Publish and share knowledge safely
Bergur DavidsenUpdated 2026-07-15
Publishing makes knowledge easier to discover and increases the cost of mistakes. Review the entire sharing boundary—not only the fragment body—before making a workspace public or connecting it to a documentation site.
Decide what “published” means
Usable can expose knowledge through several paths:
- members in a private workspace;
- subscribers to a public workspace;
- a documentation site backed by a workspace;
- REST or MCP clients with access;
- webhook receivers and connected applications;
- cross-workspace symlinks.
Changing a fragment status to published does not override workspace access. Conversely, a public workspace can expose active content even when an author did not think of it as a formal document.
Prepare the source workspace
Define:
- audience and owner;
- included fragment types and statuses;
- title, summary, and tagging conventions;
- review and release process;
- file and screenshot policy;
- treatment of old releases;
- incident/removal process.
Separate private operational material from public documentation rather than relying on authors to remember which paragraphs are safe.
Review every content surface
Check:
- fragment title, summary, body, frontmatter, tags, and author-visible metadata;
- attached files, filenames, embedded images, and screenshots;
- collection names and descriptions;
- related links and symlink targets;
- workspace name, description, members, and visibility;
- webhook payload destinations and app permissions.
Remove secrets, tokens, cookies, keys, customer data, personal data without a lawful purpose, private URLs, internal tickets, and unreleased feature claims.
Screenshots can expose browser tabs, emails, hostnames, tokens, and admin-only controls. File metadata can expose author names and internal paths.
Write for humans and AI retrieval
A publishable page should have:
- one clear user question or outcome;
- prerequisites and audience;
- current terminology;
- complete durable content;
- expected results and failure guidance;
- concise summary and stable tags;
- links to canonical related pages;
- release context when behavior changes by version.
Avoid release-note dumps, unexplained endpoint lists, and duplicated definitions.
Validate permissions
Use the least-privileged role that represents the audience. Test as a viewer or subscriber, not only as an owner.
Confirm that:
- readers can open intended fragments and files;
- readers cannot edit settings or content;
- private workspaces and fragments remain inaccessible;
- applications and tokens are scoped to intended workspaces;
- public subscription does not accidentally grant authoring.
Publish a documentation workspace
For a workspace-backed docs site:
- Create or select a dedicated documentation workspace.
- Add consistent frontmatter required by the site, including unique slug, section, order, published status, and description.
- Keep page titles and summaries useful outside sidebar context.
- Configure tenant workspace identity, public site origin, and stable section order.
- Publish pages in coherent reading order.
- Revalidate or wait for the configured refresh interval.
- Open every production route.
Use the public origin in generated links. Do not let development request origins leak into production indexes.
Verify discovery
Test:
- sidebar section and page order;
- direct routes and previous/next navigation;
- ordinary docs search;
- Usable fragment search;
- agentic search using realistic questions;
- full-source retrieval;
llms.txt,llms-full.txt, and Markdown exports where provided;- links from related pages.
An index entry is not enough: open the URL and confirm the body is current.
Maintain after publication
Assign an owner and review trigger. When behavior changes:
- find the canonical page;
- verify released sources;
- update the page and related links;
- remove stale files and duplicate pages;
- reverify routes, search, and LLM indexes;
- record material user-facing changes in the appropriate changelog source.
Keep schemas, prices, quotas, and tool inventories linked to authoritative deployed sources when they change frequently.
Respond to accidental disclosure
- Remove or restrict the exposed content.
- Rotate any credential immediately.
- Disable affected integrations or webhooks.
- review caches, files, indexes, and downstream copies;
- notify the responsible owner and follow the applicable incident/privacy process;
- republish only after verification.
Deleting a page does not invalidate copied credentials or remove downstream webhook data.