node_modules/
dist/
!python/dist/
*.js
*.d.ts
*.js.map
!jest.config.js
!demo/public/*.js
!demo/public/js/**/*.js
!demo/public/js/**/*.d.ts
!demo/admin/public/*.js
.DS_Store
demo/data/

# Environment and secrets
.env
.env.*

# npm credentials — published workflows use GITHUB_TOKEN/secret-injected
# .npmrc; never commit a credential-bearing .npmrc.
.npmrc

# SQLite databases
*.db
# Demo DB is checked in (re-seeded by scripts/reseed-demo.ts under v1.0
# AI-BOM schema; RM026 Task 26 / REQ-124). The negation must come after
# the *.db rule above.
!tzun.db

# Railway local config
.railway/

# Superpowers working directory
.superpowers/

# Git worktrees
.worktrees/

# Local dev secrets / runtime state (never commit)
.envrc
# SQLite WAL/SHM sidecars are runtime-only; the committed tzun.db is
# captured with WAL checkpointed (close() flushes).
tzun.db-*

# Playwright MCP debug output (not source)
.playwright-mcp/
mobile-*.png

# Python build artifacts + virtualenvs
python/.venv/
python/build/
python/src/*.egg-info/
__pycache__/
*.pyc
.venv-*/
python/.pytest_cache/
.pytest_cache/
.ruff_cache/
.mypy_cache/

# Keep python/dist/ artifacts checked in per RM005.7 Task 16 (DEFERRED
# publish — Sandra runs twine upload manually).
# python/dist/  ← intentionally NOT ignored
