Operational summary
Publish model
- Build locally from canonical files using an explicit allowlist policy.
- Publish only generated static files from
sites/ops.bluegrouse.ai/dist/. - Do not expose
memory/,vault/, raw transcripts, or helper tooling on the hosted site. - Gate the hostname with Cloudflare Access before broad use.
Snapshot policy
Operator reminder
- If content should not be hostable, keep it out of included curated files.
- Daily notes are excluded from the hosted artifact by default.
- Raw transcript paths remain excluded even behind Access.