SECURITY Do not commit secrets, tokens, credentials, account sessions, real customer data or private workspace inventories. Before any public push: run secret scan; run path scrub; run claims scan; review license status; verify ActionGate approval.