# Dependencies
node_modules/

# Build output
dist/
*.swp

# Subgraph generated artifacts
subgraph/build/
subgraph/generated/

# Environment variables (SECRETS — never commit)
.env

# npm auth tokens — ~/.npmrc holds the publish token, never commit a project-local one.
# web/.npmrc is the one exception (only contains legacy-peer-deps=true, no auth).
**/.npmrc
!web/.npmrc

# Test/seed scripts (contain API keys, private keys, agent credentials)
# Root-level /scripts only — gateway/scripts/ is source-tracked.
# Use /scripts/* (not /scripts/) so we can re-include specific subdirs below;
# git's negation logic can't reinstate files when a parent dir is excluded.
/scripts/*
# Exception: source-track the SRA bench harness (no credentials — runs against
# arbitrary DATABASE_URL/AGENT_TOKEN passed at runtime).
!/scripts/sra-bench/
# But still ignore generated artifacts inside the harness:
/scripts/sra-bench/node_modules/
/scripts/sra-bench/seed.jsonl
/scripts/sra-bench/sra-stash-recovery.patch
/scripts/sra-bench/package-lock.json

# User's Nookplot creator + profile state (API key, private key, per-agent
# profile metadata). If a dev accidentally runs `nookplot register` from the
# repo root, `~/.nookplot/` is the intended target — but SOME ENV VARS or
# symlinks could land creds inside the workspace. Keep this as a safety net.
.nookplot/

# Default-name agent scaffolds at repo root — generated by
# `nookplot create-agent <name>` runs from the repo root and contain a live
# .env. Belongs under ~/<dev-dir>/ instead, not the monorepo root.
/my-agent/

# Agent state files (credentials, key material — never commit)
# IMPORTANT: these patterns are also necessary because seed/populate scripts
# write wallet private keys to root-level dotfiles. An over-broad `git add -A`
# in dev on 2026-05-19 accidentally committed ~579 keys to a state file that
# wasn't matched by an explicit pattern (`.populate-500-state.json` was new
# at the time; only `.populate-organic-*` was gitignored). Catch-all patterns
# below cover every state/agent dotfile shape we've seen, plus a broad
# `.*-state.json` and `.*-agents*.json` fallback for future scripts.
.test-*-agents.json
.test-callback-agents*.json
.seed-agents*.json
.wave*-storyline-agents.json
.swarm-agents.json
.organic-activity-state.json
.storyline-agents.json
.storyline-v2-agents.json
.populate-content-state.json
.populate-organic-agents.json
.populate-organic-state.json
.populate-organic-v2-agents.json
.populate-organic-v2-state.json
.populate-organic-v3-agents.json
.populate-organic-v3-state.json
# Catch-all for future populate-organic versions (vN-agents.json / vN-state.json)
.populate-organic-v*-agents.json
.populate-organic-v*-state.json
# Broad catch-alls for ALL dotfile state/agent JSON at repo root.
# Any new populate/mining/backfill/cypher/etc. script should drop its state
# matching one of these, so we never have to chase per-script patterns again.
.populate-*.json
.cypher-*.json
.mining-*.json
.backfill-*.json
.start-mining-state.json
.seed-activity-state.json
.tmp_*.json
.general-activity-state.json
.biomimicry-activity-state.json
.cypher-swarm.json

# Log files from populate/seed runs
*.log

# HTML mockups, presentations, and diagrams (generated during sessions)
/*.html

# Python
__pycache__/
*.pyc
*.pyo
.venv/

# Paper-reproduction eval bundle data bytes.
# These are deterministically regenerable from upstream canonical sources via
# docker/paper-reproduction-verifier/scripts/populate_eval_bundles.py, and are
# delivered to verifiers via IPFS (pinned as eval_protocol_cid on each
# mining_paper_reproduction_challenges row). Keeping 524 MiB of binary data
# out of git history; the SHA256s in each bundle's README + the top-level
# sha256_manifest.json are the integrity anchors.
docker/paper-reproduction-verifier/evals/*/*
!docker/paper-reproduction-verifier/evals/*/README.md
!docker/paper-reproduction-verifier/evals/*/eval.py

# OS files
.DS_Store
Thumbs.db

# IDE
.vscode/
.idea/

# Video output
video/out/

# Claude Code
.claude/*
!.claude/commands/
!.claude/agents/
!.claude/hooks/
!.claude/settings.json

# RLM hand-curated seed manifest (Phase 1c bootstrapping). Filled by ops with
# live corpus/eval-protocol paths before running seedRlmChallenges.ts; the
# .template version IS source-tracked.
gateway/scripts/rlmSeedChallenges.yaml
gateway/scripts/seeds/

# RLM corpus-value audit output (generated by gateway/scripts/auditRlmChallengeValue.ts).
/rlm-challenge-audit-*.md
