.env
node_modules/
dist/
.next/
.angular/cache
build/
*.log
*.local
kubeconfig.yaml

# Internal documentation – sensitive strategy, compliance and legal docs.
# These MUST NOT be pushed to a public repository.
docs/internal/

# Internal strategy, ops & launch docs – never push to public repo
CACHLY_MASTER_PLAN.md
PRE_LAUNCH_CHECKLIST.md
PLAN_*.md
QUALITY_GATES.md
GOLIVE_PLAN.md
NPM_SETUP.md
NEXT_SESSION_CONTEXT.md
BOT_LAUNCH_PLAN.md
TODO_INFRA.md
# LUKS raw key – NEVER commit
*.secret
cachly-luks-key*
# age master private key – NEVER commit (only the .age encrypted bundle is safe to store)
infra/secrets/cachly-master.key
infra/secrets/make_bundle.py
infra/secrets/*.txt

# ── Internal / ops-only scripts ────────────────────────────────────────────────
# These scripts are operational helpers for the maintainer only.
# They often contain server addresses, timing-sensitive operations or
# GitHub/Cloudflare rate-limit workarounds and MUST NOT be committed.
# NOTE: scripts referenced in .github/workflows/ci.yml MUST stay tracked:
#   scripts/ci-build.sh, scripts/ci-up.sh, scripts/setup-emergency-ssh.sh
scripts/push-without-github.sh
scripts/set-clerk-webhook-secret.sh
scripts/setup-status-page.sh
scripts/setup-uptime-kuma.sh
scripts/setup-webhooks.sh
scripts/_setup_clerk_webhook.sh
infra/setup-github-secrets.sh
infra/rotate-secrets.sh
infra/setup-env.sh
infra/sync-to-server.sh
infra/post-vpn-connect.sh
infra/setup-cloudflare.sh
infra/setup-region-node.sh
# MCP debug wrapper (tees stdin/stdout to /tmp – maintainer only)
sdk/mcp/run-mcp.sh

# Swift build artifacts
sdk/swift/.build/
sdk/swift/Package.resolved
sdk-smoketest/swift/.build/

# Java/Gradle build artifacts
sdk/java/target/
sdk/java/.gradle/
sdk/java/**/*.class
sdk/jvm/
sdk/kotlin/.gradle/
sdk/kotlin/build/
sdk/kotlin/gradlew
sdk/kotlin/gradlew.bat
sdk/kotlin/gradle/

# Node/npm
sdk/mcp/package-lock.json
web/tsconfig.tsbuildinfo
web/.eslintrc.json

# Go
sdk/go/go.sum
api/reencrypt

# Age encrypted secrets bundle (safe to store, but not needed in repo)
infra/secrets/cachly-secrets-bundle.age
kubeconfig.yaml.bak
push-to-github.sh

# macOS
.DS_Store
.DS_Store?
._*
.Spotlight-V7
.Trashes

# IDE
.idea/
.vscode/
*.iml

# Temp / Deploy-Logs
/tmp/cachly-*.sh
deploy-*.log
deploy.log
*.tmp

# Podman / Docker temp proxy scripts
/tmp/cachly-ssh-proxy-*
/tmp/cachly-push-proxy-*

# SDK build artifacts
sdk/python/dist/
sdk/python/build/
sdk/python/*.egg-info/
sdk/python/__pycache__/
sdk/rust/target/
sdk/dotnet/nupkg/
sdk/dotnet/bin/
sdk/dotnet/obj/
sdk/php/vendor/
sdk/js/dist/
sdk/mcp/dist/
sdk/openclaw/dist/
sdk/go/cachly-go

# Web
web/.env*.local
web/out/

# API build
api/bin/
api/tmp/
api/reencrypt
# compiled API binaries (NOT the source directory api/cmd/server/)
/api/server
/api/server_new

# TS build info (generated, not source)
web/tsconfig.tsbuildinfo

# Python
__pycache__/
*.pyc
*.pyo
.pytest_cache/
*.egg-info/

# Agents SDK test artifacts
sdk/agents/.pytest_cache/

sdk/vscode/*.vsix
