.gitignore

# See https://help.github.com/articles/ignoring-files for more about ignoring files.
#
# If you find yourself ignoring temporary files generated by your text editor
# or operating system, you probably want to add a global ignore instead:
#   git config --global core.excludesfile '~/.gitignore_global'

# Ignore bundler config.
/.bundle

# Ignore the default SQLite database.
/db/*.sqlite3
/db/*.sqlite3-journal

# Ignore all logfiles and tempfiles.
/log/*
!/log/.keep
/tmp/*
!/tmp/.keep

# Ignore uploaded files in development.
/storage/*
!/storage/.keep

# Ignore assets.
/public/assets/

# === SECURITY: Environment and Secret Files ===
# Environment files (comprehensive protection)
.env
.env.*
!.env.example
!.env.*.example
!.env.sample
!.env.template

# Rails secrets and encryption keys
config/master.key
config/credentials.yml.enc
config/credentials/
*.key
*.pem
*.p12
*.p7b
*.pfx
*.jks
*.keystore

# Session and encryption keys
.session.key
session.key
encryption.key
*session*.key

# API keys and tokens
*secret*
!**/secret_manager.rb
*private*
*.token
*.tokens
api_keys.yml
api_keys.json
credentials.json
auth.json

# Kamal deployment secrets
.kamal/secrets
.kamal/.env
kamal.env

# Docker secrets and configs
docker/secrets/
.docker/config.json
.docker/daemon.json

# Temporary secret files
tmp/*secret*
tmp/*key*
tmp/*credential*
tmp/*token*
tmp/.env*

# Database dumps with potential secrets
*.sql
*.dump
*.db
*.sqlite*
backup/
backups/
dumps/
database_backups/

# Development database files (specific SQLite files)
development.sqlite3
test.sqlite3
*.sqlite3-journal

# SSL/TLS certificates and security files
*.crt
*.cert
*.cer
*.ca-bundle
*.ca
*.ca-cert
*.chain
ssl/
certificates/
certs/
tls/

# Test credentials (generated by rails db:seed)
test-credentials.json

# Cloud provider credentials
.aws/
.gcp/
.gcloud/
.azure/
*-credentials.json
service-account.json
service-account-key.json
gcp-*.json
aws-*.json

# GitHub and CI/CD secrets
.github/secrets/
.secrets/
secrets/
secrets.yml
secrets.json

# Kubernetes secrets
k8s/secrets/
kubernetes/secrets/
*-secret.yaml
*-secret.yml

# Terraform sensitive files
*.tfvars
terraform.tfstate*
.terraform/

# HashiCorp Vault
.vault-token
vault-*

# SSH keys and certificates
id_rsa*
id_dsa*
id_ecdsa*
id_ed25519*
*.pub
known_hosts
authorized_keys

# Payment gateway specific
stripe_*
paypal_*
*_stripe_*
*_paypal_*

# Ignore node_modules
node_modules/
/node_modules
# Extension frontend symlinks (created by scripts/setup-extension-frontend-symlinks.sh).
# These are symlinks not directories, so they don't match the `node_modules/`
# trailing-slash rule above.
extensions/*/frontend/node_modules

# Ignore compiled assets
/public/packs
/public/packs-test
/public/assets

# Logs and operational files (consolidated)
*.log
*.log.*
logs/
log/
npm-debug.log*
yarn-debug.log*
yarn-error.log*
*.pid
*.pid.lock

# Ignore yarn files
.pnp
.pnp.js

# Coverage directories and test reports (consolidated)
coverage/
.coverage/
/coverage/
.nyc_output
.nyc_output/
test-results/
cypress/screenshots/
cypress/videos/
cypress/downloads/
spec/reports/
junit.xml

# Playwright
playwright-report/
playwright/.cache/
e2e/.auth/
blob-report/

# Dependency directories
jspm_packages/

# Optional npm cache directory
.npm

# Optional eslint cache
.eslintcache

# Microbundle cache
.rpt2_cache/
.rts2_cache_cjs/
.rts2_cache_es/
.rts2_cache_umd/

# Optional REPL history
.node_repl_history

# Output of 'npm pack'
*.tgz

# Yarn Integrity file
.yarn-integrity

# Ignore parcel-bundler cache
.cache
.parcel-cache

# Ignore Next.js build output
.next

# Ignore Nuxt.js build / generate output
.nuxt
dist

# Ignore Gatsby files
.cache/
/public

# Ignore Vuepress build output
.vuepress/dist

# Ignore Serverless directories
.serverless/

# Ignore FuseBox cache
.fusebox/

# Ignore DynamoDB Local files
.dynamodb/

# Ignore TernJS port file
.tern-port

# Claude Flow system metrics and cache
.claude-flow/

# Claude Code worktrees (temporary isolated git worktrees from agent execution)
.claude/worktrees/
.claude/*.lock

# MCP configuration (generated per-environment via: scripts/manage-proxy-hosts.sh generate-mcp)
.mcp.json

# IDE and editor files (consolidated)
.vscode/
.idea/
*.iml
*.ipr
*.iws
.idea/dataSources.xml
.idea/dataSources.ids
.idea/sqlDataSources.xml

# Terminal multiplexer (personal dev config)
.tmux.conf
*.tmux.conf

# OS generated files
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db

# Backup and temporary files (consolidated)
*.bak
*.backup
*.old
*.orig
*.rej
*.swp
*.swo
.*.swp
.*.swo
*.tmp
*.temp
*.un~
*~
.#*
\#*\#
\#*#

# Archive files that might contain sensitive data
*.tar.gz
*.zip
*.7z
*.rar
exports/
export.json
export.csv

# Defunct swarm tooling (replaced by MCP shared memory)
.swarm/

# Security scan reports (generated locally)
security-reports/

# Auto-generated docs (source of truth is MCP/database)
docs/platform/knowledge/
docs/TODO.md
docs/platform/MCP_TOOL_CATALOG.md

# RSpec auto-generated example files
worker/spec/examples.txt

# Ad-hoc test scripts with potential secrets
server/scripts/test_*.sh
server/scripts/trigger_*.sh

# Test output artifacts
**/rspec_results.json

# Per-host extension enable/disable state (written by admin "Toggle Extension")
config/extensions_state.json
# Private extensions (added manually by maintainers with access to the private repository)
/extensions/business/
/extensions/trading/