# Secrets & env
.env
*.env
*.secret

# Keys & certs
*.key
*.pem
certs/
secrets/

# Databases & dumps
*.db
*.sqlite
*.sql
dump_*/

# EXCEPT: Allow database schemas (needed for server rebuild)
!database-schemas/*.sql

# Logs & runtime data
logs/
*.log
__pycache__/
*.pyc
venv/
.venv/
**/venv/
**/.venv/

# ─── Brain API runtime state (mirrored to OHM1, NOT to GitHub) ──────────
# Registry + sessions + caches contain hardware hashes, public keys,
# session tokens, conversation state. Privacy-sensitive. Restore from
# OHM1 mirror on server rebuild, not from git.
brain_api/data/
brain_api/.conversation_cache/
brain_api/ains_registry.json
brain_api/ipoll_registry.json
brain_api/high_five_log.json
brain_api/agent_keys/
brain_api/founder_counter.json

# Pending claims, phantom sessions, consent store — never to GitHub
brain_api/**/pending_claims.json
brain_api/**/phantom_sessions.json
brain_api/**/consent_store.json
brain_api/**/ainternet_sessions.json
brain_api/**/ainternet_challenges.json
brain_api/**/byoa_agents.json
brain_api/**/canvas_data.json
brain_api/**/ai_response_log.json
brain_api/**/ai_team_context.json
brain_api/**/ai_teams_sessions.json
brain_api/**/evolution_timeline.json

# Static downloads (binaries served via nginx, not source)
brain_api/static/downloads/

# ─── Signing keys / keystores — NEVER on GitHub ─────────────────────────
# These live on DL360 + OHM1 mirror + USB stick + encrypted off-site backup.
# Loss = no more Play Store updates for org.ainternet.kit forever.
*.keystore
*.jks
*.keystore.gpg
*.jks.gpg
keystore.properties
keystores/

# Configs met secrets (we gebruiken straks templates)
config/
brain_api/provisioning.local.json
brain_api/provisioning.json

# Landing pages (privé - niet open source)
landing-pages/
humotica.com/
jtel.nl/

# Social media posts (strategie - niet open source)
SOCIAL-MEDIA-POSTS.md
HN-POST-UNDER-4000.md
STRATO-DEPLOY-HUMOTICA.md

# Endorsement outreach (privaat contact)
ARXIV-ENDORSEMENT-OUTREACH.md

# Deployment secrets
DEPLOYMENT-GUIDE.md

# R Project files (Dirty Data Challenge)
.Rproj.user
.Rhistory
.RData
.Ruserdata
*.zip
.mural_tokens.json
auth.json
gen-lang-client*.json
*.credentials.json

# Rust build artifacts
**/target/
*.whl

# Compiled binaries (build locally)
jis-router/jis-router
sentinel-rs/sentinel-rs

# Build distribution
sandbox/ai/codex/dist/
sandbox_backup/
did-jis-core

# =============================================================================
# Eigen repos — hebben hun eigen git remotes, niet dubbel opslaan
# =============================================================================

# Packages (elk een eigen repo)
packages/jis-iam-bridge/
packages/rapid-rag/
packages/reflux/
packages/sema-protocol/
packages/tibet-anticheat/
packages/tibet-ci/
packages/tibet-claw/
packages/tibet-context/
packages/tibet-core/
packages/tibet-db/
packages/tibet-edge/
packages/tibet-forge/
packages/tibet-iot/
packages/tibet-jawbreaker/
packages/tibet-ledger/
packages/tibet-marketplace/
packages/tibet-mesh/
packages/tibet-mirror/
packages/tibet-nis2/
packages/tibet-overlay/
packages/tibet-phantom/
packages/tibet-phantom-mcp/
packages/tibet-ping/
packages/tibet-pol/
packages/tibet-pqc/
packages/tibet-sbom/
packages/tibet-snap/
packages/tibet-soc/
packages/tibet-spiffe/
packages/tibet-tools/
packages/tibet-trail/
packages/tibet-triage/
packages/tibet-triage-mcp/
packages/tibet-twin/
packages/tibet-workload/
packages/tibet-y2k38/
packages/tlex-edge/
packages/tibet-tail/
packages/tibet-nc/

# Sub-projects met eigen repos
bunq7/
humotica-core/
jis-core/
JTm-dev/
kit-package/
symbAIon/
tibet-audit/
tibet-audit-npm/
tibet-core/
tibetclaw/
snaft/

# MCP servers (eigen repos)
mcp-servers/aidrac/
mcp-servers/ainternet/
mcp-servers/mcp-server-jis/
mcp-servers/sensory/
mcp-servers/tibet/

# Hackathon sub-repos
hackaway2026/clawmetry/

# Private memory (eigen repo)
.root_ai_memory/
.root_ai_thoughts/
brain_api/static/*.apk

# SWARM-003 refactor backups (local rollback only)
*.pre-secrets-refactor.bak
.env.bak-*
