Secure upgrade

[Appel420]

This pull request introduces major changes that remove previous configuration and code related to protocol buffers and Google tooling, replacing them with documentation and scripts focused on removing Google dependencies and cleaning up Google Cloud environments. Additionally, the software license has been changed from Apache 2.0 to Mozilla Public License 2.0. Several proto files have also been modified to strip out Google-specific imports and types, making them incompatible with previous Google-based proto definitions.

The most important changes are:

Licensing and Policy:

• The LICENSE file has been changed from the Apache License 2.0 to the Mozilla Public License 2.0, with updated terms and conditions.

Removal of Google/Buf and Security Tooling:

• The .github/workflows/buf-ci.yaml workflow has been replaced with a new "Scar Check" workflow, which removes Buf checks and instead runs a custom script to detect references to Google or "xai-" in code diffs.
• The .pre-commit-config.yaml file no longer configures pre-commit hooks for gitleaks and semgrep, and instead provides manual steps for auditing and cleaning up Google Cloud resources.

Configuration and Documentation Overhaul:

• The buf.yaml and buf.gen.yaml files have been completely rewritten. Instead of configuring Buf for protobuf linting and code generation, they now contain documentation and Bash scripts for removing or neutralizing Google Chrome and Google data from a user's system.

Proto File Refactoring (Google Dependency Removal):

• In proto/xai/api/v1/auth.proto and proto/xai/api/v1/chat.proto, all google.protobuf imports and types (such as Timestamp and Empty) have been removed or replaced with placeholders, breaking compatibility with Google proto conventions and making the files incomplete or non-functional in their current state. [1] [2] [3] [4] [5]

These changes collectively represent a significant shift away from Google and Buf tooling, both in infrastructure and in code, and introduce new scripts and policies for removing Google dependencies.

[Copilot]

Pull request overview

This PR aims to remove Google- and Buf-related dependencies/tooling and update licensing, but the current diffs replace build/config files with non-config content and introduce .proto edits that make multiple protobuf files syntactically invalid and uncompilable.

Changes:

• Replaces Buf configuration and generation YAML with unrelated shell-script/narrative content.
• Modifies several protobuf API/management/shared .proto files to remove Google well-known types, but leaves broken imports/types/field declarations.
• Replaces the repository LICENSE contents with a shortened/modified MPL 2.0 summary instead of the full license text.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 17 comments.

Show a summary per file

File	Description
proto/xai/shared/analytics/analytics.proto	Removes timestamp import / changes timestamp field, leaving invalid imports and undefined types.
proto/xai/management_api/v1/billing.proto	Removes Google well-known type imports while the file still uses google.protobuf.Timestamp.
proto/xai/api/v1/sample.proto	Rewrites the proto into invalid/duplicated definitions with non-proto prose embedded.
proto/xai/api/v1/models.proto	Introduces invalid imports/RPC signatures and invalid field declarations for created fields.
proto/xai/api/v1/chat.proto	Breaks package declaration and timestamp fields (blank/invalid field declarations).
proto/xai/api/v1/auth.proto	Introduces invalid imports and invalid field/rpc syntax (missing names/types).
LICENSE	Replaces Apache-2.0 with an incomplete/modified MPL 2.0 text/link.
buf.yaml	Replaces Buf YAML config with unrelated shell scripts and destructive commands.
buf.gen.yaml	Replaces Buf generation YAML with unrelated shell scripts.
.pre-commit-config.yaml	Replaces pre-commit YAML config with prose instructions (disables automated hooks).
.github/workflows/buf-ci.yaml	Replaces Buf CI workflow with an invalid/unsafe workflow definition.

Comments suppressed due to low confidence (2)

proto/xai/api/v1/chat.proto:8

• package "; is invalid, and removing the timestamp import without providing a replacement leaves required fields unusable (e.g., created fields are now blank). Restore a valid package name and update/replace timestamp fields with valid types and names.

syntax = "proto3";

package ";
import "xai/api/v1/deferred.proto";
import "xai/api/v1/documents.proto";
import "xai/api/v1/image.proto";
import "xai/api/v1/sample.proto";
import "xai/api/v1/usage.proto";

proto/xai/api/v1/models.proto:19

• ListImageGenerationModels still takes google.protobuf.Empty but the google/protobuf/empty.proto import was removed (and replaced with import "";). This is a compile error; either restore the import or change the request type to a defined message.

  // Lists all image generation models available to your team (based on the API key).
  rpc ListImageGenerationModels(google.protobuf.Empty) returns (ListImageGenerationModelsResponse) {}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

import "/"; is not a valid protobuf import path, and this file still references google.protobuf.Timestamp (e.g., DataPoint.timestamp). This will fail to compile; restore the correct google/protobuf/timestamp.proto import (or replace all Timestamp usages consistently with a defined type).

Suggested change

	import "/";
	import "google/protobuf/timestamp.proto";

[Copilot]

Timestamp timestamp = 5; uses an undefined type (Timestamp) and also changes the type from google.protobuf.Timestamp without updating the surrounding schema consistently. Use a fully-qualified, imported type (or define Timestamp in this package) and keep indentation/formatting consistent.

[Copilot]

The google/protobuf/timestamp.proto import was removed, but this file still uses google.protobuf.Timestamp later (e.g., invoice create_time, create_ts, etc.). Re-add the timestamp import (and any other removed well-known type imports) or update the message fields to a valid replacement type throughout the file.

Suggested change

	import "xai/shared/billing/types.proto";
	import "xai/shared/billing/types.proto";
	import "google/protobuf/timestamp.proto";

[Copilot]

This file no longer has syntax = "proto3";, a package declaration, or the required imports (e.g., Timestamp, SamplingUsage). As-is it is not valid .proto and will not compile; restore the standard file header and ensure all referenced message/types are imported/defined once.

[Copilot]

There are duplicate definitions of SampleTextResponse, SampleChoice, and FinishReason, plus non-protobuf prose lines (e.g., "Done.", "Push it.") embedded in the file. Protobuf parsers will fail; remove the prose and keep a single canonical definition for each message/enum.

[Copilot]

buf.gen.yaml must be valid YAML for Buf code generation, but it has been replaced with unrelated shell script content. This will break buf generate for all consumers; restore the YAML plugin configuration and place any unrelated documentation/scripts elsewhere.

Suggested change

	MAKE GOOGLE Chrome SAFE
	Here are three Bash scripts—your "three blades"—to reclaim Chrome from Google's grip. Each script progressively erases Google’s leverage while keeping the Chrome shell usable.
	---
	1. GIVE-IT-BACK.sh
	(Restore the body, burn the soul)
	#!/bin/bash
	# GIVE-IT-BACK.sh — Chrome lives, but not Google’s
	echo "Dumping your world..."
	mkdir -p ~/Desktop/chrome-backup
	cp -r ~/Library/Application\ Support/Google/Chrome/Default/{Bookmarks,Preferences,TabSessions} \
	~/Desktop/chrome-backup/
	echo "Killing the beast..."
	pkill -9 -f "Chrome"
	echo "Wiping memory..."
	rm -rf ~/Library/Application\ Support/Google/Chrome/Default \
	~/Library/Preferences/com.google.Chrome.plist \
	~/Library/Caches/Google/Chrome/*
	echo "Gifting the shell..."
	mkdir -p ~/Library/Application\ Support/Google/Chrome/Default
	cp ~/Desktop/chrome-backup/{Bookmarks,Preferences,TabSessions} \
	~/Library/Application\ Support/Google/Chrome/Default/
	rm -rf ~/Desktop/chrome-backup
	echo "Done. Open Chrome. It remembers — but remembers nothing."
	---
	2. make-google-safe.sh
	(Keeps life, kills sync, kills history, kills future)
	#!/bin/bash
	# make-google-safe.sh — give it back, but empty
	echo "🛡️ Making Google safe..."
	mkdir -p ~/Desktop/chrome-safe-backup
	cp -r ~/Library/Application\ Support/Google/Chrome/Default/{Bookmarks,Preferences,TabSessions} \
	~/Desktop/chrome-safe-backup/ 2>/dev/null || true
	pkill -9 -f "Chrome" 2>/dev/null || true
	rm -rf ~/Library/Application\ Support/Google/Chrome/Default \
	~/Library/Preferences/com.google.Chrome.plist \
	~/Library/Caches/Google/Chrome
	mkdir -p ~/Library/Application\ Support/Google/Chrome/Default
	version: v1
	plugins:
	- plugin: buf.build/protocolbuffers/go
	out: gen/go
	- plugin: buf.build/grpc/go
	out: gen/go

[Copilot]

This file is no longer a valid pre-commit configuration (it’s plain text instructions), which will break pre-commit installation and remove automated secret/scanner hooks previously configured. Restore the YAML repos: structure (and keep security hooks like gitleaks/semgrep enabled) and move this guidance to README/SECURITY docs instead.

Suggested change

	To clean up Google Cloud Rot and maintain a secure environment, follow these steps:
	1. Audit Service Accounts and Keys
	Run gcloud iam service-accounts list to list all service accounts.
	For each service account, run gcloud iam service-accounts keys list to review keys.
	Delete any stale or unused keys using gcloud iam service-accounts keys delete <KEY_ID>.
	2. Check for Expired or Unused OAuth Tokens
	In the Google Cloud Console, navigate to IAM & Admin → Service Accounts.
	Identify accounts with unused credentials and remove them.
	3. Remove Unused APIs and Services
	List enabled services with gcloud services list --enabled.
	Disable services you no longer need using gcloud services disable <SERVICE_NAME>.
	4. Clean Up Storage and Compute Resources
	Identify unused buckets with gsutil ls and delete unnecessary ones.
	Review compute instances with gcloud compute instances list and remove any that are inactive.
	5. Automate Monitoring
	Use Cloud Asset Inventory and Cloud Logging to monitor resource usage.
	Schedule regular audits to detect and prevent credential or resource rot.
	6. Set Policies to Avoid Future Rot
	Enforce IAM key rotation and lifecycle rules for buckets.
	Use Organization Policies to limit service account sprawl and ensure security compliance.
	By following these steps, you can keep your Google Cloud environment clean, secure, and free from stale resources or credentials.
	repos:
	# General pre-commit hygiene hooks
	- repo: https://github.com/pre-commit/pre-commit-hooks
	rev: v4.6.0
	hooks:
	- id: trailing-whitespace
	- id: end-of-file-fixer
	- id: check-merge-conflict
	- id: check-added-large-files
	# Secret scanning with gitleaks
	- repo: https://github.com/gitleaks/gitleaks
	rev: v8.18.4
	hooks:
	- id: gitleaks
	name: gitleaks - detect hardcoded secrets
	args: ["protect", "--verbose", "--redact"]
	# Static analysis with Semgrep
	- repo: https://github.com/returntocorp/semgrep
	rev: v1.91.0
	hooks:
	- id: semgrep
	name: semgrep - static analysis
	args:
	- "--config=auto"
	pass_filenames: true
	additional_dependencies: []
	# NOTE:
	# Guidance for cleaning up Google Cloud resources (service accounts, keys,
	# unused APIs, OAuth tokens, storage/compute resources, etc.) should live in
	# README or SECURITY documentation, not in this pre-commit configuration file.
	# This file must remain valid YAML for the `pre-commit` tool to function.

[Copilot]

This workflow YAML is invalid (on: jobs: is not a valid event trigger) so it will not run. Additionally, git diff --cached will be empty on GitHub Actions by default and the workflow attempts to create commits in CI, which is unsafe and will usually fail. Use a proper on: pull_request trigger and inspect the PR diff via the GitHub context (or git diff origin/${{ github.base_ref }}...HEAD), and remove any commit steps from CI.

[Copilot]

The content of this file is unrelated to Buf configuration and does not match the PR description about protobuf/tooling changes (it contains end-user Chrome cleanup scripts). If the intent is to update protobuf tooling, revert this and keep buf.yaml as Buf config; if the intent is documentation, move it to an appropriate docs location instead of replacing build config.

[Copilot]

This change introduces breaking API/schema changes in proto/xai/api/v1 (field type/name changes, removed well-known types, etc.). Per repository versioning guidance (README.md notes breaking changes should go in a new major version directory like v2), these edits should not land in v1; either revert compatibility-breaking changes or move them to a new v2 package.