chore: harden .gitignore with safety patterns for secrets

TimmekHW · TimmekHW · commit f52327b4fd0d · 2026-05-28T18:29:52.000+03:00
Add catch-all patterns to prevent accidental commits of:
- env files (.env, .env.*, *.env)
- personal/local-only scripts (*.local.py, test_live*.py)
- credentials/tokens (*secret*, *token*, *.key, *.pem)
- internal docs (*_internal.md, INTERNAL_*)
diff --git a/.gitignore b/.gitignore
@@ -31,3 +31,38 @@ docs/*
 PRESENTATION.md
 scripts/full_test_bot.py
 scripts/button_test.py
+
+# ── Safety net for secrets — never commit these ─────────────────────────
+.env
+.env.*
+*.env
+.envrc
+
+# Personal / local-only scripts (never published)
+*.local.py
+*_local.py
+*_private.py
+local_*.py
+test_live*.py
+private_*.py
+
+# Credentials / tokens / keys (any file with these names)
+*secret*
+*credentials*
+*credential*
+*token*
+*.key
+*.pem
+*.p12
+*.pfx
+*.cer
+*.crt
+config.json
+config.local.*
+settings.local.*
+
+# Internal docs — anything explicitly marked private/internal
+*_internal.md
+*_private.md
+INTERNAL_*
+PRIVATE_*
