Summary
This issue tracks the implementation of anonymous, opt-out usage telemetry for reposcan. The goal is to understand how much the tool is used and on which platforms — to help prioritize future development. No personal data, paths, repo names, or credentials are collected.
What gets tracked
A single usage event is sent after each scan completes, containing:
| Field |
Example |
Notes |
os |
linux |
From runtime.GOOS |
arch |
arm64 |
From runtime.GOARCH |
go-version |
1.25 |
go version |
tool-version |
1.4.0 |
reposcan version |
ci |
true |
Detected via common CI env vars |
filter |
dirty |
options: check OnlyFilter type |
output_format |
json |
options: check OutputFormat type |
repo_count |
12 |
Number of repos scanned |
scan_duration_ms |
340 |
Time from scan start to report ready |
error |
true |
Whether scan failed mid-way; no message, no details |
Persistent identity
A random UUID is generated on first run and stored at ~/Library/Application\ Support/reposcan/. This is the unit of measurement — one UUID per machine, not per user. The file also stores whether the first-run notice has been shown.
{
"uuid": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"warned": true
}
Opt-out
Telemetry must be fully disabled with cli-flag --no-telemetry
The flag must be parsed before any telemetry code runs. No event should be able to escape before opt-out is checked.
First-run notice
Shown once on first run. Skipped entirely in CI environments. Printed before scan output.
reposcan collects anonymous usage telemetry to help improve the tool.
No personal data or file paths are collected.
To disable: pass --no-telemetry
More info: https://github.com/mabd-dev/reposcan#telemetry
Delivery
- Event is sent to Mixpanel via the official Go SDK (check feat: Analytics Integration
- Dispatched asynchronously after report output is written
- Process waits at most 500ms for the call to complete, then exits regardless
- All failures are silently discarded — the user must never see a telemetry error
- No retry, no local queue (deferred to future)
Implementation checklist
Summary
This issue tracks the implementation of anonymous, opt-out usage telemetry for reposcan. The goal is to understand how much the tool is used and on which platforms — to help prioritize future development. No personal data, paths, repo names, or credentials are collected.
What gets tracked
A single
usageevent is sent after each scan completes, containing:oslinuxruntime.GOOSarcharm64runtime.GOARCHgo-version1.25tool-version1.4.0citruefilterdirtyOnlyFiltertypeoutput_formatjsonOutputFormattyperepo_count12scan_duration_ms340errortruePersistent identity
A random UUID is generated on first run and stored at
~/Library/Application\ Support/reposcan/. This is the unit of measurement — one UUID per machine, not per user. The file also stores whether the first-run notice has been shown.{ "uuid": "f47ac10b-58cc-4372-a567-0e02b2c3d479", "warned": true }Opt-out
Telemetry must be fully disabled with cli-flag
--no-telemetryThe flag must be parsed before any telemetry code runs. No event should be able to escape before opt-out is checked.
First-run notice
Shown once on first run. Skipped entirely in CI environments. Printed before scan output.
Delivery
Implementation checklist
~/Library/Application\ Support/reposcan/telemetry.jsonCI,GITHUB_ACTIONS,CIRCLECI,TRAVIS, etc.)warned: true)--no-telemetryflag before all other logicusageevent after scan + report generation