# Load testing
load-tests/

# Dependencies
node_modules/
*/node_modules/
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*

# Environment variables
.env
docker-compose.override.yml
.mcp.json
.env.local
.env.development.local
.env.test.local
.env.production.local

# Build outputs
dist/
build/
*.tsbuildinfo

# Runtime files
*.pid
*.seed
*.pid.lock

# Coverage directory used by tools like istanbul
coverage/
*.lcov

# Logs
logs/
*.log

# Temporary files
tmp/
temp/
.tmp/

# IDE files
.vscode/
.idea/
*.swp
*.swo
*~

# OS generated files
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db

# Uploaded files (development)
uploads/
documents/
selfies/

# Database
*.sqlite
*.sqlite3
*.db

# Cache
.cache/
.parcel-cache/

# Testing
.nyc_output/

# Deployment
.vercel/
.netlify/

# Local development
.local/


# Python (for OCR tools)
__pycache__/
*.pyc
*.pyo
*.pyd
.Python
venv/
.venv/

# Machine Learning Models
models/*.pb
models/*.h5
models/*.pkl

# face-api.js model weights — downloaded at Docker build time via download-models.js
backend/models/*.bin
backend/models/*.json
backend/models/*.shard*
backend/models/*.onnx
!backend/models/.gitkeep

# Deepfake detector ONNX model — generated by scripts/models/export-deepfake-detector.py
shared/models/*.onnx
!shared/models/.gitkeep

# Backup files
*.backup
*.bak
*.orig

# Tesseract training data
*.traineddata

# PaddleOCR ONNX model cache (auto-downloaded by ppu-paddle-ocr)
.cache/ppu-paddle-ocr/

# SDKs distribution
sdks/*/dist/
sdks/*/build/
sdks/*/*.egg-info/

# npm auth tokens (must never be committed)
.npmrc
**/.npmrc

# Test files
*.test.js

# Temporary processing files
backend/temp/
# Git worktrees
.worktrees/

# MediaPipe WASM assets (copied from node_modules at install time)
**/public/mediapipe/

# OCR benchmark scripts and specimens (internal tooling, not committed).
# Use scripts/* instead of scripts/ so explicit exceptions below can re-include
# specific files (negative patterns can't escape an ignored directory).
backend/scripts/*
# Operational tooling that DOES need to ship — narrow exceptions to the
# blanket scripts/* ignore above. Keep this list small and intentional.
!backend/scripts/rotate-encryption-key.ts
!backend/scripts/encryption-key-rotation.md
!backend/scripts/self-hosted-backups.md
!backend/scripts/mint-service-key.md
!backend/scripts/mint-service-key.ts
!backend/scripts/service-key.sh

# Caddy — generated Caddyfile and user-provided TLS certificates
caddy/Caddyfile
caddy/certs/*.pem
caddy/certs/*.key
caddy/certs/*.crt

# Claude Code local settings (personal config, MCP servers, output style)
.claude/

# Internal docs — all markdown (except README.md / CLAUDE.md) lives in docs/
/docs/
.vercel
.agents/
.aidesigner/
.env*.local
