feat(reports): add no-email identity summary and disclosure validator (closes #305) #329

Merged
sysadmin merged 1 commits from feat/issue-305-report-email-redaction into master 2026-07-07 03:03:13 -05:00
Owner

Closes #305

Summary

Workflow reports included the authenticated user's personal email even when username/profile identity was sufficient (observed: Identity: jcwalker3 / [email protected] in a reconciliation handoff).

  • review_proofs.format_identity_summary(username, profile, role=None, remote=None) — canonical no-email identity line (jcwalker3 / prgs-author, optional (role, remote) suffix). Defense in depth: an email passed in the username slot is reduced to its local part.
  • review_proofs.assess_email_disclosure(report_text) — final-report validator: finds email addresses in report text; passes clean reports; flags disclosures (flagged: true, per-email reasons) unless the report itself justifies the email (tool proof, explicit request, or identity disambiguation via EMAIL_JUSTIFICATION_MARKERS).

Validation

  • TDD: 9 new tests in tests/test_identity_disclosure.py watched failing first (AttributeError: module 'review_proofs' has no attribute 'format_identity_summary'), then green: 9 passed.
  • Full suite in the worktree: 1032 passed, 6 skipped, 1 failed — the failure is tests/test_agent_temp_artifacts.py::TestIssueLockArtifactWarning::test_lock_success_includes_artifact_warning, reproduced failing on clean master a534168 with my changes stashed (pre-existing; independent of this change).

Risk

Low. Two new pure functions + two module constants in review_proofs.py; no existing function modified; no runtime tool paths touched. Callers can adopt the summary/validator incrementally (report-validation wiring tracked by #293/#299/#319).

Worktree

Implementation done entirely in session-owned worktree /Users/jasonwalker/Development/Gitea-Tools/branches/feat-issue-305-report-email-redaction (branch feat/issue-305-report-email-redaction, head a3b79736e0a611fb98c5ce4ed97e7b8e6c5e7388). Main checkout remained on master and was used only for issue claim/lock anchoring (running MCP server predates the #280 lock-gate update).

🤖 Generated with Claude Code

Closes #305 ## Summary Workflow reports included the authenticated user's personal email even when username/profile identity was sufficient (observed: `Identity: jcwalker3 / [email protected]` in a reconciliation handoff). - `review_proofs.format_identity_summary(username, profile, role=None, remote=None)` — canonical no-email identity line (`jcwalker3 / prgs-author`, optional `(role, remote)` suffix). Defense in depth: an email passed in the username slot is reduced to its local part. - `review_proofs.assess_email_disclosure(report_text)` — final-report validator: finds email addresses in report text; passes clean reports; flags disclosures (`flagged: true`, per-email reasons) unless the report itself justifies the email (tool proof, explicit request, or identity disambiguation via `EMAIL_JUSTIFICATION_MARKERS`). ## Validation - TDD: 9 new tests in `tests/test_identity_disclosure.py` watched failing first (`AttributeError: module 'review_proofs' has no attribute 'format_identity_summary'`), then green: **9 passed**. - Full suite in the worktree: **1032 passed, 6 skipped, 1 failed** — the failure is `tests/test_agent_temp_artifacts.py::TestIssueLockArtifactWarning::test_lock_success_includes_artifact_warning`, reproduced failing on **clean master `a534168` with my changes stashed** (pre-existing; independent of this change). ## Risk Low. Two new pure functions + two module constants in `review_proofs.py`; no existing function modified; no runtime tool paths touched. Callers can adopt the summary/validator incrementally (report-validation wiring tracked by #293/#299/#319). ## Worktree Implementation done entirely in session-owned worktree `/Users/jasonwalker/Development/Gitea-Tools/branches/feat-issue-305-report-email-redaction` (branch `feat/issue-305-report-email-redaction`, head `a3b79736e0a611fb98c5ce4ed97e7b8e6c5e7388`). Main checkout remained on `master` and was used only for issue claim/lock anchoring (running MCP server predates the #280 lock-gate update). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
jcwalker3 added 1 commit 2026-07-07 01:59:28 -05:00
Workflow reports included the authenticated user's personal email even
when username/profile identity was sufficient (observed: 'Identity:
jcwalker3 / [email protected]' in a reconciliation handoff).

Add format_identity_summary() producing the canonical no-email identity
line ('<username> / <profile>' with optional role/remote, reducing an
email passed in the username slot to its local part), and
assess_email_disclosure() flagging personal email addresses in report
text unless the report itself justifies the disclosure (tool proof,
explicit request, or identity disambiguation).

Tests cover no-email summaries for author and reviewer identities,
role/remote suffixes, email-in-username reduction, clean reports,
single and multiple unjustified disclosures, and justified
disambiguation.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
sysadmin approved these changes 2026-07-07 03:02:58 -05:00
sysadmin left a comment
Owner

PR #329 successfully implements the no-email identity summary and disclosure validator. All targeted and full-suite test results are clean.

PR #329 successfully implements the no-email identity summary and disclosure validator. All targeted and full-suite test results are clean.
sysadmin merged commit c73e68bd75 into master 2026-07-07 03:03:13 -05:00
Sign in to join this conversation.
No Reviewers
No labels
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#329