stackrox · vikin91 · Oct 16, 2025 · Oct 14, 2025 · Oct 10, 2025 · Oct 10, 2025
@@ -30,9 +30,6 @@ var (
 	// SensorDeploymentBuildOptimization enables a performance improvement by skipping deployments processing when no dependency or spec changed
 	SensorDeploymentBuildOptimization = registerFeature("Enables a performance improvement by skipping deployments processing when no dependency or spec changed", "ROX_DEPLOYMENT_BUILD_OPTIMIZATION", enabled)
 
-	// SensorCapturesIntermediateEvents enables sensor to capture intermediate events when it is disconnected from central
-	SensorCapturesIntermediateEvents = registerFeature("Enables sensor to capture intermediate events when it is disconnected from central", "ROX_CAPTURE_INTERMEDIATE_EVENTS", enabled)
-
 	// VulnMgmtLegacySnooze enables APIs and UI for the legacy VM 1.0 "snooze CVE" functionality in the new VM 2.0 sections
 	VulnMgmtLegacySnooze = registerFeature("Enables the ability to snooze Node and Platform CVEs in VM 2.0", "ROX_VULN_MGMT_LEGACY_SNOOZE")
 

@@ -19,7 +19,6 @@ import (
 	"github.com/stackrox/rox/pkg/env"
 	"github.com/stackrox/rox/pkg/errorhelpers"
 	"github.com/stackrox/rox/pkg/errox"
-	"github.com/stackrox/rox/pkg/features"
 	"github.com/stackrox/rox/pkg/logging"
 	"github.com/stackrox/rox/pkg/networkgraph"
 	"github.com/stackrox/rox/pkg/networkgraph/networkbaseline"
@@ -74,13 +73,9 @@ func New(clusterID clusterIDPeekWaiter, enforcer enforcer.Enforcer, admCtrlSetti
 	deploymentStore store.DeploymentStore, serviceAccountStore store.ServiceAccountStore, cache cache.Image, auditLogEvents chan *sensor.AuditEvents,
 	auditLogUpdater updater.Component, networkPolicyStore store.NetworkPolicyStore, registryStore *registry.Store, localScan *scan.LocalScan) Detector {
 	detectorStopper := concurrency.NewStopper()
-	netFlowQueueSize := 0
-	piQueueSize := 0
+	netFlowQueueSize := queueScaler.ScaleSizeOnNonDefault(env.DetectorNetworkFlowBufferSize)
+	piQueueSize := queueScaler.ScaleSizeOnNonDefault(env.DetectorProcessIndicatorBufferSize)
 	deploymentQueueSize := 0
-	if features.SensorCapturesIntermediateEvents.Enabled() {
-		netFlowQueueSize = queueScaler.ScaleSizeOnNonDefault(env.DetectorNetworkFlowBufferSize)
-		piQueueSize = queueScaler.ScaleSizeOnNonDefault(env.DetectorProcessIndicatorBufferSize)
-	}
 	if env.DetectorDeploymentBufferSize.IntegerSetting() > 0 {
 		deploymentQueueSize = queueScaler.ScaleSizeOnNonDefault(env.DetectorDeploymentBufferSize)
 	}
@@ -274,9 +269,6 @@ func (d *detectorImpl) Stop() {
 }
 
 func (d *detectorImpl) Notify(e common.SensorComponentEvent) {
-	if !features.SensorCapturesIntermediateEvents.Enabled() {
-		return
-	}
 	log.Info(common.LogSensorComponentEvent(e))
 	switch e {
 	case common.SensorComponentEventCentralReachable:
@@ -612,8 +604,7 @@ func (d *detectorImpl) processIndicator() {
 			if item == nil {
 				continue
 			}
-			// If ROX_CAPTURE_INTERMEDIATE_EVENTS is enabled,
-			// the context will not be canceled with sensor disconnects
+			// The context persists across disconnects with event buffering enabled
 			images := d.enricher.getImages(item.Ctx, item.Deployment)
 
 			// Run detection now
@@ -737,8 +728,7 @@ func (d *detectorImpl) processAlertsForFlowOnEntity() {
 			}
 			log.Debugf("processing network flow for deployment %s with id %s", item.Deployment.GetName(), item.Deployment.GetId())
 
-			// If ROX_CAPTURE_INTERMEDIATE_EVENTS is enabled,
-			// the context will not be canceled with sensor disconnects
+			// The context persists across disconnects with event buffering enabled
 			images := d.enricher.getImages(item.Ctx, item.Deployment)
 			alerts := d.unifiedDetector.DetectNetworkFlowForDeployment(booleanpolicy.EnhancedDeployment{
 				Deployment:             item.Deployment,

@@ -3,7 +3,6 @@ package queue
 import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/stackrox/rox/pkg/concurrency"
-	"github.com/stackrox/rox/pkg/features"
 	"github.com/stackrox/rox/pkg/queue"
 )
 
@@ -48,10 +47,6 @@ func NewQueue[T comparable](stopper concurrency.Stopper, name string, size int,
 
 // Start the queue.
 func (q *Queue[T]) Start() {
-	// If v3 is not enabled we need to trigger isRunning here.
-	if !features.SensorCapturesIntermediateEvents.Enabled() {
-		q.isRunning.Signal()
-	}
 	go q.run()
 }
 

@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"github.com/stackrox/rox/pkg/concurrency"
-	"github.com/stackrox/rox/pkg/features"
 	"github.com/stretchr/testify/suite"
 )
 
@@ -24,7 +23,6 @@ func (s *queueSuite) createAndStartQueue(stopper concurrency.Stopper, size int)
 }
 
 func (s *queueSuite) TestPauseAndResume() {
-	s.T().Setenv(features.SensorCapturesIntermediateEvents.EnvVar(), "true")
 	cases := map[string][]func(*Queue[*string], concurrency.Stopper){
 		"Pause":                              {s.push, s.pause, s.noPull},
 		"Pause, resume":                      {s.push, s.pause, s.push, s.resume, s.pull, s.pull},

@@ -123,11 +123,6 @@ const (
 	// Multiple collector messages can report the same endpoint, so we only process the most recent one.
 	EnrichmentReasonEpDuplicate EnrichmentReasonEp = "duplicate"
 
-	// EnrichmentReasonEpFeatureDisabled is returned when the SensorCapturesIntermediateEvents feature is disabled.
-	// This means Sensor is configured to not capture intermediate network events while in offline mode,
-	// so the enrichment should be skipped while in offline mode.
-	EnrichmentReasonEpFeatureDisabled EnrichmentReasonEp = "feature-disabled"
-
 	// EnrichmentReasonEpFeaturePlopDisabled is returned when the ProcessesListeningOnPort feature is disabled.
 	// This means PLoP (Processes Listening on Ports) enrichment will not be performed.
 	EnrichmentReasonEpFeaturePlopDisabled EnrichmentReasonEp = "feature-plop-disabled"

@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/stackrox/rox/pkg/env"
-	"github.com/stackrox/rox/pkg/features"
 	"github.com/stackrox/rox/pkg/net"
 	"github.com/stackrox/rox/pkg/networkgraph"
 	"github.com/stackrox/rox/pkg/timestamp"
@@ -197,33 +196,6 @@ func TestEnrichConnection_BusinessLogicPaths(t *testing.T) {
 				}
 			},
 		},
-		"Connection with SensorCapturesIntermediateEvents disabled should yield result EnrichmentResultSuccess with reason EnrichmentReasonConnSuccess": {
-			setupConnection: func() (*connection, *connStatus) {
-				conn := &connection{
-					containerID: "test-container",
-					incoming:    false,
-					remote:      createEndpoint("8.8.8.8", 80),
-				}
-				status := &connStatus{
-					firstSeen:             timestamp.Now().Add(-time.Minute),
-					lastSeen:              timestamp.InfiniteFuture, // active connection
-					enrichmentConsumption: enrichmentConsumption{},
-				}
-				return conn, status
-			},
-			setupMocks: func(m *mockExpectations) {
-				m.expectContainerFound("test-deployment").expectEndpointFound("cluster-endpoint-id", 80)
-			},
-			setupFeatureFlags: func(t *testing.T) {
-				t.Setenv(features.SensorCapturesIntermediateEvents.EnvVar(), "false")
-			},
-			expectedResult: EnrichmentResultSuccess,
-			expectedReason: EnrichmentReasonConnSuccess,
-			validateEnrichment: func(t *testing.T, enriched map[indicator.NetworkConn]timestamp.MicroTS) {
-				// Should still enrich even with feature disabled
-				assert.Len(t, enriched, 1, "Should have one enriched connection")
-			},
-		},
 	}
 
 	for name, tt := range tests {

@@ -7,7 +7,6 @@ import (
 	"github.com/stackrox/rox/pkg/centralsensor"
 	"github.com/stackrox/rox/pkg/concurrency"
 	"github.com/stackrox/rox/pkg/env"
-	"github.com/stackrox/rox/pkg/features"
 	"github.com/stackrox/rox/pkg/net"
 	"github.com/stackrox/rox/pkg/networkgraph"
 	"github.com/stackrox/rox/pkg/timestamp"
@@ -221,9 +220,6 @@ func (m *networkFlowManager) enrichConnection(now timestamp.MicroTS, conn *conne
 			// hence update the timestamp only if we have a more recent connection than the one we have already enriched.
 			if oldTS, found := enrichedConnections[ind.NetworkConn]; !found || oldTS < status.lastSeen {
 				enrichedConnections[ind.NetworkConn] = status.lastSeen
-				if !features.SensorCapturesIntermediateEvents.Enabled() {
-					continue
-				}
 
 				concurrency.WithLock(&m.activeConnectionsMutex, func() {
 					if !status.isClosed() {

@@ -6,7 +6,6 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/stackrox/rox/pkg/concurrency"
 	"github.com/stackrox/rox/pkg/env"
-	"github.com/stackrox/rox/pkg/features"
 	"github.com/stackrox/rox/pkg/networkgraph"
 	"github.com/stackrox/rox/pkg/timestamp"
 	"github.com/stackrox/rox/sensor/common/clusterentities"
@@ -132,9 +131,6 @@ func (m *networkFlowManager) enrichContainerEndpoint(
 	}
 
 	enrichedEndpointsProcesses[ind] = processIndicator
-	if !features.SensorCapturesIntermediateEvents.Enabled() {
-		return EnrichmentResultSuccess, resultPLOP, EnrichmentReasonEpFeatureDisabled, reasonPLOP
-	}
 
 	m.activeEndpointsMutex.Lock()
 	defer m.activeEndpointsMutex.Unlock()
@@ -250,8 +246,6 @@ func (m *networkFlowManager) handleEndpointEnrichmentResult(
 			log.Debugf("Enrichment succeeded; marking endpoint as inactive")
 		case EnrichmentReasonEpDuplicate:
 			log.Debugf("Enrichment succeeded; skipping update as newer data is already available")
-		case EnrichmentReasonEpFeatureDisabled:
-			log.Debugf("Enrichment succeeded; skipping update as sensor is not configured to enrich events while in offline mode")
 		}
 		// The default action is the old behavior, in which only inactive connections are removed.
 		return PostEnrichmentActionCheckRemove

@@ -7,7 +7,6 @@ import (
 
 	"github.com/stackrox/rox/generated/storage"
 	"github.com/stackrox/rox/pkg/env"
-	"github.com/stackrox/rox/pkg/features"
 	"github.com/stackrox/rox/pkg/net"
 	"github.com/stackrox/rox/pkg/networkgraph"
 	"github.com/stackrox/rox/pkg/timestamp"
@@ -452,39 +451,6 @@ func (s *TestNetworkFlowManagerEnrichmentTestSuite) TestEnrichContainerEndpoint(
 				},
 			},
 		},
-		"Enrichment for disabled SensorCapturesIntermediateEvents feature should yield EnrichmentReasonEpFeatureDisabled": {
-			isPastContainerResolutionDeadline: false,
-			isFresh:                           false,
-			shouldFindContainerID:             true,
-			processKey:                        nonEmptyProcessInfo,
-			epInActiveEndpoints: &containerEndpointIndicatorWithAge{
-				ContainerEndpoint: containerEndpointIndicator1,
-				lastUpdate:        now - 1,
-			},
-			plopFeatEnabled:              true,
-			offlineEnrichmentFeatEnabled: false,
-			lastSeen:                     timestamp.InfiniteFuture,
-			enrichedEndpointsProcesses:   make(map[indicator.ContainerEndpoint]*indicator.ProcessListeningWithTimestamp),
-			expected: struct {
-				resultNG   EnrichmentResult
-				resultPLOP EnrichmentResult
-				reasonNG   EnrichmentReasonEp
-				reasonPLOP EnrichmentReasonEp
-				action     PostEnrichmentAction
-				endpoint   *indicator.ContainerEndpoint
-			}{
-				resultNG:   EnrichmentResultSuccess,
-				resultPLOP: EnrichmentResultSuccess,
-				reasonNG:   EnrichmentReasonEpFeatureDisabled,
-				reasonPLOP: EnrichmentReasonEp(""),
-				action:     PostEnrichmentActionCheckRemove,
-				endpoint: &indicator.ContainerEndpoint{
-					Entity:   networkgraph.EntityForDeployment(id),
-					Port:     80,
-					Protocol: net.TCP.ToProtobuf(),
-				},
-			},
-		},
 	}
 
 	for name, tc := range cases {
@@ -493,7 +459,6 @@ func (s *TestNetworkFlowManagerEnrichmentTestSuite) TestEnrichContainerEndpoint(
 
 			// Setup environment variables
 			s.T().Setenv(env.ProcessesListeningOnPort.EnvVar(), strconv.FormatBool(tc.plopFeatEnabled))
-			s.T().Setenv(features.SensorCapturesIntermediateEvents.EnvVar(), strconv.FormatBool(tc.offlineEnrichmentFeatEnabled))
 
 			// Setup mocks using helper
 			mocks := newMockExpectations(mockEntityStore, nil)