This repo handles customer PII (emails, names, purchase history, support tickets, identity graph). Key rules:

• warehouse.db — never commit. Contains raw customer data.
• data-warehouse/**/*.jsonl — never commit. Raw API responses.
• data-warehouse/**/*.csv — never commit. Platform exports.
• data-warehouse/cursors.json — never commit. Contains table timestamps.
• data-warehouse/manifest.json — never commit. Contains run metadata.
• environments/**/.env — never commit. API keys and secrets.

All of the above are in .gitignore by default.

The identity_graph table links customer identities across platforms via email matching. This data is considered high-sensitivity PII and must never be exported, logged, or shared outside the warehouse.

• Store all credentials in environments/{service}/.env
• Use Apple Keychain via /setup-environment where possible
• Rotate API keys periodically
• Never log access tokens to stdout

If you discover a security vulnerability, please report it privately:

1. Email: jim@ecom-x.com
2. Do NOT open a public GitHub issue for security vulnerabilities
3. Include steps to reproduce and potential impact
4. We will respond within 48 hours

We follow responsible disclosure practices. Security issues will be patched and credited to the reporter (if desired) once a fix is released.