# Credentials - NEVER commit API keys
.mcp.json
.env
.env.local

# Generated artifacts
dist/
.card/audit/
.card/cache/
.card/verify.json

# Hypothesis test cache
.hypothesis/

# Python
__pycache__/
*.pyc
*.pyo
.venv/
venv/
*.egg-info/

# Node
node_modules/

# IDE
.vscode/
.idea/
*.swp

# OS
.DS_Store
Thumbs.db

# Internal build/swarm artifacts — NOT for GitHub
nightjar-build-plan.md
nightjar-evolution-plan.md
nightjar-upgrade-plan.md
AGENTS.md
.bridgespace/
.gitnexus/
.claude/
docs/superpowers/

# Deprecated config
contractd.toml

# Mutation testing sandbox — disposable, never commit
mutation-lab/

# Scan-lab cloned repos — result .md files are committed, repos are not
scan-lab/mirofish/
scan-lab/hermes/
scan-lab/deerflow/
scan-lab/openswe/
scan-lab/minbpe/
scan-lab/makemore/
scan-lab/*.card.md

# PyPI upload instructions (contains credential guidance)
PYPI_UPLOAD.md

# Agent temp artifacts — screenshots, HTML validation pages, output files
*.output
w3-*.png
verify-results-*.png
.card/*.html
.card/*.png

