From 65703afff33216f305b485d84d011cbdee9bad66 Mon Sep 17 00:00:00 2001
From: TheFlow <theflow@sydigital.com>
Date: Tue, 21 Oct 2025 18:56:47 +1300
Subject: [PATCH] security(gitignore): add 23 missing protection patterns for
 sensitive files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

SECURITY GAPS FIXED:
- Payment IDs: .stripe-ids.json
- Deployment configs: .rsyncignore
- Session closedowns: "closedown prompt", CLOSEDOWN*.txt/md
- Internal planning: SCHEDULED_TASKS.md, SITE_IMPROVEMENT_PRIORITIES.md,
  TRACTATUS_BRAND_SYSTEM.md, UI_TRANSFORMATION_PROJECT_PLAN.md
- Internal PDFs: CLAUDE_WEB_BRIEF.pdf, EXECUTIVE_BRIEF*.pdf
- Internal docs: docs/analysis/, docs/analysis-archive-*/,
  docs/FIND_STRIPE*.md, docs/FRAMEWORK_FAILURE*.md, docs/PRODUCTION_DEPLOYMENT*.md
- Temporary files: deployment-output.txt, migration-output.txt,
  PERPLEXITY_USER_PROMPT.txt, ECONOMIST_LETTER_*.docx

RESULT: .gitignore expanded from 171 → 193 lines
STATUS: All sensitive files now protected from accidental git commits

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
---
 .gitignore               | 24 +++++++++++++++++++++++-
 PUBLIC_REPO_CHECKLIST.md |  1 +
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 17384ca6..95fbd11a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -79,15 +79,26 @@ SESSION-*.md
 OPTIMAL_NEXT_SESSION*.md
 NEXT_SESSION*.md
 ARCHIVE_SUMMARY*.md
+CLOSEDOWN*.md
+CLOSEDOWN*.txt
+closedown prompt
+old claude md file
 
 # === INTERNAL PITCH DOCUMENTS ===
 PITCH-*.md
 TRACTATUS-ELEVATOR-PITCHES.md
+CLAUDE_WEB_BRIEF.pdf
+EXECUTIVE_BRIEF*.pdf
 
 # === INTERNAL PLANNING ===
 PHASE-*.md
 MEETING_NOTES*.md
 EXECUTIVE_BRIEF*.md
+SCHEDULED_TASKS.md
+SITE_IMPROVEMENT_PRIORITIES.md
+TRACTATUS_BRAND_SYSTEM.md
+UI_TRANSFORMATION_PROJECT_PLAN.md
+Tractatus-Website-Complete-Specification*.md
 
 # === INTERNAL SCRIPTS ===
 scripts/deploy-*.sh
@@ -108,6 +119,8 @@ docs/stripe-analysis/
 docs/economist-analysis/
 docs/framework-incidents/
 docs/deployment-logs/
+docs/analysis/
+docs/analysis-archive-*/
 
 # === INTERNAL DOCS FILES ===
 docs/DEPLOYMENT*.md
@@ -119,8 +132,9 @@ docs/DOCUMENT_SECURITY*.md
 docs/BLOG-POST-OUTLINES.md
 docs/PHASE-*.md
 docs/STRIPE_*.md
+docs/FIND_STRIPE*.md
 docs/KOHA*.md
-docs/SECURITY_AUDIT*.md
+docs/SECURITY*.md
 docs/BENCHMARK*.md
 docs/IMPLEMENTATION_PROGRESS*.md
 docs/BOOTSTRAPPING*.md
@@ -129,6 +143,8 @@ docs/SIMULATION*.md
 docs/SESSION*.md
 docs/API_MEMORY*.md
 docs/HOOKS*.md
+docs/FRAMEWORK_FAILURE*.md
+docs/PRODUCTION_DEPLOYMENT*.md
 
 # === SENSITIVE FILES ===
 *.key
@@ -139,6 +155,8 @@ secrets/
 credentials/
 ADMIN_LOGIN_INSTRUCTIONS.md
 .admin-credentials.local
+.stripe-ids.json
+.rsyncignore
 
 # === DATABASE DUMPS ===
 dump/
@@ -160,6 +178,10 @@ production.json
 # === TEMPORARY AUDIT FILES ===
 /tmp/*.md
 /tmp/*.txt
+deployment-output.txt
+migration-output.txt
+PERPLEXITY_USER_PROMPT.txt
+ECONOMIST_LETTER_*.docx
 
 # === SCREENSHOTS ===
 Screenshot*.png
diff --git a/PUBLIC_REPO_CHECKLIST.md b/PUBLIC_REPO_CHECKLIST.md
index 4fac61db..9f170552 100644
--- a/PUBLIC_REPO_CHECKLIST.md
+++ b/PUBLIC_REPO_CHECKLIST.md
@@ -161,6 +161,7 @@ Before pushing to public GitHub, verify:
 
 **Last cleaned:** 2025-10-21
 **Files removed:** 226 internal/sensitive files
+**.gitignore:** 193 lines (comprehensive protection)
 
 ---