__pycache__/
*.py[cod]
*$py.class
*.so
.Python
.venv/
venv/
env/
build/
dist/
*.egg-info/
*.egg
.pytest_cache/
.mypy_cache/
.ruff_cache/
.coverage
coverage.xml
htmlcov/
.tox/
.nox/
.idea/
.vscode/
*.swp
.DS_Store
docs/_build/
docs/_autosummary/

# regstack runtime files (anchored to repo root so the demo config under
# examples/minimal/regstack.toml is still tracked)
/regstack.toml
/regstack.secrets.env
/regstack-bootstrap.json
**/regstack.secrets.env
**/regstack-bootstrap.json

# Defensive: keep credential material out of any commit, even from a
# misconfigured local dev env. None of these are checked in today, but
# the .env / *.pem / etc. patterns are recurring audit recommendations.
.env
.env.*
*.pem
*.key
*.p12
*.pfx
*.jks
*.crt
