# Strategy docs, build plans, PR descriptions — keep out of public repo
# README.md is explicitly allowed (needed for PyPI/GitHub)
*.md
!README.md
!CHANGELOG.md
!CONTRIBUTING.md
!CODE_OF_CONDUCT.md
!SECURITY.md
!docs/*.md
!docs/**/*.md
!docs-dev/*.md
!docs-dev/**/*.md

# Internal review artifacts (do not commit)
docs/CODE_REVIEW_*.md
docs/REVIEW_*.md
docs/*_REVIEW.md
docs/INTERNAL_*.md
BUILDPLAN.md
TRADE_SECRET*.md
CHANGES_TO_APPLY_MANUALLY.md

# Private Cloud repo — decoupled from OSS
capfence-cloud/

# Python
__pycache__/
*.py[cod]
*$py.class
*.so
.Python
*.egg-info/
dist/
build/
.eggs/
*.egg

# Tool caches
.mypy_cache/
.pytest_cache/
.ruff_cache/

# Virtual environments
venv/
.venv/
env/
ENV/

# IDE
.vscode/
.idea/
*.swp
*.swo

# Environment secrets
.env
.env.local
.env.production

# Encrypted files
*.age
key.txt

# Trade secrets (NEVER commit to git)
TRADE_SECRET.md
TRADE_SECRET*

# Patent documents (NEVER commit)
*patent*
*Patent*
*PROVISIONAL*

# Init docs (patent documents, strategy HTMLs)
.initdocs/

# Archive (old build plans, deprecated docs, superseded specs)
archive/

# OS
.DS_Store
Thumbs.db
site/
capfence-demo/capfence-assessment-report.html
capfence-demo/audit.db
