# Python
__pycache__/
*.py[cod]
*.egg-info/
.pytest_cache/
.mypy_cache/
.ruff_cache/
.hypothesis/
.venv/
venv/
env/
dist/
build/

# JavaScript / TypeScript
node_modules/
*.log
.npm
.pnpm-store/
coverage/
.next/
.nuxt/
.turbo/

# Rust
target/
Cargo.lock

# IDE
.vscode/
.idea/
*.swp
*.swo
.DS_Store

# Local env
.env
.env.local
.env.*.local
.envrc

# Credentials and secrets — defense in depth, the platform's threat
# model assumes uploaded bot images carry no per-user secrets but a
# leaked dotfile in a contributor's working tree is still bad.
*.key
*.pem
*.cert
*.crt
secrets.*
credentials.*
.aws/credentials

# Build artifacts
*.tar.gz
*.zip
*.whl
