TrustSecurityBaseline
Access Control
contributors expand.
Principles
- Least privilege.
- Owner and backup owner for critical assets.
- Protected branches for production-oriented repositories.
- Access review before funding, revenue, production users, or external contributors expand.
Future Controls
- CODEOWNERS for critical paths.
- Branch protection and required checks.
- Cloudflare Access or organization auth for internal docs/API docs.
- Separate roles for billing, infrastructure, API, docs, and community.
Not In Repo
Do not store tokens, recovery codes, account IDs, private legal records, or passwords in repo docs.