# CLAUDE.md

See [README.md](README.md).

## Publishing & privacy — run this check before EVERY push

This repo is public (mirrored to Codeberg) and rsynced to the live site on
every push to `main`. A work email (`…@<employer>`) was once leaked here in
example config; scrubbing the files was not enough, because it also lived in
git **history and tags** and had to be erased with a history reset + force-push
(and may already be cached by third parties). So the guard must run *before*
the push, not after.

**Before any `git push`, scan for personal/work emails and secrets. If anything
prints, do NOT push — replace it with a placeholder first.**

```sh
# Flags any email address that is not an approved example/contact address.
# Empty output = clean. Any output = stop and fix.
git grep -InE '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}' \
  | grep -viE '@example\.(com|org|io|net)|caseywitt@proton\.me'

# Also reject obvious secrets:
git grep -InE '(BEGIN [A-Z ]*PRIVATE KEY|api[_-]?key|secret|token)[=:]' || true
```

Rules for anything committed to a public repo:

- **No work or private email addresses.** In examples use `someone@example.com`,
  `*@example.com`, generic personas (`admin`, `alice`, `sam`), and party names
  like `Acme`.
- **No real personal names** beyond the maintainer's chosen public identity.
- **No secrets, keys, or tokens.**
- The **only** real address allowed in published content is the maintainer's
  deliberate public contact, `caseywitt@proton.me`.

If a leak ever reaches a remote: fixing the working tree is insufficient — rewrite
or reset history, delete affected tags/branches, force-push to every remote
(`origin` **and** `codeberg`), and treat the leaked value as already exposed.