feat: PII Bouncer program (engine) + robust PII scanner rules#510
Draft
joethreepwood wants to merge 3 commits into
Draft
feat: PII Bouncer program (engine) + robust PII scanner rules#510joethreepwood wants to merge 3 commits into
joethreepwood wants to merge 3 commits into
Conversation
Scans frontend forms for sensitive inputs and configures session recording masking. Wizard-side plumbing only: program config, detection (posthog-js presence), CLI subcommand, abort cases for no-posthog-js / no-init-call / no-frontend-templates. The actual form-scanning and edit recipes live in a follow-up context-mill PR — without that skill, the program registers and runs end-to-end but the agent hits a structured skill-not-found outro. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🧙 Wizard CIRun the Wizard CI and test your changes against wizard-workbench example apps by replying with a GitHub comment using one of the following commands: Test all apps:
Test all apps in a directory:
Test an individual app:
Show more apps
Results will be posted here when complete. |
Addresses review feedback: the agent instructions (scan steps, abort signals, report format) were hardcoded in the program's customPrompt — "packaged English" that belongs in a context-mill skill, not the wizard. - Collapse index.ts to a createSkillProgram() factory call; customPrompt is now a one-liner. The skill (loaded via skillId) drives the run. - Delete wizard-side detection (detectPiiBouncerPrerequisites + the duplicated package walker a reviewer flagged). The skill detects prerequisites and emits [ABORT] signals; the wizard just routes them. - Rename detect.ts -> abort-cases.ts, keeping only PII_BOUNCER_ABORT_CASES (terminal UX copy). The match regexes are the contract with the skill. Wizard = engine + UX; context-mill skill = instructions. No product knowledge left in the program. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Companion to the new warlock rules (posthog_pii_in_person_properties, posthog_pii_value_in_tracking_call). The wizard ships an inline copy of warlock's PII rules until it consumes warlock directly, so the patterns are mirrored here to take effect today: - pii_in_person_properties: sensitive PII in register/setPersonProperties (mirrors identify's "email/name OK, regulated PII not" split) - pii_value_in_tracking_call: PII-shaped literal values (email/SSN/card) under any key — catches PII hidden behind innocuous property names +10 scanner tests; warlock remains the source of truth. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
joethreepwood
changed the title
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the PII Bouncer to the wizard and hardens PostHog's PII detection. Three-repo effort; this PR is the wizard (engine) side. Companion PRs:
What's here
1. PII Bouncer program — a new
pii-bouncersubcommand that scans frontend forms for sensitive inputs, adds theph-no-captureprivacy class, and configures session-recording masking so PII never reaches replays.Per review feedback, all the agent instructions live in the context-mill skill, not the wizard. This PR is pure engine: a
createSkillProgram()call, abort-case routing, and the outro. The earlier draft hardcoded the scan steps / abort signals / report format incustomPrompt— that "packaged English" moved to the skill'sSKILL.md.src/lib/programs/pii-bouncer/index.ts—createSkillProgram()factory call; one-linecustomPromptsrc/lib/programs/pii-bouncer/abort-cases.ts—PII_BOUNCER_ABORT_CASES(terminal UX copy); thematchregexes are the contract with the skill's[ABORT]signalsdetect.ts(wizard-side detection + the duplicated package walker a reviewer flagged) — the skill now detects prerequisites and emits[ABORT]2. Robust PII scanner rules — mirrors the two new warlock rules into the wizard's inline scanner (
yara-scanner.ts) so they take effect today, until the wizard consumes warlock directly:pii_in_person_properties— sensitive PII inregister/setPersonProperties(extends the existing capture/identify coverage)pii_value_in_tracking_call— PII-shaped literal values (email/SSN/formatted card) under any property keyArchitecture note
This PR is the result of a "wizard = engine, context-mill = cartridge" cleanup:
Test plan
pnpm buildcleanpnpm test— 770 pass (+10 new scanner tests)pnpm lint— 0 errorsnode dist/bin.js --helplistspii-bouncer/skill-menu.json→pii-bouncer.zipwithSKILL.md)pii-bounceragainst a frontend app with forms; confirmph-no-captureadded, init mask config set,posthog-pii-bouncer-report.mdwritten, and the[ABORT] no-posthog-jspath renders a clean outro on a no-PostHog project.Notes for reviewers
.claude/skills/adding-skill-program/SKILL.mdclaimsbin.tsauto-derives subcommands from the registry; it doesn't (explicit.use()wiring is required). Worth a docs-only fast-follow.🤖 Generated with Claude Code