# Local per-collaborator overrides (top of Scope Hierarchy; must not be committed)
CLAUDE.local.md

# Build artifacts
bin/creed-crypto

# Dependencies
node_modules
node_modules/
.pnp
.pnp.js
venv/
__pycache__/
*.pyc
*.pyo
*.pyd
.Python
.mypy_cache/
env/
build/
dist/
*.egg-info/

# Testing
coverage/
*.lcov
.nyc_output
.coverage
.coverage.*
htmlcov/
.pytest_cache/

# Production
/build
/dist
*/dist
*/build

# SvelteKit build artifacts
.svelte-kit/
*/.svelte-kit/

# Logs and output files
logs
*.log
*.out

# Backup files
*.bak
*.backup
*.old
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*

# Environment (comprehensive — covers .env, .env.*, and *.env)
.env
.env.*
*.env

# IDE
.vscode/*
!.vscode/extensions.json
!.vscode/settings.json.example
.idea
*.swp
*.swo
*~
.DS_Store
# macOS AppleDouble sidecars and archive metadata (non-UTF-8; crash py scans)
._*
__MACOSX/

# Turborepo
.turbo

# Changesets
.changeset/

# Temporary
tmp/
temp/
*.tmp

# Production PostgreSQL configuration
.env.production.postgresql
.mypy_baseline.json

# Test artifacts and reports
test_artifacts/
test-results/
test_results/
test_reports/
reports/memory/
reports/fagan/
reports/performance/
reports/qa/
reports/qa-crawl/*/
output/playwright/
test*.db
dump.rdb

# Large regenerable artifacts — build output, research dumps (never in git history)
superego-frontend/output/
research/fablereconstruction/

# SSL private material (never commit secrets)
ssl/*.key
ssl/*.srl
ssl/*.csr

# Temporary test files
test-*.html
test-*.js
test_*.html
test_*.js

# Report files in root (should be in reports/)
*_report*.json
*_report*.md
fagan*.json
memory_leak*.json
smart_memory*.json
security-scan*.json
# Re-assert env exclusions for nested paths
config/*.env
superego-frontend/.env*
!.env.example
!.env.template
!.env.staging.example
!superego-frontend/.env.example
data/sessions/superego.db
docs/UVC_CSM_EMOJI_DUMP.md
*.db
*.db-shm
*.db-wal


# Signing keys (never commit private key material)
*.key
data/constitutions/registry/.keys/signing.key
data/attestation_keys/*.pem

# Browser/session state
cookies.txt
**/cookies.txt

# Secrets directory (salts, encrypted keys — never commit)
data/secrets/
# Local JWT/encryption key material (finding #6: .secrets/jwt_secret has no .key suffix
# so *.key alone did not cover it). Rotate + untrack existing tracked copies separately.
.secrets/

# GPG keyring (contains private key)
data/keys/.gnupg/
.venv
.venv_check/

# Coverage reports
coverage.xml

# Test artifacts in registry
data/constitutions/registry/test_safety_*.json

# ML Model Cache
.cache/
# Hypothesis database (property-based testing)
.hypothesis/
.mcp.json

# Runtime data (not source code)
data/compliance_reports/
data/gdpr_trust_states.json
data/billing/dead_letters/
data/audit_logs/
services/data/audit_logs/
profiling_data/
memory/superego/welfare/
:memory:

# Flash Review Cache
.flash_findings.json
.flash_full_review_checkpoint.json
.review_for_claude.diff
reports/flash_full_review_*.json
reports/flash_full_review_*.md
reports/red_team_audit/
data/deployment_snapshots/snapshot_*/
archives/reports/untracked/

# Runtime audit logs (regenerated, can contain sensitive session metadata)
data/audit/*.jsonl

# Security audit reports (regenerable, large files)
archives/docs/security/security_audit_*.json
archives/docs/security/security_audit_*.txt
archives/docs/security/type_safety_report.json
**/security_audit_*.json
**/security_audit_*.txt

# Gitleaks and security scan reports (regenerable)
gitleaks-report.json
bandit_report.json

# UVC debug dumps (keep UVC_CSM_EMOJI_COMPLETE_DUMP.json - it's conversation history)

# Playwright MCP artifacts
.playwright-mcp/

# LibreOffice lock files
.~lock.*

# Claude Code agent execution logs
.code/agents/*/exec-call_*.txt
# Claude Code agent worktrees (isolated agent copies)
.claude/worktrees/
.flash_costs.json

# Large benchmark results (use Git LFS or external storage)
benchmarks/results/*.jsonl
logs/flash_review.log

# Archived audit logs (local reference only)
archives/audit_logs/

# Mutation Testing
reports/mutation/*.html
reports/mutation/*.json
reports/mutation/*.sqlite
reports/mutation/*.toml
superego-frontend/mutation-report/
superego-frontend/mutation-report.json
superego-frontend/.stryker-tmp/
superego-frontend/.stryker-tmp-*/
.stryker-tmp/
.stryker-tmp-*/

# Performance benchmark baselines
.benchmarks/
# Rust build artifacts
crates/*/target/
/target/

# Session diaries and retrospectives (PRIVATE - never commit)
memory/diary/
memory/retrospective/
scripts/test_api_keys.py

# Vector stores (too large for GitHub)
memory/vector_stores/

# Session transcript backups (local only)
memory/transcript_backups/
mettle-api/

# Screenshots (use archives/ or external storage)
*.png
*.jpg
*.jpeg
!superego-frontend/static/**/*.png
!superego-frontend/static/**/*.jpg
!docs/**/*.png
# public/ is the served static-asset dir — its brand images are deliberate app
# assets, not screenshots. Without this, *.png assets there 404 in every deploy
# (e.g. creed-logo.png → blank hero wave) while .webp siblings ship fine.
!superego-frontend/public/**/*.png
!superego-frontend/public/**/*.jpg
!superego-frontend/public/**/*.jpeg
~$lue Context Protocol MDPI I3D1.docx

# Runtime state (process IDs, lock files)
.backend.pid
.frontend.pid
.claude/scheduled_tasks.lock

# Playwright CLI local snapshots (distinct from .playwright-mcp)
.playwright-cli/
creed_guardian/models/

# Model weights (large binaries)
weights/
*.gguf

# Paper preparation scripts (moved to _papers/scripts/)
apply_i3d8_*.py
diag_*.py
fix_narrative*.py
restore_*.py
validate_docx.py
deep_validate.py
compare_structure.py
check_ordering.py
minimal_edit.py
test_repack.py
test_minimal_edit.py
diff_parts.py
probe_refs.py
strip_numpr_refs.py
find_*.py

# VCP concordance debug artifacts (binary, not source)
*.docx

# Fagan reports and audit artifacts
fagan_*.md
*_fagan_report*.md
*_audit_report*.md

# design-sync upload staging (regenerable; source of truth is the claude.ai/design project + .design-sync/)
ds-bundle/
fleet-server/target/

# freeze skill session config (per-checkout, not shared)
.claude/skills/freeze/.active-freeze.json
