Black box track: This hub is public; core implementation and repo detail stay partner scoped. Research status (what ships, what is spec): Research status. Technical briefings under NDA: Partners.
Use this page before every Netlify (or equivalent) push for phyllux.io. It complements IP posture and Accord language — not legal advice.
sk_live_, AWS access keys, Slack tokens), VPN configs, or employee-only URLs.vault/ unless counsel has decided that disclosure is intentional.Choose deliberately:
assets/docs/phikey/ as on Phyllux Vault; compress for web size limits.x strings). Never paste production seeds into issues, chats, or public repos.phyllux-core constants and mesh exports are already a chosen disclosure level; do not extend that to partner-only tuning or skip tables counsel has not cleared.From the site repository root (phyllux-technologies-web):
npm run preflight
Runs scan:public then generate-sitemap. Scan only: npm run scan:public (same as powershell -ExecutionPolicy Bypass -File .\scripts\scan-public-deploy.ps1).
Fix or remove any match before deploy. Current heuristics include PEM and PGP private blocks, AWS AKIA/ASIA key ids, Stripe sk_live_, Slack tokens, and GitHub ghp_ PATs; files over 2 MB are skipped for performance. The script does not replace human review.
Optional: npm run git-hooks:install once per clone so git push runs npm run preflight via .githooks/pre-push. Undo: npm run git-hooks:uninstall. On macOS/Linux, if Git refuses the hook, run chmod +x .githooks/pre-push once (hook scripts use LF via .gitattributes).