# ============================================================ # Veza/Talas — Global .gitignore # Stack: Go, Rust, TypeScript/React, Docker, Scripts # ============================================================ ### Node / JS node_modules/ dist/ build/ .next/ pnpm-lock.yaml npm-debug.log* yarn-debug.log* yarn-error.log* ### Rust target/ Cargo.lock *.rs.bk ### Go *.exe *.exe~ *.dll *.so *.dylib ### Python (scripts/tools) __pycache__/ *.pyc ### Logs / Dumps *.log logs/ *.pid *.seed *.gz ### Database dumps — SECURITY(REM-034): Never commit database artifacts **/veza_back_api_db/ *.sql.dump *.pgdump ### Editors / IDE .vscode/ .idea/ .cursor/ *.swp *.swo ### System trash .DS_Store Thumbs.db ### Temp / Cache tmp/ temp/ .cache/ .turbo/ coverage/ coverage-final.json typecheck*.txt output*.txt design_system*.html *_design_system*.html MODULE.bazel.lock ### Test artifacts *.test *.coverage *.out test-results/ playwright-report/ ### Build / Bundles *.wasm *.bundle.js *.map apps/web/dist_verification/ **/dist_verification/ ### Environment / Secrets (NE JAMAIS COMMIT) .env .env.* !.env.example !.env.staging.example **/.env **/.env.local **/.env.* !.env.example !.env.staging.example veza-backend-api/.env veza-chat-server/.env veza-stream-server/.env apps/web/.env.local .secrets/ ### Docker docker-data/ *.tar # HAProxy SSL certs (never commit private keys or full-chain certs) docker/haproxy/certs/*.key docker/haproxy/certs/*.pem docker/haproxy/certs/*.crt # JWT RSA keys (v0.9.1 RS256 migration — NEVER commit) jwt-private.pem jwt-public.pem veza-backend-api/main veza-backend-api/api veza-backend-api/veza-api veza-backend-api/migrate_tool chat_exports/ # Debug/test screenshots (root level) screenshot-*.png sidebar-*.png player-*.png login-*.png search-*.png track-*.png test-*.png dashboard-*.png report-*.html # MCP config (local) .mcp.json # Environment / Secrets — config templates only, never commit real .env config/incus/env/*.env !config/incus/env/env.example # Playwright /test-results/ /playwright-report/ tests/e2e/test-results/ tests/e2e/VEZA_AUDIT_REPORT.html tests/e2e/VEZA_AUDIT_REPORT.json apps/web/e2e-results.json e2e-results.json /blob-report/ /playwright/.cache/ /playwright/.auth/ *storybook.log storybook-static # v0.941: Swagger docs.go generated by CI (swag init) veza-backend-api/docs/docs.go # Claude Code local memory .claude/ # Test audio files (large binaries) veza-backend-api/audio/ # SELinux policy (local) qemu-fusefs.* # Root-level 'api' binary produced by `go build` in veza-backend-api/. # Narrower than the previous bare `api` rule which matched any file or # directory named 'api' anywhere (including apps/web/src/services/api/). /api /veza-backend-api/api # ============================================================ # Post-audit J1 (2026-04-14) — never recommit this debris # ============================================================ # Go binaries accidentally committed (v1.0.3 → v1.0.4 cleanup) veza-backend-api/server veza-backend-api/modern-server veza-backend-api/seed veza-backend-api/seed-v2 veza-backend-api/encrypt_oauth_tokens # Coverage reports (generated, never tracked) veza-backend-api/coverage*.out veza-backend-api/coverage_groups/ # Frontend build/lint/test artifacts apps/web/lint_report*.json apps/web/tsc*.log apps/web/tsc*.txt apps/web/ts_*.log apps/web/storybook_*.json apps/web/debug-storybook.log apps/web/build_errors*.txt apps/web/build_output.txt apps/web/final_errors.txt apps/web/*.log apps/web/diagnostic-*.log apps/web/frontend.log apps/web/audit.log # Backend local logs veza-backend-api/backend*.log # Root audit screenshots (belong in docs/assets/ if needed) /audit-*.png # AI tooling session state (not code) .cursor/ # ============================================================ # Post-audit J2 (2026-04-20) — branch chore/v1.0.7-cleanup # ============================================================ # Tracked audio fixtures — use git-lfs or fixtures repo, never commit raw audio veza-backend-api/uploads/ # TLS/SSL certificates committed pre-2026-04 (regen with scripts/generate-ssl-cert.sh) config/ssl/*.pem config/ssl/*.key config/ssl/*.crt # Playwright MCP session debris .playwright-mcp/ # AI session artefacts / context dumps CLAUDE_CONTEXT.txt UI_CONTEXT_SUMMARY.md *.context.txt *.ai-session.txt # One-off generated tooling scripts (should live in scripts/ if kept) /generate_page_fix_prompts.sh /build-archive.log # Apps/web stale audit reports (generated, never tracked) apps/web/AUDIT_ISSUES.json apps/web/audit_remediation.json apps/web/lint_comprehensive.json apps/web/storybook-roadmap.json apps/web/storybook-*.json # Root PNG screenshots — move to docs/screenshots/ if historical value /design-system-*.png /forgot-password-*.png /register-*.png /reset-password-*.png /settings-*.png /storybook-*.png # ============================================================ # Post-audit J3 (2026-04-23) — history rewrite (BFG pass, 1.5G → 66M) # ============================================================ # Additional Go build artifacts found in BFG scan veza-backend-api/bin/ veza-backend-api/veza-backend-api veza-backend-api/migrate # Vendored binaries mistakenly committed dev-environment/scripts/kubectl # Incus build outputs (generated per release cut) .build/ # E2E report outputs (Playwright) tests/e2e/audit/results/ tests/e2e/playwright-report/ # Session-scratch screenshots frontend_screenshots/ # Audit_remediation glob (supersedes J2's exact-match json) apps/web/audit_remediation* # ============================================================ # Ansible Vault — secrets at rest stay encrypted in vault.yml # (committed). The vault password used to unlock them MUST NOT # be committed; the Forgejo runner reads it from a repo secret. # ============================================================ infra/ansible/.vault-pass infra/ansible/.vault-pass.* # Local copies devs sometimes drop next to the repo for editing .vault-pass .vault-pass.*