chore: Remove tenancy/environment/project IDs if there are any

[chronark]

What does this PR do?

Fixes # (issue)

If there is not an issue for this, please create one first. This is used to tracking purposes and also helps use understand why this PR exists

Type of change

• Bug fix (non-breaking change which fixes an issue)
• Chore (refactoring code, technical debt, workflow improvements)
• Enhancement (small improvements)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How should this be tested?

• Test A
• Test B

Checklist

Required

• Filled out the "How to test" section in this PR
• Read Contributing Guide
• Self-reviewed my own code
• Commented on my code in hard-to-understand areas
• Ran pnpm build
• Ran pnpm fmt
• Checked for warnings, there are none
• Removed all console.logs
• Merged the latest changes from main onto my branch with git pull origin main
• My changes don't cause any responsiveness issues

Appreciated

• If a UI change was made: Added a screen recording or screenshots to this PR
• Updated the Unkey Docs if changes were necessary

Summary by CodeRabbit

• Refactor
  • Removed multi-tenant context and quotas across service, client, and CLI; simplified usage and authentication.
  • Build API requests no longer include tenant_id; quotas endpoint removed; BuildConfig no longer carries tenant settings (fields renumbered). Client/SDKs and integrations will require updates.
  • CLI flags for user/tenant and the get-quotas command removed; examples adjusted accordingly.
• Documentation
  • Updated examples and README to reflect tenant-less flows and removed environment variables.
• Chores
  • Updated dependencies (networking, crypto, system, text, gRPC) and internal module references.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1e9c5b8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
dashboard	Ready	Preview	Comment	Sep 8, 2025 6:21am
engineering	Ready	Preview	Comment	Sep 8, 2025 6:21am

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR removes tenant context, isolation, quotas, and related authentication from builderd across client, server, service, and proto layers. Requests and configs no longer carry tenant IDs; quotas and tenant storage/isolation subsystems are deleted. Observability metrics drop tenant attributes. CLI, docs, and assets handling are updated accordingly. Dependencies are bumped and local replaces added.

Changes

Cohort / File(s)	Summary of changes
Docs go/deploy/builderd/README.md	Updated examples to use example tenant/customer IDs; no behavioral changes.
Client API (tenant removal) go/deploy/builderd/client/client.go, go/deploy/builderd/client/types.go	Removed tenant-scoped auth/fields and quotas API. Requests no longer include TenantID. Dropped GetTenantQuotas and related request/response types. Simplified client config/structs.
CLI (tenant/quotas removal) go/deploy/builderd/cmd/builderd-cli/main.go	Removed -user/-tenant flags and quotas command/handler. BuildConfig no longer includes TenantContext. Updated requests to omit TenantID. Adjusted usage text.
Server entrypoint/interceptors go/deploy/builderd/cmd/builderd/main.go	Removed tenant auth interceptor and tenant isolation logging. Default interceptors now exclude tenant auth.
Service API/logic go/deploy/builderd/internal/service/builder.go	Removed tenant extraction/validation, tenant labels, and quotas scaffolding. Deleted GetTenantQuotas RPC handler. Logs no longer include tenant_id.
Protocol (proto) changes go/proto/deploy/builderd/v1/builder.proto	Removed TenantContext, quotas/limits/types, and GetTenantQuotas RPC. BuildConfig renumbered: removed tenant/limits; reordered fields. Requests (List/Cancel/Delete/Stream/Stats) drop tenant_id and field numbers updated.
Tenant subsystem deletion go/deploy/builderd/internal/tenant/*	Deleted isolation, manager, storage, and types modules, including all exported types (Manager, StorageIsolator, ProcessIsolator, quota/errors, constraints, metrics, etc.).
Assets handling go/deploy/builderd/internal/assets/base.go, go/deploy/builderd/internal/assetmanager/client.go	Removed injection of tenant/customer labels and headers. Asset registration/upload no longer set tenant/customer metadata.
Config (tenant config removal) go/deploy/builderd/internal/config/config.go	Removed Tenant field and TenantConfig type; eliminated tenant-specific env loading/logging.
Executor and metrics (signature/metadata) go/deploy/builderd/internal/executor/docker.go, go/deploy/builderd/internal/executor/docker_pipeline.go, go/deploy/builderd/internal/executor/types.go, go/deploy/builderd/internal/observability/metrics.go	Changed RecordBuildStart signature to drop tenant tier. Removed user metadata extraction/env. Removed tenant_id logs, and TenantID from BuildResult. Adjusted calls accordingly.
Module/deps go/deploy/builderd/go.mod	Bumped several deps (x/net, x/crypto, x/sys, x/text, grpc, genproto, otlp). Added/expanded local replace directives.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant CLI as CLI
  participant Client as Builderd Client
  participant SVC as Builderd Service
  participant Exec as Executor
  participant AM as Asset Manager

  Note over CLI,Client: New flow (no tenant context/auth)
  CLI->>Client: CreateBuild(BuildConfig: source/target/strategy, labels)
  Client->>SVC: CreateBuild(request without tenant_id)
  SVC->>Exec: Start build (no tenant quotas/isolation)
  Exec->>AM: Upload artifact (no X-Tenant-ID/X-Customer-ID)
  Exec-->>SVC: Build result
  SVC-->>Client: CreateBuildResponse
  Client-->>CLI: Build ID

  CLI->>Client: StreamBuildLogs(build_id, follow)
  Client->>SVC: StreamBuildLogs(build_id)
  SVC-->>Client: Log stream
  Client-->>CLI: Logs

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120+ minutes

Possibly related PRs

• feat(deploy): redesign metald network architecture #3818 — Adjusts builderd observability metrics, removing tenant-scoped fields and updating metrics method signatures, overlapping with this PR’s RecordBuildStart change.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 09-08-chore_remove_tenancy_environment_project_ids_if_there_are_any

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chronark]

• chore: upgrade builderd's go version to latest #3929
• chore: Remove tenancy/environment/project IDs if there are any #3928 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

Thank you for following the naming conventions for pull request titles! 🙏

[coderabbitai]

Actionable comments posted: 14

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (26)

go/deploy/builderd/README.md (3)

172-185: Purge “Multi-Tenancy” env vars from docs; feature removed in this PR.

The section advertises config that no longer exists and will confuse operators.

Apply:

-### Multi-Tenancy
-```bash
-UNKEY_BUILDERD_TENANT_ISOLATION_ENABLED=true      # Enable tenant isolation
-UNKEY_BUILDERD_TENANT_DEFAULT_TIER=free           # Default service tier
-UNKEY_BUILDERD_TENANT_QUOTA_CHECK_INTERVAL=5m     # Quota check frequency
-
-# Default resource limits
-UNKEY_BUILDERD_TENANT_DEFAULT_MAX_MEMORY_BYTES=2147483648  # 2GB
-UNKEY_BUILDERD_TENANT_DEFAULT_MAX_CPU_CORES=2
-UNKEY_BUILDERD_TENANT_DEFAULT_MAX_DISK_BYTES=10737418240   # 10GB
-UNKEY_BUILDERD_TENANT_DEFAULT_TIMEOUT_SECONDS=900          # 15min
-UNKEY_BUILDERD_TENANT_DEFAULT_MAX_CONCURRENT_BUILDS=3
-UNKEY_BUILDERD_TENANT_DEFAULT_MAX_DAILY_BUILDS=100
-```

---

264-268: Drop TenantId from StreamBuildLogs example.

Aligns with StreamBuildLogsRequest now lacking tenant_id.

Apply:

 stream, err := client.StreamBuildLogs(ctx, connect.NewRequest(&builderv1.StreamBuildLogsRequest{
     BuildId:  buildId,
-    TenantId: tenantId,
     Follow:   true,
 }))

---

1-4: Update branding and links that still claim “Multi-Tenant”.

The service is no longer multi-tenant. Please strip the term from header/overview and remove references to internal/tenant/* and quota features that were deleted.

Also applies to: 14-27, 93-103

go/deploy/builderd/go.mod (1)

3-3: Invalid go directive (patch versions not allowed).

Use major.minor only; pin patch via toolchain.

Apply:

-go 1.24.4
+go 1.24
+toolchain go1.24.4

go/deploy/builderd/client/types.go (1)

35-39: Cap and validate page size.

Add a server-side guard and document defaults (e.g., max 1000).

go/proto/deploy/builderd/v1/builder.proto (2)

307-311: Remove tenant_id from GetBuildRequest but reserve field number.

Client types no longer set it; keep wire-compat.

Apply:

 message GetBuildRequest {
   string build_id = 1;
-  string tenant_id = 2; // For authorization
+  reserved 2; // tenant_id removed
 }

---

9-19: Service/docs still say “multi-tenant”.

Update comments to reflect single-tenant/global service, or clearly state tenancy was removed.

go/deploy/builderd/cmd/builderd/main.go (5)

449-456: Update CLI help text: remove “Multi-Tenant” branding and tenant env var; keep TLS defaults consistent.

Current help contradicts the code and the PR.

Apply:

-func printUsage() {
-    fmt.Printf("Builderd - Multi-Tenant Build Service\n\n")
+func printUsage() {
+    fmt.Printf("Builderd - Build Service\n\n")
@@
-    fmt.Printf("  UNKEY_BUILDERD_TENANT_ISOLATION_ENABLED     Enable tenant isolation (default: true)\n")
@@
-    fmt.Printf("\nTLS Configuration:\n")
-    fmt.Printf("  UNKEY_BUILDERD_TLS_MODE                     TLS mode: disabled, file, spiffe (default: disabled)\n")
+    fmt.Printf("\nTLS Configuration:\n")
+    fmt.Printf("  UNKEY_BUILDERD_TLS_MODE                     TLS mode: disabled, file, spiffe (default: disabled)\n")
@@
-    fmt.Printf("  It supports multi-tenant isolation, resource quotas, and comprehensive\n")
-    fmt.Printf("  observability with OpenTelemetry.\n\n")
+    fmt.Printf("  It provides comprehensive observability with OpenTelemetry.\n\n")
@@
-func printVersion() {
-    fmt.Printf("Builderd - Multi-Tenant Build Service\n")
+func printVersion() {
+    fmt.Printf("Builderd - Build Service\n")

Also applies to: 461-476, 483-491, 500-503

---

353-359: Prometheus bind address: guard empty interface.

If PrometheusInterface is empty, addr becomes “:port”. Either ensure config default or set a safe default here.

Apply:

-    promAddr := fmt.Sprintf("%s:%s", cfg.OpenTelemetry.PrometheusInterface, cfg.OpenTelemetry.PrometheusPort)
+    iface := cfg.OpenTelemetry.PrometheusInterface
+    if iface == "" { iface = "127.0.0.1" }
+    promAddr := fmt.Sprintf("%s:%s", iface, cfg.OpenTelemetry.PrometheusPort)

Also applies to: 368-396

---

535-574: Minor: validate dirs using stat first to avoid unnecessary chmod on existing dirs.

Not critical, but avoids touching perms unnecessarily.

-    if err := os.MkdirAll(dir, 0o755); err != nil {
+    if _, err := os.Stat(dir); os.IsNotExist(err) {
+        if err := os.MkdirAll(dir, 0o755); err != nil {
+            return fmt.Errorf("cannot create/access directory %s: %w", dir, err)
+        }
+    } else if err != nil {
         return fmt.Errorf("cannot create/access directory %s: %w", dir, err)
-    }
+    }

---

260-266: Consider basic rate limiting on main mux as well (not only /health on Prometheus server).

Protects the RPC surface from bursts when TLS is off (h2c).

---

135-151: Align TLS default policy comments and docs
In go/deploy/builderd/cmd/builderd/main.go remove the “defaults to disabled” comment (lines 135–136) and replace it with “SPIFFE/mTLS is required by default (no disabled fallback)”, then update printUsage and any README references to eliminate “default: disabled” messaging so all docs and flag defaults match the enforced policy.

go/deploy/builderd/internal/config/config.go (1)

79-89: Remove or integrate unused ResourceLimits
ResourceLimits defined at go/deploy/builderd/internal/config/config.go:79 is never referenced elsewhere; remove it or wire it into your config/validation to avoid dead code.

go/deploy/builderd/internal/executor/docker.go (2)

554-568: Avoid shell invocation for file removals (pattern handling, injection, spaces)

Using sh -c with an interpolated path is brittle (spaces, special chars) even after validation. Replace with Glob + os.RemoveAll.

- // Use rm command to remove files matching pattern
- // Note: fullPattern is now validated and sanitized
- //nolint:gosec // G204: Path is validated and sanitized above to prevent injection
- cmd := exec.CommandContext(ctx, "sh", "-c", fmt.Sprintf("rm -rf %s", fullPattern))
- if err := cmd.Run(); err != nil {
+ // Expand pattern and remove each match safely without a shell
+ matches, globErr := filepath.Glob(fullPattern)
+ if globErr != nil {
+   logger.DebugContext(ctx, "glob failed",
+     slog.String("pattern", pattern),
+     slog.String("error", globErr.Error()),
+   )
+   lastError = globErr
+   continue
+ }
+ if len(matches) == 0 {
+   continue
+ }
+ for _, m := range matches {
+   if err := os.RemoveAll(m); err != nil {
+     logger.DebugContext(ctx, "failed to remove path",
+       slog.String("path", m),
+       slog.String("error", err.Error()),
+     )
+     lastError = err
+   } else {
+     removedPatterns++
+   }
+ }
- } else {
-   removedPatterns++
- }

---

205-208: Log the actual artifact path

You log rootfs_dir while the artifact returned is the ext4 image. Log ext4Path to avoid confusion.

- logger.InfoContext(ctx, "Docker image extraction successful",
-   slog.String("rootfs_path", rootfsDir),
+ logger.InfoContext(ctx, "Docker image extraction successful",
+   slog.String("rootfs_path", ext4Path),
   slog.Duration("total_duration", time.Since(start)),
 )

go/deploy/builderd/internal/service/builder.go (8)

183-191: Fix data race: BuildJob is mutated asynchronously while GetBuild returns a shared pointer

buildJob is updated in the background goroutine while GetBuild returns the same pointer without copying. This is a data race and can yield inconsistent responses. Deep-copy the job under lock before returning it (and do the same in list APIs later).

Apply:

@@
-  // Retrieve build from memory storage
-  s.buildsMutex.RLock()
-  build, exists := s.builds[req.Msg.GetBuildId()]
-  s.buildsMutex.RUnlock()
-
-  if !exists {
-    return nil, connect.NewError(connect.CodeNotFound,
-      fmt.Errorf("build not found: %s", req.Msg.GetBuildId()))
-  }
-
-  resp := &builderv1.GetBuildResponse{
-    Build: build,
-  }
+  // Retrieve build from memory storage and deep-copy to avoid races
+  s.buildsMutex.RLock()
+  build, exists := s.builds[req.Msg.GetBuildId()]
+  if !exists {
+    s.buildsMutex.RUnlock()
+    return nil, connect.NewError(connect.CodeNotFound,
+      fmt.Errorf("build not found: %s", req.Msg.GetBuildId()))
+  }
+  buildCopy := proto.Clone(build).(*builderv1.BuildJob)
+  s.buildsMutex.RUnlock()
+
+  resp := &builderv1.GetBuildResponse{
+    Build: buildCopy,
+  }

Add import:

import "google.golang.org/protobuf/proto"

Also applies to: 213-220, 340-353

---

155-173: Implement real cancellation and merge request/shutdown contexts

Builds ignore request cancellations (buildCtx := s.shutdownCtx) and CancelBuild reports success without actually canceling. Merge request ctx with service shutdown and store per-build cancel funcs; use them in CancelBuild.

CreateBuild changes:

@@
- s.buildWg.Add(1)
- go func() {
+ s.buildWg.Add(1)
+ // derive build context from request; also react to service shutdown
+ buildCtx, buildCancel := context.WithCancel(ctx)
+ // store cancel for CancelBuild
+ s.buildsMutex.Lock()
+ if s.buildCancels == nil {
+   s.buildCancels = make(map[string]context.CancelFunc)
+ }
+ s.buildCancels[buildJob.BuildId] = buildCancel
+ s.buildsMutex.Unlock()
+
+ // cancel on service shutdown as well
+ go func() {
+   select {
+   case <-s.shutdownCtx.Done():
+     buildCancel()
+   case <-buildCtx.Done():
+   }
+ }()
+
+ go func() {
   defer s.buildWg.Done()
+  defer func() {
+    s.buildsMutex.Lock()
+    delete(s.buildCancels, buildJob.BuildId)
+    s.buildsMutex.Unlock()
+  }()
@@
-  buildCtx := s.shutdownCtx
+  // use merged buildCtx

CancelBuild changes:

@@
- // TODO: Cancel the running build process
- // TODO: Update build state in database
+ // Attempt to cancel the running build
+ s.buildsMutex.Lock()
+ cancel, ok := s.buildCancels[req.Msg.GetBuildId()]
+ s.buildsMutex.Unlock()
+ if !ok {
+   return nil, connect.NewError(connect.CodeNotFound,
+     fmt.Errorf("build not running or not found: %s", req.Msg.GetBuildId()))
+ }
+ cancel()

Add struct field (outside selected range):

type BuilderService struct {
  ...
  buildCancels map[string]context.CancelFunc
}

Also applies to: 392-401

---

63-66: Use collision-resistant build IDs

Time-based IDs can collide across processes; prefer UUID.

-func generateBuildID() string {
-  return fmt.Sprintf("build-%d", time.Now().UnixNano())
-}
+func generateBuildID() string {
+  return "build-" + uuid.NewString()
+}

Add import:

import "github.com/google/uuid"

---

320-326: Return the job’s CreatedAt for consistency

Avoid skew between the job and response timestamps.

 resp := &builderv1.CreateBuildResponse{
   BuildId:    buildJob.BuildId,
   State:      builderv1.BuildState_BUILD_STATE_BUILDING,
-  CreatedAt:  timestamppb.Now(),
+  CreatedAt:  buildJob.CreatedAt,
   RootfsPath: "",
 }

---

207-210: Avoid stringly-typed status comparisons

Relying on "failed" is brittle. Expose a typed status from the executor or return a boolean/enum.

---

393-395: Improve cancellation metrics dimensions

Hardcoding "unknown" loses signal. Include build_id and source_type when available.

---

147-151: In-memory build store: plan persistence and retention

Map-based storage will lose builds on restart and can leak memory. Persist jobs and add GC/retention.

---

70-75: Remove AIDEV- breadcrumbs before merge*

Internal notes should not ship.

Also applies to: 153-161

go/deploy/builderd/cmd/builderd-cli/main.go (3)

18-20: Update CLI comment to remove “tenant isolation” wording

Docs still reference tenants; align with the PR’s removal.

---

262-266: Make force parsing more robust

Positional --force is brittle. At minimum accept -force too; ideally use a sub-FlagSet.

-if flag.NArg() > 2 && flag.Arg(2) == "--force" {
+if flag.NArg() > 2 && (flag.Arg(2) == "--force" || flag.Arg(2) == "-force") {
   force = true
 }

---

318-321: Treat EOF as a clean stream termination

Avoid fatal on normal stream close.

- if err := stream.Err(); err != nil {
-   log.Fatalf("Stream error: %v", err)
- }
+ if err := stream.Err(); err != nil && !errors.Is(err, io.EOF) {
+   log.Fatalf("Stream error: %v", err)
+ }

Add imports:

import (
  "errors"
  "io"
)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7f609cd and 1e9c5b8.

⛔ Files ignored due to path filters (5)

• go/deploy/builderd/go.sum is excluded by !**/*.sum
• go/gen/proto/deploy/builderd/v1/builder.pb.go is excluded by !**/*.pb.go, !**/gen/**
• go/gen/proto/deploy/builderd/v1/builderdv1connect/builder.connect.go is excluded by !**/gen/**
• go/gen/proto/metal/vmprovisioner/v1/vmprovisioner.pb.go is excluded by !**/*.pb.go, !**/gen/**
• go/gen/proto/metal/vmprovisioner/v1/vmprovisionerv1connect/vmprovisioner.connect.go is excluded by !**/gen/**

📒 Files selected for processing (19)

• go/deploy/builderd/README.md (2 hunks)
• go/deploy/builderd/client/client.go (6 hunks)
• go/deploy/builderd/client/types.go (4 hunks)
• go/deploy/builderd/cmd/builderd-cli/main.go (6 hunks)
• go/deploy/builderd/cmd/builderd/main.go (1 hunks)
• go/deploy/builderd/go.mod (2 hunks)
• go/deploy/builderd/internal/assetmanager/client.go (0 hunks)
• go/deploy/builderd/internal/assets/base.go (0 hunks)
• go/deploy/builderd/internal/config/config.go (1 hunks)
• go/deploy/builderd/internal/executor/docker.go (1 hunks)
• go/deploy/builderd/internal/executor/docker_pipeline.go (1 hunks)
• go/deploy/builderd/internal/executor/types.go (0 hunks)
• go/deploy/builderd/internal/observability/metrics.go (1 hunks)
• go/deploy/builderd/internal/service/builder.go (3 hunks)
• go/deploy/builderd/internal/tenant/isolation.go (0 hunks)
• go/deploy/builderd/internal/tenant/manager.go (0 hunks)
• go/deploy/builderd/internal/tenant/storage.go (0 hunks)
• go/deploy/builderd/internal/tenant/types.go (0 hunks)
• go/proto/deploy/builderd/v1/builder.proto (11 hunks)

💤 Files with no reviewable changes (7)

• go/deploy/builderd/internal/assets/base.go
• go/deploy/builderd/internal/assetmanager/client.go
• go/deploy/builderd/internal/executor/types.go
• go/deploy/builderd/internal/tenant/isolation.go
• go/deploy/builderd/internal/tenant/storage.go
• go/deploy/builderd/internal/tenant/manager.go
• go/deploy/builderd/internal/tenant/types.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Test Go API Local / Test
• GitHub Check: Test API / API Test Local
• GitHub Check: Test Packages / Test
• GitHub Check: Build / Build

🔇 Additional comments (6)

go/deploy/builderd/go.mod (1)

22-26: Adjust verification script to run in the module directory and rerun
Change into go/deploy/builderd before running the checks so that the correct go.mod is found. For example:

cd go/deploy/builderd
go mod tidy
go list ./... >/dev/null
go list -m -u all | rg 'connectrpc|grpc|genproto|opentelemetry|golang.org/x/'

Repeat the same steps for the dependency block at lines 48–55.

go/proto/deploy/builderd/v1/builder.proto (1)

352-356: GetBuildStatsRequest still has tenant_id; remove and reserve or keep it consistently.

Client types dropped it. Make a call and align.

Suggested if removing:

 message GetBuildStatsRequest {
-  string tenant_id = 1;
-  google.protobuf.Timestamp start_time = 2;
-  google.protobuf.Timestamp end_time = 3;
+  reserved 1; // tenant_id removed
+  google.protobuf.Timestamp start_time = 2;
+  google.protobuf.Timestamp end_time = 3;
 }

go/deploy/builderd/cmd/builderd/main.go (1)

250-252: ACK: tenant auth interceptor removed.

Interceptors now only metrics/logging — matches PR intent.

go/deploy/builderd/internal/observability/metrics.go (1)

295-305: RecordBuildStart API change verified
Only 2-arg calls remain (in docker_pipeline.go and docker.go) and there are no references to tenant_tier or similar attributes in the Go code.

go/deploy/builderd/client/client.go (1)

124-125: Proto field usage LGTM

BuildId/Follow/Force mappings align with tenant-free requests.

Also applies to: 160-161, 177-179, 194-196

go/deploy/builderd/cmd/builderd-cli/main.go (1)

183-184: API surface updates LGTM

BuildID-only requests and removal of tenant args are correctly reflected across handlers.

Also applies to: 237-240, 269-271, 295-297

[imeyer]

LGTM, thank you! <3

[imeyer]

I'll clean up any issues here.

[Flo4604]

@imeyer is it fine to merge? or do you want to do any changes in this branch

[imeyer]

nope go ahead and approve 😄

[graphite-app]

[graphite-app]

Graphite Automations

"Post a GIF when PR approved" took an action on this PR • (09/08/25)

1 gif was posted to this PR based on Andreas Thomas's automation.