GemmaStudio is a content preparation tool. It is not an Instagram or Threads automation tool.

The project must not implement:

• automated Instagram posting;
• automated Threads posting;
• browser automation for posting;
• cookie or session persistence;
• fake human behavior;
• account warmup logic;
• mass liking, commenting, following, or messaging;
• hidden background platform actions.

• No real secrets in source files.
• .env is local only and ignored by git.
• .env.example must contain keys only, never values.
• MVP should not need Meta credentials.
• Optional LLM keys must be read from environment variables or local .env only.
• LLM failures must not create empty drafts.

Before each release, verify:

• no files contain access tokens;
• no code imports browser automation tools for platform posting;
• no code calls Instagram or Threads publishing endpoints;
• no scheduled job can publish to Meta;
• all Meta-related UI actions are manual links or copy actions.
• optional LLM generation validates required content fields before saving.

• Open official Instagram or Threads URLs in the browser.
• Copy generated text to clipboard.
• Download prepared images.
• Let the user manually mark content as posted.

Any future official API integration must be designed as a separate explicit feature with:

• documented permissions;
• platform policy review;
• visible user consent;
• manual fallback;
• clear kill switch.