Files
wehub-resource-sync 7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:08:55 +08:00

396 lines
10 KiB
Plaintext

# WHITELIST APPROACH - Only allow specific file types
# Deny everything by default
*
# Allow directories (needed for git to traverse)
!*/
# Allow specific source code files (but not .py in root - see below)
!*.js
!*.html
!*.css
# Auto-generated theme CSS (regenerated on every server start from themes/*/*.css)
src/local_deep_research/web/static/css/themes.css
# JSON — path-scoped (root package.json whitelisted below)
!src/local_deep_research/defaults/**/*.json
!cookiecutter-docker/**/*.json
# YAML — non-root, path-scoped (.github/ and .semgrep/ whitelisted separately)
!community_benchmark_results/**/*.yaml
!cookiecutter-docker/**/*.yml
!examples/elasticsearch/docker-compose.yml
# Shell scripts — path-scoped (.github/ and .pre-commit-hooks/ whitelisted separately)
!scripts/**/*.sh
!tests/**/*.sh
!docs/**/*.sh
!examples/**/*.sh
# Templates, Jinja2, XML — explicit paths
# NOTE: .env.template has a leading-dot basename, so the `.*` catch-all
# below would re-ignore it -- it is re-allowed in the post-catch-all block
# instead (a negation here would be a dead rule).
!src/local_deep_research/notifications/templates/**/*.jinja2
!unraid-templates/**/*.xml
# Allow Python files everywhere except root
!**/*.py
# Block ALL files in root directory - adding files to root should be intentional
/*.*
# Re-allow root-level directories whose name contains a dot.
#
# Why: the `/*.*` pattern above is a glob that matches anything at the
# repo root containing a `.` — it correctly catches files like
# `something.txt`, but it ALSO matches DIRECTORIES whose name happens to
# include a dot (e.g. `changelog.d/`). gitignore's pattern engine does
# not distinguish files from directories at the pattern level unless the
# pattern ends in `/`.
#
# Per git's own gitignore rules:
# "It is not possible to re-include a file if a parent directory of
# that file is excluded."
# So later negations like `!changelog.d/**/*.md` below cannot
# rescue files inside an excluded parent. They silently fail, and new
# files in `changelog.d/` get ignored even though contributors expect
# them to be tracked. This surfaced when adding a new towncrier
# fragment.
#
# Fix: explicitly re-include the directory ITSELF so the parent isn't
# excluded, leaving the per-file negation below to do its job. If a new
# dotted directory is added at root in the future, it needs the same
# treatment here.
!changelog.d/
# Explicitly allow specific Python files in root that are needed
# (Comment out any you don't need)
# Allow specific project files
!LICENSE
!README
!README.md
!CHANGELOG.md
!CONTRIBUTING.md
!SECURITY.md
!LICENSE.md
!Dockerfile
!pyproject.toml
!pdm.lock
!package.json
!MANIFEST.in
!eslint.config.mjs
!eslint.config.js
!playwright.config.js
!vite.config.js
!vulture_whitelist.py
!docker-compose.yml
# Block JSON files in root directory (except package.json which is explicitly allowed above)
/*.json
!package.json
!lighthouserc.json
# Block all other dot files/folders
.*
.*/
!.github/
!.github/**/*.yml
!.github/**/*.yaml
!.github/**/*.md
!.github/**/*.sh
!.github/**/*.py
!.github/CODEOWNERS
!.github/security/*.txt
# Config dotfiles re-allowed AFTER the `.*`/`.*/` catch-all above. A `!`
# negation placed BEFORE the catch-all is a dead rule -- the catch-all
# re-ignores the file, which then stays tracked only if it was committed
# before the catch-all existed (git never ignores an already-tracked path,
# which masks the bug). Put every new dot-config negation in THIS block --
# otherwise e.g. a nested `.gitignore` or a `newdir/.gitkeep` is silently
# dropped by `git add`.
!.gitignore
!.gitkeep
!.nvmrc
!.pre-commit-config.yaml
# Linter, whitelist, and security-scan config dotfiles -- masked by the
# catch-all above like the rest of this block; tracked today only because
# they predate it. .zap/ mirrors the .github/ / .semgrep/ pattern: re-allow
# the dir, then its file TYPE (.tsv) -- deliberately NOT a blanket `**`, so a
# stray key/db/pem dropped into .zap/ stays ignored (deny-by-default).
!.file-whitelist.txt
!.hadolint.yaml
!.yamllint.yaml
!.zap/
!.zap/**/*.tsv
# Shipped source template whose basename starts with a dot -- caught by the
# `.*` catch-all above, so it must be re-allowed here (not in the templates
# block near its non-dotfile siblings).
!src/local_deep_research/defaults/.env.template
!.gitleaksignore
!.grype.yaml
!.dockerignore
# Security-tool configs. Directory rules mirror the .github/ block above:
# re-allow the dir first, then its file types, so newly added
# .semgrep/rules/* files actually get tracked. (bearer.yml is not a dotfile
# -- the catch-all never affected it -- grouped here by topic.)
!.gitleaks.toml
!.semgrepignore
!bearer.yml
!.trivyignore
!.safety-policy.yml
!.semgrep/
!.semgrep/**/*.yml
!.semgrep/**/*.yaml
!.semgrep/**/*.md
# Pre-commit hook scripts (dir + file types), re-allowed after the catch-all.
!.pre-commit-hooks/
!.pre-commit-hooks/*.py
!.pre-commit-hooks/*.sh
# Allow installer files only in installers directory (text scripts only)
!installers/**/*.bat
!installers/**/*.ps1
!installers/**/*.iss
# Block specific problematic directories even if they contain allowed files
src/data/
src/research_outputs/
research_outputs/
data/
# Journal quality data: nothing is bundled. All sources are runtime-downloaded
# into the user data directory by the data_sources package. There is no
# package-level data directory any more.
logs/
cache/
temp/
tmp/
# Block result directories from examples
examples/optimization/examples/optimization/results/
examples/benchmarks/examples/benchmarks/results/
examples/*/results/
**/results/*/
# Block test output and JSON files
tests/**/results/
tests/**/*.json
tests/ui_tests/*.json
tests/ui_tests/results/
# …but the responsive baseline is checked in on purpose: it's the
# allowlist of currently-known UI bugs that test_responsive_ui_comprehensive.js
# compares against. New regressions vs this list fail the test.
!tests/ui_tests/responsive_baseline.json
# Still block Python cache and build artifacts even if they match patterns above
__pycache__/
**/__pycache__/
__pypackages__/
**/__pypackages__/
*.py[cod]
*$py.class
*.so
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
# Block virtual environments
.venv/
venv/
ENV/
env/
.env
.pdm*
# Block IDE files
.idea/
.vscode/
*.swp
*.swo
.DS_Store
.qodo/
.cursorrules
# Project specific
temp_output.txt
temp_output_findings.txt
formatted_output.txt
Output.txt
research_outputs
report.md
src/data/*
# Logs
*.log
logs/
# Database
research_history.db
data/ldr.db
*.db
# Data
*.pdf
.cache
*.jsonl
data/cache/pricing/pricing_cache.json
# Tools
python-db/
js-db/
*.sarif
codeql_analysis_results.txt
.coverage
coverage/
# benchmark results for examples
examples/benchmark_results/
# benchmark and optimization results
src/benchmark_results/
data/benchmark_results/
data/optimization_results/
examples/*/benchmark_results/
examples/*/optimization_*/
examples/benchmarks/results/
examples/optimization/results/
tests/import_tests/
benchmark_results/
strategy_benchmark_results/
strategy_sim_results_*/
*_results_*/
optimization_results_*/
optimization_demo_*/
# Utility scripts for benchmarks
update_api_key.py
update_max_tokens.py
verify_grader_config.py
/run_*_benchmark.sh
/run_fixed_benchmark.sh
/run_verification.sh
/run_update_*.sh
/run_*.sh
/*_benchmark.py
benchmark_cleanup.sh
benchmark_*summary.md
simulation_*summary.md
# Exceptions for benchmark example scripts
!examples/benchmarks/**/run_*.sh
!examples/benchmarks/**/*.py
**/.claude/settings.local.json
# Folders created by Docker.
local_collections/
# Node.js dependencies and artifacts
node_modules/
package-lock.json
!/package-lock.json
!tests/ui_tests/package-lock.json
!tests/ui_tests/playwright/package-lock.json
!tests/api_tests_with_login/package-lock.json
!tests/infrastructure_tests/package-lock.json
!tests/accessibility_tests/package.json
!tests/accessibility_tests/package-lock.json
!tests/puppeteer/package-lock.json
!tests/package-lock.json
npm-debug.log*
yarn-debug.log*
yarn-error.log*
# Temporary debug files
debug_*.js
test_*.html
# Test screenshots and artifacts
*.png
charts_*.png
research_*.png
star_reviews_*.png
web*.png
tests/screenshots/
screenshots/
# Explicitly allowed binary files — keep this list small.
# Binary files bloat the repo; do NOT add new ones without maintainer approval.
!docs/images/Local Search.png
!docs/images/local_search_embedding_model_type.png
!docs/images/local_search_paths.png
!src/local_deep_research/web/static/favicon.png
!src/local_deep_research/web/static/sounds/error.mp3
!src/local_deep_research/web/static/sounds/success.mp3
# Block mobile UI test artifacts (html/json reports, screenshot directories)
tests/ui_tests/mobile/**/*.html
tests/ui_tests/mobile/**/*.json
tests/ui_tests/mobile/*-screenshots/
# Ignore cookiecutter-generated docker-compose files (root only).
/docker-compose.*.yml
!docker-compose.gpu.override.yml
!docker-compose.unraid.yml
# Ignore backup data directories (but not backup code modules)
/backup/
!src/**/backup/
!tests/**/backup/
# Security - ignore generated secret keys
.secret_key
.cache_key_secret
# Allow MD files only in specific directories
!docs/**/*.md
!examples/**/*.md
!cookiecutter-docker/**/*.md
# towncrier news fragments — directory itself is re-allowed near the
# `/*.*` rule above (consolidated so the re-include lives in one place).
!changelog.d/**/*.md
# Block MD files in tests directories by default
tests/**/*.md
# To whitelist specific test MD files, add them explicitly like:
# !tests/specific-file-to-include.md
# Whitelist Playwright test infrastructure
!tests/ui_tests/playwright/
!tests/ui_tests/playwright/package.json
!tests/ui_tests/playwright/README.md
!tests/ui_tests/playwright/playwright.config.js
!tests/ui_tests/playwright/tests/
!tests/ui_tests/playwright/tests/*.js
!tests/ui_tests/playwright/tests/helpers/
!tests/ui_tests/playwright/tests/helpers/*.js
# NOTE: Playwright snapshot PNGs are NOT tracked in git.
# Visual regression tests use --update-snapshots to generate baselines locally.
# See: tests/ui_tests/playwright/README.md
# Block Playwright authentication state (contains session cookies/tokens)
tests/ui_tests/playwright/.auth/
# Block Playwright generated reports and test artifacts
tests/ui_tests/playwright/playwright-report/
tests/ui_tests/playwright/test-results/
# Block accessibility test auth state and generated reports
tests/accessibility_tests/.auth/
tests/accessibility_tests/playwright-report/
tests/accessibility_tests/test-results/
tests/accessibility_tests/.lighthouseci/