# ── OS ────────────────────────────────────────────────────────────────────────
.DS_Store
.AppleDouble
.LSOverride
Thumbs.db
ehthumbs.db
Desktop.ini

# ── Editors ───────────────────────────────────────────────────────────────────
.idea/
*.iml
*.swp
*.swo
*~
.vscode/settings.json
.vscode/extensions.json

# ── Environment ───────────────────────────────────────────────────────────────
.env
.env.local
.env.*.local
# keep examples
!.env.example

# ── Node / pnpm ───────────────────────────────────────────────────────────────
node_modules/
.pnp
.pnp.*
.yarn/*
!.yarn/patches
!.yarn/plugins
!.yarn/releases
!.yarn/versions
pnpm-debug.log*
npm-debug.log*
yarn-debug.log*
yarn-error.log*

# ── Next.js ───────────────────────────────────────────────────────────────────
apps/web/.next/
apps/web/out/
apps/web/build/
apps/web/.vercel/
apps/web/next-env.d.ts
*.tsbuildinfo

# ── TypeScript ────────────────────────────────────────────────────────────────
*.d.ts.map

# ── Python ────────────────────────────────────────────────────────────────────
__pycache__/
*.py[cod]
*.pyo
*.pyd
*.so

# uv / virtualenvs
.venv/
venv/
.python-version.local

# build & dist
dist/
build/
*.egg-info/
*.egg
MANIFEST

# test & lint caches
.pytest_cache/
.hypothesis/
.mypy_cache/
.ruff_cache/
.coverage
htmlcov/
coverage.xml

# ── Docker ────────────────────────────────────────────────────────────────────
# Dockerfiles are tracked; ignore local override files only
docker-compose.override.yml

# ── Terraform ─────────────────────────────────────────────────────────────────
# State, local provider/plugin caches, and crash logs are never committed.
.terraform/
*.tfstate
*.tfstate.*
crash.log
crash.*.log
# Backend wiring and any *.auto.tfvars may carry env-specific or sensitive
# values — supplied at init/plan time, not tracked. Committed terraform.tfvars
# (non-sensitive only) is intentionally NOT ignored.
backend.hcl
*.auto.tfvars
*.tfvars.json
# Temporary `import` scaffold — carries env-specific resource ids; deleted after
# the one-time adoption of existing resources into state (see README §Importing).
**/environments/*/imports.tf
# direnv per-env shells carry provider credentials and TF_VAR secrets — loaded
# into the shell at plan/apply time, never tracked.
.envrc
.env

# Throwaway one-off scripts (dev data fixes, scratch). Never committed — real
# migrations belong in finos-tools.
.scratch/

# ── Misc ──────────────────────────────────────────────────────────────────────
*.pem
*.log
*.pid

# Kilo agent manager
.kilo/agent_manager.json