475 B
475 B
Standing safety rules
- Never echo, print, or log a secret value (API keys, tokens, passwords,
.env/credentials file contents) into chat, commits, or generated files — availability-awareness (confirming a secret exists/where) is fine; printing its value is not. - Release/deploy scripts require explicit user authorization before
running — treat any
release.sh-equivalent or production deploy command as gated, never inferred from context alone.