Public documentation v0
Safety and public-site hygiene
Rules for keeping public Software Factory docs safe.
Never publish without explicit approval
Credentials, API tokens, OAuth secrets, SSH keys, private service URLs, internal work identifiers, board metadata, local workspace paths, run records, raw logs, environment files, auth files, local state databases, user notes, memories, or session files.
Allowed by default
Conceptual architecture, role responsibilities, public docs URLs, approved public repository names, approved install instructions, and release notes that summarize user-visible changes.
Redaction rule
If a detail is not needed for a public user to understand, install, or use Software Factory, omit it or generalize it.
Operational hygiene
Use least privilege, avoid broad credentials, keep public sites free of debug endpoints, and verify content with automated scans before release.