Impact
first_group_ref_from_audit_log_bytes() (forensics/ingest.py:35) is a public, fully implemented module-level function that is never called anywhere in the codebase (only its definition matches across the repo). It decodes the whole upload, splits it into lines, JSON-parses each, and scans for the first valid group_ref — i.e. it duplicates a slice of the parsing logic that parse_jsonl() / normalize_event() already perform during ingestion.
This is low severity but worth cleaning up:
- It is maintenance dead weight that re-implements parsing/
is_hex logic that lives elsewhere, so it can drift out of sync with the real ingestion path.
- Its name strongly implies it is part of fallback group resolution, which is misleading — group resolution actually happens via
group_key_for_parsed_line() / groups_for_parsed_lines(). A future reader may wire it in or "fix" it under the wrong assumption.
- It decodes and parses the full (up to
GOGGLES_MAX_DUMP_BYTES) payload an extra time if it were ever called on the request path.
Code pointers
forensics/ingest.py:35 — def first_group_ref_from_audit_log_bytes(dump_bytes: bytes) -> str | None: — the only occurrence; no callers.
Expected behavior
No unused public parsing helpers that shadow the real ingestion path.
Suggested fix
- Remove
first_group_ref_from_audit_log_bytes() (recoverable from git history if a future need arises), or
- If it is intended for an upcoming feature, add a caller plus a test and a docstring describing where it fits, so it is not mistaken for dead code.
Impact
first_group_ref_from_audit_log_bytes()(forensics/ingest.py:35) is a public, fully implemented module-level function that is never called anywhere in the codebase (only its definition matches across the repo). It decodes the whole upload, splits it into lines, JSON-parses each, and scans for the first validgroup_ref— i.e. it duplicates a slice of the parsing logic thatparse_jsonl()/normalize_event()already perform during ingestion.This is low severity but worth cleaning up:
is_hexlogic that lives elsewhere, so it can drift out of sync with the real ingestion path.group_key_for_parsed_line()/groups_for_parsed_lines(). A future reader may wire it in or "fix" it under the wrong assumption.GOGGLES_MAX_DUMP_BYTES) payload an extra time if it were ever called on the request path.Code pointers
forensics/ingest.py:35—def first_group_ref_from_audit_log_bytes(dump_bytes: bytes) -> str | None:— the only occurrence; no callers.Expected behavior
No unused public parsing helpers that shadow the real ingestion path.
Suggested fix
first_group_ref_from_audit_log_bytes()(recoverable from git history if a future need arises), or