Re: [PR] add Privacy-LLM gate-check validator [airflow-steward]

Sun, 24 May 2026 19:43:57 -0700 


justinmclean commented on code in PR #215:
URL: https://github.com/apache/airflow-steward/pull/215#discussion_r3295826257


##########
tools/skill-validator/src/skill_validator/__init__.py:
##########
@@ -200,6 +240,36 @@
     ),
 ]
 
+# ---------------------------------------------------------------------------
+# Privacy-LLM gate-check constants (write-skill/security-checklist.md § 
Pattern 6)
+# ---------------------------------------------------------------------------
+
+# Modes that can process external / attacker-controlled content and need the
+# Privacy-LLM gate when they read private tracker bodies.  Derived from
+# docs/modes.md taxonomy constants above: Pairing is intentionally excluded
+# because the human remains in the loop; Auto-merge is currently excluded only
+# because it is in _OFF_MODES.  When the first Auto-merge skill ships, remove
+# it from _OFF_MODES so body-reading Auto-merge skills are gated by default.
+_PRIVACY_EXTERNAL_CONTENT_MODES: frozenset[str] = frozenset(ALLOWED_MODES - 
{"Pairing"})
+
+_TRACKER_PLACEHOLDER = "<tracker>"
+_TRACKER_ISSUE_VIEW_RE = re.compile(r"\bgh\s+issue\s+view\b")

Review Comment:
   Fair point that gh issue view isn't bound to <tracker> like the gh api 
repos/<tracker>/... path is — the binding is really the file-level <tracker> 
guard. But I'll leave it:
   
   No live false positive: the only bare gh issue view on a public repo is 
pr-management-mentor, which reads <upstream> and never mentions <tracker>, so 
the guard already filters it out.
   
   The fix is net-negative for a SOFT check: requiring --repo <tracker> would 
stop matching the bare gh issue view --json body form that real tracker skills 
use via default-repo context (e.g. security-issue-fix:642), dropping them out 
of gate enforcement — a false negative, worse than a dismissable advisory.
   
   No need for any changes.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to