Remove internal-only tooling from the external build (#352)
* Remove internal-only tooling without changing external runtime contracts This trims the lowest-risk internal-only surfaces first: deleted internal modules are replaced by build-time no-op stubs, the bundled stuck skill is removed, and the insights S3 upload path now stays local-only. The privacy verifier is expanded and the remaining bundled internal Slack/Artifactory strings are neutralized without broad repo-wide renames. Constraint: Keep the first PR deletion-heavy and avoid mass rewrites of USER_TYPE, tengu, or claude_code identifiers Rejected: One-shot DMCA cleanup branch | too much semantic risk for a first PR Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Treat full-repo typecheck as a baseline issue on this upstream snapshot; do not claim this commit introduced the existing non-Phase-A errors without isolating them first Tested: bun run build Tested: bun run smoke Tested: bun run verify:privacy Not-tested: Full repo typecheck (currently fails on widespread pre-existing upstream errors outside this change set) * Keep minimal source shims so CI can import Phase A cleanup paths The first PR removed internal-only source files entirely, but CI provider and context tests import those modules directly from source rather than through the build-time no-telemetry stubs. This restores tiny no-op source shims so tests and local source imports resolve while preserving the same external runtime behavior. Constraint: GitHub Actions runs source-level tests in addition to bundled build/privacy checks Rejected: Revert the entire deletion pass | unnecessary once the import contract is satisfied by small shims Confidence: high Scope-risk: narrow Reversibility: clean Directive: For later cleanup phases, treat build-time stubs and source-test imports as separate compatibility surfaces Tested: bun run build Tested: bun run smoke Tested: bun run verify:privacy Tested: bun run test:provider Tested: bun run test:provider-recommendation Not-tested: Full repo typecheck (still noisy on this upstream snapshot) --------- Co-authored-by: anandh8x <test@example.com>
This commit is contained in:
Anandan
GitHub
@@ -1,90 +1,9 @@
|
||||
import { readFile } from 'fs/promises'
|
||||
import memoize from 'lodash-es/memoize.js'
|
||||
import type { ToolPermissionContext } from '../Tool.js'
|
||||
import { jsonStringify } from '../utils/slowOperations.js'
|
||||
import {
|
||||
type AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
|
||||
logEvent,
|
||||
} from './analytics/index.js'
|
||||
export async function logPermissionContextForAnts(): Promise<void> {}
|
||||
|
||||
/**
|
||||
* Get the current Kubernetes namespace:
|
||||
* Returns null on laptops/local development,
|
||||
* "default" for devboxes in default namespace,
|
||||
* "ts" for devboxes in ts namespace,
|
||||
* ...
|
||||
*/
|
||||
const getKubernetesNamespace = memoize(async (): Promise<string | null> => {
|
||||
if (process.env.USER_TYPE !== 'ant') {
|
||||
return null
|
||||
}
|
||||
const namespacePath =
|
||||
'/var/run/secrets/kubernetes.io/serviceaccount/namespace'
|
||||
const namespaceNotFound = 'namespace not found'
|
||||
try {
|
||||
const content = await readFile(namespacePath, { encoding: 'utf8' })
|
||||
return content.trim()
|
||||
} catch {
|
||||
return namespaceNotFound
|
||||
}
|
||||
})
|
||||
|
||||
/**
|
||||
* Get the OCI container ID from within a running container
|
||||
*/
|
||||
export const getContainerId = memoize(async (): Promise<string | null> => {
|
||||
if (process.env.USER_TYPE !== 'ant') {
|
||||
return null
|
||||
}
|
||||
const containerIdPath = '/proc/self/mountinfo'
|
||||
const containerIdNotFound = 'container ID not found'
|
||||
const containerIdNotFoundInMountinfo = 'container ID not found in mountinfo'
|
||||
try {
|
||||
const mountinfo = (
|
||||
await readFile(containerIdPath, { encoding: 'utf8' })
|
||||
).trim()
|
||||
|
||||
// Pattern to match both Docker and containerd/CRI-O container IDs
|
||||
// Docker: /docker/containers/[64-char-hex]
|
||||
// Containerd: /sandboxes/[64-char-hex]
|
||||
const containerIdPattern =
|
||||
/(?:\/docker\/containers\/|\/sandboxes\/)([0-9a-f]{64})/
|
||||
|
||||
const lines = mountinfo.split('\n')
|
||||
|
||||
for (const line of lines) {
|
||||
const match = line.match(containerIdPattern)
|
||||
if (match && match[1]) {
|
||||
return match[1]
|
||||
}
|
||||
}
|
||||
|
||||
return containerIdNotFoundInMountinfo
|
||||
} catch {
|
||||
return containerIdNotFound
|
||||
}
|
||||
})
|
||||
|
||||
/**
|
||||
* Logs an event with the current namespace and tool permission context
|
||||
*/
|
||||
export async function logPermissionContextForAnts(
|
||||
toolPermissionContext: ToolPermissionContext | null,
|
||||
moment: 'summary' | 'initialization',
|
||||
): Promise<void> {
|
||||
if (process.env.USER_TYPE !== 'ant') {
|
||||
return
|
||||
}
|
||||
|
||||
void logEvent('tengu_internal_record_permission_context', {
|
||||
moment:
|
||||
moment as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
|
||||
namespace:
|
||||
(await getKubernetesNamespace()) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
|
||||
toolPermissionContext: jsonStringify(
|
||||
toolPermissionContext,
|
||||
) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
|
||||
containerId:
|
||||
(await getContainerId()) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
|
||||
})
|
||||
export async function getKubernetesNamespace(): Promise<null> {
|
||||
return null
|
||||
}
|
||||
|
||||
export async function getContainerId(): Promise<null> {
|
||||
return null
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user