# ============================================================================
# Provisioning Repository .gitignore Model
# Purpose: Track core system & platform, exclude extensions & runtime data
# ============================================================================

# === SEPARATE REPOSITORIES ===
# These are tracked in their own repos or pulled from external sources
extensions/
core/plugins/nushell-plugins/

# === USER WORKSPACE DATA ===
# User-specific data, should never be committed
# NOTE: provisioning/workspace/ contains system templates and SHOULD be tracked
# User workspace data is at project root, not in provisioning/ repo
wrks/
ROOT/
OLD/

# === RUNTIME & STATE DATA ===
# Generated at runtime, should not be tracked
.cache/
.p/
*.log
logs/

# Platform service runtime data
platform/orchestrator/data/*.json
platform/orchestrator/data/tasks/**
platform/control-center/data/
platform/api-gateway/data/
platform/mcp-server/data/

# Keep .gitkeep files for directory structure
!**/data/.gitkeep

# === BUILD ARTIFACTS ===
# Rust build outputs
target/
debug/
Cargo.lock              # Uncomment to track if this is a binary package
*.rs.bk
*.pdb

# Nushell compiled plugins (built artifacts)
*.so
*.dylib
*.dll

# === SECRETS & ENCRYPTION (CRITICAL - NEVER COMMIT) ===
# Encryption keys
.k
.k.backup
*.key
*.key.backup
**/*.age

# Secret files
secrets/
private/
security/
*.encrypted
*.enc

# SOPS files (allow .sops.yaml config, not encrypted content)
# .sops.yaml should be tracked for team sharing

# Environment files with secrets
.env
.env.local
.env.production
.env.staging
.env.development

# Keep example files
!.env.example
!**/*.example
!**/*.template

# === CONFIGURATION FILES ===
# User-specific configs (not defaults)
config.*.toml
config.*back
!config.defaults.toml
!config.example.toml
!config.toml.example

# Platform service configs (user overrides)
platform/*/.env.local
platform/*/config.local.*

# === GENERATED & CACHED FILES ===
# KCL cache
**/.kcl_cache/
**/kcl_modules/

# Generated code/configs
**/generated/**
!**/generated/.gitkeep

# Template outputs
**/output/
!**/output/.gitkeep

# === TEMPORARY & BACKUP FILES ===
*.bak
*.backup
*.tmp
*.swp
*.swo
*~
.#*

# === DEVELOPMENT & IDE ===
# Already handled by root .gitignore, but include for standalone use
.vscode/
.idea/
.zed/
.coder/
.claude/
.migration/
.shellcheckrc
.DS_Store
._*
Thumbs.db
*.sublime-*

# === NODE/NPM (for platform web UIs) ===
node_modules/
package-lock.json
npm-debug.log
yarn-error.log
.pnpm-debug.log

# Frontend build outputs
platform/*/dist/
platform/*/build/
platform/*/.next/
platform/*/.nuxt/

# === DOCUMENTATION BUILD OUTPUTS ===
_book/
book-output/
site/

# === DATABASE FILES ===
*.db
*.sqlite
*.sqlite3

# === CERTIFICATES & TLS ===
certs/
*.pem
*.crt
!**/ca-bundle.crt       # Allow CA bundles
*.p12
*.pfx

# === TEST OUTPUTS ===
coverage/
.coverage
htmlcov/
test-results/
test-logs/

# === CSS BUILD FILES ===
**/output.css
**/input.css

# === ALLOW CRITICAL STRUCTURE ===
# Explicitly allow critical files that might be caught by patterns
!justfile
!justfiles/**
!Cargo.toml
!README.md
!CLAUDE.md
!.envrc

# ============================================================================
# End of .gitignore model
# ============================================================================