diff --git a/lib/access.go b/lib/access.go
index 65e85d2..77b4a85 100644
--- a/lib/access.go
+++ b/lib/access.go
@@ -33,12 +33,9 @@ type AccessContext struct {
 	IsSystem   bool   // bypass RBAC (internal operations only)
 }
 
-// SystemAccessorID is a reserved ID for internal operations (not a real dossier)
-// Using "system" prefix makes it impossible to collide with hex dossier IDs
-const SystemAccessorID = "system-internal"
-
 // SystemContext is used for internal operations that bypass RBAC
-var SystemContext = &AccessContext{IsSystem: true, AccessorID: SystemAccessorID}
+// Initialized in ConfigInit() with SystemAccessorID from config
+var SystemContext *AccessContext
 
 // ErrAccessDenied is returned when permission check fails
 var ErrAccessDenied = fmt.Errorf("access denied")
diff --git a/lib/config.go b/lib/config.go
index 3efdd7c..825a4de 100644
--- a/lib/config.go
+++ b/lib/config.go
@@ -22,8 +22,9 @@ func Init() error {
 }
 
 var (
-	GeminiKey    string = ""
-	AnthropicKey string = ""
+	GeminiKey         string = ""
+	AnthropicKey      string = ""
+	SystemAccessorID  string = "7b3a3ee1c2776dcd" // Default fallback
 )
 
 func ConfigInit() {
@@ -50,6 +51,14 @@ func ConfigInit() {
 			GeminiKey = value
 		case "ANTHROPIC_API_KEY":
 			AnthropicKey = value
+		case "SYSTEM_ACCESSOR_ID":
+			SystemAccessorID = value
 		}
 	}
+
+	// Initialize SystemContext with loaded ID
+	SystemContext = &AccessContext{
+		IsSystem:   true,
+		AccessorID: SystemAccessorID,
+	}
 }