feat(privacy): remove extension LLM telemetry; gateway-only server logs#346
Open
JamesRobert20 wants to merge 2 commits into
Open
feat(privacy): remove extension LLM telemetry; gateway-only server logs#346JamesRobert20 wants to merge 2 commits into
JamesRobert20 wants to merge 2 commits into
Conversation
JamesRobert20
requested review from
edelauna,
hannesrudolph,
navedmerchant and
taltas
as code owners
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds a new "zoo-gateway" provider end-to-end (types, provider module, fetchers, handler, API wiring), updates model-cache behavior for auth-scoped models, extends webview/settings UI and validation, propagates Zoo auth tokens to all provider instances, expands telemetry to all authenticated users, updates PRIVACY.md, adds i18n keys and tests, and revises Vite build config. ChangesZoo Gateway + Telemetry
Estimated code review effort: 🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested reviewers
✨ Finishing Touches🧪 Generate unit tests (beta)
|
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
f0aa066 to
3251b6e
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
proyectoauraorg
approved these changes
May 27, 2026
Contributor
proyectoauraorg
left a comment
proyectoauraorg
left a comment
There was a problem hiding this comment.
Review: Privacy/Telemetry Alignment
Verdict: ✅ Approved
Verified
- ✅
zoo-telemetry.test.ts— 5 tests pass (including new 'all authenticated users' test) - ✅ Subscription check removal is correct — server-side gating at zoocode.dev
- ✅ PRIVACY.md matches the code changes (90-day retention, plan-gated dashboard)
- ✅ Net code reduction (-10 lines) — removes unnecessary complexity
Important
The old code sent telemetry only to users with active subscriptions. This PR removes that client-side gate, so all authenticated users (free and paid) will now send telemetry. This is correct IF the server enforces plan-gated dashboard visibility (7 days Free / 90 days Pro+).
Recommend confirming that zoocode.dev server-side retention and dashboard visibility policies are implemented before merging this PR.
Dependency
Independent of the Zoo Gateway stack. Can merge to main at any time.
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
3251b6e to
89559d5
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 11
Note
Due to the large number of review comments, Critical, Major severity comments were prioritized as inline comments.
🟡 Minor comments (11)
webview-ui/src/i18n/locales/es/settings.json-455-455 (1)
455-455:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix garbled UTF-8 text in Spanish locale strings.
Line 455 and Line 871 contain mojibake, so these messages will display corrupted characters in the UI.
💡 Proposed fix
- "googleCloudCredentialsPathWarning": "Este campo espera el contenido JSON de un archivo de clave de cuenta de servicio, no una ruta. Si tienes una ruta, p├⌐gala en el campo <strong>Ruta del archivo de clave de Google Cloud</strong> a continuaci├│n, o borra este campo y utiliza la variable de entorno <code>GOOGLE_APPLICATION_CREDENTIALS</code>.", + "googleCloudCredentialsPathWarning": "Este campo espera el contenido JSON de un archivo de clave de cuenta de servicio, no una ruta. Si tienes una ruta, pégala en el campo <strong>Ruta del archivo de clave de Google Cloud</strong> a continuación, o borra este campo y utiliza la variable de entorno <code>GOOGLE_APPLICATION_CREDENTIALS</code>.", @@ - "automaticFetch": "La extensi├│n obtiene autom├íticamente la lista m├ís reciente de modelos disponibles en <serviceLink>{{serviceName}}</serviceLink>. Si no est├í seguro de qu├⌐ modelo elegir, Zoo Code funciona mejor con <defaultModelLink>{{defaultModelId}}</defaultModelLink>. Tambi├⌐n puede buscar \"free\" para opciones sin costo actualmente disponibles.", + "automaticFetch": "La extensión obtiene automáticamente la lista más reciente de modelos disponibles en <serviceLink>{{serviceName}}</serviceLink>. Si no está seguro de qué modelo elegir, Zoo Code funciona mejor con <defaultModelLink>{{defaultModelId}}</defaultModelLink>. También puede buscar \"free\" para opciones sin costo actualmente disponibles.",Also applies to: 871-871
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/es/settings.json` at line 455, The Spanish locale string under the key "googleCloudCredentialsPathWarning" contains mojibake (e.g., "p├⌐gala", "a continuaci├│n"); update that value to use proper UTF-8 accented characters (e.g., "pégala", "a continuación") and scan the same file for the other affected key around line 871 to fix similar garbled sequences so all Spanish strings are valid UTF-8.src/api/providers/fetchers/zoo-gateway.ts-68-77 (1)
68-77:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winSkip model discovery when there is no session token.
Line 59 states auth is required, but Lines 68-77 still issue a network call without credentials. That creates guaranteed failures and noisy logs for signed-out users.
💡 Proposed fix
- const sessionToken = options?.zooSessionToken || getCachedZooCodeToken() - const headers: Record<string, string> = {} - if (sessionToken) { - headers["Authorization"] = `Bearer ${sessionToken}` - } + const sessionToken = options?.zooSessionToken ?? getCachedZooCodeToken() + if (!sessionToken) { + return models + } + const headers: Record<string, string> = { + Authorization: `Bearer ${sessionToken}`, + }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/api/providers/fetchers/zoo-gateway.ts` around lines 68 - 77, The code issues an axios.get to `${baseURL}/models` even when no session token is available (sessionToken from options?.zooSessionToken || getCachedZooCodeToken), causing needless failed requests; update the logic to short-circuit before the network call when sessionToken is falsy (e.g., return an empty models list or null from the enclosing function), so do not call axios.get or use MODEL_DISCOVERY_TIMEOUT_MS without credentials—use the sessionToken variable and the axios.get call sites as the anchors to implement the early return.webview-ui/src/i18n/locales/de/settings.json-455-455 (1)
455-455:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix the mojibake in these German strings.
Both translated values are corrupted, so
googleCloudCredentialsPathWarningandmodelPicker.automaticFetchwill render as unreadable text in the settings UI.Also applies to: 871-871
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/de/settings.json` at line 455, The German strings contain mojibake where umlauts were corrupted; update the values for the keys googleCloudCredentialsPathWarning and modelPicker.automaticFetch in the locales file to use the correct German characters (e.g., "Schlüssel" and "Schlüsseldateipfad") so the messages read correctly—specifically replace "Schl├╝ssel" and "Schl├╝sseldateipfad" with "Schlüssel" and "Schlüsseldateipfad" and ensure the rest of the punctuation/HTML/templating (like <strong> and <code>) remains unchanged.webview-ui/src/i18n/locales/tr/settings.json-455-455 (1)
455-455:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix the mojibake in these Turkish strings.
googleCloudCredentialsPathWarningandmodelPicker.automaticFetchare corrupted here, so the translated settings copy will render unreadably.Also applies to: 871-871
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/tr/settings.json` at line 455, The Turkish strings for keys googleCloudCredentialsPathWarning and modelPicker.automaticFetch contain mojibake (corrupted characters); open the localization entries for these keys, replace the corrupted characters with the correct Turkish characters/words (e.g., restore characters like ı, ş, ç, ğ, ö, ü) so the sentences read naturally, ensure the file is saved in UTF-8 without BOM, and also fix the identical corrupted instance noted around the other occurrence (modelPicker.automaticFetch) so both entries render correctly.webview-ui/src/i18n/locales/zh-TW/settings.json-465-465 (1)
465-465:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix the mojibake in these Traditional Chinese strings.
Both values are corrupted, so
googleCloudCredentialsPathWarningandmodelPicker.automaticFetchwill show unreadable text in the UI.Also applies to: 881-881
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/zh-TW/settings.json` at line 465, The Traditional Chinese strings for the keys googleCloudCredentialsPathWarning and modelPicker.automaticFetch are corrupted (mojibake); locate the JSON entries for "googleCloudCredentialsPathWarning" and "modelPicker.automaticFetch" and replace the garbled text with correct Traditional Chinese translations, preserving any inline HTML tags like <strong> and <code> and ensuring the meaning about setting GOOGLE_APPLICATION_CREDENTIALS and automatic model fetching remains accurate; also fix the duplicate occurrence noted (the other affected entry around the second mention) so both occurrences show readable Traditional Chinese.webview-ui/src/i18n/locales/pt-BR/settings.json-455-455 (1)
455-455:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix mojibake in Portuguese translations.
These strings are UTF-8 corrupted and will render broken text in UI.
💡 Suggested fix
- "googleCloudCredentialsPathWarning": "Este campo espera o conte├║do JSON de um arquivo de chave de conta de servi├ºo, n├úo um caminho. Se voc├¬ tiver um caminho, cole-o no campo <strong>Caminho do Arquivo de Chave Google Cloud</strong> abaixo, ou limpe este campo e use a vari├ível de ambiente <code>GOOGLE_APPLICATION_CREDENTIALS</code>.", + "googleCloudCredentialsPathWarning": "Este campo espera o conteúdo JSON de um arquivo de chave de conta de serviço, não um caminho. Se você tiver um caminho, cole-o no campo <strong>Caminho do Arquivo de Chave Google Cloud</strong> abaixo, ou limpe este campo e use a variável de ambiente <code>GOOGLE_APPLICATION_CREDENTIALS</code>.", @@ - "automaticFetch": "A extens├úo busca automaticamente a lista mais recente de modelos dispon├¡veis em <serviceLink>{{serviceName}}</serviceLink>. Se voc├¬ n├úo tem certeza sobre qual modelo escolher, o Zoo Code funciona melhor com <defaultModelLink>{{defaultModelId}}</defaultModelLink>. Voc├¬ tamb├⌐m pode pesquisar por \"free\" para encontrar op├º├╡es gratuitas atualmente dispon├¡veis.", + "automaticFetch": "A extensão busca automaticamente a lista mais recente de modelos disponíveis em <serviceLink>{{serviceName}}</serviceLink>. Se você não tem certeza sobre qual modelo escolher, o Zoo Code funciona melhor com <defaultModelLink>{{defaultModelId}}</defaultModelLink>. Você também pode pesquisar por \"free\" para encontrar opções gratuitas atualmente disponíveis.",Also applies to: 871-871
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/pt-BR/settings.json` at line 455, The Portuguese translation for the key "googleCloudCredentialsPathWarning" (and the other affected key around the same area) contains mojibake (UTF-8 corruption) and must be replaced with correctly encoded UTF-8 text; locate the "googleCloudCredentialsPathWarning" entry in the pt-BR locale and update the string to use proper Portuguese characters (e.g., "conteúdo", "conta de serviço", "não", "você", "variável de ambiente", "Caminho do Arquivo de Chave Google Cloud") so the UI renders correctly; ensure the same corrections are applied to the other corrupted pt-BR string referenced in the review.webview-ui/src/i18n/locales/it/settings.json-871-871 (1)
871-871:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix corrupted UTF-8 in Italian
modelPicker.automaticFetch.The string includes mojibake (
pi├╣) and will display incorrectly.💡 Suggested fix
- "automaticFetch": "L'estensione recupera automaticamente l'elenco pi├╣ recente dei modelli disponibili su <serviceLink>{{serviceName}}</serviceLink>. Se non sei sicuro di quale modello scegliere, Zoo Code funziona meglio con <defaultModelLink>{{defaultModelId}}</defaultModelLink>. Puoi anche cercare \"free\" per opzioni gratuite attualmente disponibili.", + "automaticFetch": "L'estensione recupera automaticamente l'elenco più recente dei modelli disponibili su <serviceLink>{{serviceName}}</serviceLink>. Se non sei sicuro di quale modello scegliere, Zoo Code funziona meglio con <defaultModelLink>{{defaultModelId}}</defaultModelLink>. Puoi anche cercare \"free\" per opzioni gratuite attualmente disponibili.",🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/it/settings.json` at line 871, The value for the i18n key modelPicker.automaticFetch contains mojibake ("pi├╣") instead of the correct Italian character; update the string for modelPicker.automaticFetch to replace "pi├╣ recente" with "più recente" (keep the existing HTML-like links <serviceLink>{{serviceName}}</serviceLink> and <defaultModelLink>{{defaultModelId}}</defaultModelLink> and preserve any escaped quotes), ensuring the file is saved as UTF-8 so the "ù" character is stored correctly.src/core/webview/__tests__/ClineProvider.spec.ts-3760-3771 (1)
3760-3771:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winAssert the state refresh you claim in the test.
This case only verifies the log path. A regression where
handleZooCodeCallback()stops callingpostStateToWebview()would still pass, despite the test name promising that behavior. Add an explicitexpect(provider.postStateToWebview).toHaveBeenCalled()or rename the test.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/core/webview/__tests__/ClineProvider.spec.ts` around lines 3760 - 3771, The test "logs and posts state when profile persistence fails" currently only asserts the log path; update the spec to also assert that provider.postStateToWebview was invoked after calling provider.handleZooCodeCallback("zoo_ext_token") (or alternatively rename the test to reflect it only verifies logging). Specifically, locate the test using provider.handleZooCodeCallback and add an expect(provider.postStateToWebview).toHaveBeenCalled() (or rename the it(...) description) so the test actually verifies the state-post behavior.webview-ui/src/i18n/locales/ca/settings.json-455-455 (1)
455-455:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix the encoding corruption in these translations.
These strings contain visible mojibake, so Catalan users will see broken copy in the settings UI. Please restore the intended text and save the file with the correct encoding.
Also applies to: 871-871
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/ca/settings.json` at line 455, The Catalan translation for the key "googleCloudCredentialsPathWarning" contains mojibake ("a continuaci├│")—replace it with the correct text ("a continuació") and verify the corresponding duplicate entry later in the same settings.json (the other occurrence flagged by the reviewer) is fixed the same way; finally re-save the file in UTF-8 (no BOM) to prevent encoding corruption going forward.webview-ui/src/i18n/locales/fr/settings.json-455-455 (1)
455-455:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winRestore these French strings before merge.
Both values contain mojibake, so the settings UI will show broken text instead of proper French copy. Reinsert the intended translation and save the file as UTF-8.
Also applies to: 871-871
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/fr/settings.json` at line 455, The JSON value for the "googleCloudCredentialsPathWarning" key contains mojibake (garbled characters); replace it with the correct French translation (use proper accents) and ensure the file is saved as UTF-8; also locate and fix the other occurrence noted (same mojibake at the other key around line 871) so both keys contain proper French strings with correct accents and encoding.webview-ui/src/i18n/locales/ja/settings.json-455-455 (1)
455-455:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix the mojibake in these localized strings.
Both entries are unreadable in the shipped UI because the text appears to have been saved with the wrong encoding. Restore the intended Japanese copy and re-save the file as UTF-8.
Also applies to: 871-871
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/i18n/locales/ja/settings.json` at line 455, The value for the i18n key "googleCloudCredentialsPathWarning" contains mojibake (wrong encoding); open the locale file, replace the garbled string with the correct Japanese copy for that key (preserving the intended inline tokens like <strong>Google Cloud…</strong> and <code>GOOGLE_APPLICATION_CREDENTIALS</code>), ensure the file is saved as UTF-8 (preferably UTF-8 without BOM), and apply the same fix to the other corrupted localized entry in the same file that was flagged as also affected.
🧹 Nitpick comments (2)
webview-ui/src/components/settings/providers/__tests__/ZooGateway.spec.tsx (1)
150-152: ⚡ Quick winMake the non-call assertion wait past effect flush.
This can pass too early before async effects settle, so it may miss a late
setApiConfigurationFieldcall.Proposed test hardening
+import { act } from "`@/utils/test-utils`" ... - await waitFor(() => { - expect(setApiConfigurationField).not.toHaveBeenCalled() - }) + await act(async () => { + await Promise.resolve() + }) + expect(setApiConfigurationField).not.toHaveBeenCalled()🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@webview-ui/src/components/settings/providers/__tests__/ZooGateway.spec.tsx` around lines 150 - 152, The non-call assertion for setApiConfigurationField in ZooGateway.spec.tsx can pass too early; wrap the expectation in waitFor that waits long enough for async effects (e.g., await waitFor(() => expect(setApiConfigurationField).not.toHaveBeenCalled(), { timeout: 1000 })) or explicitly flush pending promises before the assertion (e.g., await flushPromises(); expect(setApiConfigurationField).not.toHaveBeenCalled()); update the test to use one of these approaches targeting the waitFor/setApiConfigurationField usage so the assertion runs after effects settle.src/core/webview/__tests__/webviewMessageHandler.spec.ts (1)
397-433: ⚡ Quick winHarden shared mock cleanup to avoid test state bleed.
These tests mutate
mockClineProviderglobally and rely on inline cleanup. If a test fails early, state can leak into later tests. Move restoration toafterEach(ortry/finally) forproviderSettingsManager,upsertProviderProfile, and overriddencontextProxyfields.Suggested stabilization pattern
+let originalContextProxy: any + +beforeEach(() => { + originalContextProxy = mockClineProvider.contextProxy +}) + +afterEach(() => { + delete (mockClineProvider as any).providerSettingsManager + delete (mockClineProvider as any).upsertProviderProfile + ;(mockClineProvider as any).contextProxy = originalContextProxy +})Also applies to: 1163-1229
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/core/webview/__tests__/webviewMessageHandler.spec.ts` around lines 397 - 433, Tests mutate the shared mockClineProvider (providerSettingsManager, upsertProviderProfile, contextProxy) inline which can leak state if a test fails; instead, capture original values at test start and restore them in an afterEach hook (or wrap each test body in try/finally), e.g. save const origProviderSettings = (mockClineProvider as any).providerSettingsManager, origUpsert = (mockClineProvider as any).upsertProviderProfile, origContext = (mockClineProvider as any).contextProxy and restore them after the test; apply this stabilization for the tests that set providerSettingsManager, upsertProviderProfile, or override contextProxy (the block around webviewMessageHandler and the other similar test blocks).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/activate/handleUri.ts`:
- Around line 65-67: The loop over allInstances calls
instance.handleZooCodeCallback(token) directly, so one rejected call aborts the
whole loop; update the loop to call handleZooCodeCallback for each instance
inside a try/catch (e.g., within the for (const instance of allInstances)
block), catch and log the error (including instance identifier if available) and
continue to the next instance so one failure does not prevent other instances
from receiving the callback.
In `@src/api/providers/zoo-gateway.ts`:
- Around line 102-107: The code currently prefers options.zooSessionToken over
getCachedZooCodeToken(), which can keep using a stale profile token; change the
selection so the cached token is preferred (e.g., set sessionToken by calling
getCachedZooCodeToken() first and falling back to options.zooSessionToken) —
update the assignment around the sessionToken variable in the zoo-gateway.ts
handler where options.zooSessionToken and getCachedZooCodeToken() are used so
fresh cached tokens are used before the persisted profile token.
In `@src/core/webview/ClineProvider.ts`:
- Around line 873-916: ensureZooGatewayProfileSeeded currently only compares
profile.zooSessionToken to getCachedZooCodeToken(); also check that each
profile.zooGatewayBaseUrl equals the current getZooCodeBaseUrl() and treat any
mismatch as stale so seeding occurs. In the loop that inspects
zooGatewayProfiles (using providerSettingsManager.getProfile and the token
check), fetch the current base URL via getZooCodeBaseUrl(), compare it to
fullProfile.zooGatewayBaseUrl, and if different set allUpToDate = false, log a
descriptive message, and break so handleZooCodeCallback(token) will be invoked
to reseed both tokens and base URLs. Ensure references to
ensureZooGatewayProfileSeeded, getCachedZooCodeToken, getZooCodeBaseUrl,
providerSettingsManager.getProfile, and handleZooCodeCallback are used to locate
the changes.
In `@src/core/webview/webviewMessageHandler.ts`:
- Around line 948-968: The switch case for "requestRouterModels" contains
block-scoped declarations (e.g., const { apiConfiguration }, let
zooGatewayToken, const candidates) that must be isolated to avoid leaking across
cases; wrap the entire case "requestRouterModels" body in its own braces { ... }
so these let/const bindings are scoped to that case, ensuring code like
provider.providerSettingsManager.listConfig and related
zooGatewayToken/zooGatewayBaseUrl logic are enclosed and won't conflict with
other cases.
In `@webview-ui/src/i18n/locales/hi/settings.json`:
- Line 455: The string value for "googleCloudCredentialsPathWarning" (and the
other mojibake entry at line 871) contains garbled text; replace these mojibake
strings with proper Hindi translations while preserving inline HTML tags
(<strong>, <code>) and meaning about Google Cloud credentials and
GOOGLE_APPLICATION_CREDENTIALS, updating the JSON values for the keys (e.g.,
"googleCloudCredentialsPathWarning") so the help/setup content reads correctly
in Hindi.
In `@webview-ui/src/i18n/locales/ko/settings.json`:
- Line 455: Replace the garbled mojibake for the
"googleCloudCredentialsPathWarning" JSON value with the correct Korean
translation (restore the intended readable Korean copy), fix the other corrupted
string mentioned (line 871) the same way, and re-save the file as UTF-8 (no BOM)
so the encoding is preserved; locate these keys
("googleCloudCredentialsPathWarning" and the other corrupted key at line 871) in
webview-ui/src/i18n/locales/ko/settings.json and update their string values with
the proper Korean text.
In `@webview-ui/src/i18n/locales/pl/settings.json`:
- Line 455: The string value for "googleCloudCredentialsPathWarning" contains
mojibake (garbled Unicode) and should be replaced with correctly encoded Polish
text (use proper characters like ą,ę,ś,ł,ż,ó,ć,ń) and similarly fix the
corrupted message at the model-selection key on the other occurrence (line
~871); open the JSON entry for "googleCloudCredentialsPathWarning" and the
model-selection key, replace the garbled characters with the correct Polish
phrasing, and ensure the file is saved with UTF-8 encoding so the Polish
diacritics persist.
In `@webview-ui/src/i18n/locales/ru/settings.json`:
- Line 455: The JSON values for Russian locale contain encoding-corrupted text;
replace the corrupted value for the key "googleCloudCredentialsPathWarning" in
settings.json with a proper Russian translation and likewise locate and restore
the other corrupted Russian string near line 871 (search for non-UTF8/garbled
characters) so both warning/help messages are readable; ensure the replacements
are valid UTF-8, preserve existing HTML/inline code tags like <strong> and
<code> exactly, and run a quick JSON lint to confirm no syntax changes.
In `@webview-ui/src/i18n/locales/vi/settings.json`:
- Line 455: The string value for the locale key
"googleCloudCredentialsPathWarning" (and the other corrupted Vietnamese entry in
the same file) is mojibake; replace the corrupted text with the correct
Vietnamese translations, ensure the HTML (<strong>) and code (<code>) fragments
remain intact, save the file encoded as UTF-8 without BOM, and validate the JSON
(lint/parse) after the replacement so the locale renders correctly.
In `@webview-ui/src/i18n/locales/zh-CN/settings.json`:
- Line 455: Fix the mojibake in the Simplified Chinese locale by replacing the
corrupted string value for the key "googleCloudCredentialsPathWarning" (and the
other corrupted entry at the second occurrence referenced) with a proper
Simplified Chinese translation that preserves the embedded HTML and code tags
(<strong>...</strong> and <code>GOOGLE_APPLICATION_CREDENTIALS</code>); locate
the entries by the key "googleCloudCredentialsPathWarning" and the other
unreadable key near the same block, correct the text to clear, idiomatic Chinese
guidance about placing a Google Cloud service account JSON file and setting
GOOGLE_APPLICATION_CREDENTIALS, and keep surrounding JSON syntax and punctuation
unchanged.
In `@webview-ui/src/utils/validate.ts`:
- Around line 130-133: The validation for "zoo-gateway" currently accepts a user
if zooCodeIsAuthenticated is true even when apiConfiguration.zooSessionToken is
missing; change the condition in validate.ts (the "zoo-gateway" case) to require
the persisted token (apiConfiguration.zooSessionToken) be present before passing
validation and do not treat zooCodeIsAuthenticated as a substitute, or
alternatively add and check a seeding-complete flag (set by
ensureZooGatewayProfileSeeded) so validation only passes when the stored token
is present or seeding has finished; update the return logic that currently
references apiConfiguration.zooSessionToken and zooCodeIsAuthenticated
accordingly.
---
Minor comments:
In `@src/api/providers/fetchers/zoo-gateway.ts`:
- Around line 68-77: The code issues an axios.get to `${baseURL}/models` even
when no session token is available (sessionToken from options?.zooSessionToken
|| getCachedZooCodeToken), causing needless failed requests; update the logic to
short-circuit before the network call when sessionToken is falsy (e.g., return
an empty models list or null from the enclosing function), so do not call
axios.get or use MODEL_DISCOVERY_TIMEOUT_MS without credentials—use the
sessionToken variable and the axios.get call sites as the anchors to implement
the early return.
In `@src/core/webview/__tests__/ClineProvider.spec.ts`:
- Around line 3760-3771: The test "logs and posts state when profile persistence
fails" currently only asserts the log path; update the spec to also assert that
provider.postStateToWebview was invoked after calling
provider.handleZooCodeCallback("zoo_ext_token") (or alternatively rename the
test to reflect it only verifies logging). Specifically, locate the test using
provider.handleZooCodeCallback and add an
expect(provider.postStateToWebview).toHaveBeenCalled() (or rename the it(...)
description) so the test actually verifies the state-post behavior.
In `@webview-ui/src/i18n/locales/ca/settings.json`:
- Line 455: The Catalan translation for the key
"googleCloudCredentialsPathWarning" contains mojibake ("a continuaci├│")—replace
it with the correct text ("a continuació") and verify the corresponding
duplicate entry later in the same settings.json (the other occurrence flagged by
the reviewer) is fixed the same way; finally re-save the file in UTF-8 (no BOM)
to prevent encoding corruption going forward.
In `@webview-ui/src/i18n/locales/de/settings.json`:
- Line 455: The German strings contain mojibake where umlauts were corrupted;
update the values for the keys googleCloudCredentialsPathWarning and
modelPicker.automaticFetch in the locales file to use the correct German
characters (e.g., "Schlüssel" and "Schlüsseldateipfad") so the messages read
correctly—specifically replace "Schl├╝ssel" and "Schl├╝sseldateipfad" with
"Schlüssel" and "Schlüsseldateipfad" and ensure the rest of the
punctuation/HTML/templating (like <strong> and <code>) remains unchanged.
In `@webview-ui/src/i18n/locales/es/settings.json`:
- Line 455: The Spanish locale string under the key
"googleCloudCredentialsPathWarning" contains mojibake (e.g., "pégala", "a
continuaci├│n"); update that value to use proper UTF-8 accented characters
(e.g., "pégala", "a continuación") and scan the same file for the other affected
key around line 871 to fix similar garbled sequences so all Spanish strings are
valid UTF-8.
In `@webview-ui/src/i18n/locales/fr/settings.json`:
- Line 455: The JSON value for the "googleCloudCredentialsPathWarning" key
contains mojibake (garbled characters); replace it with the correct French
translation (use proper accents) and ensure the file is saved as UTF-8; also
locate and fix the other occurrence noted (same mojibake at the other key around
line 871) so both keys contain proper French strings with correct accents and
encoding.
In `@webview-ui/src/i18n/locales/it/settings.json`:
- Line 871: The value for the i18n key modelPicker.automaticFetch contains
mojibake ("pi├╣") instead of the correct Italian character; update the string
for modelPicker.automaticFetch to replace "pi├╣ recente" with "più recente"
(keep the existing HTML-like links <serviceLink>{{serviceName}}</serviceLink>
and <defaultModelLink>{{defaultModelId}}</defaultModelLink> and preserve any
escaped quotes), ensuring the file is saved as UTF-8 so the "ù" character is
stored correctly.
In `@webview-ui/src/i18n/locales/ja/settings.json`:
- Line 455: The value for the i18n key "googleCloudCredentialsPathWarning"
contains mojibake (wrong encoding); open the locale file, replace the garbled
string with the correct Japanese copy for that key (preserving the intended
inline tokens like <strong>Google Cloud…</strong> and
<code>GOOGLE_APPLICATION_CREDENTIALS</code>), ensure the file is saved as UTF-8
(preferably UTF-8 without BOM), and apply the same fix to the other corrupted
localized entry in the same file that was flagged as also affected.
In `@webview-ui/src/i18n/locales/pt-BR/settings.json`:
- Line 455: The Portuguese translation for the key
"googleCloudCredentialsPathWarning" (and the other affected key around the same
area) contains mojibake (UTF-8 corruption) and must be replaced with correctly
encoded UTF-8 text; locate the "googleCloudCredentialsPathWarning" entry in the
pt-BR locale and update the string to use proper Portuguese characters (e.g.,
"conteúdo", "conta de serviço", "não", "você", "variável de ambiente", "Caminho
do Arquivo de Chave Google Cloud") so the UI renders correctly; ensure the same
corrections are applied to the other corrupted pt-BR string referenced in the
review.
In `@webview-ui/src/i18n/locales/tr/settings.json`:
- Line 455: The Turkish strings for keys googleCloudCredentialsPathWarning and
modelPicker.automaticFetch contain mojibake (corrupted characters); open the
localization entries for these keys, replace the corrupted characters with the
correct Turkish characters/words (e.g., restore characters like ı, ş, ç, ğ, ö,
ü) so the sentences read naturally, ensure the file is saved in UTF-8 without
BOM, and also fix the identical corrupted instance noted around the other
occurrence (modelPicker.automaticFetch) so both entries render correctly.
In `@webview-ui/src/i18n/locales/zh-TW/settings.json`:
- Line 465: The Traditional Chinese strings for the keys
googleCloudCredentialsPathWarning and modelPicker.automaticFetch are corrupted
(mojibake); locate the JSON entries for "googleCloudCredentialsPathWarning" and
"modelPicker.automaticFetch" and replace the garbled text with correct
Traditional Chinese translations, preserving any inline HTML tags like <strong>
and <code> and ensuring the meaning about setting GOOGLE_APPLICATION_CREDENTIALS
and automatic model fetching remains accurate; also fix the duplicate occurrence
noted (the other affected entry around the second mention) so both occurrences
show readable Traditional Chinese.
---
Nitpick comments:
In `@src/core/webview/__tests__/webviewMessageHandler.spec.ts`:
- Around line 397-433: Tests mutate the shared mockClineProvider
(providerSettingsManager, upsertProviderProfile, contextProxy) inline which can
leak state if a test fails; instead, capture original values at test start and
restore them in an afterEach hook (or wrap each test body in try/finally), e.g.
save const origProviderSettings = (mockClineProvider as
any).providerSettingsManager, origUpsert = (mockClineProvider as
any).upsertProviderProfile, origContext = (mockClineProvider as
any).contextProxy and restore them after the test; apply this stabilization for
the tests that set providerSettingsManager, upsertProviderProfile, or override
contextProxy (the block around webviewMessageHandler and the other similar test
blocks).
In `@webview-ui/src/components/settings/providers/__tests__/ZooGateway.spec.tsx`:
- Around line 150-152: The non-call assertion for setApiConfigurationField in
ZooGateway.spec.tsx can pass too early; wrap the expectation in waitFor that
waits long enough for async effects (e.g., await waitFor(() =>
expect(setApiConfigurationField).not.toHaveBeenCalled(), { timeout: 1000 })) or
explicitly flush pending promises before the assertion (e.g., await
flushPromises(); expect(setApiConfigurationField).not.toHaveBeenCalled());
update the test to use one of these approaches targeting the
waitFor/setApiConfigurationField usage so the assertion runs after effects
settle.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 087f53ae-b7bd-4ddc-b44c-cb6d44c2080d
📒 Files selected for processing (50)
PRIVACY.mdpackages/types/src/provider-settings.tspackages/types/src/providers/index.tspackages/types/src/providers/zoo-gateway.tssrc/activate/__tests__/handleUri.spec.tssrc/activate/handleUri.tssrc/api/index.tssrc/api/providers/fetchers/__tests__/zoo-gateway.spec.tssrc/api/providers/fetchers/modelCache.tssrc/api/providers/fetchers/zoo-gateway.tssrc/api/providers/index.tssrc/api/providers/zoo-gateway.tssrc/core/webview/ClineProvider.tssrc/core/webview/__tests__/ClineProvider.spec.tssrc/core/webview/__tests__/webviewMessageHandler.spec.tssrc/core/webview/webviewMessageHandler.tssrc/i18n/locales/en/common.jsonsrc/services/__tests__/zoo-telemetry.test.tssrc/services/zoo-telemetry.tssrc/shared/api.tswebview-ui/src/components/settings/ApiOptions.tsxwebview-ui/src/components/settings/ModelPicker.tsxwebview-ui/src/components/settings/__tests__/ApiOptions.spec.tsxwebview-ui/src/components/settings/constants.tswebview-ui/src/components/settings/providers/ZooGateway.tsxwebview-ui/src/components/settings/providers/__tests__/ZooGateway.spec.tsxwebview-ui/src/components/settings/providers/index.tswebview-ui/src/components/ui/hooks/useSelectedModel.tswebview-ui/src/components/welcome/WelcomeViewProvider.tsxwebview-ui/src/i18n/locales/ca/settings.jsonwebview-ui/src/i18n/locales/de/settings.jsonwebview-ui/src/i18n/locales/en/settings.jsonwebview-ui/src/i18n/locales/es/settings.jsonwebview-ui/src/i18n/locales/fr/settings.jsonwebview-ui/src/i18n/locales/hi/settings.jsonwebview-ui/src/i18n/locales/id/settings.jsonwebview-ui/src/i18n/locales/it/settings.jsonwebview-ui/src/i18n/locales/ja/settings.jsonwebview-ui/src/i18n/locales/ko/settings.jsonwebview-ui/src/i18n/locales/nl/settings.jsonwebview-ui/src/i18n/locales/pl/settings.jsonwebview-ui/src/i18n/locales/pt-BR/settings.jsonwebview-ui/src/i18n/locales/ru/settings.jsonwebview-ui/src/i18n/locales/tr/settings.jsonwebview-ui/src/i18n/locales/vi/settings.jsonwebview-ui/src/i18n/locales/zh-CN/settings.jsonwebview-ui/src/i18n/locales/zh-TW/settings.jsonwebview-ui/src/utils/__tests__/validate.spec.tswebview-ui/src/utils/validate.tswebview-ui/vite.config.ts
✅ Files skipped from review due to trivial changes (6)
- webview-ui/src/components/settings/providers/index.ts
- webview-ui/src/components/settings/constants.ts
- webview-ui/src/utils/tests/validate.spec.ts
- webview-ui/src/i18n/locales/en/settings.json
- webview-ui/src/i18n/locales/nl/settings.json
- PRIVACY.md
🚧 Files skipped from review as they are similar to previous changes (1)
- src/services/tests/zoo-telemetry.test.ts
| }, | ||
| "googleCloudCredentials": "Учётные данные Google Cloud", | ||
| "googleCloudCredentialsPathWarning": "Это поле ожидает JSON-содержимое файла ключа сервисного аккаунта, а не путь. Если у вас есть путь, вставьте его в поле <strong>Путь к ключу Google Cloud</strong> ниже, либо очистите это поле и используйте переменную окружения <code>GOOGLE_APPLICATION_CREDENTIALS</code>.", | ||
| "googleCloudCredentialsPathWarning": "Это поле ожидает JSON-содержимое файла ключа сервисного аккаунта, а не путь. Если у вас есть путь, вставьте его в поле <strong>Путь к ключу Google Cloud</strong> ниже, либо очистите это поле и используйте переменную окружения <code>GOOGLE_APPLICATION_CREDENTIALS</code>.", |
Contributor
There was a problem hiding this comment.
Restore valid Russian text for the modified warning/help strings.
Line 455 and Line 871 are encoding-corrupted, so users can’t read key setup/model-selection guidance.
Also applies to: 871-871
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@webview-ui/src/i18n/locales/ru/settings.json` at line 455, The JSON values
for Russian locale contain encoding-corrupted text; replace the corrupted value
for the key "googleCloudCredentialsPathWarning" in settings.json with a proper
Russian translation and likewise locate and restore the other corrupted Russian
string near line 871 (search for non-UTF8/garbled characters) so both
warning/help messages are readable; ensure the replacements are valid UTF-8,
preserve existing HTML/inline code tags like <strong> and <code> exactly, and
run a quick JSON lint to confirm no syntax changes.
Comment on lines
+130
to
+133
| case "zoo-gateway": | ||
| if (!apiConfiguration.zooSessionToken && !zooCodeIsAuthenticated) { | ||
| return i18next.t("settings:validation.zooGatewaySignIn") | ||
| } |
Contributor
There was a problem hiding this comment.
Don't treat Zoo Code auth state as a substitute for a seeded gateway token.
This branch now accepts zoo-gateway while zooSessionToken is still missing. Since ensureZooGatewayProfileSeeded() is kicked off in the background during webview init, a signed-in user can pass validation and start a request before the profile has actually been repaired, so the first gateway call is still unauthenticated. Keep validation gated on the stored token, or block Zoo Gateway until seeding completes.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@webview-ui/src/utils/validate.ts` around lines 130 - 133, The validation for
"zoo-gateway" currently accepts a user if zooCodeIsAuthenticated is true even
when apiConfiguration.zooSessionToken is missing; change the condition in
validate.ts (the "zoo-gateway" case) to require the persisted token
(apiConfiguration.zooSessionToken) be present before passing validation and do
not treat zooCodeIsAuthenticated as a substitute, or alternatively add and check
a seeding-complete flag (set by ensureZooGatewayProfileSeeded) so validation
only passes when the stored token is present or seeding has finished; update the
return logic that currently references apiConfiguration.zooSessionToken and
zooCodeIsAuthenticated accordingly.
89559d5 to
9750f48
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/i18n/locales/tr/common.json`:
- Around line 264-278: This PR includes new Turkish locale keys
(could_not_verify_token, session_expired, out_of_credits, account_unavailable,
budget_exceeded, info.connected, info.disconnected, buttons.sign_in,
buttons.add_credits, buttons.contact_support) that are unrelated to the stated
privacy/telemetry changes; please confirm whether these i18n additions are part
of a separate Zoo Gateway auth/billing feature and if so remove them from this
branch and open a dedicated PR for the Gateway UX, otherwise update the PR
description to list these locale changes; also verify that the intended
privacy/telemetry edits (PRIVACY.md and zoo-telemetry.ts) are present on the
branch—if they are missing, add those files/changes or point to the correct
branch/commit that contains them before merging.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 098eec11-2d23-4f57-b28f-37e11d4eb16d
📒 Files selected for processing (20)
PRIVACY.mdsrc/i18n/locales/ca/common.jsonsrc/i18n/locales/de/common.jsonsrc/i18n/locales/es/common.jsonsrc/i18n/locales/fr/common.jsonsrc/i18n/locales/hi/common.jsonsrc/i18n/locales/id/common.jsonsrc/i18n/locales/it/common.jsonsrc/i18n/locales/ja/common.jsonsrc/i18n/locales/ko/common.jsonsrc/i18n/locales/nl/common.jsonsrc/i18n/locales/pl/common.jsonsrc/i18n/locales/pt-BR/common.jsonsrc/i18n/locales/ru/common.jsonsrc/i18n/locales/tr/common.jsonsrc/i18n/locales/vi/common.jsonsrc/i18n/locales/zh-CN/common.jsonsrc/i18n/locales/zh-TW/common.jsonsrc/services/__tests__/zoo-telemetry.test.tssrc/services/zoo-telemetry.ts
✅ Files skipped from review due to trivial changes (8)
- src/i18n/locales/nl/common.json
- src/i18n/locales/it/common.json
- PRIVACY.md
- src/i18n/locales/ko/common.json
- src/i18n/locales/ca/common.json
- src/i18n/locales/de/common.json
- src/i18n/locales/ja/common.json
- src/i18n/locales/pl/common.json
🚧 Files skipped from review as they are similar to previous changes (1)
- src/services/tests/zoo-telemetry.test.ts
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
9750f48 to
91f52ae
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/core/webview/webviewMessageHandler.ts`:
- Around line 956-963: The code currently picks the first zoo-gateway profile
from provider.providerSettingsManager.listConfig() and uses its token, which
fails if that profile lacks zooSessionToken; instead, iterate or map over all
profiles where p.apiProvider === "zoo-gateway", fetch each profile via
provider.providerSettingsManager.getProfile({ name: ... }) (e.g., Promise.all or
sequentially), and select the first fullProfile with a truthy
fullProfile.zooSessionToken, then assign zooGatewayToken =
fullProfile.zooSessionToken and zooGatewayBaseUrl =
fullProfile.zooGatewayBaseUrl ?? zooGatewayBaseUrl; ensure you fall back to the
previous base URL if none found.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 9aa8a0a1-882a-4229-9619-5e386802f9f7
📒 Files selected for processing (59)
PRIVACY.mdsrc/activate/__tests__/handleUri.spec.tssrc/activate/handleUri.tssrc/api/providers/__tests__/zoo-gateway.spec.tssrc/api/providers/fetchers/__tests__/zoo-gateway.spec.tssrc/api/providers/fetchers/zoo-gateway.tssrc/api/providers/zoo-gateway.tssrc/core/webview/ClineProvider.tssrc/core/webview/__tests__/ClineProvider.spec.tssrc/core/webview/__tests__/webviewMessageHandler.spec.tssrc/core/webview/webviewMessageHandler.tssrc/i18n/locales/ca/common.jsonsrc/i18n/locales/de/common.jsonsrc/i18n/locales/en/common.jsonsrc/i18n/locales/es/common.jsonsrc/i18n/locales/fr/common.jsonsrc/i18n/locales/hi/common.jsonsrc/i18n/locales/id/common.jsonsrc/i18n/locales/it/common.jsonsrc/i18n/locales/ja/common.jsonsrc/i18n/locales/ko/common.jsonsrc/i18n/locales/nl/common.jsonsrc/i18n/locales/pl/common.jsonsrc/i18n/locales/pt-BR/common.jsonsrc/i18n/locales/ru/common.jsonsrc/i18n/locales/tr/common.jsonsrc/i18n/locales/vi/common.jsonsrc/i18n/locales/zh-CN/common.jsonsrc/i18n/locales/zh-TW/common.jsonsrc/services/__tests__/zoo-telemetry.test.tssrc/services/zoo-telemetry.tswebview-ui/src/components/settings/ApiOptions.tsxwebview-ui/src/components/settings/ModelPicker.tsxwebview-ui/src/components/settings/__tests__/ApiOptions.spec.tsxwebview-ui/src/components/settings/constants.tswebview-ui/src/components/settings/providers/ZooGateway.tsxwebview-ui/src/components/settings/providers/__tests__/ZooGateway.spec.tsxwebview-ui/src/components/settings/providers/index.tswebview-ui/src/components/welcome/WelcomeViewProvider.tsxwebview-ui/src/i18n/locales/ca/settings.jsonwebview-ui/src/i18n/locales/de/settings.jsonwebview-ui/src/i18n/locales/en/settings.jsonwebview-ui/src/i18n/locales/es/settings.jsonwebview-ui/src/i18n/locales/fr/settings.jsonwebview-ui/src/i18n/locales/hi/settings.jsonwebview-ui/src/i18n/locales/id/settings.jsonwebview-ui/src/i18n/locales/it/settings.jsonwebview-ui/src/i18n/locales/ja/settings.jsonwebview-ui/src/i18n/locales/ko/settings.jsonwebview-ui/src/i18n/locales/nl/settings.jsonwebview-ui/src/i18n/locales/pl/settings.jsonwebview-ui/src/i18n/locales/pt-BR/settings.jsonwebview-ui/src/i18n/locales/ru/settings.jsonwebview-ui/src/i18n/locales/tr/settings.jsonwebview-ui/src/i18n/locales/vi/settings.jsonwebview-ui/src/i18n/locales/zh-CN/settings.jsonwebview-ui/src/i18n/locales/zh-TW/settings.jsonwebview-ui/src/utils/validate.tswebview-ui/vite.config.ts
✅ Files skipped from review due to trivial changes (13)
- webview-ui/src/components/settings/providers/index.ts
- webview-ui/src/components/settings/constants.ts
- PRIVACY.md
- src/i18n/locales/ru/common.json
- src/i18n/locales/hi/common.json
- webview-ui/src/i18n/locales/id/settings.json
- src/i18n/locales/ja/common.json
- src/i18n/locales/vi/common.json
- webview-ui/src/i18n/locales/en/settings.json
- webview-ui/src/i18n/locales/es/settings.json
- src/i18n/locales/pl/common.json
- src/i18n/locales/tr/common.json
- src/i18n/locales/pt-BR/common.json
🚧 Files skipped from review as they are similar to previous changes (40)
- webview-ui/src/i18n/locales/de/settings.json
- webview-ui/src/components/welcome/WelcomeViewProvider.tsx
- webview-ui/src/components/settings/ModelPicker.tsx
- src/i18n/locales/es/common.json
- src/i18n/locales/id/common.json
- webview-ui/src/utils/validate.ts
- webview-ui/src/components/settings/tests/ApiOptions.spec.tsx
- webview-ui/src/components/settings/ApiOptions.tsx
- webview-ui/vite.config.ts
- src/services/tests/zoo-telemetry.test.ts
- webview-ui/src/i18n/locales/zh-CN/settings.json
- src/services/zoo-telemetry.ts
- src/activate/tests/handleUri.spec.ts
- src/api/providers/fetchers/zoo-gateway.ts
- src/api/providers/fetchers/tests/zoo-gateway.spec.ts
- webview-ui/src/i18n/locales/ru/settings.json
- webview-ui/src/i18n/locales/nl/settings.json
- webview-ui/src/i18n/locales/tr/settings.json
- src/i18n/locales/ca/common.json
- src/i18n/locales/zh-CN/common.json
- webview-ui/src/i18n/locales/vi/settings.json
- webview-ui/src/i18n/locales/pt-BR/settings.json
- src/i18n/locales/nl/common.json
- src/core/webview/ClineProvider.ts
- src/i18n/locales/zh-TW/common.json
- webview-ui/src/i18n/locales/ko/settings.json
- src/core/webview/tests/ClineProvider.spec.ts
- webview-ui/src/i18n/locales/zh-TW/settings.json
- webview-ui/src/i18n/locales/ja/settings.json
- src/i18n/locales/it/common.json
- src/api/providers/zoo-gateway.ts
- src/i18n/locales/fr/common.json
- webview-ui/src/i18n/locales/pl/settings.json
- webview-ui/src/components/settings/providers/ZooGateway.tsx
- webview-ui/src/i18n/locales/ca/settings.json
- src/i18n/locales/en/common.json
- src/core/webview/tests/webviewMessageHandler.spec.ts
- webview-ui/src/i18n/locales/fr/settings.json
- src/activate/handleUri.ts
- webview-ui/src/i18n/locales/it/settings.json
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
91f52ae to
708d02c
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
708d02c to
77356ca
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-auth-sync
branch
from
3079c57 to
795d179
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
77356ca to
7728ad5
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-auth-sync
branch
from
795d179 to
8dab953
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
7728ad5 to
05b7239
Compare
edelauna
requested changes
May 30, 2026
Contributor
edelauna
left a comment
edelauna
left a comment
There was a problem hiding this comment.
Reviewing this, why does this even need to exist in the extension, all this metadata exists at the server level if this telemetry is intended to be scoped to the zoo provider.
In it's current state it essentially allows for telemetry from any provider as long as a user has authenticated to the zoo provider at some point - I feel like that needs to be a lot clearer for people signing up if that is the intended path, otherwise we should maybe consider removing this service, and rather include a link to the privacy policy at zoocode.dev on the webview when configuring the provider.
JamesRobert20
force-pushed
the
feat/zoo-gateway-auth-sync
branch
from
cd9aaf9 to
f721430
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
87cb937 to
7d03767
Compare
JamesRobert20
changed the title
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
7d03767 to
67dc4c2
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-auth-sync
branch
from
f721430 to
55158de
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
d592dc0 to
76eebca
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-auth-sync
branch
from
0cf0f5f to
1edf0a6
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
76eebca to
7f39522
Compare
JamesRobert20
force-pushed
the
feat/zoo-gateway-auth-sync
branch
from
1edf0a6 to
7136bf9
Compare
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
JamesRobert20
force-pushed
the
feat/zoo-gateway-telemetry-policy
branch
from
7f39522 to
16f7434
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Remove the extension-side LLM telemetry path that was sending request metadata to
/api/observability/eventsfor all authenticated users, and updatePRIVACY.mdto match the new product policy.What changed
src/services/zoo-telemetry.tsand its tests.import('zoo-telemetry')fire-and-forget block fromTask.ts(BYOK requests no longer phone home).Zoo Code Observabilitysection ofPRIVACY.mdasZoo Gateway usage logs (Zoo Gateway only): explicit list of metadata fields we record (model id, token counts, USD cost, timing, status code, task/session/mode, editor + extension version), and explicit statement that prompts, code, and model output are not stored.Why
apirequestlogswritten by the gateway route are already the source of truth for billing and dashboard analytics.