Remove third-party data collection and disable auto-update#91
Open
drususdf wants to merge 4 commits into
Open
Conversation
Three changes to make this fork safe to run on a personal machine without leaking conversation contents or accepting remote code updates: - Strip PostHog analytics entirely. The SDK was capturing full push-to-talk transcripts and full Claude responses as event properties, plus identifying the user by email. ClickyAnalytics functions are now no-ops, the PostHog import and Swift Package dependency are removed. - Remove SUFeedURL and SUPublicEDKey from Info.plist. The feed pointed at an unrelated GitHub account that could have pushed arbitrary updates if Sparkle were enabled. - Remove the FormSpark POST in submitEmail. The email entered during onboarding is no longer sent to any third party.
Second pass through the repo. Removes everything that either ships data to a third party or could let the app talk to an external API without going through the user's own Cloudflare Worker. - Sparkle removed end-to-end. The Swift Package dependency, the `SPUStandardUpdaterController` boot wiring, the `appcast.xml` feed, and the `scripts/release.sh` pipeline that pushed updates to a third-party GitHub account are all gone. Update by re-building. - Direct API code paths deleted. `OpenAIAPI.swift` (Anthropic-bypass vision client), `ElementLocationDetector.swift` (called `api.anthropic.com` directly with an in-bundle key), and `OpenAIAudioTranscriptionProvider.swift` (would have sent audio straight to `api.openai.com`). The transcription factory now resolves to AssemblyAI (via the Worker) or Apple Speech locally. - Silent login-item registration removed from `applicationDidFinishLaunching`. The app no longer adds itself to Login Items on launch; add it manually in System Settings if wanted. - Onboarding email gate removed. `submitEmail`, `hasSubmittedEmail`, and the email TextField + Submit button were doing nothing useful once the FormSpark POST and PostHog identify were stripped. The Start button is now shown directly when permissions are granted. - AGENTS.md updated: architecture, Key Files table, and a new "Fork-specific changes" section documenting what was removed and why.
Lets a Claude Max subscription cover the cost of Clicky's chat responses, so users don't have to set up a separate pay-per-token Anthropic API key. - New ClaudeAgentRunner.swift wraps the locally-installed `claude` binary as a subprocess. It speaks stream-json on both sides: writes a single user message (image content blocks + prompt) to stdin, parses the streamed `text_delta` events from stdout, and forwards them to the existing onTextChunk callback. Public surface matches the previous ClaudeAPI so call sites in CompanionManager stay one-line swaps. - Binary discovery checks an optional `ClaudeBinaryPath` override in Info.plist, then common install locations, then `command -v claude` in a login shell. - Runs the subprocess with `--permission-mode plan` so Claude can't invoke tools that modify the filesystem. - ClaudeAPI.swift deleted. Worker's /chat route and the ANTHROPIC_API_KEY secret are gone; the Worker now only proxies AssemblyAI and ElevenLabs. - README and AGENTS.md updated: Anthropic API key dropped from prerequisites, Claude Code added, Fork-specific-changes section records the move.
Clicky only ever calls AVCaptureDevice with media type .audio (the microphone). The camera entitlement was declared but never exercised, so macOS was offering a "this app may access your camera" permission slot for nothing. Removing it shrinks the surface that macOS asks the user to trust.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Three changes to make this fork safe to run on a personal machine without leaking conversation contents or accepting remote code updates: