Enable telemetry in shipped wheel and reword consent as "unlinked pseudonymized"#810
Merged
Merged
Conversation
Re-enable telemetry in the shipped wheel by restoring the iKey-injection and post-build verify steps removed in #728. The sdist still ships the empty placeholder; only the wheel carries the injected key, gated on the INSTRUMENTATION_KEY build secret defined in the ADO pipeline.
Replace "anonymous" with "unlinked pseudonymized" in the first-run consent prompt and Privacy.md to accurately classify the collected data (a persisted per-machine device-id hash is pseudonymized, not anonymous). Bump _CONSENT_VERSION 1 -> 2 so already-consented users see and re-accept the updated notice.
Document the now-enabled telemetry in the README: what's collected at a glance, first-run consent, opt-out via %USERPROFILE%\.winml\config.json, CI/non-TTY auto-disable, and a pointer to docs/Privacy.md. Uses the 'unlinked pseudonymized' classification.
Drop the CI/non-TTY auto-disable note and the dev-installs note from the README Data / Telemetry section; both details remain documented in docs/Privacy.md.
xieofxie
approved these changes
Jun 4, 2026
xieofxie
reviewed
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
InstrumentationKeyinjection + post-build verify steps inmodelkit-official-build.yml(reverting the pipeline portion of ci: disable telemetry in shipped artifacts #728). The PyPI sdist still ships the empty placeholder; only the wheel carries the injected key, gated on theINSTRUMENTATION_KEYbuild secret defined in the ADO pipeline.consent.py) anddocs/Privacy.md. This is the more accurate classification — the persisted per-machine device-id hash is pseudonymized, not anonymous._CONSENT_VERSION1 → 2 so already-consented users see and re-accept the updated notice.Notes
constants.pykeeps the empty iKey placeholder, so dev/source installs (pip install -e .) still never emit.INSTRUMENTATION_KEYADO pipeline secret. ci: disable telemetry in shipped artifacts #728 removed only the consuming steps, so the secret should still exist — please confirm it's present/valid before the next official build, or the build fails closed withINSTRUMENTATION_KEY env var is empty or missing.Verified: telemetry unit + integration suites pass (185 + 4); pipeline block confirmed byte-identical to the proven pre-#728 version.