Skip to content

feat: add optional anonymous usage telemetry#79

Merged
garagon merged 2 commits intomainfrom
feat/anonymous-telemetry
Mar 22, 2026
Merged

feat: add optional anonymous usage telemetry#79
garagon merged 2 commits intomainfrom
feat/anonymous-telemetry

Conversation

@garagon
Copy link
Copy Markdown
Contributor

@garagon garagon commented Mar 22, 2026

Summary

Adds a lightweight telemetry ping that helps us understand how oktsec is being used so we can prioritize the right platform support, features, and documentation.

The ping runs once per version on oktsec run. It sends a single HEAD request with anonymous, non-identifying data. It silently does nothing if the endpoint is unreachable.

What is collected

Field Example Why
Version 0.11.2 Know which versions are active
OS darwin Prioritize platform support
Arch arm64 Build targets
Agent count 3 Understand deployment scale
Rule overrides 5 Track customization
Gateway enabled yes/no Feature adoption
LLM layer enabled yes/no Feature adoption
Mode observe/enforce Deployment maturity

What is NOT collected

No IP addresses, hostnames, usernames, agent names, API keys, message content, detection results, or any configuration details. The full list of fields is above. There is nothing else.

How to opt out

# Option 1: environment variable
export OKTSEC_NO_TELEMETRY=1

# Option 2: file
touch ~/.oktsec/.no-telemetry

Implementation

  • internal/telemetry/ping.go (60 lines)
  • internal/telemetry/ping_test.go (4 tests)
  • Telemetry disclosure in oktsec run --help
  • Privacy page spec at oktsec.com/telemetry (to be deployed on the site)

Test plan

  • Sends once per version, skips on same version
  • Sends again on version upgrade
  • Opt-out via OKTSEC_NO_TELEMETRY=1
  • Opt-out via ~/.oktsec/.no-telemetry file
  • Silent failure when endpoint unreachable
  • make build && make test && make lint && make vet

Ref: follows the same pattern as Next.js telemetry and Homebrew analytics

garagon added 2 commits March 22, 2026 16:34
@garagon
feat: add optional anonymous usage telemetry
4f071a0 
Add a lightweight, opt-in-by-default telemetry ping that runs once per
version on `oktsec run`. This helps us understand how oktsec is being
used so we can prioritize the right features.

What is collected:
  - oktsec version
  - OS and architecture (darwin/arm64, linux/amd64, etc.)
  - Aggregate counts: number of agents, rule overrides
  - Feature flags: gateway enabled, LLM layer enabled, mode

What is NOT collected:
  - No IP addresses, hostnames, or usernames
  - No agent names, API keys, or configuration details
  - No message content or detection results

The ping fires once per version (not per run) and silently fails if the
endpoint is unreachable. Opt out anytime:

  export OKTSEC_NO_TELEMETRY=1

  or

  touch ~/.oktsec/.no-telemetry

The implementation is 60 lines of Go with 4 tests. Source code is public
and auditable at internal/telemetry/ping.go.

Ref: https://oktsec.com/telemetry
@garagon
fix: use canonical URL for telemetry ping to avoid redirects
b50f5c0
@garagon garagon enabled auto-merge (squash) March 22, 2026 20:06
@garagon garagon merged commit c64f740 into main Mar 22, 2026
1 check passed
@garagon garagon deleted the feat/anonymous-telemetry branch March 22, 2026 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@garagon