Owner: Nick Last Verified: 2026-03-05 Status: Active
- No private company data in commits.
- No secrets in repo, scripts, or docs.
- Demo and test data must be synthetic only.
- Use deterministic scripts for sensitive checks.
- Require explicit evidence for runtime-impacting changes.
- Escalate policy or architecture exceptions to human review.
For vulnerability disclosure process, see ../SECURITY.md.