# Windows OS files
Thumbs.db
ehthumbs.db
Desktop.ini
$RECYCLE.BIN/

# PowerShell temp/output artifacts
*.ps1xml
*.psd1.bak

# Editor/IDE
.vscode/
*.suo
*.user

# Netcanon runtime data — device credentials, backups, job history, schedules.
# These directories are created at runtime and must not be committed.
devices/
schedules/
jobs/
configs/

# Fernet symmetric key used for credential-at-rest encryption.  Auto-
# generated inside $NETCANON_DATA_DIR on first use when no keyring
# backend is available (typical container deployments).  Never commit.
# See netcanon/security/credentials.py + SECURITY.md "Credential Storage".
.fernet_key
**/.fernet_key

# AI-assistant tooling — local session state, never committed.
# EXCEPTION: .claude/workflows/ holds reusable, version-controlled Workflow
# scripts (the ultracode blackboard runner) — shared tooling, not session
# state, so it IS tracked.  User-local config (settings.local.json,
# launch.json) stays ignored via the .claude/* glob.
.claude/*
!.claude/workflows/
.cursor/
.aider*/

# setuptools_scm auto-generated version file — written at build time
# from the git tag; never committed.
netcanon/_version.py

# Python build artifacts
__pycache__/
*.py[cod]
*.pyo
*.pyd
*.egg-info/
*.egg
dist/
build/
.eggs/

# cx_Freeze / MSI build outputs
*.msi
*.wixpdb

# Pytest / coverage
.pytest_cache/
.coverage
htmlcov/

# Virtual environments
.venv/
venv/
env/

# Environment files
.env
.env.*
# ...but DO track the example file so new contributors know which vars exist
!.env.example

# Cross-mesh fidelity audit — per-run JSON output is timestamped and
# regenerated by `python tools/run_full_mesh.py`.  The committed
# CROSS_MESH_RESULTS.md is the current-state snapshot; individual
# JSON runs are operator scratch space, not archive material.
tests/fixtures/real/_cross_mesh_runs/*.json

# Phase 4 reconciliation — same pattern as Phase 1.  Per-run JSON is
# regenerated by `python tools/run_phase4_reconciliation.py`.  The
# committed PHASE4_RECONCILIATION.md is the current-state snapshot; a
# SLIM latest.json (full aggregates + only the high-severity CODEC_BUG
# "investigate first" cells — see `_slim_for_commit`) IS committed as
# the stable input for Phase 4b investigation, while every FULL per-run
# JSON (incl. the ok-severity bulk) is gitignored.
tests/fixtures/real/_phase4_runs/*.json
!tests/fixtures/real/_phase4_runs/latest.json

# Pre-public-flip PR archive — local-only snapshot of all merged PRs
# (titles / bodies / comments / diffs / commit history including
# personal-author info) taken before deleting the PRs from the public
# GitHub interface.  See R10 in CHANGELOG.md.  Store in a separate
# private GitHub repo or non-git cloud for long-term retention.
_pr-archive-pre-public.json
_pr-archive-pre-public.md

# Dogfood/scratch-VM lab — mirrors Kontroll's gitignored `local/` paradigm.
# Holds pulled SSH keys, any decrypted secrets, the scratch-VM ledger, and the
# PVE build/watch/destroy scripts. NEVER commit — contains credentials.
/local/

# Uncommittable review artifacts — MUST never be tracked (nor reach the sdist).
#   * docs/codebase-review/ — the 2026-06 codebase-review dossier quotes the
#     scrubbed personal identifiers (email / operator-machine path) verbatim.
#   * docs/reviews/2026-06-19-run3-verification/ — holds third-party device
#     configs used to verify a run that carry no redistributable licence.
# The pii-guard workflow's content scan only catches the PII strings; the
# run3-verification configs match no pattern, so ignoring these paths here —
# plus the tracked-path assertion in .github/workflows/pii-guard.yml — is what
# actually keeps them out of the tree and the published PyPI source tarball.
docs/codebase-review/
docs/reviews/2026-06-19-run3-verification/
