Replace models.dev file exclusions with direct strip verification#26
Closed
standards-bot-lola wants to merge 2 commits intomainfrom
Closed
Replace models.dev file exclusions with direct strip verification#26standards-bot-lola wants to merge 2 commits intomainfrom
standards-bot-lola wants to merge 2 commits intomainfrom
Conversation
Instead of excluding models-snapshot.js/ts and models-api.json from the telemetry scan (which creates blind spots), remove models.dev from the domain list and verify the strip directly: grep for the "Stripped: no remote model catalog fetch" sentinel in models.ts refresh(). This matches the approach check-binary.sh already uses (BANNED_DOMAINS_STRICT excludes models.dev with the same rationale). Now all three scan scripts are consistent. Supersedes #25. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
standardnguyen
approved these changes
Apr 14, 2026
The upstream model catalog fixture (models-api.json) contains an opencode.ai/zen provider entry that the build strips from the snapshot. Removing the file exclusions exposed this to the domain scan, causing CI failure. Restore exclusions for models-snapshot.js and models-api.json with comments explaining why each is needed. Also drops the models-snapshot.ts exclusion (the .d.ts declaration has no data — it was always a no-op). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
#25 fixed the immediate symptom (verify-clean failing after a local build) by adding
models-snapshot.jsto the file exclusion list. This PR replaces that approach with a more proper fix:models.devfrom the domain scan list in bothverify-clean.shandcheck-source.sh— the only hit was a UTM substring (?utm_source=github_models.dev) in vendored Jiekou.AI metadata, not a phone-home endpointmodels-snapshot.*andmodels-api.jsonfile exclusions fromEXCLUDE_ARGS— no more blind spots in the scanmodels.tsfor theStripped: no remote model catalog fetchsentinel, confirming the runtime fetch is still goneThis aligns
verify-clean.shandcheck-source.shwith the approachcheck-binary.shalready uses (BANNED_DOMAINS_STRICTexcludesmodels.devwith the same rationale).Related: #23