Statuz files may contain sensitive project state. They should not contain secrets.
- API keys;
- access tokens;
- passwords;
- private personal data unless explicitly approved;
- confidential customer data;
- proprietary source snippets that should not be committed.
For public repositories, commit only safe status templates and examples.
For private local runtime state, add .statuz/private/ or .statuz/local.yaml to .gitignore.
Please open a private security report if you find a vulnerability in a Statuz implementation.