OpenCAS Manager is an operator application for a live autonomous system. Public source must not include private runtime state or credentials.

Do not commit:

• API keys, provider tokens, GitHub tokens, cookies, passwords, private keys, or auth headers
• .opencas state, memory databases, chat transcripts, schedule databases, screenshots, desktop-context captures, logs, or local workspace output
• machine-local files such as android/local.properties, CMakeUserPresets.json, build directories, Gradle caches, or IDE state
• private deployment URLs or host-specific control scripts

Runtime integrations should use explicit OpenCAS API boundaries. If a runtime path is unavailable, the UI should display unavailable/degraded state instead of editing private files behind the service.

Open a GitHub issue for public source problems that do not expose private data. If a report would include credentials, private runtime state, screenshots, or personal data, remove that material before filing.

Before publishing a new snapshot:

git diff --check
cmake --build build -j
ctest --test-dir build --output-on-failure
rg -n --hidden -g '!/.git/**' -g '!build/**' -g '!*.png' -g '!*.mp4' \
  '(gho_|github_pat_|sk-[A-Za-z0-9_-]{20,}|API_KEY|TOKEN|SECRET|PASSWORD|-----BEGIN)'

For public releases, prefer a fresh sanitized publish tree if local Git history might contain private commits.