The GitHub Actions job "prek" on airflow-steward.git/feat/privacy-llm-gate-check has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: d78df3f37d97ac1a411bf056b5db9ef5122e61a3 / Jarek Potiuk <[email protected]> feat(privacy-llm): PR-3 — approved-LLM gate-check + skill-side wiring PR-3 of the privacy-llm series. Lands the second mechanism from the original design (PR-1: foundation; PR-2: skill-side redaction wiring; PR-3: approved-LLM gate-check). Foundations and contracts were already on main via #48 and #50; this PR wires the gate-check helper that the contracts in `models.md` and `wiring.md` reference. What lands: - `tools/privacy-llm/checker/` (new, ~6 files) — stdlib-only Python sub-tool exposing one console script: `privacy-llm-check`. Parses `<project-config>/privacy-llm.md`, extracts the *Currently configured LLM stack* and *Approved third-party endpoints (opt-in)* sections, applies the approval rules from `tools/privacy-llm/models.md` (Claude Code default-approved; `*.apache.org` default-approved; localhost / 127.0.0.1 / ::1 default-approved; everything else requires opt-in entry with Data-residency + Approved-by lines that aren't placeholder text). Exit 0 on approval, 1 with stderr explanation on rejection, 2 if the config can't be located or parsed. 33 unit tests covering each rule, malformed configs, opt-in validation, CLI exit codes, and the shipped template. - `.pre-commit-config.yaml` — new `checker-{ruff-check, ruff-format,mypy,pytest}` hooks mirroring the redactor pattern. - `tools/privacy-llm/models.md` — replaces "PR-3 future" / "deferred from PR-1" placeholder language with the concrete `privacy-llm-check` invocation. Notes that the gate-call is required even for `<security-list>`-only skills (defence-in-depth: validates the adopter's config is in a sane state before any private content flows). - `tools/privacy-llm/wiring.md` — Step 0 pre-flight section now shows the actual `uv run --project … privacy-llm-check --reads-private-list` invocation. - `tools/privacy-llm/tool.md` — capability table gains a row for the checker sub-tool. - Skill files — every Gmail-touching SKILL.md (`security-issue-import`, `-sync`, `-invalidate`, `-cve-allocate`, `-import-from-md`) gains an explicit gate-check invocation in its Step 0 pre-flight bullet, with `--reads-private-list` set on `-sync` (which may escalate to PMC-private foundation lists). Tests: 33/33 checker tests pass. `prek run --all-files` clean (every existing hook + the four new checker hooks). The shipped `projects/_template/privacy-llm.md` is a fixture in the test suite — it must always parse + approve, ensuring the framework's default starting state is never broken. Generated-by: Claude Code (Claude Opus 4.7) Report URL: https://github.com/apache/airflow-steward/actions/runs/25346584571 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
