.ade/ at the repository root, alongside your source tree but outside Git’s control. Your code stays under normal version control; ADE’s runtime bookkeeping stays out of it.
Shared vs. local config
ADE splits configuration into two files, both merged into one effective config at read time:
Keep secrets and machine-specific paths in local config. Shared config is visible to the whole team, so anything in it ships to every teammate.
What stays local
Trust model
Commands saved as shared project defaults can run on developer machines. ADE treats those definitions as sensitive: when the shared config changes, it requires a local trust confirmation before the new version can spawn processes. Review such changes the same way you’d review a CI script or Dockerfile. Local config isn’t trust-gated — you only need to trust your own overrides.What’s committed, and what isn’t
ADE manages this for you. It writes a.ade/.gitignore that ignores everything under .ade/ by default and allowlists only the authored files meant to travel with the repo — ade.yaml, lane templates, skills, and project icons. Runtime files (the database, worktrees, artifacts, cache, and secrets) stay out of Git automatically, so you don’t have to maintain ignore rules by hand.
Permissions
Lane scope, provider modes, and the shared-config trust model.
Settings
Configure the app from the UI.
