# Gate 00 — Repo hygiene

**State at `v1.1.0`: ✅ PASS.**

Foundational. Without this, every later gate is unverifiable.

## Required items

| Item                                                                                                               | Required | State                                                                                                                              |
| ------------------------------------------------------------------------------------------------------------------ | -------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| History scrubbed of binary data leaks (`*.db`, debug dumps)                                                        | yes      | ✅ PASS — see [`SECRETS_AUDIT_2026-05-27.md`](https://github.com/NKAP360-dev/edge-governance/blob/main/SECRETS_AUDIT_2026-05-27.md) |
| `.gitignore` covers `.env`, `*.key`, `*.pem`, `*.pfx`, `*.p12`, `*.jks`, `*.keystore`, `*credentials*`, `*secret*` | yes      | ✅ PASS                                                                                                                             |
| No build artefacts tracked (`coverage.xml`, `*.zip` binaries, runtime DBs)                                         | yes      | ✅ PASS                                                                                                                             |
| Internal/audit docs separated from product repo                                                                    | yes      | ✅ PASS — moved to `imported-from-app/` in governance                                                                               |
| CODEOWNERS in GitHub-native syntax                                                                                 | yes      | ✅ PASS                                                                                                                             |

## Why it matters

Before any auditor reads source, they grep for known secret patterns and look at git log for binary blobs. A `*.db` or `*.pfx` in history is an automatic disqualification — secrets at rest in *any* commit, even scrubbed, raise compliance flags.

## How it stays green

* Pre-commit gitleaks v8.28+ enforces a local hard stop on known patterns.
* CI `secret-scan` re-runs gitleaks on every PR (full history of the PR branch).
* Quarterly review: owner runs `trufflehog git --only-verified` against `main` and verifies 0 hits.

## Known carry-over

* `pocketbase/pb_data/data.db` is still tracked as a binary blob. Refactor planned in T+2 weeks — see Gate 10 (Phase 2) and the source [`DATA_DB_STRATEGY.md`](https://github.com/NKAP360-dev/edge-governance/blob/main/DATA_DB_STRATEGY.md). Does **not** block Gate 00 today because no secrets reside in that DB and pre-commit blocks future regression.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.edge.nyami.fr/banking-readiness/gate-00-repo-hygiene.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.