From fe37554bae30d8f37c4040f0184ef2742c49d45c Mon Sep 17 00:00:00 2001
From: Saurabh Jain <saurabhjain1592@gmail.com>
Date: Fri, 8 May 2026 20:21:39 +0200
Subject: [PATCH 1/2] fix(telemetry): drop profile (collides with governance
 env var)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The v1 telemetry schema added a `profile` field sourced from the
`AXONFLOW_PROFILE` env var, but that env-var name is already in use by
the agent-side governance enforcement engine (`platform/agent/profile.go`,
allowlist `dev | default | strict | compliance`, ADR-036). A customer
setting `AXONFLOW_PROFILE=strict` for governance would have had every
heartbeat rejected by the checkpoint validator (HTTP 400) because the
validator only accepted `dev | prod | unknown`.

The field also has no consumer on the analytics side — `deployment_mode`
already covers the topology dimension `profile` was meant to add. Dropping
the field cleanly resolves the collision and reverts `AXONFLOW_PROFILE`
to its single original meaning (governance only).

Changes:
- scripts/telemetry-ping.sh: remove the `PROFILE_RAW`/`PROFILE` block
  reading `AXONFLOW_PROFILE`; remove `--arg profile` and the
  `profile: $profile` field from the jq payload object.
- tests/heartbeat-real-stack/run_real_stack.sh: remove the matching
  `COLD_PROFILE=$(jq -r '.profile' ...)` assertion.
- .codex-plugin/plugin.json + .codex-plugin/marketplace.json: bump
  version 1.4.0 -> 1.4.1.
- CHANGELOG.md: 1.4.1 entry under Removed.

Refs axonflow-enterprise#2033.

Signed-off-by: Saurabh Jain <saurabhjain1592@gmail.com>
---
 .codex-plugin/marketplace.json               |  4 ++--
 .codex-plugin/plugin.json                    |  2 +-
 CHANGELOG.md                                 | 16 ++++++++++++++++
 scripts/telemetry-ping.sh                    | 11 +----------
 tests/heartbeat-real-stack/run_real_stack.sh |  6 ------
 5 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/.codex-plugin/marketplace.json b/.codex-plugin/marketplace.json
index 039b461..61326c2 100644
--- a/.codex-plugin/marketplace.json
+++ b/.codex-plugin/marketplace.json
@@ -7,14 +7,14 @@
   },
   "metadata": {
     "description": "Runtime governance for OpenAI Codex. Policy enforcement on terminal commands, advisory governance via skills, PII detection, audit trails, and compliance-grade decision records.",
-    "version": "1.4.0"
+    "version": "1.4.1"
   },
   "plugins": [
     {
       "name": "axonflow",
       "source": "./",
       "description": "Policy enforcement, PII detection, and audit trails for OpenAI Codex. Hybrid governance — enforces policies on terminal commands (exec_command) via hooks, provides advisory governance for other tools via implicit-activation skills, and records compliance-grade audit trails. Self-hosted via Docker — all data stays on your infrastructure.",
-      "version": "1.4.0",
+      "version": "1.4.1",
       "author": {
         "name": "AxonFlow",
         "email": "hello@getaxonflow.com",
diff --git a/.codex-plugin/plugin.json b/.codex-plugin/plugin.json
index 0270066..51bf305 100644
--- a/.codex-plugin/plugin.json
+++ b/.codex-plugin/plugin.json
@@ -2,7 +2,7 @@
   "name": "axonflow",
   "displayName": "AxonFlow Governance",
   "description": "Policy enforcement, PII detection, and audit trails for OpenAI Codex. Hybrid governance — enforces policies on terminal commands (exec_command) via hooks, provides advisory governance for other tools via implicit-activation skills, and records compliance-grade audit trails. Self-hosted via Docker — all data stays on your infrastructure.",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "author": {
     "name": "AxonFlow",
     "email": "hello@getaxonflow.com",
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 72fdd17..dcac07e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@
 
 ## [Unreleased]
 
+## [1.4.1] - 2026-05-08
+
+### Removed
+
+- Telemetry `profile` field and the `AXONFLOW_PROFILE` env-var read in
+  `scripts/telemetry-ping.sh`. The v1 schema reused `AXONFLOW_PROFILE`,
+  which already governs runtime policy enforcement (`dev | default |
+  strict | compliance`); the two name-spaces collided and a customer
+  setting `AXONFLOW_PROFILE=strict` would have had their heartbeat
+  rejected by the checkpoint validator. The field had no consumer on
+  the analytics side, and `deployment_mode` already covers the
+  topology dimension it was meant to add. Heartbeat payload no longer
+  emits `profile`; matching assertion removed from
+  `tests/heartbeat-real-stack/run_real_stack.sh`. `AXONFLOW_PROFILE`
+  reverts to its original governance-only meaning.
+
 ## [1.4.0] - 2026-05-08
 
 ### Added
diff --git a/scripts/telemetry-ping.sh b/scripts/telemetry-ping.sh
index 4100173..73340b5 100755
--- a/scripts/telemetry-ping.sh
+++ b/scripts/telemetry-ping.sh
@@ -231,13 +231,6 @@ classify_endpoint_type() {
 DEPLOYMENT_MODE=$(classify_deployment_mode "$ENDPOINT")
 ENDPOINT_TYPE=$(classify_endpoint_type "$ENDPOINT")
 
-PROFILE_RAW="${AXONFLOW_PROFILE:-}"
-if [ -z "$PROFILE_RAW" ]; then
-  PROFILE="unknown"
-else
-  PROFILE="$PROFILE_RAW"
-fi
-
 HOOK_COUNT=0
 HOOKS_FILE="$PLUGIN_DIR/hooks/hooks.json"
 if [ -f "$HOOKS_FILE" ]; then
@@ -253,7 +246,6 @@ PAYLOAD=$(jq -n \
   --arg runtime_version "${BASH_VERSION:-unknown}" \
   --arg deployment_mode "$DEPLOYMENT_MODE" \
   --arg endpoint_type "$ENDPOINT_TYPE" \
-  --arg profile "$PROFILE" \
   --arg instance_id "$INSTANCE_ID" \
   --argjson hook_count "$HOOK_COUNT" \
   --argjson platform_version "$PLATFORM_VERSION" \
@@ -268,8 +260,7 @@ PAYLOAD=$(jq -n \
     deployment_mode: $deployment_mode,
     endpoint_type: $endpoint_type,
     features: ["hooks:\($hook_count)"],
-    instance_id: $instance_id,
-    profile: $profile
+    instance_id: $instance_id
   }' 2>/dev/null)
 
 if [ -z "$PAYLOAD" ]; then
diff --git a/tests/heartbeat-real-stack/run_real_stack.sh b/tests/heartbeat-real-stack/run_real_stack.sh
index 08c4fc4..ac5ac10 100755
--- a/tests/heartbeat-real-stack/run_real_stack.sh
+++ b/tests/heartbeat-real-stack/run_real_stack.sh
@@ -198,12 +198,6 @@ if [ -f "$WORK_DIR/_pings.jsonl" ]; then
   else
     fail "ping endpoint_type=$COLD_ET (expected localhost)"
   fi
-  COLD_PROFILE=$(jq -r '.profile' "$WORK_DIR/_pings.jsonl" | head -1)
-  if [ "$COLD_PROFILE" = "unknown" ]; then
-    pass "ping profile=unknown (AXONFLOW_PROFILE unset)"
-  else
-    fail "ping profile=$COLD_PROFILE (expected unknown)"
-  fi
   COLD_MODE=$(jq -r '.deployment_mode' "$WORK_DIR/_pings.jsonl" | head -1)
   if [ "$COLD_MODE" = "self_hosted" ]; then
     pass "ping deployment_mode=self_hosted (harness endpoint is 127.0.0.1)"

From 3048a4d42ac361bdded2bb16d9f69408702c97ab Mon Sep 17 00:00:00 2001
From: Saurabh Jain <saurabhjain1592@gmail.com>
Date: Fri, 8 May 2026 20:27:02 +0200
Subject: [PATCH 2/2] chore: retrigger CI after [skip-runtime-e2e] title update

Signed-off-by: Saurabh Jain <saurabhjain1592@gmail.com>