module 10 build routines

Context + secrets

System Text-to-Speech Ready
Slide: 0:00 / 0:00
Slide 1 of 0Interactive Deck

Full Lesson Reference

A local session borrows from your laptop. A Managed Agent borrows from nothing - it starts with a blank workspace on a remote server. If you don't bundle the right context and credentials into the Routine, the run either fails or produces generic nonsense.

This lesson is about giving the agent everything it needs to do the job without you in the loop.

What's missing from a remote run by default

  • Your local files (CLAUDE.md, project folders, Dropbox)
  • Your local MCP config (.mcp.json, .env)
  • Your global memory layer (Supabase connection unless you wire it up)
  • Any API keys stored on your machine
  • Any credentials stored in browser logins (Google, Meta, etc.)

You have to make each of these available to the Routine explicitly.

The 3 ways to give a Routine context

  1. Inline in the prompt

For short, stable context - brand guidelines, report structure, output format. Paste it into the prompt:

Voice: direct, plain English, Australian spelling. Report format: hero metric, 3 KPIs, campaign table, 2 recommendations. Banned phrases: waste, bleed, underperforming. Trade-off: every run pays tokens to re-read this. Fine for small blocks. Expensive for long ones.

  1. Attached context files

For larger references - CLAUDE.md, style guides, templates. Bundle them when you create the Routine:

Create the Routine and attach these files as context

  • /path/to/CLAUDE.md
  • /path/to/report-template.html
  • /path/to/brand-voice.md

The files load into the remote context at run time. Updates to the file after the Routine is created don't automatically sync - you'll need to update the Routine when the file changes.

  1. Pulled live from a source

For context that changes often - live data, Supabase tables, GitHub repo state.

Instruct the agent to pull it at run time

Pull the latest CLAUDE.md from this GitHub repo before running. Pull the last 7 days of campaign data from Supabase table google_ads.campaigns.

Trade-off: slower runs, but always current. Best for anything that changes weekly or more often.

Secrets - API keys and credentials

Every MCP the Routine uses needs its credentials. These are stored as secrets on the Routine, never in the prompt itself.

What counts as a secret

  • API keys (OpenAI, Anthropic, third-party platforms)
  • MCP connection tokens (Google Ads, Meta Ads, Supabase, GitHub)
  • Webhook URLs (Slack, internal systems)
  • Database connection strings

How to add secrets

Tell Claude

Add a secret to the daily-gads-healthcheck-demo Routine.

Name: GOOGLE_ADS_TOKEN

Value: [paste the token]

Claude stores the secret on the Routine. At run time it's injected as an environment variable the remote Claude can read. The value is never logged and never visible in the prompt.

Never do this

  • Paste an API key directly in the Routine prompt - it ends up in logs
  • Reuse your local .env file as a secret file - copy only the keys the Routine actually needs
  • Give a Routine write access to a platform if it only needs to read
  • Commit a secret to GitHub, even temporarily

The minimum viable context bundle

Most Routines need

  • A trimmed CLAUDE.md (voice, brand rules, banned phrases - no local paths)
  • One reference template (report structure, email format, etc.)
  • One or two MCP credentials as secrets
  • A clear output destination (GitHub repo path, Slack channel ID, Supabase table name)

Keep it tight. Every extra file costs tokens per run.

MCPs in a remote run

Routines can use the same MCPs you use in sessions, but you have to register them on the Routine. Tell Claude:

Add the following MCPs to the Routine

  • Google Ads (read-only, account ID [X])
  • Supabase (project [Y])
  • GitHub (repo [Z])

Use the secrets GOOGLE_ADS_TOKEN, SUPABASE_KEY, GITHUB_PAT for auth. The remote Claude loads those MCPs when the Routine fir es, exactly like your local session would. Rule of thumb: only add MCPs the Routine actually needs. Every extra MCP is more tokens, more failure surface, and more attack surface.

Power-user tips

  • Keep CLAUDE.md for Routines separate - your local one has paths, client names, and personal preferences. Strip those for the Routine version.
  • Store secrets once, reference by name - if 5 Routines all use the same Google Ads token, rotate it once and you're done
  • Version your context files - when you update the report template, bump the Routine to use the new version, don't overwrite in place
  • Log the context hash on each run - helps you tell "was this run using the old template or the new one" when debugging

Action items

☐ For your first Routine, write down what context it needs (files, data sources, brand rules)

☐ List every MCP it will call - write down each MCP's credential name

☐ Attach context files and add secrets via Claude

☐ Test run - confirm the output uses your brand voice and pulls from the right accounts

Next lesson: Monitor + debug runs.

Exercises

  1. Review the concepts covered in this lesson: Context + secrets.
  2. Write down your key takeaway from this lesson.
  3. Practice running any commands or prompts mentioned above inside your terminal.