This file is the developer-level implementation policy that aligns with docs/security.html.
No private, protected, or production data may be committed to this repository.
This includes direct values, screenshots, logs, exports, copied snippets, and any derived artifact that can identify real people, systems, or internal infrastructure.
| Category | Allowed | Prohibited |
|---|---|---|
| Screenshots | Anonymized, redacted captures | Unredacted UI with names, emails, IDs, case data |
| Data | Synthetic/dummy records | Production or user-originated records |
| Schemas | Field names/types/relations | Real data values embedded in examples |
| Infrastructure | Generic architecture patterns | Internal hostnames, IP ranges, private endpoints |
| Secrets | Placeholders and mock values | API keys, passwords, tokens, live certs |
- Redact screenshots before adding to
LotusApp/screenshots/ - Keep only structural schema details in
LotusApp/data-schema/ - Do not paste sensitive details into Copilot prompts
- Write requirements in business-functional language
- Exclude references to internal production systems and addresses
- Keep real case/user examples out of user stories
- Use generic environment naming (e.g.,
dev,test,prod) - Do not include tenant identifiers, secret names, or private URLs in architecture docs
- Document security assumptions explicitly
- Keep secrets in environment variables or secure secret stores only
- Never hardcode credentials in code, tests, config, or markdown
- Prefer fake fixtures and synthetic test datasets
Before committing an image or copied snippet, verify:
- Names, emails, usernames, IDs, and case numbers are removed
- Dates/timestamps that can identify records are generalized if sensitive
- Internal URL bars, hostnames, and environment labels are hidden
- Any browser tab/title that reveals internal systems is masked
If unsure, do not commit until reviewed by a teammate.
- No real user or production data in staged files
- No credentials or tokens in staged files
- No internal endpoints/IPs/hostnames in staged files
- Screenshots are redacted
- Dummy/test data is clearly synthetic
- AI-generated code was reviewed by a human before commit
- Stop sharing and stop further commits that propagate exposure.
- Notify project owners/security contacts immediately.
- Rotate any potentially exposed credentials immediately.
- Remove exposure from history using approved org process/tooling.
- Document what happened and the corrective action taken.
Do not treat file deletion alone as remediation; history must be addressed.
Use AI to accelerate implementation, not to relax controls.
When in doubt: leave it out and ask before committing.