# AegisVPN - Comprehensive .gitignore
# Environment files - CRITICAL
.env
.env.local
.env.servers
.env.*
!.env.example
.env.development
.env.test
.env.production
.env.backup
.env.bak
.env.save
.env.old
.env.orig
.env.swp
.env~
.env.tmp
.env.dist

# Subdirectory env files
*/.env
*/.env.*
**/.env
**/.env.*

# Git metadata - NEVER expose
.git/
.gitconfig
.gitignore_global

# Dependency directories
node_modules/
vendor/
venv/
env/
virtualenv/

# Build outputs
dist/
build/
*.pyc
__pycache__/

# Logs
*.log
logs/
npm-debug.log*
yarn-debug.log*
yarn-error.log*

# Database
*.db
*.sqlite
*.sqlite3

# Secrets & keys
*.pem
*.key
*.crt
*.p12
secrets/
credentials/
config/secrets/
# ChainMail deployment files
.env.chainmail
config.chainmail.deployed.env
*.env.bak_*
chainmail-contracts/deploy.out.json
chainmail-contracts/deploy.out.json.bak_*
# IDE
.vscode/
.idea/
*.swp
*.swo
*~

# OS
.DS_Store
Thumbs.db

# Backup files
*.bak
*.backup
*.old
*.save
*.orig
*.tmp
*~

# Config files
config.json
config.local.json
secrets.yaml
credentials.json
# ⚠️  CRITICAL: NEVER COMMIT ENVIRONMENT FILES WITH SECRETS!
.env
.env.local
.env.production
.env.*

# Server credentials - NEVER COMMIT
.env.servers
*.credentials

# Environment files with secrets
.env
.env.*
.env.local
.env.production
intelligence/.env
worker/.env
desktop/.env
landing/.env
admin/.env
contracts/.env
*.env.backup

# CRITICAL: Never commit private keys!
**/PRIVATE_KEY
**/*private*key*

# SQLite databases
*.db
*.db-journal

# Operating System
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db
*~
*.swp
*.swo

# Go
*.exe
!landing/public/downloads/*.exe
*.exe~
*.dll
!voidly-probe-app/src-tauri/resources/wintun.dll
*.so
*.dylib
*.test
*.out
go.work
go.work.sum
vendor/
agent/aegis-agent

# Node.js / TypeScript
node_modules/
npm-debug.log*
yarn-debug.log*
yarn-error.log*
.pnpm-debug.log*
dist/
build/
.cache/
*.tsbuildinfo

# Cloudflare
.wrangler/
.dev.vars
worker/.wrangler/

# Environment variables
.env
.env.local
.env.development.local
.env.test.local
.env.production.local
.env.production
*.env

# Secrets
secrets.yaml
config.yaml
!config.example.yaml
*.pem
*.key
*.crt
*.p12
dev-secrets.sh

# Terraform
*.tfstate
*.tfstate.*
*.tfstate.backup
.terraform/
.terraform.lock.hcl
terraform.tfvars
!terraform.tfvars.example
override.tf
override.tf.json
*_override.tf
*_override.tf.json
.terraformrc
terraform.rc

# Ansible
*.retry
inventory.ini
!inventory.example.ini
*.vault

# Foundry / Solidity
cache/
out/
broadcast/
lib/
!contracts/lib/
!landing/lib/
!intelligence/src/lib/
!worker/src/lib/
.env
.env.local
.voidly-credentials
.metrics-config
*.backup

# Rust / Tauri
target/
Cargo.lock
desktop/src-tauri/target/

# Python (for scripts)
__pycache__/
*.py[cod]
*$py.class
*.egg-info/
.Python
venv/
ENV/
.venv

# IDE
.idea/
.vscode/
*.sublime-project
*.sublime-workspace
*.iml
.project
.classpath
.c9/
*.launch
.settings/

# Testing
/coverage
/.nyc_output
*.lcov
.vitest/

# Build artifacts
*.log
logs/
*.pid
*.seed
*.pid.lock
aegis-agent
*.AppImage
!landing/public/downloads/*.AppImage
*.deb
!landing/public/downloads/*.deb
*.dmg
!landing/public/downloads/*.dmg
*.rpm

# Temporary files
tmp/
temp/
.tmp/
*.tmp

# Database files
*.db
*.sqlite
*.sqlite3
*.db-journal

# Certificates
*.csr
*.key
*.pem
*.p12
*.pfx
*.cer
*.crt

# Backup files
*.bak
*.backup
*~

# QR codes
*.png
!docs/**/*.png
!desktop/src/assets/*.png

# Registry files
registry.json
!scripts/registry.json.example

# OS specific
.fseventsd
.Spotlight-V100
.TemporaryItems

# Package files
*.box
*.gem
*.rbc
*.tar
*.tar.gz
*.zip

# Documentation build
docs/_build/
site/

# Local history
.history/

# Secrets - NEVER COMMIT
.env
.env.*
**/.env
**/.env.*
**/node_modules
**/.next
**/dist
**/build
**/.wrangler
contracts/.env
worker/.env
*.log
*.db
*.db-journal
!/.env
!/.env

# CRITICAL: Shell scripts contain passwords, IPs, keys
*.sh

# Internal docs/notes (keep README.md public)
docs/
ops/

# WireGuard client configs (contain private keys)
*-complete.conf
config*.conf
test.conf
!/.env
!/.env
!/voidmail-oneclick.sh
!/voidmail-oneclick.sh
!/voidmail-enable-public-links.sh
!/voidmail-enable-public-links.sh

# Private deployment scripts with credentials
private-scripts/
.private/

# CRITICAL: Root-level sensitive files
/.env
/dump.rdb
/*.conf
/config*.conf
/test.conf
/node-keys/
/docs/

# Exposed shell scripts with credentials
/chainmail_all_in_one.sh
/deploy-chainmail-password.sh
/full_chainmail_fix_backend.sh
/fix-mail-and-secure-links.sh
/fix-mail-messages-virtual.sh
/fix-mail-mailboxes-uuid.sh
/fix-mail-secure-links-all.sh
/fix-nacl-error.sh

# .env.example files are OK to commit
!**/.env.example
*.sh
!scripts/deploy-*.sh
*.log
api.log
frontend.log

# Voidly Probe App — un-ignore build-critical files
!voidly-probe-app/src-tauri/Cargo.lock
!voidly-probe-app/src-tauri/icons/*.png
# Privileged helper binary — built by CI, not committed
voidly-probe-app/src-tauri/resources/voidly-helper
# Helper daemon build artifacts
voidly-probe-app/src-tauri/helper-daemon/target/
!voidly-probe-app/src/lib/
!voidly-probe-app/src/lib/**
!voidly-probe-app/src/styles/
!voidly-probe-app/src/styles/**
!voidly-messenger/src/lib/
!voidly-messenger/src/lib/**
!voidly-messenger/public/icons/*.png
!voidly-messenger/public/og-messenger.png
