# ── Trading backtest artifacts (binary parquet, too large for git) ───────────
backtests/

# ── Secrets / personal data ─────────────────────────────────────────────────
.env
.env.local
*.local.env
.env.tmp
venv
*.bak

# Local Claude Code session state (per-checkout, never committed)
.claude/

# LDD write-probe artifact (transient, written at session start)
.ldd_probe_tmp.txt

# LDD per-project tooling state (config, trace, statusline — never committed)
.ldd/

# CorvinOS user-state root (per-checkout, never committed)
.CorvinOS/

# Corvin-OS user-state root + auto-update marker (per-checkout, never committed)
.corvin/

# Channel-specific credentials and tokens (ADR-0035: operator/bridges/)
operator/bridges/discord/settings.json
operator/bridges/telegram/settings.json
operator/bridges/slack/settings.json
operator/bridges/email/settings.json
operator/bridges/whatsapp/settings.json
operator/bridges/whatsapp/auth/
# Timestamped credential backups (created by bridge.sh) — same secrets as auth/,
# must never be committed.
operator/bridges/whatsapp/auth.bak.*/

# Session state and message archives (private conversations)
operator/bridges/shared/inbox/
operator/bridges/shared/outbox/
operator/bridges/shared/processed/
# Per-bridge runtime dirs (filled by the daemons, drained by the adapter).
operator/bridges/discord/inbox/
operator/bridges/discord/outbox/
operator/bridges/discord/processed/
operator/bridges/telegram/inbox/
operator/bridges/telegram/outbox/
operator/bridges/telegram/processed/
operator/bridges/slack/inbox/
operator/bridges/slack/outbox/
operator/bridges/slack/processed/
operator/bridges/email/inbox/
operator/bridges/email/outbox/
operator/bridges/email/processed/
operator/bridges/console/inbox/
operator/bridges/console/outbox/
operator/bridges/console/processed/

# Bridge attachments — user-uploaded content (private by default,
# may contain chat exports, PDFs, screenshots). NEVER commit.
operator/bridges/email/attachments/
operator/bridges/discord/attachments/
operator/bridges/telegram/attachments/
operator/bridges/slack/attachments/
operator/bridges/whatsapp/attachments/
operator/bridges/shared/attachments/

# A2A pairing records + pending invites — contain HMAC/recv key material
# (256-bit secrets). Must never be committed; pairing is per-instance via
# `corvin-a2a pair` / the console. See ADR-0048 (L38).
operator/cowork/remote_origins/
operator/cowork/remote_endpoints/
operator/cowork/pending_invites/

# Voice / cowork per-session state (transcripts, recordings, session JSON)
operator/voice/sessions/
operator/cowork/sessions/

# Audit logs and runtime state outside .corvin/
core/**/audit.jsonl
core/**/*.session.json
operator/**/audit.jsonl
operator/**/*.session.json

# ── Build artifacts ────────────────────────────────────────────────────────
node_modules/
package-lock.json
*.pyc
__pycache__/
.pytest_cache/
.coverage
sbom.cdx.json

# ── Generated reports ──────────────────────────────────────────────────────
compliance_audit_report.json
e2e_validation_report.json
# Python virtualenvs (regenerated by each component's bootstrap.sh — never commit)
.venv/
**/.venv/
*.egg-info/
*.egg-info/

# ── Editor / OS noise ──────────────────────────────────────────────────────
.vscode/
.idea/
*.swp
*.swo
.DS_Store
Thumbs.db

# ── Logs and temporary files ───────────────────────────────────────────────
*.log
/tmp/
operator/bridges/**/voice.log
# ULO runtime debug logs (CORVIN_ULO_DEBUG=1) — never committed, PII-free but large
.log/

# ── Generated content (output files Claude creates per session) ────────────
~/.cache/corvin-voice/

# Keep example/template files
!operator/bridges/discord/settings.json.example
!operator/bridges/telegram/settings.json.example
!operator/bridges/slack/settings.json.example
!operator/bridges/email/settings.json.example
!operator/bridges/whatsapp/settings.json.example

# ── Dynamic skill-forge slot mirror (engine-discoverable, never committed) ──
operator/skill-forge/skills/
operator/skill-forge/skills/dyn/

# Voice samples / generated artefacts
outputs/

# ── Provider credentials / infrastructure secrets ──────────────────────────
.hetzner.env
*.secrets.env
*.credentials.env

# ── Local installation test (ops/docker-compose.local-test.yml) ─────────────
ops/local-test-data/
ops/.env.local-test

# Build artifacts (wheels/sdist) — never commit
dist/
