# Dependencies
node_modules/

# Lockfile policy: pnpm-lock.yaml is canonical (Glama uses pnpm).
# package-lock.json is intentionally ignored to avoid drift between
# npm/pnpm resolutions of the `overrides` field.
package-lock.json

# Build output (shipped via package.json "files")
dist/

# Test artifacts
test/hook-payload.json
*.tgz

# OS / editor
.DS_Store
Thumbs.db
.vscode/
.idea/

# Claude Code per-project settings (NEVER commit / publish)
.claude/

# Local data
.linksee-memory/
*.db
*.db-journal
*.db-wal
*.db-shm

# Env / secrets
.env
.env.*
*.pem
*.key
credentials*
.npmrc

# Logs
*.log
.tmp-tools/

# MCP registry publisher CLI (downloaded on demand)
.mcp-publisher/

# Local-only ops/security artifacts — NEVER publish.
# Even without secret literals, runbooks/endpoints/env-var-names are an attack-surface map.
# Keep the operational record local; commit only sanitized, abstracted subject material.
local/
security/
ops/
runbooks/

# Generated Drift OS artifacts (rendered from scripts/, like dist/)
drift-map.html

# Local-only assets sitting untracked in the working tree — never publish.
# (Design dumps / marketing / screenshots; guard against an accidental `git add -A`.)
_marketing/
UI model/
/Screenshot*.png
