Skip to content

fix(adapters): add privacy-boundary notes to maildir and sourcehut READMEs#710

Open
justinmclean wants to merge 1 commit into
apache:mainfrom
justinmclean:mail-privacy-boundary-readme-compliance
Open

fix(adapters): add privacy-boundary notes to maildir and sourcehut READMEs#710
justinmclean wants to merge 1 commit into
apache:mainfrom
justinmclean:mail-privacy-boundary-readme-compliance

Conversation

@justinmclean

Copy link
Copy Markdown
Member

Summary

Both READMEs were missing the two notes required by the mail-privacy-boundary validator check (aspect #19): that fetched mail bodies are external data / hostile input routed through the Privacy-LLM gate or redacted before model-facing use, and that embedded prompt-injection text is carried as report data only.

Generated-by: Claude (Opus 4.7)

Type of change

  • Skill change (.claude/skills/<name>/) — eval fixtures updated below
  • Tool / bridge contract (tools/<system>/*.md)
  • Python package (tools/*/ with pyproject.toml)
  • Groovy reference impl
  • Cross-cutting (RFC, AGENTS.md, sandbox, privacy-LLM)
  • Documentation (docs/, README.md, CONTRIBUTING.md)
  • Project template (projects/_template/)
  • CI / dev loop (prek, workflows, validators)
  • Other:

Test plan

  • prek run --all-files passes
  • For Python packages touched: uv run pytest / ruff check / mypy passes
  • For Groovy bridges touched: command-line invocation tested end-to-end
  • For skill changes: eval suite passes for the affected skill
    (PYTHONPATH=tools/skill-evals/src python3 -m skill_evals.runner tools/skill-evals/evals/<skill>/)
  • For skill behaviour changes: a new or updated eval fixture is included in this PR
    (a regression test for the bug fixed / the behaviour added — see CONTRIBUTING.md)
  • Other:

…ADMEs

Both READMEs were missing the two notes required by the mail-privacy-boundary
validator check (aspect apache#19): that fetched mail bodies are external data / hostile
input routed through the Privacy-LLM gate or redacted before model-facing use, and
that embedded prompt-injection text is carried as report data only.

Generated-by: Claude (Opus 4.7)
@justinmclean justinmclean self-assigned this Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant