# Python
__pycache__/
*.py[cod]
*$py.class
*.so
*.egg
*.egg-info/
dist/
build/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
pip-wheel-metadata/
share/python-wheels/
*.manifest
*.spec

# Virtual Environments
venv/
ENV/
env/
.venv

# PyCharm
.idea/

# VS Code
.vscode/
*.code-workspace

# Jupyter Notebook
.ipynb_checkpoints
*.ipynb

# Data and Models
data/backups/
data/temp/
data/cache/
*.pkl
*.h5
*.pth
*.ckpt
*.safetensors
models/
# saas/models contains Python source, not ML weights — un-ignore it
!saas/models/
!saas/models/**

# Logs
logs/
*.log
*.out
*.err

# Testing
.coverage
.pytest_cache/
htmlcov/
.tox/
.nox/
coverage.xml
*.cover
.hypothesis/
test_results/

# Documentation
docs/_build/
site/

# Environment files
.env
.env.local
.env.*.local
*.env

# System files
.DS_Store
Thumbs.db
desktop.ini

# Temporary files
*.tmp
*.temp
*.swp
*.swo
*~
.tmp/

# Database
*.db
*.sqlite
*.sqlite3

# Secrets and credentials
*.key
*.pem
*.crt
*.pfx
secrets/
credentials/

# Performance profiling
*.prof
*.lprof

# Memory dumps
*.hprof
*.dump

# Claude
.claude/

# Local configuration overrides
config.local.yaml
settings.local.json

# Node modules
node_modules/

# FFmpeg binaries
ffmpeg.exe
ffprobe.exe
ffmpeg.zip
ffmpeg/

# Large binary files
*.exe
*.zip
*.wav

# Runtime data files
# Deployment-time generated files (written by CI, never committed)
data/deployment_manifest.json
data/logs/

# Autonomous-agent runtime outputs (confined here by core/autonomy/safe_output.py)
# and per-deployment status recorder state. Runtime artifacts, never committed.
data/runtime/
data/status/uptime_daily.json
data/*.db
data/*.sqlite

data/saas.db-shm
data/saas.db-wal
data/user_credentials.db-shm
data/user_credentials.db-wal
# Catch-all: never commit SQLite WAL/shared-memory sidecars (may hold
# uncheckpointed rows from credential/audit DBs).
*.db-shm
*.db-wal
*.db-journal

# --- P0-1: Audit chain durability ---
# The signed audit chain and governance evidence are EVE's store of record.
# They MUST NOT be git-tracked: git operations (checkout/reset/stash/merge)
# could silently rewrite the chain of custody. See scripts/migrate_audit_store.py
# and core/audit/store_guard.py. Relocate via EVE_AUDIT_STORE in production.
data/audit/
data/governance/
.chain_seal.json
**/.chain_seal.json
**/chain_seal.json
audit_migration_report.json

# P0-2: DR backup / restore drill artifacts (contain DB + audit copies — never commit)
/backups/
/restore_drills/
/restore_target/
restore_report.json

# P0-3: generated migration reconciliation artifact (regenerated each run)
POSTGRES_MIGRATION_RECONCILIATION.json
ALERT_VERIFICATION_REPORT.md

data/tts_cache/
data/voice_cache/
data/voice_events_log.json
data/ui_preferences_cache.json
data/uploads/
data/chroma/
data/test/
data/deep_integration_test_report.json
data/subsystem_config.json
data/sentience_calibration_knobs.json

# --- Audit BLOCKER #2: high-churn runtime/operational state ---
# These are mutated on every process start and pollute every diff. They are
# operational telemetry, not source. Relocate durable copies to a real store
# (Postgres / object storage) — see scripts/migrate_audit_store.py.
data/runtime_integrity/
data/resilience/
data/perf/
data/tve/
data/sentience/
data/coreguard/
data/stripe/
data/circuit_breaker/
data/accountability/
data/cognition_metrics/
data/continuous_consciousness/
data/observations/
data/molt/
data/agent_loop/
data/*.pid
data/eve.pid
data/*.log
cf_*.txt
cf_*_out.txt

# IaC provider cache / state (provider binaries are 100s of MB)
**/.terraform/
*.tfstate
*.tfstate.*
.terraform.lock.hcl
load_test_results/
eve_log.txt
test_output.wav
static_deploy.zip
nul

# Temp JS files
tmp_*.js

# OS / editor artifacts
extglob.FullName
*.lnk
MiroShark/
ruflo/

# Stray `terraform output -raw … > 0` redirect artifacts
deploy/terraform/aws-prod/0
deploy/terraform/aws-prod/value

# Generated sales/investor deck (dark + light) + its PNG previews (regenerate via scripts/)
eve_ai_core_sales_deck*.pptx
out_deck/
deck_preview/
deck_preview_light/
slide_1_background_preview.png
slide_1_full_preview.png
# Generated branded Word docs (regenerate via scripts/md_to_branded_docx.py)
docs/sales/design_partner_word/
docs/sales/prospect_word/
docs/sales/prospect_packs/

# Secrets / runtime state — never commit
# (committed copies were untracked via `git rm --cached`; rotate the leaked
#  values in real infra and purge from history with git filter-repo)
data/auth/.jwt_secret
data/security/
*.hex
data/api_keys.json
data/_archived/
data/memory_governance/
