# Build artifacts + local state — never bake into the image
node_modules
.next
.next/cache
.git
.gitignore
data
dist
*.log

# Local secrets — never copy these into the image. Operators inject
# AUTH_SECRET via env at runtime; the wizard collects everything else.
.env
.env.local
.env.local.bak-*
.sysadmin-secret

# IDE / OS junk
.vscode
.idea
.DS_Store
Thumbs.db

# Docs that don't need to live inside the runtime image. The README
# is still useful (operators can `docker exec cat /app/README.md`),
# so it stays.
docs
*.md.bak

# Tests + tsbuild cache
**/*.test.ts
**/*.test.tsx
tsconfig.tsbuildinfo
