Playbooks
Security Baseline
Updated · 2026-01-10Minimum viable security posture for public surfaces and internal routes: least privilege, logs, and blast-radius control.
Scope
- Secrets handling
- Access posture
- Audit and logging
Constraints
- No privileged keys in client bundles
- Server-only admin operations
- Fail closed where it matters
Boundaries
- Public shares posture and rules, not sensitive implementation details.
- Secrets are treated as infrastructure, not convenience.
- Auditability beats trust-me security.