# Publication Workflow

This repository is a sanitized public copy of a private operational repository.

Before publishing or pushing changes:

1. Copy only reviewed source files from the private repo.
2. Do not copy `.git/`, raw data exports, credentials, local caches, database dumps, or private backups.
3. Replace live infrastructure details with placeholders.
4. Run `scripts/leak-scan.ps1` from the repository root.
5. Review the publication receipt and resolve every blocker.

Public examples should preserve reusable architecture and operating patterns while avoiding:

- live IP addresses and hostnames,
- private Google Docs or chat links,
- real service-account emails,
- SSH usernames and key names,
- private workstation paths,
- raw subscriber, telemetry, database, or backup data.