Please do not file public issues that include raw personal data, tokens, OAuth credentials, database dumps, or private service payloads.

Use a minimal fixture-safe reproduction whenever possible. If a report needs private detail, contact the maintainer privately through GitHub before sharing artifacts.

• Secrets must stay outside git and be referenced by environment variable name.
• Live Gmail, Calendar, Qonto, WhatsApp, Telegram, Notion, and package-publish paths are opt-in only through documented gates.
• locus/core/ must remain free of adapter and I/O imports.
• Every state-mutating action must be auditable and reversible.