Skip to content

feat(daemon): wire app-usage telemetry for app-store supervisor (PILOT-402)#265

Closed
matthew-pilot wants to merge 5 commits into
mainfrom
openclaw/pilot-402-web4-20260616-142434
Closed

feat(daemon): wire app-usage telemetry for app-store supervisor (PILOT-402)#265
matthew-pilot wants to merge 5 commits into
mainfrom
openclaw/pilot-402-web4-20260616-142434

Conversation

@matthew-pilot

@matthew-pilot matthew-pilot commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

What

Wire the real telemetry client into the app-store daemon adapter so app_usage events emitted by the supervisor are sent to the telemetry endpoint.

Changes

  • cmd/daemon/appstore_adapter.go — added telemetryURL/identityPath fields to appstoreAdapter, created telemetryEmitter adapter implementing appstore.TelemetryEmitter, wired into Deps.Telemetry on Start
  • cmd/daemon/main.go — pass telemetry URL and identity path to adapter constructor

Verification

  • go build ./cmd/daemon/
  • go vet ./cmd/daemon/

Companion PR

Depends on pilot-protocol/app-store#20 which adds the TelemetryEmitter interface + callFrom hook.

Closes PILOT-402

@matthew-pilot
feat(telemetry): consent-gated telemetry client with Ed25519 signing …
8437fc1 
…(PILOT-400)

Adds a self-contained telemetry client package that emits signed events
to a configured endpoint only when consent is active (--telemetry-url
non-empty). When the flag is empty (default), the client is a hard no-op:
no dial, no buffering, no goroutines.

The client signs all requests with the node's Ed25519 identity following
the canonical telemetry signing contract (X-Pilot-Timestamp, X-Pilot-Public-Key,
X-Pilot-Signature). This matches the telemetry server's internal/sig verification
at pilot-protocol/telemetry.

Changes:
- pkg/telemetry/client.go: consent-gated telemetry client with Signed
  HTTP POST, lazy disabled init, configurable endpoint
- pkg/telemetry/client_test.go: tests for no-op paths, disabled state,
  SignMessage round-trip verification
- cmd/daemon/main.go: --telemetry-url flag (env PILOT_TELEMETRY_URL)
- pkg/daemon/daemon.go: TelemetryURL field in Config struct

Closes PILOT-400
@matthew-pilot
feat(telemetry): emit install events (PILOT-401)
83c84c8 
Add a NewClientFromIdentity convenience constructor to the telemetry
package that creates a consent-gated client from a node's Ed25519
identity file on disk.

Wire telemetry into the app-store install command: after a successful
install (bundle validated, manifest planted, audit logs written), emit an
app_installed event carrying app_id, version, and source (catalogue|local).
The emission is best-effort and consent-gated — when PILOT_TELEMETRY_URL
is empty or identity.json is absent, the client is a hard no-op.

Tests cover the new NewClientFromIdentity helper with valid identity,
missing identity, loose file permissions, and empty URL (all no-op paths).

Closes PILOT-401
@matthew-pilot
feat(daemon): wire app-usage telemetry for app-store supervisor (PILO…
8723bf8 
…T-402)

The appstoreAdapter now holds telemetryURL and identityPath, using them
to create a consent-gated telemetry.Client on Start. The client is
wrapped in an telemetryEmitter that satisfies appstore.TelemetryEmitter,
passing app_usage events from supervisor.callFrom into the signed
telemetry pipeline.

When consent is off (empty telemetry URL) the client is a permanent
no-op — no goroutines, no dials, no buffering.

Related: app-store module also updated for PILOT-402 (commit
8edfed7efa72e78499f02260ea84ae42b724f49a).
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 16, 2026
View reviewed changes
Comment thread pkg/telemetry/client.go Fixed
@TeoSlayer TeoSlayer mentioned this pull request Jun 17, 2026
Merged
4 tasks
@TeoSlayer

TeoSlayer commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

Superseded by #277 which combines PILOT-401/402/406/407 into a clean branch off current main.

@TeoSlayer TeoSlayer closed this Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TeoSlayer TeoSlayer Awaiting requested review from TeoSlayer TeoSlayer is a code owner

@Alexgodoroja Alexgodoroja Awaiting requested review from Alexgodoroja

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matthew-pilot @TeoSlayer @github-advanced-security