# Claude Code project-level instructions (local only, never commit)
CLAUDE.md

# Node
node_modules/

# Python
__pycache__/
*.py[cod]
*$py.class
*.so
*.pyd
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
!src/nexus/lib/
!tests/unit/lib/
# `rust/lib/` is a workspace member; the broad Python build-dir
# `lib/` pattern above would otherwise silently un-track every file
# under it (including its Cargo.toml). Without this line `cargo build`
# works locally — files exist on disk — but CI fails at workspace-load
# time with "rust/lib/Cargo.toml: No such file".
!rust/lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST

# Virtual environments
venv/
.venv/
ENV/
env/
.env
.nexus-admin-env
.demo-env

# PyCharm
.idea/

# VSCode
.vscode/
*.code-workspace

# Jupyter Notebook
.ipynb_checkpoints

# pyenv
.python-version

# Environments
.env
.env.save
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

# Testing
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
htmlcov/

# mypy
.mypy_cache/
.dmypy.json
dmypy.json

# Pyre type checker
.pyre/

# pytype static type analyzer
.pytype/

# Cython debug symbols
cython_debug/

# Ruff
.ruff_cache/

# uv
.uv/

# Protobuf generated
*_pb2.py
*_pb2_grpc.py
*_pb2.pyi

# Rust
target/
# Cargo.lock - keep it for reproducible builds (needed for Docker)
# uv.lock in Rust sub-crates — build artifact from maturin develop, not project-level lock
rust/*/uv.lock

# Nexus specific data directories
nexus-data/
nexus-data-*/
nexus-workspace/
nexus-test-*/
nexus-consent-*/
.nexus-server-data/
test-nexus-data/
test-server-data/
demo-data*/
*-demo-data/
test-fix-data/
*-examples-data/
*-examples-workspace/
*-server-data/
my-data/
# Ad-hoc data_dir names used by developers running local stacks.  Anything
# ending in -data under the repo root (e.g. nexus-bench-data/, foo-data/) is
# assumed to be a runtime volume holding admin keys, raft state, and CAS.
*-data/
# `data/` is the project-root data dir that ships in the Docker image
# (default skills live at data/skills/). A developer who runs
# `nexus serve` from the repo root without setting NEXUS_DATA_DIR drops
# raft state + redb + CAS into data/, which then bakes into the next
# `docker compose build` and silently pollutes federation bootstrap.
# Allow only `data/skills/` to be tracked; everything else under data/
# is runtime detritus.
/data/*
!/data/skills
!/data/skills/**
# Runtime state + credentials that can land anywhere `data_dir:` points to.
.admin-api-key
.state.json

# Nexus plugins (development)
nexus-plugin-*/

# Standalone backend storage directories (should be under nexus-data/)
/cas/
/dirs/

# Database files
*.db
*.db-shm
*.db-wal
*.sqlite
*.sqlite3
nexus-*.db
benchmarks/LINKEDIN_POST.md
# Logs
logs/
*.log
*.log.*

# Configuration (keep templates, ignore actual configs with secrets)
config.yaml
config.yml
*.local.yaml
*.local.yml
secrets/
!src/nexus/bricks/secrets/
*.encrypted

# Data directories
uploads/
downloads/

# OS specific
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db
desktop.ini

# Temporary files
*.tmp
*.temp
*.bak
*.swp
*~

# Docker
.dockerignore
docker-compose.override.yml

# Documentation builds
docs/_build/
docs/.doctrees/
site/

# Benchmarks
.benchmarks/

# Editor backups
*~
\#*\#
.\#*
# Archived/temporary documentation
/archive/
*_SUMMARY.md
*_STATUS.md
*_COMPLETE.md
examples/e2b/nexus
examples/cli/
!examples/cli/test_bulk_operations.py

# GCS credentials - never commit!
gcs-credentials.json
secret-manager-sa-key.json
.env.railway
aws-config
aws-credentials

# Claude Code
.claude/
CLAUDE.md
docs/plans/

# Cargo local config (Windows MSVC linker path is dev-machine specific).
# Keep the project Cargo config tracked for shared build environment defaults.
.cargo/*
!.cargo/
!.cargo/config.toml
NUL
NUL

# Deployment configs (environment-specific)
deploy/

# Build tools (binary)
tools/
tls/
nexus.yaml
scripts/nexus-ai-fs-demo/.env.scenarios
benchmarks/longmemeval/data/*.json
benchmarks/longmemeval/data/*.jsonl
privatevar/

# Local nexusd runtime zone state — generated by `nexusd start`,
# never source-controlled.
nexus-zones/
nexus_witness_data/
