[stealth 02/11] Gate identifying features for stealth builds#8786
[stealth 02/11] Gate identifying features for stealth builds#8786reflog wants to merge 11 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces compile-time “stealth build” feature gates (driven by --dart-define env vars) to remove/short-circuit high-identification surfaces (OAuth, payments, app links, social/external links, auto-update) while preserving lower-profile auth flows like email/password and license-style activation.
Changes:
- Add stealth build detection and derived
enable*gates inAppBuildInfo, plus documentation for build flags and expected artifact leakage checks. - Gate UI entry points and runtime handlers for OAuth, deep links, payments/restore/manage-subscription flows, and social/download/forum surfaces.
- Disable desktop auto-update initialization/checks and appcast URL resolution in stealth builds.
Reviewed changes
Copilot reviewed 25 out of 25 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| lib/main.dart | Gate updater initialization behind enableAutoUpdate. |
| lib/lantern_app.dart | Gate deep link subscription and OAuth callback deep links behind build flags. |
| lib/features/support/support.dart | Hide forum/FAQ/privacy/terms + download/follow surfaces when social links are disabled. |
| lib/features/setting/setting.dart | Hide upgrade/pro, update-check, and external project/referral surfaces behind build flags. |
| lib/features/setting/follow_us.dart | Short-circuit “Follow us” UI when social links are disabled. |
| lib/features/setting/download_links.dart | Short-circuit “Download links” UI when social links are disabled. |
| lib/features/plans/restore_purchase_mixin.dart | Block restore flows when store payments are disabled. |
| lib/features/plans/provider/payment_notifier.dart | Add feature-disabled early returns for payment/IAP APIs and centralize failure creation. |
| lib/features/plans/plans.dart | Block menu/payment flows when payments/store payments are disabled; preserve license/email path. |
| lib/features/home/provider/radiance_settings_providers.dart | Return safe defaults for OAuth-derived settings when OAuth is disabled. |
| lib/features/auth/sign_in_email.dart | Hide OAuth login buttons and block OAuth result handling when OAuth is disabled. |
| lib/features/auth/provider/auth_notifier.dart | Block OAuth login/callback APIs when OAuth is disabled; add feature-disabled failures. |
| lib/features/auth/confirm_email.dart | Route away from payment-based flows when payments are disabled. |
| lib/features/auth/choose_payment_method.dart | Short-circuit payment-method screen when payments are disabled. |
| lib/features/auth/add_email.dart | Hide OAuth sign-up buttons and block OAuth result handling when OAuth is disabled. |
| lib/features/account/delete_account.dart | Gate SSO/OAuth-based delete-account verification behind OAuth enablement. |
| lib/features/account/account.dart | Hide/manage subscription CTAs and renewal entry points when payments are disabled. |
| lib/core/widgets/pro_banner.dart | Hide pro banner in builds where payments are disabled. |
| lib/core/widgets/oauth_login.dart | Make OAuthLogin a no-op widget/handler when OAuth is disabled. |
| lib/core/updater/updater.dart | Disable updater init/checks and appcast usage when auto-update is disabled. |
| lib/core/services/injection_container.dart | Skip AppPurchase initialization when payments/store payments are disabled. |
| lib/core/common/common.dart | Make isStoreVersion() return false when payments/store payments are disabled. |
| lib/core/common/app_urls.dart | Convert social URLs + appcast lookup to be build-flag-aware (including nullable appcast). |
| lib/core/common/app_build_info.dart | Add stealth env parsing and enable* gates derived from stealth mode. |
| docs/stealth-feature-gates.md | Document stealth flags, gated surfaces, and leakage-check expectations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 47 out of 47 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
lib/core/widgets/app_webview.dart:216
- OAuth completion handling in AppWebView is still active even when stealth gates disable OAuth. Because this block (and the earlier
lantern://authcallback) is not guarded by a compile-timeAppBuildInfo.enableOAuthcheck, the/auth+tokencallback surface and related strings remain in the stealth artifact and can still be triggered if a webview navigates there. Wrap the OAuth callback handling in_handleCompletionUrlwithAppBuildInfo.enableOAuth(ideally as part of the condition) so it is compiled out for stealth builds.
if (AppUrls.isLanternHost(uri.host) &&
uri.path == '/auth' &&
uri.queryParameters.containsKey('token')) {
loading.stop();
await appRouter.maybePop(uri.queryParameters);
|
@copilot review |
|
@copilot review |
processOAuthResult is only reachable when isSSOUser==true, which already short-circuits to false when AppBuildInfo.enableOAuth==false (line 39-41). The explicit guard was dead code. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
5302aaa to
2e80f62
Compare
|
Superseded — the 11 per-issue stealth PRs were consolidated into a 6-PR stack for epic getlantern/engineering#3569. This work now lives in #8861. |
Summary
STEALTH_BUILD=trueorSTEALTH_MODE=stealth-vpn/stealth-novpnCloses getlantern/engineering#3574
Validation
dart format --set-exit-if-changedon touched Dart filesflutter analyze --no-pub --no-fatal-infoson touched Dart filesgit diff --cached --checkAnalyzer notes
use_build_context_synchronously, private type in public API). There are no warnings/errors after removing the new unused imports.Not included