This repository must not contain maintainer-owned API keys, customer keys, tokens, cookies, private endpoints, or local runtime secrets.
Customers should configure credentials locally, using environment variables, shell profiles, macOS Keychain, or their own secret manager.
Do not commit:
.envor.env.*- filled
local-config.txt - private keys
- cookies or browser session exports
- paid provider tokens
- customer data, unpublished manuscripts, or private reviewer notes
BAIDU_API_KEYEASYSCHOLAR_SECRET_KEYOPENALEX_API_KEYFIRECRAWL_API_KEY
See docs/API_KEYS_AND_LOCAL_CONFIG.md.
If you find a credential, private endpoint, or customer data in this repository, rotate the affected credential first, then open a private report with the repository owner. Do not paste live secrets into public issues.