From 145f071ca4dc5504541b041f3758a9d39a10ed26 Mon Sep 17 00:00:00 2001
From: yiekheng <yiekheng@04080616.xyz>
Date: Sat, 2 May 2026 17:38:35 +0800
Subject: [PATCH] docs(agents): drop stale 'hardcoded credentials' note (moved
 to env in 45303d0)

---
 AGENTS.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/AGENTS.md b/AGENTS.md
index 3c7bd8a..e2bde27 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -91,5 +91,4 @@
 ## Security & Configuration Tips
 - Never commit real secrets in `.env`.
 - `CM_DEBUG` defaults to `false` for both Flask services. Set it to `true` only in local development; rex/siong production env files must leave it unset (the Werkzeug debugger is RCE if reachable).
-- `app/cm_bot_hal.py` currently contains hardcoded agent credentials/pin; move these to env vars before production use.
 - Keep container clocks mounted (`/etc/timezone`, `/etc/localtime`) as compose currently defines to avoid schedule drift.