I open-sourced my personal blog repo so I could use Giscus for blog comments — it needs a public repo with GitHub Discussions enabled. But open-sourcing the repo meant everything was public: unpublished drafts, raw session notes, half-baked ideas, and my TODO list. For a thought leadership blog, that's a problem. People could just read GitHub instead of the site. Before we even got to that realization, though, we found something worse. All of the work in this session was done conversationally through Coder Agents on a self-hosted home lab setup. (You'll hear a lot more about that setup soon — I'll be writing about the full home lab build next.) The Security Audit First thing we did was scan the repo for anything sensitive now that it was public. Found three issues. 1. The .gitignore Was Gone In a previous session, an agent had tried to set up a drafts workflow. The idea was to use .gitignore to keep drafts out of the repo.…