Summary
WireTapper maintains two divergent executable entrypoints (app.py and app-env.py) with materially different configuration, enrichment, and output behavior, creating split-brain runtime semantics for the same product.
Evidence
Why this matters
This is not a cosmetic duplication problem. Which file gets launched changes auth behavior, provider custody, enrichment results, and the shape of returned device data. That makes behavior non-deterministic across environments and turns debugging into guesswork.
Attack or failure scenario
A local demo uses app.py, while another operator or deployment uses app-env.py. Identical requests now return different fields, different leak annotations, and different provider behavior. Defects appear irreproducible because the project has no single authoritative runtime.
Root cause
The project evolved by copying the entrypoint and editing the clone instead of extracting shared logic and preserving one canonical executable path.
Recommended fix
- Collapse to a single supported entrypoint.
- Move provider configuration and enrichment behavior into shared modules with explicit feature flags.
- Add schema tests so returned device structures remain stable across environments.
- Remove the abandoned or demo-only path from production documentation.
Acceptance criteria
- Only one canonical server entrypoint remains for the product.
- Provider config and enrichment logic are shared, not forked.
- Route responses are deterministic across environments given the same configuration.
Suggested labels
- architecture
- technical-debt
- reliability
- production-readiness
Priority
P1 (High)
Severity
High — duplicated entrypoints create non-deterministic runtime behavior and configuration drift.
Confidence
Confirmed — the divergence is explicit in tracked source.
Summary
WireTapper maintains two divergent executable entrypoints (
app.pyandapp-env.py) with materially different configuration, enrichment, and output behavior, creating split-brain runtime semantics for the same product.Evidence
app.pyhardcodes provider credential constants in source: https://github.com/h9zdev/WireTapper/blob/main/app.py#L9-L13app-env.pyswitches to environment-backed credentials and adds different enrichment logic: https://github.com/h9zdev/WireTapper/blob/main/app-env.py#L10-L15 and https://github.com/h9zdev/WireTapper/blob/main/app-env.py#L84-L126app-env.pyaugments results throughwpasec_kqueryand includes additional dummy/leaked fields that are absent fromapp.py: https://github.com/h9zdev/WireTapper/blob/main/app-env.py#L84-L126 and https://github.com/h9zdev/WireTapper/blob/main/app-env.py#L184-L185Why this matters
This is not a cosmetic duplication problem. Which file gets launched changes auth behavior, provider custody, enrichment results, and the shape of returned device data. That makes behavior non-deterministic across environments and turns debugging into guesswork.
Attack or failure scenario
A local demo uses
app.py, while another operator or deployment usesapp-env.py. Identical requests now return different fields, different leak annotations, and different provider behavior. Defects appear irreproducible because the project has no single authoritative runtime.Root cause
The project evolved by copying the entrypoint and editing the clone instead of extracting shared logic and preserving one canonical executable path.
Recommended fix
Acceptance criteria
Suggested labels
Priority
P1 (High)
Severity
High — duplicated entrypoints create non-deterministic runtime behavior and configuration drift.
Confidence
Confirmed — the divergence is explicit in tracked source.