This repository is public. Treat every committed file as visible to the internet.
- API keys, tokens, passwords, cookies, or credentials.
- Private keys, certificates, or signing material.
- Raw user conversations, private notes, or personal memory.
- Customer, client, or confidential project data.
- Local
.envfiles or machine-specific secret configuration.
Run:
python3 scripts/validate_repo.pyThe validator is a guardrail, not a guarantee. Review changes manually before committing.
If a secret or private file is committed, rotate the secret immediately and remove it from Git history before continuing public work.