The GitHub Actions job "prek" on airflow-steward.git/feat/privacy-llm-foundation has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 7cb3d82e273aef6a728bd289227e62233906f10c / Jarek Potiuk <[email protected]> feat(privacy-llm): foundation — PII redactor + approved-LLM contracts PR-1 of three. Lays the framework + docs for handling private mail content; per-skill wiring is deferred to PR-2 (security@-touching skills get the PII-redactor pre/post hooks) and PR-3 (private@- touching skills get the approved-LLM gate). What lands: - tools/privacy-llm/{tool,pii,models}.md — the contracts: which fields count as PII, the hash-prefixed identifier format (R-a3f9d2, E-b8c247, IP-1a5cef, …), the local mapping store at ~/.config/apache-steward/pii-mapping.json (per the home-dir credentials rule), the approved-model registry (Claude Code, *.apache.org, local inference all default-approved; everything else opt-in via <project-config>/privacy-llm.md). - tools/privacy-llm/redactor/ — stdlib-only Python helper exposing three console scripts: pii-redact (replace PII with identifiers), pii-reveal (reverse before outbound), pii-list (debug). 48 unit tests covering hashing determinism, idempotency, collision extension, atomic writes, mode 0600, malformed-file handling. - docs/setup/privacy-llm.md — copy-pasteable setup recipes for six variants: Claude-only (default), local Ollama, local vLLM, Apache-hosted, AWS Bedrock, direct Anthropic API. Marked provisional pending ASF Legal Affairs ratification of an authoritative approved-LLM list. - projects/_template/privacy-llm.md — adopter starting point pre-filled with the Claude-Code-only default. - AGENTS.md — new "Privacy-LLM" section (sibling to "Confidentiality of the tracker repository") codifying the three rules: reporter PII never enters any LLM in the clear; <private-list> content never reaches a non-approved LLM; adding a new LLM hop is a deliberate act, not an emergent one. - .pre-commit-config.yaml — new redactor-{ruff-check,ruff-format, mypy,pytest} hooks mirroring the oauth-draft pattern. The two privacy mechanisms are deliberately separate: PII redaction (always-on for security@) is mechanically distinct from the approved-model gate (pre-flight on private@-touching skills). Conflating them is a real foot-gun the framework guards against. Generated-by: Claude Code (Claude Opus 4.7) Report URL: https://github.com/apache/airflow-steward/actions/runs/25336133861 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
