Document removed egress paths in README

2026-04-03 22:50:05 +08:00
parent d04ef7e701
commit 9e7338d54c
2 changed files with 21 additions and 32 deletions
--- a/src/bridge/trustedDevice.ts
+++ b/src/bridge/trustedDevice.ts
@@ -1,5 +1,3 @@
-import memoize from 'lodash-es/memoize.js'
-import { getFeatureValue_CACHED_MAY_BE_STALE } from '../services/analytics/growthbook.js'
 import { logForDebugging } from '../utils/debug.js'
 import { getSecureStorage } from '../utils/secureStorage/index.js'

@@ -21,36 +19,12 @@ import { getSecureStorage } from '../utils/secureStorage/index.js'
 * #295987 (B2 Python routes), #307150 (C1' CCR v2 gate).
 */

-const TRUSTED_DEVICE_GATE = 'tengu_sessions_elevated_auth_enforcement'
-
-function isGateEnabled(): boolean {
-  return getFeatureValue_CACHED_MAY_BE_STALE(TRUSTED_DEVICE_GATE, false)
-}
-
-// Memoized — secureStorage.read() spawns a macOS `security` subprocess (~40ms).
-// bridgeApi.ts calls this from getHeaders() on every poll/heartbeat/ack.
-// Cache cleared on logout (clearAuthRelatedCaches) and after any local update.
-//
-// Only the storage read is memoized — the GrowthBook gate is checked live so
-// that a gate flip after GrowthBook refresh takes effect without a restart.
-const readStoredToken = memoize((): string | undefined => {
-  // Env var takes precedence for testing/canary.
-  const envToken = process.env.CLAUDE_TRUSTED_DEVICE_TOKEN
-  if (envToken) {
-    return envToken
-  }
-  return getSecureStorage().read()?.trustedDeviceToken
-})
-
 export function getTrustedDeviceToken(): string | undefined {
-  if (!isGateEnabled()) {
-    return undefined
-  }
-  return readStoredToken()
+  return undefined
 }

 export function clearTrustedDeviceTokenCache(): void {
-  readStoredToken.cache?.clear?.()
+  return
 }

 /**
@@ -59,9 +33,6 @@ export function clearTrustedDeviceTokenCache(): void {
 * as X-Trusted-Device-Token after account switches.
 */
 export function clearTrustedDeviceToken(): void {
-  if (!isGateEnabled()) {
-    return
-  }
  const secureStorage = getSecureStorage()
  try {
    const data = secureStorage.read()
@@ -72,7 +43,6 @@ export function clearTrustedDeviceToken(): void {
  } catch {
    // Best-effort — don't block login if storage is inaccessible
  }
-  readStoredToken.cache?.clear?.()
 }

 /**