CLUTCH public distribution artifacts must not include private state from the environment where they were built.

• real usernames, machine ids, hostnames, user home paths, or workstation names;
• private network addresses, SSH endpoints, pairing namespaces, or local peer paths;
• tokens, passwords, cookies, private keys, credential helper output, or admin guard secrets;
• hardware registry entries copied from a real lab;
• runtime state, backups, snapshots, restore workspaces, local profiles, active bindings, or collab queues;
• project histories that describe private work.

The installer should default to token-based admin guard setup. The token is a local operator secret. It must be entered interactively or through stdin and stored only as a local salted hash.

Online GitHub use must be configured by the installing user. The distribution must not ship with an account, token, or remote URL that grants access to a private organization.

Run the scanner before packaging:

python3 tools/clutch_distribution_scan.py .

For private release staging, also supply a non-exported denylist file maintained outside the public distribution tree:

python3 tools/clutch_distribution_scan.py . --private-denylist <private-denylist.txt>

For what the scanner does and does not prove, use Privacy And Redaction before public review.

Keep the public-staging repository private until the release candidate passes the full Public Release Checklist and the operator explicitly approves the repository visibility change.