Skip to content

fork: establish algolia/rtk identity with no-telemetry CI guard#1

Merged
PLNech merged 7 commits intomainfrom
fork/algolia-identity
Mar 18, 2026
Merged

fork: establish algolia/rtk identity with no-telemetry CI guard#1
PLNech merged 7 commits intomainfrom
fork/algolia-identity

Conversation

@PLNech
Copy link
Copy Markdown
Member

@PLNech PLNech commented Mar 17, 2026

Summary

Addresses the issue raised by Emma D'Arcy (2026-03-10): install script was fetching from upstream rtk-ai/rtk instead of our fork, risking telemetry-enabled releases.

  • install.sh points to algolia/rtk at pinned v0.22.2 (overridable via RTK_VERSION=vX.Y.Z)
  • New ci.yml: build/test/clippy/fmt on ubuntu + macOS, plus dedicated telemetry-guard job
  • Telemetry guard blocks: src/telemetry.rs, forbidden deps (ureq, reqwest, sha2, hostname), phone-home source patterns
  • 19 files updated: all install/clone/download URLs → algolia/rtk (CHANGELOG historical links preserved)
  • All workflows target main (not master)
  • Upstream push-disabled: git remote set-url --push upstream no-push-to-upstream
  • README: Prominent no-telemetry section at the top for visibility
  • CLAUDE.md: Fork maintenance strategy, sync policy, telemetry exclusion rules documented

For Security Review

See CHANGELOG entry 0.22.3-algolia.1 for full scope. Key facts:

  1. No telemetry in this fork — grep -r "ureq\|reqwest\|telemetry" src/ returns nothing
  2. CI telemetry-guard job enforces this on every PR going forward
  3. Upstream added src/telemetry.rs in v0.29.0: daily HTTP ping with device hash, OS, command usage stats
  4. Our fork predates that addition — clean lineage confirmed

Test plan

  • CI passes on this PR (validates ci.yml + telemetry-guard)
  • install.sh points to algolia/rtk releases
  • README no-telemetry section visible at top
  • Security reviewer can point to CHANGELOG 0.22.3-algolia.1

PLNech added 7 commits March 17, 2026 21:15
@PLNech
fork: establish algolia/rtk identity with no-telemetry CI guard
e316914 
- install.sh now points to algolia/rtk at pinned v0.22.2
  (overridable via RTK_VERSION env var)
- All docs, scripts, CI workflows updated from rtk-ai/rtk to algolia/rtk
- CHANGELOG historical upstream links preserved for attribution
- All GitHub Actions workflows target 'main' branch (not 'master')
- New ci.yml: build/test/clippy/fmt on ubuntu + macOS
- New telemetry-guard CI job: blocks telemetry.rs, ureq, sha2,
  hostname deps, and phone-home patterns in source
- CLAUDE.md documents fork maintenance strategy, sync policy,
  and telemetry exclusion rules
@PLNech
fix: resolve all clippy -D warnings (pre-existing)
435ac51
@PLNech
fix: rustfmt formatting for has_limit_flag chain
f9d442b
@PLNech
fix: resolve remaining clippy -D warnings across 20 files
b76690e
@PLNech
fix: cargo fmt formatting for container.rs and detector.rs; tighten p…
e6963b3 
…re-commit hook to match CI
@PLNech
ci: parallelize fmt/telemetry-guard, add rust-cache, skip release bui…
09784e9 
…ld on PRs
@PLNech
ci: use actions/cache@v4 for Rust build cache (zero third-party trust)
1a4b175
@PLNech PLNech force-pushed the fork/algolia-identity branch from b6823a7 to 1a4b175 Compare March 17, 2026 21:34
@PLNech PLNech merged commit 3e2fa5d into main Mar 18, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PLNech