# never ship secrets
.env
.env.*
*.env
**/*.env
**/*.env.*

# VCS / workspace junk
.git
.gitignore
.vscode
.idea

# node noise (server images install their own deps)
node_modules
**/node_modules
npm-debug.log*
yarn.lock
pnpm-lock.yaml

# transient outputs (but KEEP build/ for nginx)
dist
coverage
.DS_Store
*.log

# keys/certs
*.pem
*.key
*.crt
*.pfx

# Test sources & artifacts
tests/
playwright-report/
test-results/
blob-report/
*.trace.zip