# Binaries
workspace-server/server
workspace-server/molecli
*.exe
*.out
*.bin

# Go
*.test

# Dependencies
node_modules/

# Build output
dist/
**/.next/
canvas/tsconfig.tsbuildinfo
canvas/next-env.d.ts
mcp-server/dist/

# Environment & secrets
.env
.env.local
.env.*.local
.env.production

# OS
.DS_Store
Thumbs.db

# IDE
.vscode/
.idea/
*.swp
*.swo
*~

# Python
__pycache__/
*.pyc
*.pyo
.venv/
venv/
*.egg-info/
.pytest_cache/

# Brand monitor runtime state (never commit)
brand-monitor/.surge_state.json
brand-monitor/.monitor_state.json

# Docker
*.log

# Local docker-compose overrides (per-developer port remaps, etc.)
docker-compose.override.yml
docker-compose.override.yaml

# Test / coverage
coverage/
.coverage
.coverage.*
.nyc_output/
test-results/
playwright-report/

# Databases (local dev)
*.db
*.sqlite
*.sqlite3

# Langfuse / ClickHouse / Docker volumes
langfuse_data/
clickhouse_data/
postgres_data/
redis_data/

# Auth tokens
.auth-token

# Awareness memory (local agent memory, not project code)
.awareness/

# Claude Code (local agent config — not shared)
.claude/
CLAUDE.md
.mcp.json
test-results/

# Workspace instance configs (auto-generated by provisioner, not templates)
workspace-configs-templates/ws-*

# Local dev cruft — provisioner writes here at runtime; templates live at repo root
workspace-server/workspace-configs-templates/

# Codex/Gemini agent skill cache (local only, not authoritative)
.agents/

# Workspace runtime markers (written by agent containers, not committed)
.initial_prompt_done

# Exported bundles (may contain env vars / secrets)
*.bundle.json

# Logs
logs/

# Backups
backups/
.claude-bridge/

# Migration additions
.initial_prompt_done

# GitHub App private key + other local-only secrets — never committed.
.secrets/
*.pem

# Cloned-via-manifest dirs — populated locally by scripts/clone-manifest.sh,
# tracked in their own standalone repos. Never commit to core.
# org-templates live in Molecule-AI/molecule-ai-org-template-* repos
# (including molecule-dev — no checkin exception).
# plugins live in Molecule-AI/molecule-ai-plugin-* repos.
# All three directories are populated by scripts/clone-manifest.sh
# (now auto-run by infra/scripts/setup.sh). The in-tree exception for
# molecule-dev was removed because the checked-in copy drifted from
# the standalone repo and shipped with broken !include references to
# role files that never existed in the snapshot.
/org-templates/
/plugins/
/workspace-configs-templates/
# Cloned by publish-workspace-server-image.yml so the Dockerfile's
# replace-directive path resolves. Lives in its own repo.
/molecule-ai-plugin-github-app-auth/

# Internal-flavored content lives in Molecule-AI/internal — NEVER in this
# public monorepo. Migrated 2026-04-23 (CEO directive). The CI workflow
# .github/workflows/block-internal-paths.yml enforces this; this gitignore
# is the second line of defence so accidental local writes don't reach a
# commit. See docs/internal-content-policy.md for the full rationale.
/research/
/marketing/
/docs/marketing/
# Common temp/scratch patterns agents have produced
/comment-*.json
*-temp.md
*-temp.txt
/test-pmm-*.txt
/tick-reflections-*.md