# Environment variables (contains API keys)
.env
.env.*
!.env.example

# Credentials and secret material — NEVER stage these. Patterns guard against
# accidental `git add` of a real credential file even if it lands inside the
# repo tree (e.g. dropped during a copy-paste, generated by a tool that
# writes alongside the repo).
.credentials*
*.pem
*.p12
*.pfx
*.key
id_rsa
id_rsa.*
id_ed25519
id_ed25519.*
.netrc
.npmrc
.pypirc
secrets.json
secrets.yml
secrets.yaml
gh-token
*.token
service-account*.json
oauth_token*.json
_jackedAccount*.json

# Local databases (jacked stores real OAuth access/refresh tokens in SQLite)
*.db
*.db-journal
*.db-wal
*.db-shm
*.sqlite
*.sqlite3

# Python
__pycache__/
*.py[cod]
*$py.class
*.so
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg

# Virtual environments
venv/
ENV/

# IDE
.idea/
.vscode/
*.swp
*.swo

# Testing
.pytest_cache/
.coverage
htmlcov/

# OS
.DS_Store
Thumbs.db
nul

# Root-level test scripts (not part of test suite)
/test_permission_hook*.py
/test_permreq_*.py

# Runtime/session artifacts
.firecrawl/
.playwright-mcp/
.claude/worktrees/
.claude/checkpoints/
.claude/research/
.superpowers/
tmp/
/*.png
