vlad/claude-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

axios+telemetry cleanup

Browse Source
This commit is contained in:
Vlad Durnea
2026-04-02 15:19:11 +03:00
parent a3cbca1e11
commit 7e1eac8002
100 changed files with 3048 additions and 4491 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
PLAN.md Normal file
View File

@@ -0,0 +1,47 @@
## Plan
### Goals
- Replace all `axios` usage with `nativeRequest` from `utils/http.js`
- Remove outbound telemetry/spying requests while keeping functional analytics (auth flows + GrowthBook feature flags)
- Do a quick security pass to remove obvious vulnerabilities and risky network behaviors
### Current Status
- Completed axios → nativeRequest conversions:
- `services/mcp/officialRegistry.ts`
- `services/mcp/claudeai.ts`
- `services/oauth/getOauthProfile.ts`
- In progress:
- `services/settingsSync/index.ts` (axios import removed; remaining axios calls + error classification need conversion)
### Next Steps (Axios Removal)
1. Fix `services/settingsSync/index.ts`
- Replace `classifyAxiosError` import with `classifyHttpError` from `utils/errors.js`
- Replace `axios.get(..., validateStatus: 200|404)` with `nativeRequest` + `try/catch` handling for `HttpError` 404
- Replace `axios.put(...)` with `nativeRequest` (`method: 'PUT'`, JSON body)
2. Convert `services/oauth/client.ts`
- Replace `axios.post/get` with `nativeRequest`
- Replace `axios.isAxiosError` handling with `isHttpError`
- Preserve analytics events but ensure no tokens/PII are logged
3. Convert `services/policyLimits/index.ts`
- Replace `classifyAxiosError` with `classifyHttpError`
- Replace `axios.get(... validateStatus: 200|304|404)` with `nativeRequest` + `try/catch` handling for `HttpError` statuses
- Preserve existing caching semantics (304 means cache valid; 404 means empty restrictions)
4. Convert `services/remoteManagedSettings/index.ts` (same pattern as policy limits, plus 204/304/404 handling)
5. Convert remaining axios users (transports, bridge, installers, feedback, etc.)
### Telemetry / “Spying” Removal
- Search for outbound tracking endpoints and SDKs (events, crash reporting, session replay, fingerprinting)
- Remove or gate non-essential outbound calls behind “essential traffic only” where appropriate
- Keep:
- OAuth/auth network flows required for functionality
- GrowthBook feature flag fetches required for feature gating
### Security Pass (Quick Wins)
- Ensure no secrets/tokens are logged or included in analytics payloads
- Validate any places that build URLs/headers from user input to prevent SSRF or header injection
- Enforce timeouts on outbound requests and avoid overly permissive redirects
- Verify files written to disk use safe permissions (e.g. `0o600` for sensitive caches) and safe paths
### Verification
- Run the repos lint/typecheck commands
- Run test suite (or targeted tests) for settings sync / oauth client flows if present