node_modules/
dist/
coverage/
*.bak
.DS_Store
.env
.env.*
.env.mcp

# hatch3r safe-write backups
.backups/

# hatch3r config archive (removed tool outputs)
.hatch3r-archive/

# Log files
*.log

# IDE files
.vscode/
.idea/
*.swp
*.swo

# Claude Code local scheduler state
.claude/scheduled_tasks.lock

# OS files
Thumbs.db

# Private governance IP (source of truth: hatch3r/hatch3r-governance) — only inventory.json stays public
governance/*
!governance/inventory.json

# Private audit methodology (source of truth: hatch3r/hatch3r-governance)
.claude/skills/h4tcher-audit-cycle/
.claude/skills/h4tcher-audit-execute/
.claude/skills/h4tcher-evolve/
.claude/skills/h4tcher-domain-author/
.claude/skills/h4tcher-governance-check/
.claude/skills/h4tcher-scoped-audit/
.claude/rules/audit-cycle-awareness.md

# Dogfood adapter output (D24-2). `hatch3r init` against this framework-dev repo
# would write the Claude adapter's per-file emissions into the dev `.claude/`,
# burying the 12 tracked dev rules under ~66 numbered rule files and untracked
# agents/commands/checks. Ignore every adapter-emitted path so the dogfood can
# never be committed or pollute the tracked tree. Tracked dev rules carry no
# numeric prefix, so the `[0-9]*-hatch3r-*.md` glob leaves them untouched.
.claude/rules/[0-9]*-hatch3r-*.md
.claude/agents/
.claude/commands/
.claude/checks/
.claude/hooks/hatch3r-hooks.json
.claude/hooks/agent-tool-policies.json
.claude/hooks/pretooluse-allowlist.mjs

# Local overlay repo that version-controls the private IP above to
# github.com/hatch3r/hatch3r-governance — see scripts/gov. The public repo ignores it.
.governance.git/

# Private ops runbook (overlay / hatch3r-governance only, skip-worktree'd) — never public (defense-in-depth)
ops/

# Other internal/scratch files (not for public repo)
todo.md
social_preview.png
.audit-workspace/
.evolve-workspace/
.re-envision-workspace/
.agents/
.hatch3r/
skills-lock.json
