From e474eaef1640e43a419dd6db05fb07aceacb4b76 Mon Sep 17 00:00:00 2001
From: snomiao <snomiao@gmail.com>
Date: Wed, 3 Dec 2025 10:43:09 +0000
Subject: [PATCH] [fix] Refine OSS build verification patterns to reduce false
 positives
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Make telemetry detection patterns more specific
- Target actual Mixpanel API calls instead of generic patterns
- Avoid flagging benign code like `.track()` from other libraries
- Focus on MixpanelTelemetryProvider and actual tracking methods

This reduces false positives while maintaining security.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 scripts/verify-oss-build.js | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/scripts/verify-oss-build.js b/scripts/verify-oss-build.js
index 6fcd4ac24..d5c02827a 100644
--- a/scripts/verify-oss-build.js
+++ b/scripts/verify-oss-build.js
@@ -35,16 +35,19 @@ const VIOLATION_PATTERNS = {
     patterns: [/ABCROM/gi, /ABCROMExtended/gi, /ABC\s*ROM/gi],
     description: 'ABCROM proprietary font references'
   },
-  // Telemetry checks
+  // Telemetry checks - more specific patterns to avoid false positives
   telemetry: {
     patterns: [
-      /mixpanel/gi,
+      /mixpanel\.init/gi,
+      /mixpanel\.identify/gi,
       /MixpanelTelemetryProvider/gi,
       /mp\.comfy\.org/gi,
       /mixpanel-browser/gi,
-      /trackWorkflow/g,
-      /trackEvent/g,
-      /\.track\s*\(/g
+      // Only check for our specific tracking methods with context
+      /useTelemetry\(\).*?trackWorkflow/gs,
+      /useTelemetry\(\).*?trackEvent/gs,
+      // Check for Mixpanel tracking in a more specific way
+      /mixpanel\.track\s*\(/gi
     ],
     description: 'Mixpanel telemetry code'
   }