# Build artifacts (regenerated from src/, scanned separately at src/)
dist/

# Test fixtures and test files (Anvil dev keys, mock data — not real secrets)
# Glob patterns first (forward-compatible), then exact paths for ClawHub's
# current ignore-resolver which only honours exact paths reliably.
**/__tests__/**
**/*.test.ts
**/*.spec.ts
src/__tests__/fixtures/anvil-keys.ts
src/__tests__/openclaw-coverage-gaps.test.ts
src/__tests__/openclaw-e2e.test.ts
src/__tests__/openclaw-plugin.test.ts

# CHANGELOG describes prior security-review fixes and may quote the
# regex-bait substrings the scanner once flagged. The published npm
# tarball excludes CHANGELOG.md but ClawHub scans the GitHub source too.
CHANGELOG.md
