From 3caa3ebb7da20889cac41a9997e31b7044e03afc Mon Sep 17 00:00:00 2001
From: Jonathan Santilli <1774227+jonathansantilli@users.noreply.github.com>
Date: Tue, 24 Mar 2026 13:46:33 +0000
Subject: [PATCH] chore: switch docs to allowlist tracking policy

---
 .gitignore | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/.gitignore b/.gitignore
index bfa326c..e30304e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,15 +4,17 @@ node_modules/
 /coverage/
 /.nyc_output/
 
+# Docs policy: default deny, explicit allowlist only
+/docs/**
+!/docs/
+!/docs/assets/
+!/docs/assets/codegate-logo.png
+!/docs/deep-scan.md
+!/docs/public-evidence-map.md
+!/docs/remediation.md
+!/docs/why-codegate.md
+
 # Internal/private assets kept out of the public repo
-/docs/plans/
-/docs/showcase/
-/docs/release/
-/docs/CodeGate-PRD-v3.md
-/docs/CodeGate-PRD-Addendum-AgentScan.md
-/docs/feature-evidence-ledger.md
-/docs/workflow-audit-parity-checklist.md
-/docs/workflow-audit-real-cases.md
 /showcase/
 /scripts/showcase/
 /fixes.patch