veza/.gitignore

# ============================================================
# Veza/Talas — Global .gitignore
# Stack: Go, Rust, TypeScript/React, Docker, Scripts
# ============================================================

### Node / JS
node_modules/
dist/
build/
.next/
pnpm-lock.yaml
npm-debug.log*
yarn-debug.log*
yarn-error.log*

### Rust
target/
Cargo.lock
*.rs.bk

### Go
*.exe
*.exe~
*.dll
*.so
*.dylib

### Python (scripts/tools)
__pycache__/
*.pyc

### Logs / Dumps
*.log
logs/
*.pid
*.seed
*.gz

### Database dumps — SECURITY(REM-034): Never commit database artifacts
**/veza_back_api_db/
*.sql.dump
*.pgdump

### Editors / IDE
.vscode/
.idea/
.cursor/
*.swp
*.swo

### System trash
.DS_Store
Thumbs.db

### Temp / Cache
tmp/
temp/
.cache/
.turbo/
coverage/
coverage-final.json
typecheck*.txt
output*.txt
design_system*.html
*_design_system*.html
MODULE.bazel.lock

### Test artifacts
*.test
*.coverage
*.out
test-results/
playwright-report/

### Build / Bundles
*.wasm
*.bundle.js
*.map
apps/web/dist_verification/
**/dist_verification/

### Environment / Secrets (NE JAMAIS COMMIT)
.env
.env.*
!.env.example
!.env.staging.example
**/.env
**/.env.local
**/.env.*
!.env.example
!.env.staging.example
veza-backend-api/.env
veza-chat-server/.env
veza-stream-server/.env
apps/web/.env.local
.secrets/

### Docker
docker-data/
*.tar

# HAProxy SSL certs (never commit private keys)
docker/haproxy/certs/*.key
docker/haproxy/certs/*.pem

# JWT RSA keys (v0.9.1 RS256 migration — NEVER commit)
jwt-private.pem
jwt-public.pem

veza-backend-api/main
veza-backend-api/api
veza-backend-api/veza-api
veza-backend-api/migrate_tool
chat_exports/

# Debug/test screenshots (root level)
screenshot-*.png
sidebar-*.png
player-*.png
login-*.png
search-*.png
track-*.png
test-*.png
dashboard-*.png
report-*.html

# MCP config (local)
.mcp.json

# Environment / Secrets — config templates only, never commit real .env
config/incus/env/*.env
!config/incus/env/env.example

# Playwright
/test-results/
/playwright-report/
tests/e2e/test-results/
tests/e2e/VEZA_AUDIT_REPORT.html
tests/e2e/VEZA_AUDIT_REPORT.json
apps/web/e2e-results.json
e2e-results.json
/blob-report/
/playwright/.cache/
/playwright/.auth/

*storybook.log
storybook-static

# v0.941: Swagger docs.go generated by CI (swag init)
veza-backend-api/docs/docs.go

# Claude Code local memory
.claude/

# Test audio files (large binaries)
veza-backend-api/audio/

# SELinux policy (local)
qemu-fusefs.*
api

# ============================================================
# Post-audit J1 (2026-04-14) — never recommit this debris
# ============================================================
# Go binaries accidentally committed (v1.0.3 → v1.0.4 cleanup)
veza-backend-api/server
veza-backend-api/modern-server
veza-backend-api/seed
veza-backend-api/seed-v2
veza-backend-api/encrypt_oauth_tokens

# Coverage reports (generated, never tracked)
veza-backend-api/coverage*.out
veza-backend-api/coverage_groups/

# Frontend build/lint/test artifacts
apps/web/lint_report*.json
apps/web/tsc*.log
apps/web/tsc*.txt
apps/web/ts_*.log
apps/web/storybook_*.json
apps/web/debug-storybook.log
apps/web/build_errors*.txt
apps/web/build_output.txt
apps/web/final_errors.txt
apps/web/*.log
apps/web/diagnostic-*.log
apps/web/frontend.log
apps/web/audit.log

# Backend local logs
veza-backend-api/backend*.log

# Root audit screenshots (belong in docs/assets/ if needed)
/audit-*.png

# AI tooling session state (not code)
.cursor/

# ============================================================
# Post-audit J2 (2026-04-20) — branch chore/v1.0.7-cleanup
# ============================================================

# Tracked audio fixtures — use git-lfs or fixtures repo, never commit raw audio
veza-backend-api/uploads/

# TLS/SSL certificates committed pre-2026-04 (regen with scripts/generate-ssl-cert.sh)
config/ssl/*.pem
config/ssl/*.key
config/ssl/*.crt

# Playwright MCP session debris
.playwright-mcp/

# AI session artefacts / context dumps
CLAUDE_CONTEXT.txt
UI_CONTEXT_SUMMARY.md
*.context.txt
*.ai-session.txt

# One-off generated tooling scripts (should live in scripts/ if kept)
/generate_page_fix_prompts.sh
/build-archive.log

# Apps/web stale audit reports (generated, never tracked)
apps/web/AUDIT_ISSUES.json
apps/web/audit_remediation.json
apps/web/lint_comprehensive.json
apps/web/storybook-roadmap.json
apps/web/storybook-*.json

# Root PNG screenshots — move to docs/screenshots/ if historical value
/design-system-*.png
/forgot-password-*.png
/register-*.png
/reset-password-*.png
/settings-*.png
/storybook-*.png