127,15 @@ async function executeRoutineSession(routine, executionId, skillNames) {
       throw new Error('No LLM configured. Set a Primary plugin via /api/llm/config or LLM_COMMAND in minion.env')
     }
 
-    // PATH, HOME, USERPROFILE, and minion secrets are already set in
-    // process.env at server startup. Per-execution identifiers are added here.
-    const env = {
-      ...process.env,
+    // PATH, HOME, USERPROFILE are inherited; workspace-scoped secrets are
+    // merged in via buildSpawnEnv() so a routine only sees secrets relevant
+    // to the workspace it is bound to.
+    const env = buildSpawnEnv(routine.workspace_id || '', {
       MINION_EXECUTION_ID: executionId,
       MINION_ROUTINE_ID: routine.id,
       MINION_ROUTINE_NAME: routine.name,
-    }
+      MINION_ROUTINE_WORKSPACE_ID: routine.workspace_id || '',
+    })
 
     const logDir = path.dirname(logFile)
     await fs.mkdir(logDir, { recursive: true })

package/win/workflow-runner.js

@@ -24,6 +24,7 @@ const executionStore = require('../core/stores/execution-store')
 const workflowStore = require('../core/stores/workflow-store')
 const logManager = require('../core/lib/log-manager')
 const { expandSkillTemplates, restoreSkillTemplates } = require('../core/lib/template-expander')
+const { buildSpawnEnv } = require('../core/lib/session-env')
 const { getActivePrimary } = require('../core/llm-plugins/lib/active')
 const os = require('os')
 
@@ -142,10 +143,11 @@ async function executeWorkflowSession(workflow, executionId, skillNames, options
   console.log(`[WorkflowRunner] Log file: ${logFile}`)
   console.log(`[WorkflowRunner] HOME: ${homeDir}`)
 
-  // Expand {{VAR}} templates in SKILL.md files with minion variables
+  // Expand {{VAR}} templates in SKILL.md files with minion variables effective
+  // for this workflow's workspace (minion-wide ∪ WS-scoped, WS wins).
   let expandedOriginals = new Map()
   try {
-    expandedOriginals = await expandSkillTemplates(skillNames)
+    expandedOriginals = await expandSkillTemplates(skillNames, {}, workflow.workspace_id || '')
     if (expandedOriginals.size > 0) {
       console.log(`[WorkflowRunner] Expanded templates in ${expandedOriginals.size} skill(s)`)
     }
@@ -178,8 +180,9 @@ async function executeWorkflowSession(workflow, executionId, skillNames, options
       throw new Error('No LLM configured. Set a Primary plugin via /api/llm/config or LLM_COMMAND in minion.env')
     }
 
-    // PATH, HOME, USERPROFILE, and minion secrets are already set in
-    // process.env at server startup, so child processes inherit them automatically.
+    // PATH, HOME, USERPROFILE are inherited from process.env (set at startup);
+    // workspace-scoped secrets are merged in via buildSpawnEnv() so this
+    // session only sees secrets relevant to its workspace context.
 
     // Open log file for streaming writes
     const logDir = path.dirname(logFile)
@@ -195,7 +198,11 @@ async function executeWorkflowSession(workflow, executionId, skillNames, options
       cols: 200,
       rows: 50,
       cwd: homeDir,
-      env: process.env,
+      env: buildSpawnEnv(workflow.workspace_id || '', {
+        MINION_EXECUTION_ID: executionId,
+        MINION_WORKFLOW_ID: workflow.id || '',
+        MINION_WORKFLOW_WORKSPACE_ID: workflow.workspace_id || '',
+      }),
     })
 
     // Track session