Generated from configs/governance/public-artifact-policy.yaml. Do not edit this file manually.
| Key | Value |
|---|---|
| current mode | private-default-with-public-safe-preview |
| public workflow enabled | true |
| default failure bundle mode | private-only |
Failure bundles and broad runtime evidence remain private-only by default. Public-safe publication is allowed only for the explicit allowlist below and only through dedicated audit-style workflows; broad runtime publication remains forbidden. Machine-local absolute paths, personal identifiers, unsanitized logs, and secret-like material are never public-safe repo content.
.runtime-cache/artifacts/ci/failure-bundles/.runtime-cache/artifacts/runs/.runtime-cache/artifacts/proof-campaigns/.runtime-cache/logs/.runtime-cache/release-gate/.runtime-cache/artifacts/ci/branch-protection-audit.json.runtime-cache/artifacts/ci/branch-protection-audit.md.runtime-cache/artifacts/ci/upstream-verification-ledger-<profile>.jsonscripts/ci/check-public-artifact-policy.mjsscripts/ci/check-sensitive-surface-leaks.mjs