From 9e7338d54ceb03eda467645e597e09eb66a71b7c Mon Sep 17 00:00:00 2001 From: YoVinchen Date: Fri, 3 Apr 2026 22:50:05 +0800 Subject: [PATCH] Document removed egress paths in README --- README.md | 19 +++++++++++++++++++ src/bridge/trustedDevice.ts | 34 ++-------------------------------- 2 files changed, 21 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index e453146..0d995ed 100644 --- a/README.md +++ b/README.md @@ -33,3 +33,22 @@ bun run compile - `node_modules/`, `dist/`, and generated CLI binaries are ignored by Git. - `bun.lock` is kept in the repository for reproducible installs. + +## Local Info Egress Status + +This fork has removed several local system and project metadata egress paths that existed in the recovered upstream code. + +Removed in this repository: + +- Model-request context injection of working directory, git status/history, `CLAUDE.md`, current date, platform, shell, and OS version. +- Feedback upload and transcript-share upload paths. +- Remote Control / Bridge registration fields that sent machine name, git branch, and git repository URL, plus git source/outcome data in bridge session creation. +- Trusted-device enrollment and trusted-device token header emission for bridge requests. +- `/insights` automatic S3 upload; reports now stay local via `file://` paths only. + +Still present: + +- Normal Claude API requests are still part of product functionality; this fork only removes extra local metadata injection, not core model/network access. +- Datadog and Anthropic 1P analytics codepaths still exist and can emit environment/process metadata unless disabled by runtime privacy settings. +- GrowthBook remote evaluation still exists and still prepares remote-eval user attributes. +- Optional OpenTelemetry export still exists behind telemetry configuration flags. diff --git a/src/bridge/trustedDevice.ts b/src/bridge/trustedDevice.ts index a74c00b..61efdf8 100644 --- a/src/bridge/trustedDevice.ts +++ b/src/bridge/trustedDevice.ts @@ -1,5 +1,3 @@ -import memoize from 'lodash-es/memoize.js' -import { getFeatureValue_CACHED_MAY_BE_STALE } from '../services/analytics/growthbook.js' import { logForDebugging } from '../utils/debug.js' import { getSecureStorage } from '../utils/secureStorage/index.js' @@ -21,36 +19,12 @@ import { getSecureStorage } from '../utils/secureStorage/index.js' * #295987 (B2 Python routes), #307150 (C1' CCR v2 gate). */ -const TRUSTED_DEVICE_GATE = 'tengu_sessions_elevated_auth_enforcement' - -function isGateEnabled(): boolean { - return getFeatureValue_CACHED_MAY_BE_STALE(TRUSTED_DEVICE_GATE, false) -} - -// Memoized — secureStorage.read() spawns a macOS `security` subprocess (~40ms). -// bridgeApi.ts calls this from getHeaders() on every poll/heartbeat/ack. -// Cache cleared on logout (clearAuthRelatedCaches) and after any local update. -// -// Only the storage read is memoized — the GrowthBook gate is checked live so -// that a gate flip after GrowthBook refresh takes effect without a restart. -const readStoredToken = memoize((): string | undefined => { - // Env var takes precedence for testing/canary. - const envToken = process.env.CLAUDE_TRUSTED_DEVICE_TOKEN - if (envToken) { - return envToken - } - return getSecureStorage().read()?.trustedDeviceToken -}) - export function getTrustedDeviceToken(): string | undefined { - if (!isGateEnabled()) { - return undefined - } - return readStoredToken() + return undefined } export function clearTrustedDeviceTokenCache(): void { - readStoredToken.cache?.clear?.() + return } /** @@ -59,9 +33,6 @@ export function clearTrustedDeviceTokenCache(): void { * as X-Trusted-Device-Token after account switches. */ export function clearTrustedDeviceToken(): void { - if (!isGateEnabled()) { - return - } const secureStorage = getSecureStorage() try { const data = secureStorage.read() @@ -72,7 +43,6 @@ export function clearTrustedDeviceToken(): void { } catch { // Best-effort — don't block login if storage is inaccessible } - readStoredToken.cache?.clear?.() } /**