security: harden npm package + fix Layer 1 allowlist

- Remove L2-ONLY skills from package.json files whitelist (council, executor,
  finance-agent, gemini-fallback, jarvis-briefing, etc.)
- Exclude voice_mapping.json from npm package (ElevenLabs voice IDs)
- Exclude MANIFESTO/EXPLICACAO docs from npm package (Layer 3 only)
- Replace broad boardroom/ and system/docs/ includes with specific file paths
- Fix layer1-allowlist.txt: remove dead ref to layer-rules.yaml, add layer2-manifest.txt
- Add scripts/filter-patterns.txt to .gitignore (security artifact)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: thiagofinch

.github/layer1-allowlist.txt

@@ -24,8 +24,8 @@ README.md
 LICENSE
 
 # === GITHUB CONFIG ===
-.github/layer-rules.yaml
 .github/layer1-allowlist.txt
+.github/layer2-manifest.txt
 
 # === CLAUDE CODE INTEGRATION (structure only) ===
 .claude/CLAUDE.md

.gitignore

@@ -230,6 +230,9 @@ build/
 _audit.ps1
 npm-publish-error.log
 
+# === SECURITY (filter-repo patterns, never commit) ===
+scripts/filter-patterns.txt
+
 # === LARGE FILES ===
 **/SellTheAgency.com_Presentation.pdf
 *.docx

.npmignore

@@ -82,6 +82,13 @@ docs/prompts/
 # === VOICE MODULE (Layer 3 only, not for package) ===
 system/jarvis-voice/
 
+# === VOICE MAPPING (contains ElevenLabs voice IDs) ===
+agents/boardroom/config/voice_mapping.json
+
+# === COMPANY-SPECIFIC DOCS (Layer 3 only) ===
+system/docs/MEGA-BRAIN-MANIFESTO-COMPLETO.md
+system/docs/MOGA-BRAIN-EXPLICACAO-COMPLETA.md
+
 # === IMPORT SCRIPTS WITH CREDENTIALS ===
 system/database/import-buyers.mjs
 system/database/import-buyers.sh

package.json

@@ -18,42 +18,21 @@
     ".claude/skills/01-SKILL-DOCS-MEGABRAIN/",
     ".claude/skills/02-SKILL-PYTHON-MEGABRAIN/",
     ".claude/skills/03-SKILL-AGENT-CREATION/",
-    ".claude/skills/04-SKILL-KNOWLEDGE-EXTRACTION/",
-    ".claude/skills/05-SKILL-PIPELINE-JARVIS/",
     ".claude/skills/06-SKILL-BRAINSTORMING/",
-    ".claude/skills/07-SKILL-DISPATCHING-PARALLEL-AGENTS/",
     ".claude/skills/08-SKILL-EXECUTING-PLANS/",
     ".claude/skills/09-SKILL-WRITING-PLANS/",
     ".claude/skills/10-SKILL-VERIFICATION-BEFORE-COMPLETION/",
     ".claude/skills/11-SKILL-USING-SUPERPOWERS/",
     ".claude/skills/_TEMPLATES/",
-    ".claude/skills/chronicler/",
     ".claude/skills/code-review/",
-    ".claude/skills/council/",
-    ".claude/skills/executor/",
-    ".claude/skills/fase-2-5-tagging/",
     ".claude/skills/feature-dev/",
-    ".claude/skills/finance-agent/",
     ".claude/skills/frontend-design/",
-    ".claude/skills/gdrive-transcription-downloader/",
-    ".claude/skills/gemini-fallback/",
     ".claude/skills/gha/",
     ".claude/skills/github-workflow/",
     ".claude/skills/hookify/",
-    ".claude/skills/hybrid-source-reading/",
-    ".claude/skills/jarvis/",
-    ".claude/skills/jarvis-briefing/",
-    ".claude/skills/ler-planilha/",
     ".claude/skills/plugin-dev/",
     ".claude/skills/pr-review-toolkit/",
-    ".claude/skills/resume/",
-    ".claude/skills/save/",
     ".claude/skills/skill-writer/",
-    ".claude/skills/smart-download-tagger/",
-    ".claude/skills/source-sync/",
-    ".claude/skills/sync-docs/",
-    ".claude/skills/talent-agent/",
-    ".claude/skills/verify/",
     ".claude/skills/verify-6-levels/",
     ".claude/skills/DETECTION-PROTOCOL.md",
     ".claude/skills/README.md",
@@ -62,7 +41,15 @@
     ".claude/templates/",
     ".claude/scripts/",
     "agents/council/",
-    "agents/boardroom/",
+    "agents/boardroom/CHECKLIST-MASTER.md",
+    "agents/boardroom/INTEGRATION-GUIDE.md",
+    "agents/boardroom/README.md",
+    "agents/boardroom/config/BOARDROOM-CONFIG.md",
+    "agents/boardroom/config/TTS-INTEGRATION.md",
+    "agents/boardroom/config/VOICE-PROFILES.md",
+    "agents/boardroom/scripts/",
+    "agents/boardroom/templates/",
+    "agents/boardroom/workflows/",
     "agents/constitution/",
     "agents/protocols/",
     "agents/_templates/",
@@ -71,7 +58,11 @@
     "agents/sua-empresa/_example/",
     "system/protocols/",
     "system/database/",
-    "system/docs/",
+    "system/docs/HOOK-INSTALLATION.md",
+    "system/docs/MEGA-BRAIN-DEMO-COMPLETA.md",
+    "system/docs/STRATEGIC-INTEGRATION-GUIDE.md",
+    "system/docs/architecture/",
+    "system/docs/hooks/",
     "reference/",
     "integrations/",
     "inbox/.gitkeep",