# Python
__pycache__/
*.py[cod]
*.pyo
*.egg-info/
dist/
build/
.venv/
venv/
venv_*/
env/

# ML model weights directory (individual .safetensors/.gguf/etc already ignored above;
# this ignores the folder itself so it doesn't show in git status)
models/

# MLX / model weights
*.safetensors
*.gguf
*.bin
*.pt
*.pth
*.mlx

# LM Studio / memory
memory/
!memory/
!memory/*.py
!memory/migrations/
!memory/migrations/*
!memory/migrations/*.sql
!memory/chatlog_migrations/
!memory/chatlog_migrations/*.sql

# Database files
*.db
*.db-shm
*.db-wal
*.db.*.bak
*.db.bak*
*.db.backup-*
*.bak
*.sqlite

# Machine-local chatlog/migration config (contains absolute paths)
memory/.chatlog_config.json
memory/.chatlog_state.json
memory/.chatlog_ingest_cursor.json
memory/.migrate_config.json

# Scratch / temp files
.scratch/
logs/
x.xx*
x.xxx*
*.tmp
*.log
*.jsonl
# Test fixtures: chatlog ingest format tests need a sample transcript.
# The * .jsonl rule above would ignore it; explicitly negate that here.
!tests/fixtures/*.jsonl
# Ad-hoc diagnostic scripts at repo root (throwaway queries, one-off checks)
/get_*.py
/check_*.py
/debug_*.py

# macOS
.DS_Store
.AppleDouble

# Local machine-specific rules (contains IPs, endpoints, credentials — never commit)
LOCAL_RULES.md

# Discord bot — deployment is outside the repo (runs on N5 Pro LXC 503)
bin/discord_bot.py
bin/status_api.py

# Secrets / env / tokens (NEVER commit these)
.env
.env.local
.env.*.local
*.key
*.pem
*.p12
*.pfx
*.jks
*.cert
id_rsa*
.keyring
keyring.db
*_token
*.token

# Binaries
*.exe

# Aider
.aider/
.aider.chat.history.md
.aider.input.history
.aider.model.metadata.json
.aider.tags.cache.v4/
!.aider/protocols.md
!.aider.conf.yml

# OpenClaw runtime config (contains tokens & session data)
examples/sandbox-openclaw/.openclaw/
examples/sandbox-openclaw/config/.openclaw/
examples/sandbox-openclaw/.env
!examples/sandbox-openclaw/.env.example

# Backups and archives (contain historical secrets and credentials)
backups/
AI_Folder_Backup/

# Soft-delete staging area for files retired from the root / bin/. Anything
# moved here is kept locally until manually deleted — safer than outright
# `rm` for ad-hoc diagnostic scripts that might still be referenced from a
# runbook or a stashed change somewhere. Review contents periodically and
# `rm -r to_be_deleted/` once confirmed unneeded.
to_be_deleted/

# Benchmark run artifacts — run-catalog, result JSONs, per-run probe
# outputs, run plans. Keep these private; they carry operational detail
# (run IDs, SHR numbers, endpoint URLs) that belongs in .scratch/, not
# in the public repo. Published results live in README.md / docs/.
benchmarks/longmemeval/RUN_CATALOG.md
benchmarks/longmemeval/PLAN*.md
benchmarks/longmemeval/results.json
benchmarks/longmemeval/LME-*.json
benchmarks/longmemeval/refs/
docs/tools/probe_ingest_cost.md

# Generated MCP config (machine-specific paths; run bin/generate_configs.py to create)
.mcp.json

# Local migration state (machine-specific)
memory/.migrate_config.json

# Node
node_modules/

# LongMemEval benchmark raw data (265 MB JSON, too large for git; fetched out-of-band)
data/longmemeval/
data/memory.db

# LoCoMo benchmark raw data — fixture JSON trips secret-scanners with false
# positives (hardcoded-token patterns in test dialogue), and the files are
# large enough to be fetched out-of-band.
data/locomo/

# Security scanner output — transient per-run artifacts. Committing these
# makes every subsequent scan re-flag every finding in the prior report as
# a "hardcoded secret" (self-referential). Generated by scan_repo_v7.py to
# scan-reports/ and pushed straight to DefectDojo; no need to track.
scan-reports/

# Claude Code runtime locks
.claude/scheduled_tasks.lock

# m3_enrich auto-generated per-run reports — contain bench-variant
# names that are private to development branches. Manually-crafted
# entries (security-scan-*.md, README.md) stay tracked.
docs/audits/enrich-run-*.md

# LongMemEval bench territory — only the public benchmark report ships on main;
# everything else (harness, plans, runs, refs) is private to bench/lme.
benchmarks/longmemeval/*
!benchmarks/longmemeval/LME-S_Benchmarking_Report.md

# LoCoMo bench territory — only the public README ships on main; the audit
# is pending and the harness lives on private/locomo until results land.
benchmarks/locomo/*
!benchmarks/locomo/README.md

# Project Oxidation wave 0-9 bench artifacts. Per CLAUDE.md, bench data does
# not ship to public origin — these scripts hardcode local paths, capture
# host-specific timings, and reveal the test GGUF layout. Private only.
reports/
tests/bench_embed_path.py
tests/bench_e2e_retrieval_lme_m.py
tests/repro_concurrent_hang.py
