note: workspace repo deliberately commits secrets (private DR exception)
Some checks failed
check / check (push) Failing after 8s
Some checks failed
check / check (push) Failing after 8s
This commit is contained in:
clawbot
parent
27c270755d
commit
b0452265c8
@ -451,6 +451,14 @@ just direct commits to main. It's a state mirror, not a development workflow.
|
||||
`~/repos/` or a fast external drive) to avoid embedding git repos inside the
|
||||
workspace repo. The workspace repo tracks workspace files only.
|
||||
|
||||
**A deliberate policy exception:** The workspace repo violates one of the most
|
||||
important repo policies — "never commit secrets." The workspace contains API
|
||||
keys, tokens, and credentials in files like TOOLS.md because those are part of
|
||||
the agent's operational state. This is an accepted exception because the repo is
|
||||
permanently private and serves as a backup/DR system, not a development repo. If
|
||||
your workspace state repo were ever to become public, it would be a catastrophic
|
||||
leak. Treat it accordingly: private visibility, restricted access, no forks.
|
||||
|
||||
### Putting It All Together
|
||||
|
||||
The system works as a loop:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user