Require user-provisioned release credentials

Hop-State: A_06FN6KM758JV6S44F6CA6W0
Hop-Proposal: R_06FN6KJWAY5XWVMCVQHCXKR
Hop-Task: T_06FN6GZKFMRV2HP5N7XMNSR
Hop-Attempt: AT_06FN6GZKFP22ZCFRXGB7V00
This commit is contained in:
Hop
2026-07-11 15:31:23 -07:00
parent 7139b9e1a7
commit 853acec229
6 changed files with 47 additions and 5 deletions
+9
View File
@@ -158,6 +158,15 @@ sanitizer replaces detected credential values before any durable write and
returns only typed redaction counts. Do not place the value in any later
command, summary, output, or source file.
## Account credential boundary
Hop never creates, rotates, lists, or revokes provider access tokens. Agents
must not use account token-management APIs or settings pages as a shortcut for
publishing work. A release or publishing task may use only a pre-existing
credential the user deliberately provisioned through an OS secret store or the
runtime's secret mechanism. When that credential is absent or invalid, stop and
ask the user to replace it; never mint a task-named token.
## Exit codes
| Code | Meaning |