Baseline Profile

Scope: source-available self-hosted deployments.

Core controls:

• Least-privilege access control.
• Secrets injected via environment or managed vaults.
• TLS enforcement and minimal network exposure.
• Structured audit logs with alerting.
• Security checks in pre-commit and CI.