# Python cache
__pycache__/
*.pyc
*.pyo
*.egg-info/
.pytest_cache/

# Virtual environments
venv/
env/
.venv/
.env/
**/venv/
**/env/

# Logs (generated at runtime)
logs/*.log
logs/*.out
logs/*.jsonl
logs/*.bak*
!logs/.gitkeep

# IDE
.vscode/
.idea/
*.swp
*.swo

# Backups
*.bak
*.tmp

# OS
.DS_Store
Thumbs.db
*:Zone.Identifier

# Runtime state (regenerated)
run/aar/
run/*.css
run/*.js

# Temporary
temp/
tmp/
nohup.out

# Demo logs
demo_logs/*.log
adapter_logs/*.log
*.json.json

# Security: Prevent committing private keys
logs/keyprobe/
*.raw
**/ml_dsa_*

# Secrets and keys (added by prod_one_click_fix)
.env
.keys/
keys/

# A2A Gateway runtime data (API key store, payment ledger — NEVER commit)
a2a_gateway/data/

# Backups and archives
backups/
logs/archive/

# Production artifacts and vaults
taskhawk_production/
taskhawk_vault/
vault/
kernel/

# WASM artifacts
wasm_kernel/
wasm_kernel.zip

# Evidence and audit files
taskhawk_evidence_*.json
commit_audit_*.md

# Runtime generated
run/*.json
run/*.npy
!run/.keep

# Temporary docker compose files (keep only main, prod, and autogen)
docker-compose.override.yml
docker-compose.artifact_stable.yml
docker-compose.enforcer_module.yml
docker-compose.fix_enforcer_cmd.yml
docker-compose.fixpkg.yml
docker-compose.fixrun.yml
docker-compose.healthfix.yml
docker-compose.prod.hotfix.yml
docker-compose.runtime.stable.yml
docker-compose.verify.yml
*.pyd
run/
logs/
**/node_modules/
frontend/dist/
backend/__pycache__/
sdk/**/__pycache__/
formal/states/
formal/tla2tools.jar
*.st
*.fp

# --- local secrets ---
.secrets/
secrets/
*.key
*.pem
*.hex

# --- backups / junk ---
*.bak
*.bak.*
*.swp
*.tmp

# --- large artifacts ---
dist/images/
*.tar
*.tgz
*.zip
publish/

# Extra safety
**/.keys/

# Frontend build artifacts (do not commit)
frontend/*.tsbuildinfo
frontend/vite.config.d.ts
frontend/vite.config.js

# Git hooks are tracked (shared across team)
# .githooks/ is NOT ignored - it's version-controlled

# Managed app build artifacts (root-level only, allow marketplace plans)
mainTemplate.json
!marketplace/**/plans/**/mainTemplate.json
!marketplace-commercial/**/plans/**/mainTemplate.json
!marketplace-gov/**/plans/**/mainTemplate.json

# Marketplace distribution zips (built by packaging scripts)
**/dist/*.zip

# local per-worktree overrides
.env.local
.vs/

# RTL verification artifacts (untracked)
RTL-KAT/

# Marketing and documentation (untracked)
website-content/
/agents/
*.pptx
webflow.md
/wsl_ram_reset.ps1

# Business documents and proposals (confidential, not for code repo)
proposals/
patents/
*.docx
!correspondence_federal/TaskHawk_CAISI_RFI_Response_*.docx
!TaskHawk_CAISI_RFI_Response_*.docx
*_ORIGINAL_BACKUP.docx
*.xlsx
!NISTIR-8596-Comments_*.xlsx
csv/

# Rust build artifacts
**/target/

# C++ build artifacts
cpp_enforcer/out/
cpp_enforcer/build/
cpp_enforcer/_codeql_build_dir/
**/CMakeFiles/
**/cmake-build-*/

# External repositories (cloned locally, not submodules)
github-mcp-server/
enforcer-cpp/build/

# Binary documents (not source code)
*.pbix
*.pdf
!website/public/research/*.pdf

# Data exports (regenerable from Azure/compliance tools)
ControlsExport*.csv
GroupsExport*.csv
PolicyComplianceExport*.csv

# Build output (regenerable)
dist/
dist-gov/

# Scratch markers (accidental empty files)
/=
/reading
/transferring

# Benchmark and analysis output
analyze_*/
benchmarks/
compliance_report_*.txt

# Session artifacts (notes, dumps)
resume_session.md
interesting.md
think_on_this.md

# Traceability generated artifacts (regenerable via tools/generate_traceability_matrix.py)
TRACEABILITY_MATRIX.csv
TRACEABILITY_MATRIX.json

# Windsurf (not used)
.windsurf/

# Local exploration / scratch
potential/

# Benchmark dataset cache (downloaded from HuggingFace, regenerable)
data/benchmark_cache/

# Federal contracting documents (confidential, not for code repo)
Federal/

# Cost analysis (business document)
cost-analysis.csv

# MCP server artifacts (external, packaged separately)
quick_xfer/

# Azure Marketplace UI definition (generated artifacts)
createUiDefinition.json
!marketplace/**/plans/**/createUiDefinition.json
!marketplace-commercial/**/plans/**/createUiDefinition.json
!marketplace-gov/**/plans/**/createUiDefinition.json
viewDefinition.json
!marketplace/**/plans/**/viewDefinition.json
!marketplace-commercial/**/plans/**/viewDefinition.json
!marketplace-gov/**/plans/**/viewDefinition.json

# PyPI recovery codes (NEVER commit)
PyPI-Recovery-Codes-*

# MCP registry auth tokens (NEVER commit)
.mcpregistry_*

# CDP API keys (NEVER commit)
cdp_api_key*.json

# mcp-publisher binary (downloaded tool, not source)
mcp-publisher

# Revenue loop runtime artifacts
tools/.revenue_loop_state.json
tools/revenue_loop.log
