document public-repo security boundary in working context

2026-03-17 23:55:33 +01:00
parent d668a108d5
commit 6a758b010f
1 changed files with 6 additions and 0 deletions
--- a/WORKING_CONTEXT.md
+++ b/WORKING_CONTEXT.md
@@ -22,6 +22,12 @@ Not included here:
 - station hostnames and private endpoints
 - station-specific bandmaps/bandplans/deploy service wiring

+## Security Boundary (Public Repo)
+
+- This repository is public.
+- Never commit live configurations, production environment files, credentials, tokens, private hostnames, or any sensitive operational data.
+- Keep all live/runtime secrets in deployment/runtime environment layers outside this repository.
+
 ## Configuration Layers

 Expected priority order: