docs: add privacy & GDPR documentation for workflow task descriptions#274
Open
mvillmow wants to merge 6 commits into
Open
docs: add privacy & GDPR documentation for workflow task descriptions#274mvillmow wants to merge 6 commits into
mvillmow wants to merge 6 commits into
Conversation
mvillmow
commented
Jun 19, 2026
mvillmow
left a comment
mvillmow
left a comment
Contributor
Author
There was a problem hiding this comment.
Scope correct; central artifact (docs/privacy.md table) has one false row (model not logged) + off-by-1-3 line anchors. Fix table, then merge.
- Add docs/privacy.md with data-flow table, author guidance, and operator controls - Add docs/adr/003-pii-handling-stance.md recording decision and alternatives - Update SECURITY.md, README.md, and CLAUDE.md with cross-links to privacy doc - Add PII handling notice to all three example workflow YAML files - No schema changes, no runtime behavior changes, no new env vars Closes #186 Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
The privacy/GDPR ADR (003-pii-handling-stance.md) was added in the prior commit but its row was missing from the docs/adr/README.md index table. Add it now so the index reflects the actual on-disk ADRs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
Two review findings on docs/privacy.md: 1. agents[].model was incorrectly listed as logged by Telemachy (it is not — only agents[].name appears in the DEBUG log at executor.py:195). Split the row: agents[].name (logged DEBUG :195) and agents[].model (sent to Agamemnon as programArgs per agamemnon_client.py:148-149, not logged). 2. All line anchors in the table and Operator controls section were off by 1–3 lines. Re-anchored to live code: - metadata.name INFO: :102 (was :103) - agents[].name DEBUG: :195 (was :194) - teams[].name INFO: :236 (was :235) - tasks[].subject INFO: :304-305 (was :307) - dependency-failure WARNING: :264-268 (was :264-272) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
Follow-up review per strict scope rules (core, security, safety, critical_bug only). Implementation is complete documentation-only; no discovered defects, security gaps, safety hazards, or critical bugs within scope. Maintenance note for issue #92's NATS subscriber already embedded in docs/privacy.md table preamble. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
Signed-off-by: mvillmow <4211002+mvillmow@users.noreply.github.com>
GHSA-4xgf-cpjx-pc3j) Signed-off-by: Micah Villmow <4211002+mvillmow@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements issue #186 by adding comprehensive privacy and GDPR documentation for workflow task descriptions.
docs/privacy.mdwith data-flow table (what text leaves Telemachy), author guidance (what not to put in workflows), operator controls (log-level tuning, shipping-side scrubbing), and GDPR lawful-basis sectiondocs/adr/003-pii-handling-stance.mdrecording the decision to treat workflow text as opaque, not ship an in-tree redaction filter, and document the data flowSECURITY.md,README.md, andCLAUDE.mdwith cross-links to the privacy docKey Design Decisions
Per the approved plan:
contains_piifield is added.executor.pyandagamemnon_client.py, with a maintenance note pinning the table to revisit when issue Epic: Strict audit 2026-04-28 — ProjectTelemachy #92's NATS subscriber lands.LOG_REDACT_PIIfilter; a heuristic regex would have false-positive redactions on legitimate content (model names, agent names, task subjects). Operators needing redaction should apply it at their log-shipping layer.Test Plan
docs/privacy.md(SECURITY.md, README.md, CLAUDE.md, example.yaml, hello-world.yaml, fleet-deploy.yaml)Checklist
just validatebefore PR)pixi run pytest --cov-fail-under=75)pixi run ruff check src tests)Closes #186
Co-Authored-By: Claude Haiku 4.5 noreply@anthropic.com