# TheProtocol — Root .gitignore
# Created: 2026-03-09 (§4.1 Credentials Rotation)

# !! NEVER COMMIT SECRETS / LOCAL CONFIG !!
# All env files except *.example templates. Covers .env, .env.production,
# .env.frame-b, .env.frame-c, .env.operator, .env.docker, and nested
# AgentVault/.../.env — while keeping the committed *.env.example templates.
.env
.env.*
!.env.example
# Local agent / MCP config — these carry live API keys
.mcp.json
.claude/

# Session logs (operational, not source)
sessionlogs2026/

# Debug/runtime artifacts
logs/
*.log
APEX_PREDATOR_JOBS.log

# Node
node_modules/

# Python
__pycache__/
*.pyc
*.pyo
*.pyd
.venv/
*.egg-info/
dist/
build/

# OS
.DS_Store
Thumbs.db

# Backups / snapshots — carry stale secrets + bloat
# (e.g. *.bak-pre-*, PRODUCTION_DOCS.bak-*, CLAUDE.md.bak-*, main.py.bak-*)
*.bak*
*.pre-*

# §2026-06-29 OSS secrets scrub (#153) — internal AI-operational docs + credential
# references that carry live secrets and MUST NOT ship to a public repo. These are
# operator/agent briefings, not platform source.
CLAUDE.md
CLAUDE_ADMIN.md
MY_APEX_PREDATOR_TOOLING.md
PRODUCTION_DOCS/CREDENTIALS_REFERENCE.md
# Sim/dev credential blobs
scripts/sim_credentials.json
**/*credentials*.json

# Throwaway FE screenshot/diag scripts (scratch, carry prod creds)
AgentVault/agentvault_registry/src/agentvault_registry/static/new_registry_frontend/shot_*.mjs
AgentVault/agentvault_registry/src/agentvault_registry/static/new_registry_frontend/diag_*.mjs
AgentVault/agentvault_registry/src/agentvault_registry/static/new_registry_frontend/gate_*.mjs
