Guard Order Preservation
We will not change the ordered fail-closed guard chain in gpc-signal without explicit migration criteria and verification evidence.
Docs
Architecture Commitments
Public constraints that guide change management for enforcement-critical code paths.
RLS Boundary Integrity
We will not bypass the customer-api dual-client boundary. Service role is for auth bootstrap only, while business data operations remain on user JWT + RLS.
Learning Auto-Apply Gate
We will not enable learning auto-apply by default. Rollout requires explicit criteria, regression gates, and staged evidence.
No Plaintext PII Logging
We will not intentionally log plaintext PII or secrets in runtime paths. Structured logs are redacted by design.