# Python caches
__pycache__/
*.pyc
.pytest_cache/

# Generated Claude Code hook settings (preview + live are machine-local)
.claude/settings.json
.claude/settings.agent-gate-preview.json

# Runtime state (ledgers, evidence, leases) lives at ~/.agent-gate, OUTSIDE
# the repo on purpose, so it can never be committed.

# Python build artifacts (agent-gate publishes to PyPI)
/dist/
/build/
*.egg-info/

# Credentials NEVER belong in the repo — the PyPI token lives OUTSIDE it (same
# principle as the runtime state above). Defense-in-depth so a stray secret
# file can't be staged:
.env
.env.*
*.token
.pypirc
