Severity: Medium · From pre-release robustness review (2026-06-09, be40e1c, v2.6.0)
Location: plugin/addons/godot_ai/utils/server_lifecycle.gd:381-386 vs utils/settings.gd:33-39 vs telemetry.gd:18-20
Risk: With DISABLE_TELEMETRY=0 in the environment (a plausible CI/shell leftover) and the dock checkbox unchecked, _inject_telemetry_env sees has_environment(...) and injects nothing, so the Python server runs fully enabled while the plugin-side helper is disabled — the user's documented UI opt-out sends tool telemetry anyway. The telemetry.gd header comment also asserts the opposite semantics from what settings.gd implements.
Fix: Only skip injection when the existing env var is truthy; align the telemetry.gd comment with the actual McpSettings priority logic.
Severity: Medium · From pre-release robustness review (2026-06-09,
be40e1c, v2.6.0)Location:
plugin/addons/godot_ai/utils/server_lifecycle.gd:381-386vsutils/settings.gd:33-39vstelemetry.gd:18-20Risk: With
DISABLE_TELEMETRY=0in the environment (a plausible CI/shell leftover) and the dock checkbox unchecked,_inject_telemetry_envseeshas_environment(...)and injects nothing, so the Python server runs fully enabled while the plugin-side helper is disabled — the user's documented UI opt-out sends tool telemetry anyway. Thetelemetry.gdheader comment also asserts the opposite semantics from whatsettings.gdimplements.Fix: Only skip injection when the existing env var is truthy; align the
telemetry.gdcomment with the actualMcpSettingspriority logic.