Harden .dockerignore with security best practices

Author: nikolay-e

.dockerignore

@@ -1,11 +1,43 @@
-# Git
+# Version control
 .git/
 .gitignore
 .gitattributes
 .github/
 .gitleaksignore
 .gitlint
 
+# Secrets and credentials
+.env
+.env.*
+!.env.example
+*.key
+*.pem
+*.p12
+*.pfx
+*id_rsa*
+*id_ed25519*
+credentials.json
+secrets.json
+.secrets.baseline
+.netrc
+.npmrc
+.yarnrc
+.age-key.txt
+.garminconnect/
+
+# Cloud credentials
+.aws/
+.gcloud/
+.azure/
+
+# Private directory
+private/
+
+# Shell history
+.bash_history
+.zsh_history
+.sh_history
+
 # Python
 __pycache__/
 *.py[cod]
@@ -32,34 +64,30 @@ frontend/dist/
 frontend/.vite/
 frontend/coverage/
 
-# IDE
+# IDE and editors
 .vscode/
 .idea/
 *.swp
 *.swo
 *~
-.claude/
 
-# OS
+# OS files
 .DS_Store
 Thumbs.db
 
+# Claude AI tools
+.claude/
+
 # Documentation
-CLAUDE.md
+*.md
+!README.md
 
-# Data files (will be mounted as volumes)
+# Data files (mounted as volumes)
 data/
 *.csv
-*.html
-*.txt
 correlation_*.html
 daily_briefing_*.txt
 
-# Environment files (will be created by container)
-.env
-.garminconnect/
-.secrets.baseline
-
 # Logs
 logs/
 *.log
@@ -68,14 +96,17 @@ logs/
 tmp/
 temp/
 *.tmp
+*.bak
 
 # CI/CD
 .pre-commit-config.yaml
 .markdownlint.yaml
+renovate.json
 
-# Docker
-docker-compose.yml
-docker-compose.override.yml
+# Docker (prevent recursive inclusion)
+Dockerfile*
+.dockerignore
+docker-compose*.yml
 
 # Nested node_modules
 data/google/scripts/node_modules/
@@ -84,17 +115,5 @@ data/google/scripts/node_modules/
 tree.tmp
 directory_tree.yaml
 
-# SSH keys (prevent accidental exposure)
-*id_rsa*
-*id_ed25519*
-*.key
-*.pem
-
-# Private directory
-private/
-
 # Makefile
 Makefile
-
-# Renovate
-renovate.json