Public Access Policy
Public documentation must stay useful without exposing internal control-plane details, credential practices, or operational guidance.
Allowed on Public Pages
- - High-level product overview and support guidance
- - Documentation access rules and sign-in expectations
- - Role-agnostic descriptions of who the product serves
- - Non-sensitive help content that does not reveal internal architecture or operating procedures
Never Public
- - Database schema, table structure, migration notes, or constraint details
- - API endpoint contracts, authentication flows, or control-plane workflow steps
- - Admin operations, queue handling, internal bug logs, or engineering runbooks
- - Credential patterns, demo account secrets, seed data procedures, or operational checklists
Protection Rules
- - Role-specific product guides require sign-in and should be limited to the audience that uses them.
- - Internal documentation is admin-only unless there is an explicit product reason to broaden access.
- - When a page mixes public and internal material, the internal content must be moved or removed rather than partially exposed.
- - New documentation should default to protected access until its public value is explicit and reviewed.