# mirror/exclude.txt — paths excluded from the public Axiom mirror.
#
# Gitignore syntax. The public repository is generated by copying the private
# source-of-truth tree minus everything matched here. See ADR-078.
#
# RULE: genericize-in-place is the default. A path belongs here ONLY when its
# institution/domain content cannot be removed without destroying the artifact.
# New domain leakage in shared files is a code-review smell, not a new entry.

# ----------------------------------------------------------------------------
# Strategy, planning & session scratch (private-only)
# ----------------------------------------------------------------------------
docs/working/
# Unpublished paper drafts + portfolio sequencing (in-progress / strategy)
docs/papers/working/
# Internal business/planning docs an OSS repo shouldn't ship
docs/prds/prd-okrs-2026.md
docs/prds/prd-executive.md
docs/specs/spec-executive.md
# Vega (trust/federation product line) — kept private for now: GTM strategy +
# the Vega-branded design spec. The underlying federation/security CODE stays
# public; only the Vega product docs are private.
docs/prds/prd-vega.md
docs/specs/spec-vega.md
# Hands-on manual test walkthrough (contributor scratch, not a shipped doc)
MANUAL_TEST.md

# ----------------------------------------------------------------------------
# Domain artifacts that ARE their domain (cannot be genericized)
# ----------------------------------------------------------------------------
# Vim syntax file for a nuclear transport code's input decks
src/axiom/infra/syntax/mcnp.vim
# Real-deployment LMS/Canvas case study (live course IDs, named co-lead)
src/axiom/extensions/builtins/classroom/docs/lms-integration-strategy.md

# ----------------------------------------------------------------------------
# Nuclear-domain eval corpora & export-control classifier regression fixtures
# (the domain vocabulary IS the test substance/grading rubric)
# NOTE: dependent tests need a public stand-in or must be excluded too — ADR-078.
# ----------------------------------------------------------------------------
tests/promptfoo/rag-ab-benchmark.yaml
tests/promptfoo/promptfooconfig.yaml
tests/promptfoo/rag-evals.yaml
tests/promptfoo/redteam-export-control.yaml
tests/routing/public_prompts.txt

# ----------------------------------------------------------------------------
# ALL GitHub Actions workflows are private-only. The public repo is a generated,
# force-pushed mirror (contribution model A: issues/discussions on public, code +
# CI in axiom-os-private). Running workflows on the mirror is wrong and harmful:
#   - publish.yml would fail PyPI Trusted Publishing (bound to the private repo)
#     or mis-publish; mirror.yml/issue-snapshot.yml are internal ops.
#   - ci.yml runs on the mirror push and FAILS (the mirror excludes some test
#     fixtures, e.g. tests/routing/public_prompts.txt) and its "Create Issue on
#     Failure" job filed an embarrassing public CI-incident issue.
# The authoritative CI runs in the private source-of-truth. Excluding the whole
# dir keeps the public repo a clean code mirror with no CI noise. (The .github
# issue/PR TEMPLATES are NOT under workflows/ and remain public.)
# ----------------------------------------------------------------------------
.github/workflows/

# ----------------------------------------------------------------------------
# Local agent runtime data (host-specific provenance, not platform code)
# ----------------------------------------------------------------------------
.axi/
