Skip to content

feat(validator): add mail-adapter privacy-boundary check #694

Merged
potiuk merged 1 commit into
apache:mainfrom
justinmclean:mail-adapter-privacy-boundary-tests
Jul 3, 2026
Merged

feat(validator): add mail-adapter privacy-boundary check #694
potiuk merged 1 commit into
apache:mainfrom
justinmclean:mail-adapter-privacy-boundary-tests

Conversation

@justinmclean

Copy link
Copy Markdown
Member

Summary

Add check #17 to skill-and-tool-validator: contract:mail-source and
contract:mail-archive adapter READMEs must declare (a) that fetched
mail content is external data, not instructions, and (b) that
embedded prompt-injection text in mail bodies is surfaced as report
data only, never obeyed. Both sub-checks are SOFT advisories.

Add ## Security and privacy sections to tools/gmail/, tools/ponymail/,
tools/mail-source/, and tools/mail-archive/ so all four live adapters
pass the new check with zero violations.

Add 18 unit tests in TestMailPrivacyBoundary covering: passing
READMEs for contract:mail-source and contract:mail-archive; missing
data-posture advisory; missing injection-risk advisory; both missing;
mail-draft-only not checked; non-mail contract not checked; the
prompt-injection-in-email fixture; redact-keyword variant; category
soft-category and all-violations-have-correct-category checks.

Spec: tools/spec-loop/specs/adapters.md

Generated-by: Claude (Opus 4.7)

Type of change

  • Skill change (.claude/skills/<name>/) — eval fixtures updated below
  • Tool / bridge contract (tools/<system>/*.md)
  • Python package (tools/*/ with pyproject.toml)
  • Groovy reference impl
  • Cross-cutting (RFC, AGENTS.md, sandbox, privacy-LLM)
  • Documentation (docs/, README.md, CONTRIBUTING.md)
  • Project template (projects/_template/)
  • CI / dev loop (prek, workflows, validators)
  • Other:

Test plan

  • prek run --all-files passes
  • For Python packages touched: uv run pytest / ruff check / mypy passes
  • For Groovy bridges touched: command-line invocation tested end-to-end
  • For skill changes: eval suite passes for the affected skill
    (PYTHONPATH=tools/skill-evals/src python3 -m skill_evals.runner tools/skill-evals/evals/<skill>/)
  • For skill behaviour changes: a new or updated eval fixture is included in this PR
    (a regression test for the bug fixed / the behaviour added — see CONTRIBUTING.md)
  • Other:

…SOFT advisory)

contract:mail-source and contract:mail-archive adapter READMEs must
declare that fetched mail content is external data (not instructions)
and mention the prompt-injection risk in embedded mail content. Both
are SOFT advisories.

Co-authored-by: Justin McLean <justin@classsoftware.com>
@potiuk potiuk force-pushed the mail-adapter-privacy-boundary-tests branch from a7e0fa2 to 1531918 Compare July 3, 2026 14:02
@potiuk potiuk merged commit d7d6d83 into apache:main Jul 3, 2026
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants