You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AI tools have different data-retention and training policies, and different deployments of the same tool differ (consumer-tier vs enterprise-tier API). The repo now has real secrets-handling code (ADR-0003, #214 AES-GCM v2) and will accumulate more sensitive content — fixtures with tokens, encrypted test secrets, customer-shaped integration data.
Without an explicit policy, safe behaviour ("don't paste that into a chat box") relies on every maintainer remembering the right call every time. That doesn't scale.
Action
Inventory paths/patterns that should never be fed to AI tools:
Encrypted secret files (whatever format ADR-0003 lands on)
Test fixtures with real-looking tokens, account IDs, or PII-shaped data
Anything under future secrets/ or dev-env/ directories
The maintainer-only credential store from milestone chore(ci): drop Qodana #11 (Slack/Discord/Cloudflare recovery info)
Document the list + rationale in a policy file (likely docs/ai-data-policy.md, cross-referenced from AGENTS.md)
Add machine-readable ignore files where the convention exists — .aiignore, .cursorignore, etc. — so respecting harnesses filter automatically
Document which AI-tool data-handling tiers the project officially supports (e.g. "Claude Code with API on the Anthropic console under the Fallout-build org" vs "personal consumer ChatGPT" — the former allowed for more)
Discipline for adding to the list when new sensitive content appears
Coordinate with
AGENTS.md adoption issue — policy linked from there
ADR-0003 secrets work — encrypted secret file paths come from there
Milestone chore(ci): drop Qodana #11 org-ownership — once the org has its own AI subscriptions/keys, that becomes the recommended path
Done when
A docs/ai-data-policy.md (or equivalent) exists, is linked from AGENTS.md, and lists do-not-feed paths with rationale
Machine-readable ignore files exist for tools that support them
A maintainer discipline exists for adding new sensitive paths
Why
AI tools have different data-retention and training policies, and different deployments of the same tool differ (consumer-tier vs enterprise-tier API). The repo now has real secrets-handling code (ADR-0003, #214 AES-GCM v2) and will accumulate more sensitive content — fixtures with tokens, encrypted test secrets, customer-shaped integration data.
Without an explicit policy, safe behaviour ("don't paste that into a chat box") relies on every maintainer remembering the right call every time. That doesn't scale.
Action
secrets/ordev-env/directoriesdocs/ai-data-policy.md, cross-referenced from AGENTS.md).aiignore,.cursorignore, etc. — so respecting harnesses filter automaticallyCoordinate with
Done when
docs/ai-data-policy.md(or equivalent) exists, is linked from AGENTS.md, and lists do-not-feed paths with rationale