Goal
Close the public-exposure gap before flipping the repo public and tagging v0.1.0. The custom secret scanner, SQLite storage permissions, and disclosure docs are all sized for a private project today; once the repo is public, contributors and operators need clearer guarantees.
This is the first of six release milestones (R1–R6) leading to v0.1.0. See the roadmap in #75 follow-ups; companion epics: R2, R3, R4, R5, R6 (filed separately).
Sub-tasks (existing issues, must close before R1 is done)
Additional acceptance criteria
Out of scope
- Full DLP / pattern coverage parity with commercial scanners — explicitly deferred.
- Live MailPlus credential handling — covered by the live adapter milestone, not here.
Definition of done
- All four checkboxes above and all three sub-issues are closed.
bash scripts/ci/run-fast-checks.sh still green.mpi doctor still green on a clean clone.
Goal
Close the public-exposure gap before flipping the repo public and tagging
v0.1.0. The custom secret scanner, SQLite storage permissions, and disclosure docs are all sized for a private project today; once the repo is public, contributors and operators need clearer guarantees.This is the first of six release milestones (R1–R6) leading to v0.1.0. See the roadmap in #75 follow-ups; companion epics: R2, R3, R4, R5, R6 (filed separately).
Sub-tasks (existing issues, must close before R1 is done)
Additional acceptance criteria
SECURITY.mdreviewed for public-disclosure clarity: a non-internal reporter can find a contact channel and an SLA expectation.docs/privacy-redaction-boundaries.mdlinked fromREADME.mdandCONTRIBUTING.mdso newcomers see it before submitting fixtures.fixtures/audited once more for synthetic-only content; no real domains, no real names. Add a one-line README infixtures/confirming the policy and how to extend safely.scripts/check-detect-secrets.shdocumented as fast guardrail (per Document secret scanner limits and add MailPlus leak patterns #81), and the--all-localmode from Add local secret-scan mode for untracked files #80 surfaced inCONTRIBUTING.md.Out of scope
Definition of done
bash scripts/ci/run-fast-checks.shstill green.mpi doctorstill green on a clean clone.