Skip to content

Fix telemetry security and reliability issues from PR #2 review#4

Merged
willwashburn merged 3 commits into
telemtryfrom
copilot/sub-pr-2
Feb 8, 2026
Merged

Fix telemetry security and reliability issues from PR #2 review#4
willwashburn merged 3 commits into
telemtryfrom
copilot/sub-pr-2

Conversation

Copilot AI commented Feb 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Addresses 8 review comments on PostHog telemetry implementation covering privacy, error handling, and session tracking.

Privacy & Security

  • Site DNT support: No-op telemetry when navigator.doNotTrack is enabled
  • Sensitive data sanitization: Query strings filtered to UTM params only, referrers reduced to origin 
    // Before: full URL + referrer sent
{ referrer: "https://internal.corp/secret?token=xyz", query: "?token=abc&utm_source=github" }

// After: sanitized
{ referrer: "https://internal.corp", query_params: "?utm_source=github" }

Error Handling

  • Filesystem operations: CLI and MCP telemetry wrapped in try/catch, falls back to ephemeral anonymous IDs in read-only environments
  • Malformed state: Gracefully handles corrupted ~/.relay/telemetry.json

Session Tracking

  • HTTP transport: Single telemetry instance per MCP session (was creating duplicate clients)
  • Property collision: Renamed MCP transport's session_idmcp_transport_session_id to avoid overwriting base telemetry session

Testing

  • MCP telemetry module: 12 tests covering opt-out precedence, host trimming, error tolerance, flush behavior

Misc

  • CLI version: Updated hardcoded CLI_VERSION from 0.1.0 to 0.1.2 (matches package.json)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Feb 8, 2026
Merged
Copilot AI and others added 2 commits February 8, 2026 22:54
@willwashburn
Address telemetry review comments: add tests, error handling, DNT sup…
cd90129 
…port, and fix issues

Co-authored-by: willwashburn <957608+willwashburn@users.noreply.github.com>
@willwashburn
Address code review feedback: improve test clarity and variable naming
83859a5 
Co-authored-by: willwashburn <957608+willwashburn@users.noreply.github.com>

Copilot AI commented Feb 8, 2026

Copy link
Copy Markdown
Contributor Author

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • posthog.example.com
    • Triggering command: /opt/hostedtoolcache/node/24.13.0/x64/bin/node /opt/hostedtoolcache/node/24.13.0/x64/bin/node --conditions node --conditions development --experimental-import-meta-resolve --require /home/REDACTED/work/relaycast/relaycast/packages/mcp/node_modules/vitest/suppress-warnings.cjs /home/REDACTED/work/relaycast/relaycast/packages/mcp/node_modules/vitest/dist/workers/forks.js (dns block)
  • relay.posthog.com
    • Triggering command: /opt/hostedtoolcache/node/24.13.0/x64/bin/node /opt/hostedtoolcache/node/24.13.0/x64/bin/node --conditions node --conditions development --experimental-import-meta-resolve --require /home/REDACTED/work/relaycast/relaycast/packages/mcp/node_modules/vitest/suppress-warnings.cjs /home/REDACTED/work/relaycast/relaycast/packages/mcp/node_modules/vitest/dist/workers/forks.js (dns block)
  • us.i.posthog.com
    • Triggering command: /opt/hostedtoolcache/node/24.13.0/x64/bin/node /opt/hostedtoolcache/node/24.13.0/x64/bin/node --conditions node --conditions development --experimental-import-meta-resolve --require /home/REDACTED/work/relaycast/relaycast/packages/mcp/node_modules/vitest/suppress-warnings.cjs /home/REDACTED/work/relaycast/relaycast/packages/mcp/node_modules/vitest/dist/workers/forks.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] Add PostHog telemetry for site, CLI, and MCP with opt-out controls Fix telemetry security and reliability issues from PR #2 review Feb 8, 2026
Copilot AI requested a review from willwashburn February 8, 2026 22:58
@willwashburn willwashburn marked this pull request as ready for review February 8, 2026 23:20
@willwashburn willwashburn merged commit be6fe19 into telemtry Feb 8, 2026
@willwashburn willwashburn deleted the copilot/sub-pr-2 branch February 8, 2026 23:20
@willwashburn willwashburn mentioned this pull request May 31, 2026
Merged
@willwashburn willwashburn mentioned this pull request Jun 14, 2026
Merged
@willwashburn willwashburn mentioned this pull request Jun 25, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@willwashburn willwashburn Awaiting requested review from willwashburn

Assignees

@willwashburn willwashburn

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@willwashburn