Remove hardcoded service-role JWT from scripts

## Problem
A service role token is embedded directly in an npm script, creating credential leakage risk.

## Evidence
-  ()

## Scope
- Move token to environment variable or local-only secrets file ignored by git
- Add script validation for required env vars
- Rotate leaked token if it was ever valid/shared

## Acceptance Criteria
- No hardcoded JWTs in repo scripts
- Local audit script works with env-based secret injection
- Security guidance updated

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove hardcoded service-role JWT from scripts #481

Problem

Evidence

Scope

Acceptance Criteria

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Remove hardcoded service-role JWT from scripts #481

Description

Problem

Evidence

Scope

Acceptance Criteria

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions