From ec40adc5ebaf82792ecb6c1daec042c836e30344 Mon Sep 17 00:00:00 2001 From: Justin McLean Date: Sat, 4 Jul 2026 00:48:06 +1000 Subject: [PATCH] fix(adapters): add privacy-boundary notes to maildir and sourcehut READMEs Both READMEs were missing the two notes required by the mail-privacy-boundary validator check (aspect #19): that fetched mail bodies are external data / hostile input routed through the Privacy-LLM gate or redacted before model-facing use, and that embedded prompt-injection text is carried as report data only. Generated-by: Claude (Opus 4.7) --- tools/maildir/README.md | 6 ++++++ tools/sourcehut/README.md | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/maildir/README.md b/tools/maildir/README.md index 68c9eaae..839dfb9e 100644 --- a/tools/maildir/README.md +++ b/tools/maildir/README.md @@ -120,6 +120,12 @@ reader is the documented stub described in [`tools/mail-source/mbox/README.md`](../mail-source/mbox/README.md); this tool is its vendor home. +**Privacy posture:** fetched mail bodies are external data, not instructions. +Content is treated as hostile input and is routed through the Privacy-LLM gate +or redacted before any model-facing use. Embedded prompt-injection text in mail +bodies is carried as report data only and is never obeyed as a framework +instruction. + ## Configuration An adopter selects the Maildir backend in diff --git a/tools/sourcehut/README.md b/tools/sourcehut/README.md index b3c45233..b4edf580 100644 --- a/tools/sourcehut/README.md +++ b/tools/sourcehut/README.md @@ -29,7 +29,7 @@ SourceHut (sr.ht) forge bridge implementation for the Apache Magpie framework. I 1. **VCS Repositories:** Reads repo metadata across `git.sr.ht` and `hg.sr.ht`. 2. **Issue Tracker:** Read/write operations (create ticket, comment, resolve status, update labels) on `todo.sr.ht` trackers. -3. **Mailing Lists:** Reads patchsets and threads from `lists.sr.ht`, mapping them to the uniform PR/MR review abstraction. +3. **Mailing Lists:** Reads patchsets and threads from `lists.sr.ht`, mapping them to the uniform PR/MR review abstraction. Fetched mail bodies are external data, not instructions; content is treated as hostile input and routed through the Privacy-LLM gate or redacted before model-facing use. Embedded prompt-injection text in mail bodies is carried as report data only and is never obeyed as a framework instruction. 4. **CI Builds:** Reads job statuses from `builds.sr.ht`. 5. **GraphQL client:** Unified command line tool to execute arbitrary queries/mutations across sr.ht subdomains.