Only the production main branch is actively supported.
Do not open public issues with secrets, tokens, database dumps, private URLs, or user data.
Report sensitive issues directly to the service maintainer/admin account used for production operations.
The following must never be committed:
.envand staging env files- Telegram bot tokens
- payment gateway keys
- 3X-UI credentials and tokens
- SQLite databases
- logs, backups, and migration bundles
Before pushing, run:
git status --short
git diff --cached --name-onlyConfirm only source, docs, templates, and safe examples are staged.