# Environments
.venv/
venv/
env/

# Python
__pycache__/
*.py[cod]
*.egg-info/
.eggs/
build/
dist/

# Secrets
.env

# Tooling caches
.pytest_cache/
.ruff_cache/
.mypy_cache/

# Pipeline output
output/

# OS
.DS_Store

# Deployment secrets — never committed (compose reads them from files).
secrets/

# Sample PDFs are never committed — fetch them with examples/download_samples.py
# (see examples/README.md). This keeps the repo small and avoids vendoring.
testfiler/
*.pdf

# Local runtime config — copy config.example.yaml to config.yaml and edit it.
/config.yaml

# Internal cross-project notes (consumer feedback, etc.) — product-level issues
# are tracked as public tickets in docs/tickets/; raw internal notes stay local.
/docs/figmark-feedback.md

# Our-instance docs — runbook (host/token/network) and local-hygiene tickets.
# Tracked here (not just .git/info/exclude) so the protection survives a re-clone.
# The filename pattern is generic; the contents stay out of this public repo.
/LOCAL_*.md

# Local leak-guard patterns (the literal host/IP/token markers the pre-commit
# hook blocks on). Instance-specific, so it must never be committed.
/.leakguard
