From f106cc683544d26ff42da21c425bb645733c554a Mon Sep 17 00:00:00 2001
From: Enriquefft <enriquefft2001@gmail.com>
Date: Sun, 12 Apr 2026 18:14:44 -0500
Subject: [PATCH] fix(nix): restrict package source to git-tracked files

Replace denylist approach with gitTracked to exclude node_modules,
dist, .git, and any other untracked artifacts from the derivation.
Keeps the nix/flake/md exclusions as they are nix-only or non-source.
---
 nix/package.nix | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/nix/package.nix b/nix/package.nix
index 489fa13..198d68c 100644
--- a/nix/package.nix
+++ b/nix/package.nix
@@ -16,24 +16,14 @@ buildNpmPackage {
   src =
     let
       fs = lib.fileset;
-      maybe = fs.maybeMissing;
     in
     fs.toSource {
       root = ../.;
-      fileset = fs.difference ../. (
+      fileset = fs.difference (fs.gitTracked ../.) (
         fs.unions [
           ../nix
           ../flake.nix
           ../flake.lock
-          (maybe ../release)
-          (maybe ../test-results)
-          (maybe ../playwright-report)
-          (maybe ../.github)
-          (maybe ../.vscode)
-          (maybe ../.idea)
-          (maybe ../.kiro)
-          (maybe ../.envrc)
-          (maybe ../.direnv)
           (fs.fileFilter (file: file.hasExt "md") ../.)
         ]
       );