YoVinchen
7dd3095974
Remove three active external data transmission paths:
1. WebFetch domain blocklist (api.anthropic.com/api/web/domain_info)
- src/tools/WebFetchTool/utils.ts
- Was sending every domain a user tried to fetch to Anthropic
- Replaced with always-allowed stub; tool permission dialog is
the primary security boundary
2. Codex API router (chatgpt.com/backend-api/codex/responses)
- src/services/api/codex-fetch-adapter.ts
- Would have forwarded full conversation content to OpenAI
- createCodexFetch now returns HTTP 403 stub
3. OpenAI API adapter (api.openai.com/v1/chat/completions)
- src/utils/codex-fetch-adapter.ts
- Would have forwarded messages to OpenAI
- fetchCodexResponse now throws immediately
Already-disabled paths (no changes needed):
- Analytics logEvent/logEventAsync: empty stubs in services/analytics/index.ts
- GrowthBook/Statsig: local cache only, no outbound requests
- Auto-updater GCS: already guarded by CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC
- MCP registry: already guarded by CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC
- Release notes GitHub: already guarded by isEssentialTrafficOnly()
Add .github/workflows/release.yml:
- Builds self-contained binaries for macOS (x64+arm64), Linux (x64+arm64),
Windows (x64) using bun compile on each native runner
- Triggers on version tags (v*.*.*) or manual workflow_dispatch
- Publishes binaries + SHA256SUMS.txt as a GitHub Release with
per-platform install instructions
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
openclaude
This repository contains a recovered Bun-based CLI workspace for Claude Code.
Project Layout
src/: main source codescripts/: build scriptsdocs/: project documentsvendor/: vendored assets and dependencies kept in-repo
Local Development
Run the CLI directly:
bun run dev
Build the standalone executable:
bun run build
Build the compiled artifact into dist/:
bun run compile
Notes
node_modules/,dist/, and generated CLI binaries are ignored by Git.bun.lockis kept in the repository for reproducible installs.
Local Info Egress Status
This fork has removed several local system and project metadata egress paths that existed in the recovered upstream code.
Removed in this repository:
- Model-request context injection of working directory, git status/history,
CLAUDE.md, current date, platform, shell, and OS version. - Feedback upload and transcript-share upload paths.
- Remote Control / Bridge registration fields that sent machine name, git branch, and git repository URL, plus git source/outcome data in bridge session creation.
- Trusted-device enrollment and trusted-device token header emission for bridge requests.
/insightsautomatic S3 upload; reports now stay local viafile://paths only.- Datadog analytics and Anthropic 1P event-logging egress.
- GrowthBook remote evaluation/network fetches; local env/config overrides and cached values remain available for compatibility.
- OpenTelemetry initialization and event export paths.
- Perfetto local trace-file output paths that could persist request/tool metadata to disk.
- Extra dead telemetry scaffolding tied to the removed egress paths, including startup/session analytics fanout, logout telemetry flush, and remote GrowthBook metadata collectors.
Still present:
- Normal Claude API requests are still part of product functionality; this fork only removes extra local metadata injection, not core model/network access.
- Minimal compatibility helpers for analytics and GrowthBook still exist in the tree as local no-op or cache-only code.