[stealth 01/11] Add stealth build profile plumbing

[reflog]

Summary

• adds scripts/stealth/generate_profile.py for private stealth-vpn/stealth-novpn build profiles
• wires profile values through Make targets, Flutter dart defines, Android Gradle, manifest app label, session name, and Go build tags
• records private artifact metadata with the Go obfuscation seed redacted to a hash
• documents profile generation, support metadata, and package-name migration tradeoffs

Closes #8763

Validation

• python3 -m unittest discover -s scripts/stealth -p *_test.py
• python3 -m py_compile scripts/stealth/generate_profile.py scripts/stealth/generate_profile_test.py
• dart format --set-exit-if-changed lib/core/common/app_build_info.dart lib/core/common/app_secrets.dart
• python3 scripts/stealth/generate_profile.py --mode stealth-novpn ... --output /tmp/lantern-8763-profile.json ...
• python3 scripts/stealth/generate_profile.py --input /tmp/lantern-8763-profile.json --go-tags-suffix
• make -n android-apk-release
• make -n android-apk-release STEALTH_MODE=stealth-vpn STEALTH_GO_OBFUSCATION_SEED=testseed
• make -n build-android ANDROID_SDK_ROOT=/tmp STEALTH_MODE=stealth-vpn STEALTH_GO_OBFUSCATION_SEED=testseed
• git diff --cached --check

Not run

• Full Android/Flutter builds: no Android SDK/Gradle wrapper available in this environment.

[Copilot]

Pull request overview

This PR introduces “stealth build profile” support so private stealth-vpn / stealth-novpn builds can be produced from the main source tree by generating (or supplying) a profile JSON and plumbing its values through Make, Flutter dart-defines, Android Gradle/manifest, and Go build tags. It also adds private artifact metadata output that redacts the raw Go obfuscation seed (records a hash instead), and documents how to use the system.

Changes:

• Added a Python CLI (scripts/stealth/generate_profile.py) to generate/validate normalized stealth build profiles and emit dart-defines and redacted artifact metadata (with unit tests).
• Wired stealth profile generation into Make build targets and appended stealth Go build tags; added Flutter --dart-define-from-file plumbing and a STEALTH_PROFILE environment export for Android/Gradle consumption.
• Updated Android Gradle + manifest label placeholder + VPN session name to consume the profile values; exposed profile-derived constants in Dart (AppBuildInfo) and used them in AppSecrets.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
scripts/stealth/generate_profile.py	New profile generator/validator; emits dart-defines, metadata, and Go tag suffix.
scripts/stealth/generate_profile_test.py	Unit tests for profile generation, metadata redaction, and tag suffix output.
Makefile	Adds stealth profile variables/targets; plumbs dart-defines, STEALTH_PROFILE, and Go tags into builds.
lib/core/common/app_secrets.dart	Sources Android package name from stealth build info instead of a hardcoded constant.
lib/core/common/app_build_info.dart	Adds STEALTH_* compile-time constants and isStealthBuild helper.
docs/stealth-build-profile.md	Documents generating/using stealth profiles and migration tradeoffs.
android/app/src/main/kotlin/org/getlantern/lantern/service/LanternVpnService.kt	Uses BuildConfig.STEALTH_SESSION_NAME for the VPN session name.
android/app/src/main/AndroidManifest.xml	Switches application label to a manifest placeholder (${appName}).
android/app/build.gradle	Loads stealth profile JSON (env/Gradle property), applies applicationId, manifest placeholder, and BuildConfig.STEALTH_* fields.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

[reflog]

@copilot review

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

[Copilot]

@copilot review

Reviewed at 1e0b5be. I don’t see any new actionable issues in the current PR state, so no additional code changes were needed.

[reflog]

@copilot review

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

[reflog]

@copilot review

[Copilot]

@copilot review

Reviewed at 40e9139. The two items surfaced by the previous review are fixed: denylistVersion now enforces a 32-bit signed int ceiling (MAX_ANDROID_INT) matching Gradle's Integer.parseInt, and normalizeStealthMode trims whitespace so hand-edited values like " stealth-vpn " normalize correctly. All 12 unit tests pass. No new actionable issues found.

[reflog]

@copilot review

[Copilot]

@copilot review

Reviewed at 9889f73. Both items from the previous automated review are already resolved: $(DART_DEFINES) is now passed to the android-debug target (line 589), and STEALTH_NO_VPN is consumed by AppBuildInfo.stealthNoVpn in lib/core/common/app_build_info.dart. All 12 unit tests pass. No new actionable issues found.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated no new comments.