note: workspace repo deliberately commits secrets (private DR exception)
Some checks failed
check / check (push) Failing after 8s
Some checks failed
check / check (push) Failing after 8s
This commit is contained in:
clawbot
parent
27c270755d
commit
b0452265c8
@ -451,6 +451,14 @@ just direct commits to main. It's a state mirror, not a development workflow.
|
|||||||
`~/repos/` or a fast external drive) to avoid embedding git repos inside the
|
`~/repos/` or a fast external drive) to avoid embedding git repos inside the
|
||||||
workspace repo. The workspace repo tracks workspace files only.
|
workspace repo. The workspace repo tracks workspace files only.
|
||||||
|
|
||||||
|
**A deliberate policy exception:** The workspace repo violates one of the most
|
||||||
|
important repo policies — "never commit secrets." The workspace contains API
|
||||||
|
keys, tokens, and credentials in files like TOOLS.md because those are part of
|
||||||
|
the agent's operational state. This is an accepted exception because the repo is
|
||||||
|
permanently private and serves as a backup/DR system, not a development repo. If
|
||||||
|
your workspace state repo were ever to become public, it would be a catastrophic
|
||||||
|
leak. Treat it accordingly: private visibility, restricted access, no forks.
|
||||||
|
|
||||||
### Putting It All Together
|
### Putting It All Together
|
||||||
|
|
||||||
The system works as a loop:
|
The system works as a loop:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user