# ============================================================================
# Allowed file patterns for git pre-commit and CI whitelist checks.
# One regex pattern per line. Lines starting with # are comments.
# Blank lines are ignored.
#
# PRINCIPLE: text source types are kept broad (low risk, high churn).
#            Config, binary, and other types are path-scoped.
#
# Binary files bloat the repo — do NOT add new binary wildcards without
# maintainer approval. See CODEOWNERS.
# ============================================================================

# ---------------------------------------------------------------------------
# Text source code — kept broad (low risk)
# ---------------------------------------------------------------------------
\.py$
\.js$
\.mjs$
\.html$
\.css$
\.md$

# ---------------------------------------------------------------------------
# JSON — path-scoped
# ---------------------------------------------------------------------------
^src/local_deep_research/defaults/.*\.json$
^cookiecutter-docker/.*\.json$
^package\.json$
^package-lock\.json$
^lighthouserc\.json$
^tests/(.*/)?package\.json$
^tests/(.*/)?package-lock\.json$
^tests/settings/golden_master_settings\.json$
# Allowlist of currently-known responsive UI bugs; checked-in baseline
# for test_responsive_ui_comprehensive.js so new regressions can fail.
^tests/ui_tests/responsive_baseline\.json$
# Journal-quality data: all datasets are runtime-downloaded into the user
# data dir, never bundled. Only __init__.py lives in the package data dir.

# ---------------------------------------------------------------------------
# YAML — path-scoped
# ---------------------------------------------------------------------------
^\.github/.*\.(yml|yaml)$
^\.semgrep/.*\.(yml|yaml)$
^bearer\.yml$
^\.grype\.yaml$
^\.hadolint\.yaml$
^\.pre-commit-config\.yaml$
^\.yamllint\.yaml$
^\.safety-policy\.yml$
^docker-compose.*\.(yml|yaml)$
^examples/.*/docker-compose\.yml$
^community_benchmark_results/.*\.yaml$
^cookiecutter-docker/.*\.yml$

# ---------------------------------------------------------------------------
# Shell scripts — path-scoped
# ---------------------------------------------------------------------------
^\.github/scripts/.*\.sh$
^\.pre-commit-hooks/.*\.sh$
^scripts/.*\.sh$
^tests/.*\.sh$
^docs/.*\.sh$
^examples/.*\.sh$

# ---------------------------------------------------------------------------
# Other config — explicit paths only
# ---------------------------------------------------------------------------
^src/local_deep_research/defaults/.*\.template$
^src/local_deep_research/notifications/templates/.*\.jinja2$
^unraid-templates/.*\.xml$
^pyproject\.toml$
^pdm\.lock$
^\.gitleaks\.toml$
^\.zap/rules\.tsv$

# ---------------------------------------------------------------------------
# Specific root/config files
# ---------------------------------------------------------------------------
.*\.gitkeep$
.*\.gitignore$
^\.coveragerc$
^\.gitleaksignore$
^\.semgrepignore$
^\.trivyignore$
^\.nvmrc$
^playwright\.config\.js$
^\.github/CODEOWNERS$
^MANIFEST\.in$
^LICENSE$
^README$
^Dockerfile$
^\.file-whitelist\.txt$
^\.github/security/.*\.txt$

# ---------------------------------------------------------------------------
# Binary assets — explicit paths only.
# Binary files bloat the repo; do NOT add new ones without maintainer approval.
# ---------------------------------------------------------------------------
^docs/images/Local Search\.png$
^docs/images/local_search_embedding_model_type\.png$
^docs/images/local_search_paths\.png$
^src/local_deep_research/web/static/favicon\.png$
^docs/.*\.ps1$
^src/local_deep_research/web/static/sounds/error\.mp3$
^src/local_deep_research/web/static/sounds/success\.mp3$
^installers/.*\.(bat|ps1|iss)$
