Require user-provisioned release credentials

Hop-State: A_06FN6KM758JV6S44F6CA6W0
Hop-Proposal: R_06FN6KJWAY5XWVMCVQHCXKR
Hop-Task: T_06FN6GZKFMRV2HP5N7XMNSR
Hop-Attempt: AT_06FN6GZKFP22ZCFRXGB7V00
This commit is contained in:
Hop
2026-07-11 15:31:23 -07:00
parent 7139b9e1a7
commit 853acec229
6 changed files with 47 additions and 5 deletions
+3 -1
View File
@@ -38,7 +38,9 @@ public key independently. Checksum signing is listed as a launch gate in the
Release builds execute on a maintainer machine, not on the Gitea server. Use a
trusted, patched machine; keep the release token out of shell history and source
files; scope it to the Hop repository; export it only for the publish command;
and unset it immediately afterward. Releases upload as drafts for review.
and unset it immediately afterward. Releases upload as drafts for review. The
token must be provisioned by the user outside the agent session: Hop and its
agents never create, rotate, list, or revoke provider account tokens.
## Filesystem safety