Add _openBuildDefaults in the GrowthBook stub (no-telemetry-plugin.ts)
with all 66 runtime feature keys, organized by category with inline
comments describing each flag's purpose.
Override tengu_sedge_lantern (AWAY_SUMMARY) and tengu_hive_evidence
(VERIFICATION_AGENT) to true so these features work out of the box
without requiring manual ~/.claude/feature-flags.json setup.
Priority: feature-flags.json > _openBuildDefaults > upstream default
* feat: local feature flag overrides via ~/.claude/feature-flags.json
Replace the GrowthBook no-op stub with a local JSON file reader that
gives open-build users control over ~50 tengu_* feature flags without
needing Anthropic's GrowthBook server.
How it works:
- On first flag lookup, lazily reads ~/.claude/feature-flags.json
- Returns the configured value if the key exists, defaultValue otherwise
- When the file is absent, behavior is identical to the current stub
- CLAUDE_FEATURE_FLAGS_FILE env var overrides the file path (CI/testing)
Example ~/.claude/feature-flags.json:
{ "tengu_kairos_cron": true, "tengu_scratch": true }
Continues the infrastructure work from #315 and #352. This is a
prerequisite for replacing remaining USER_TYPE gates with local config.
* fix: use ESM imports and validate JSON shape in growthbook stub
- Replace require('fs'/'path'/'os') with ESM imports (node: prefix)
to avoid ReferenceError in ESM bundle output
- Validate JSON.parse result is a plain object before using `in` operator
to prevent TypeError on non-object JSON values
Addresses Copilot review comments on #639
* fix: reset flags cache in resetGrowthBook and refreshGrowthBookFeatures
Set _flags back to undefined so subsequent lookups re-read the JSON
file. Enables runtime reload and proper test isolation.
Addresses Copilot review comment on #639
* docs: explain why checkSecurityRestrictionGate is excluded from local flags
This is a remote killswitch for bypassPermissions mode — exposing it
via the local JSON file would let users accidentally disable
--dangerously-skip-permissions without understanding why.
* test: add unit tests for growthbook stub local feature flags
Covers: valid JSON loading, missing file fallback, malformed JSON,
non-object JSON (primitive, array), cache invalidation via
resetGrowthBook/refreshGrowthBookFeatures, all getter variants,
and checkSecurityRestrictionGate always returning false.
12 tests, 21 assertions.
* fix: use Object.hasOwn instead of in operator for flag lookup
Prevents inherited prototype properties (toString, constructor, etc.)
from being returned as flag values.
Addresses Copilot review comment on #639
* fix: align gate stub signatures and add Boolean coercion
Address remaining Copilot review feedback:
- checkSecurityRestrictionGate: accept gate param to match real signature
- checkStatsigFeatureGate/checkGate: coerce with Boolean() like real impl
* Remove internal-only tooling without changing external runtime contracts
This trims the lowest-risk internal-only surfaces first: deleted internal
modules are replaced by build-time no-op stubs, the bundled stuck skill is
removed, and the insights S3 upload path now stays local-only. The privacy
verifier is expanded and the remaining bundled internal Slack/Artifactory
strings are neutralized without broad repo-wide renames.
Constraint: Keep the first PR deletion-heavy and avoid mass rewrites of USER_TYPE, tengu, or claude_code identifiers
Rejected: One-shot DMCA cleanup branch | too much semantic risk for a first PR
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Treat full-repo typecheck as a baseline issue on this upstream snapshot; do not claim this commit introduced the existing non-Phase-A errors without isolating them first
Tested: bun run build
Tested: bun run smoke
Tested: bun run verify:privacy
Not-tested: Full repo typecheck (currently fails on widespread pre-existing upstream errors outside this change set)
* Keep minimal source shims so CI can import Phase A cleanup paths
The first PR removed internal-only source files entirely, but CI provider
and context tests import those modules directly from source rather than
through the build-time no-telemetry stubs. This restores tiny no-op source
shims so tests and local source imports resolve while preserving the same
external runtime behavior.
Constraint: GitHub Actions runs source-level tests in addition to bundled build/privacy checks
Rejected: Revert the entire deletion pass | unnecessary once the import contract is satisfied by small shims
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: For later cleanup phases, treat build-time stubs and source-test imports as separate compatibility surfaces
Tested: bun run build
Tested: bun run smoke
Tested: bun run verify:privacy
Tested: bun run test:provider
Tested: bun run test:provider-recommendation
Not-tested: Full repo typecheck (still noisy on this upstream snapshot)
---------
Co-authored-by: anandh8x <test@example.com>
Adds a Bun build plugin that replaces analytics/telemetry modules with
no-op stubs at compile time.
Primary targets (NOT killed by PR #94 or the feature() shim):
- GrowthBook: phones home to api.anthropic.com on every launch,
sending account UUID, org UUID, email, device ID, subscription
type. Refreshes every 6 hours. Now returns defaults without
making any network call.
- Auto-updater: contacts storage.googleapis.com and npm registry
on launch to check for new versions. Now returns null/no-op.
Defense-in-depth (already gated by PR #94 or feature flags, but
now the code itself is replaced with empty functions):
- Datadog, 1P event logging, BigQuery metrics, Perfetto tracing,
session tracing, plugin fetch telemetry, transcript sharing.
Deliberately NOT stubbed:
- Plugin marketplace (downloads.claude.ai) — needed for /plugin
- User-configurable OTel (CLAUDE_CODE_ENABLE_TELEMETRY) — opt-in
Implementation: separate plugin file (scripts/no-telemetry-plugin.ts)
with a 2-line hook in build.ts. The plugin file does not exist
upstream so it cannot cause merge conflicts.
