# Private-only paths — never published to the public mirror.
#
# SINGLE SOURCE OF TRUTH, read by both callers so they can never drift:
#   * scripts/publish/publish.ps1   — removes these paths from the curated snapshot before publishing.
#   * scripts/publish/scan_forbidden.py --published — scans the *publishable subset* (every tracked
#     file MINUS these paths), so the CI leak-gate (.github/workflows/security.yml) checks exactly the
#     files that would reach the mirror, without false-positiving on private-only docs.
#
# One path per line; blank lines and '#' comments are ignored. An entry matches a tracked file when the
# path equals it or is a directory prefix of it (e.g. "docs/security" covers "docs/security/PHI.md") —
# the same recursive removal publish.ps1 applies. The migration/PHI artifacts live in a git-ignored
# staging folder and never become tracked, so they are excluded already; this list is the defence in
# depth for tracked, private-only files.

CLAUDE.md
.claude
docs/security
docs/reviews
docs/marketing
docs/BACKLOG.md
docs/WORKTREES.md
# The Secure Development Standards (incl. Appendix A.4 'not-built' mechanisms and A.6 documented
# security-gap deviations) is kept private for now — revisit publishing it once the gaps close / an
# independent review is done. The doc is marked publishable, but not yet on the public mirror.
docs/Secure_Development_Standards.md
scripts/publish
# The scanner's own tests embed sample forbidden tokens (a customer name, a routable IP) to exercise
# detection — keep that file off the mirror (it is also in scan_forbidden.py's SKIP_PATHS so it never
# self-trips the gate).
tests/test_scan_forbidden.py
# Dependency updates are managed on the PRIVATE source repo (weekly schedule, PRs land durably). The
# mirror is a regenerated snapshot, so a Dependabot config there only yields dead, CLA-failing PRs.
.github/dependabot.yml
