[stealth 02/11] Gate identifying features for stealth builds

[reflog]

Summary

• adds compile-time stealth feature gates derived from STEALTH_BUILD=true or STEALTH_MODE=stealth-vpn/stealth-novpn
• hides and short-circuits OAuth login/callback surfaces, app-link handling, payment/restore/manage-subscription flows, social/follow/download/forum surfaces, and auto-update/appcast handling
• keeps email/password and activation/license-style account paths available when payment surfaces are disabled
• documents the stealth gates and native manifest/leakage-check expectations

Closes getlantern/engineering#3574

Validation

• dart format --set-exit-if-changed on touched Dart files
• flutter analyze --no-pub --no-fatal-infos on touched Dart files
• git diff --cached --check

Analyzer notes

• Analyze reports existing info-level lints on touched files (use_build_context_synchronously, private type in public API). There are no warnings/errors after removing the new unused imports.

Not included

• Native manifest/entitlement removal is handled by the stealth manifest filtering PR.
• Final artifact string removal is enforced by the leakage-check PR rather than source-level string deletion here.

[Copilot]

Pull request overview

This PR introduces compile-time “stealth build” feature gates (driven by --dart-define env vars) to remove/short-circuit high-identification surfaces (OAuth, payments, app links, social/external links, auto-update) while preserving lower-profile auth flows like email/password and license-style activation.

Changes:

• Add stealth build detection and derived enable* gates in AppBuildInfo, plus documentation for build flags and expected artifact leakage checks.
• Gate UI entry points and runtime handlers for OAuth, deep links, payments/restore/manage-subscription flows, and social/download/forum surfaces.
• Disable desktop auto-update initialization/checks and appcast URL resolution in stealth builds.

Reviewed changes

Copilot reviewed 25 out of 25 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
lib/main.dart	Gate updater initialization behind enableAutoUpdate.
lib/lantern_app.dart	Gate deep link subscription and OAuth callback deep links behind build flags.
lib/features/support/support.dart	Hide forum/FAQ/privacy/terms + download/follow surfaces when social links are disabled.
lib/features/setting/setting.dart	Hide upgrade/pro, update-check, and external project/referral surfaces behind build flags.
lib/features/setting/follow_us.dart	Short-circuit “Follow us” UI when social links are disabled.
lib/features/setting/download_links.dart	Short-circuit “Download links” UI when social links are disabled.
lib/features/plans/restore_purchase_mixin.dart	Block restore flows when store payments are disabled.
lib/features/plans/provider/payment_notifier.dart	Add feature-disabled early returns for payment/IAP APIs and centralize failure creation.
lib/features/plans/plans.dart	Block menu/payment flows when payments/store payments are disabled; preserve license/email path.
lib/features/home/provider/radiance_settings_providers.dart	Return safe defaults for OAuth-derived settings when OAuth is disabled.
lib/features/auth/sign_in_email.dart	Hide OAuth login buttons and block OAuth result handling when OAuth is disabled.
lib/features/auth/provider/auth_notifier.dart	Block OAuth login/callback APIs when OAuth is disabled; add feature-disabled failures.
lib/features/auth/confirm_email.dart	Route away from payment-based flows when payments are disabled.
lib/features/auth/choose_payment_method.dart	Short-circuit payment-method screen when payments are disabled.
lib/features/auth/add_email.dart	Hide OAuth sign-up buttons and block OAuth result handling when OAuth is disabled.
lib/features/account/delete_account.dart	Gate SSO/OAuth-based delete-account verification behind OAuth enablement.
lib/features/account/account.dart	Hide/manage subscription CTAs and renewal entry points when payments are disabled.
lib/core/widgets/pro_banner.dart	Hide pro banner in builds where payments are disabled.
lib/core/widgets/oauth_login.dart	Make OAuthLogin a no-op widget/handler when OAuth is disabled.
lib/core/updater/updater.dart	Disable updater init/checks and appcast usage when auto-update is disabled.
lib/core/services/injection_container.dart	Skip AppPurchase initialization when payments/store payments are disabled.
lib/core/common/common.dart	Make isStoreVersion() return false when payments/store payments are disabled.
lib/core/common/app_urls.dart	Convert social URLs + appcast lookup to be build-flag-aware (including nullable appcast).
lib/core/common/app_build_info.dart	Add stealth env parsing and enable* gates derived from stealth mode.
docs/stealth-feature-gates.md	Document stealth flags, gated surfaces, and leakage-check expectations.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 47 out of 47 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 47 out of 47 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

lib/core/widgets/app_webview.dart:216

• OAuth completion handling in AppWebView is still active even when stealth gates disable OAuth. Because this block (and the earlier lantern://auth callback) is not guarded by a compile-time AppBuildInfo.enableOAuth check, the /auth + token callback surface and related strings remain in the stealth artifact and can still be triggered if a webview navigates there. Wrap the OAuth callback handling in _handleCompletionUrl with AppBuildInfo.enableOAuth (ideally as part of the condition) so it is compiled out for stealth builds.

    if (AppUrls.isLanternHost(uri.host) &&
        uri.path == '/auth' &&
        uri.queryParameters.containsKey('token')) {
      loading.stop();
      await appRouter.maybePop(uri.queryParameters);

[Copilot]

Pull request overview

Copilot reviewed 47 out of 47 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 47 out of 47 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 47 out of 47 changed files in this pull request and generated no new comments.

[reflog]

@copilot review

[Copilot]

@copilot review

Reviewed at 9020bd1. There are no new actionable issues from the latest Copilot review cycle, and no additional code changes are required on this thread.

[Copilot]

Pull request overview

Copilot reviewed 47 out of 47 changed files in this pull request and generated no new comments.

[reflog]

@copilot review

[Copilot]

@copilot review

Reviewed at 5302aaa. There are no new actionable issues from the latest Copilot review cycle, and no additional code changes are required on this thread.