fix: ignore node_modules at all depths across workspaces

[taearls]

Summary

• Fix .gitignore to ignore node_modules at any directory depth (not just root), covering all npm workspace packages
• Remove two accidentally tracked files from packages/feature-flags/node_modules/
• Update ROADMAP.md to mark issue Fix .gitignore to ignore all node_modules directories across workspaces #173 as completed

Closes #173

Changes

1. .gitignore: Changed /node_modules → node_modules (removes leading slash so the pattern matches recursively)
2. Removed tracked files:
   • packages/feature-flags/node_modules/.cache/wrangler/wrangler-account.json
   • packages/feature-flags/node_modules/.mf/cf.json
3. ROADMAP.md: Added completion entry, updated issue status table and changelog

Test plan

• Verify git ls-files --cached -- '*/node_modules/*' returns no results
• Verify .gitignore now uses node_modules without leading slash
• Confirm no other workspace packages had tracked node_modules files

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Improved repository configuration to properly ignore node_modules directories across all project workspaces.

[coderabbitai]

Walkthrough

The .gitignore pattern for node_modules was changed from absolute (/node_modules) to relative (node_modules) to match directories at any depth. ROADMAP.md was updated to document this fix completion on Feb 11, 2026, including changelog entries and priority adjustments.

Changes

Cohort / File(s)	Summary
Git Ignore Configuration .gitignore	Changed node_modules pattern from absolute path (/node_modules) to relative path (node_modules) to recursively match directories at any depth in workspaces.
Project Documentation ROADMAP.md	Added completed Issue #173 entry dated Feb 11, 2026; updated Changelog section with .gitignore fix details, Open Issues Summary, and Issues by Priority table to reflect Low priority count (11 open items).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: modifying .gitignore to recursively ignore node_modules at all directory depths across workspace packages.
Linked Issues check	✅ Passed	All coding requirements from issue #173 are met: .gitignore pattern changed to recursive, tracked node_modules files removed, verification completed for workspace packages.
Out of Scope Changes check	✅ Passed	All changes are directly related to issue #173: .gitignore fix, removal of tracked node_modules files, and ROADMAP.md documentation of the completed fix.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/gitignore-node-modules-workspaces

---

No actionable comments were generated in the recent review. 🎉

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying portfolio with    Cloudflare Pages

Latest commit:	224713a
Status:	✅  Deploy successful!
Preview URL:	https://253a7005.portfolio-next.pages.dev
Branch Preview URL:	https://fix-gitignore-node-modules-w.portfolio-next.pages.dev

View logs

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	portfolio-feature-flags	224713a	Commit Preview URL Branch Preview URL	Feb 11 2026, 09:59 PM

[taearls]

PR Review: fix: ignore node_modules at all depths across workspaces

Summary

Fixes .gitignore to match node_modules at any directory depth (not just root), removes two accidentally tracked files from packages/feature-flags/node_modules/, and updates ROADMAP.md with completion status.

Changed files: 4 files, +22 additions, -11 deletions
Impact areas: Git configuration, tracked file cleanup, documentation
Review depth: Full validation

---

Quality Checks Results

• ✅ Linting: npm run lint:check - Pass (0 errors)
• ✅ Tests: npm run test - Pass (300/300 tests, 15 test files)
• ✅ Build: npm run build - Pass (tsc -b && vite build)
• ⏭️ Format: npm run format:check - Only warning is .serena/project.yml (local file, not in PR)
• ⏭️ E2E tests - Skipped (no UI changes, config-only PR)

---

Code Review Findings

🔴 Critical Issues

Sensitive data was committed to git history

The wrangler-account.json file contained a Cloudflare account ID (cda170e385b7046f78933270660431c2) and account name/email. The cf.json file contained detailed Cloudflare edge metadata including geolocation, TLS session data, and bot management scores.

While this PR correctly removes the files from the index with git rm --cached, the data remains in git history. Since this is a public repository, consider:

1. Rotating any sensitive Cloudflare credentials/tokens associated with this account
2. If the account ID is considered sensitive, using git filter-repo or BFG Repo Cleaner to scrub history (though this rewrites history and is disruptive)
3. At minimum, verifying that the Cloudflare account ID alone doesn't grant any access

Note: The account ID by itself is typically not a security risk (it's not an API key), but it's worth verifying. The cf.json data appears to be Cloudflare request metadata from a local dev session, which is low-risk.

✅ Positive Observations

• Correct .gitignore fix: Removing the leading / from /node_modules is the right approach — it now matches recursively at any depth per gitignore spec
• Clean removal: git rm -r --cached correctly untracks the files without deleting them from the working tree
• Future-proof: The fix covers all current and future workspace packages automatically
• ROADMAP updates: Thorough — updated the issue status, category counts, status table totals, and changelog with consistent formatting

---

Security Review

• ✅ No new secrets introduced
• ⚠️ Previously committed sensitive files removed from index (see critical note above about git history)
• ✅ .gitignore fix prevents future accidental commits of workspace node_modules

Documentation Review

• ✅ ROADMAP.md updated with completion entry
• ✅ Issue status table counts updated correctly (10→11 low closed, 32→33 total closed)
• ✅ CI/CD category updated (3→4 closed)
• ✅ Changelog entry follows existing format

Testing Analysis

• ⏭️ No code changes requiring tests — this is a git configuration fix
• ✅ All 300 existing tests continue to pass
• ✅ Build succeeds confirming no side effects

---

Recommendations

1. [Low] Consider whether the Cloudflare account ID in git history warrants any action
   • File: packages/feature-flags/node_modules/.cache/wrangler/wrangler-account.json (deleted)
   • Issue: Account ID remains in git history
   • Suggestion: Verify this doesn't grant access; if concerned, rotate associated credentials

---

Approval Status

✅ APPROVE - The .gitignore fix is correct and the ROADMAP updates are thorough. The only consideration is the sensitive data remaining in git history, which is a pre-existing issue that this PR improves (by preventing future occurrences).

---

Review completed using: npm run lint:check, npm run format:check, npm run test, npm run build
Reviewed by: Claude Code Agent