This document is a binding constraint for work in this repository.

• Do not commit secrets, tokens, or real user data.
• Databases and local data files are private and should be gitignored.

• Validate external inputs before use.
• Use parameterized SQL for all database access; never build SQL with raw values.

• Avoid logging sensitive data or PII.
• Prefer structured, minimal logs.

• Use least‑privilege file access.
• Keep migrations SQL‑only; avoid executing dynamic or untrusted SQL.

• Do not exfiltrate data.
• External calls must be explicit and justified.