Summary
In aibox, pk-doctor reported actionable warnings for content that should not require local remediation:
agents_md_hygiene.managed-block-drift for the pk-commands managed block, even though the block is a project command adapter. The schema is processkit-owned, but concrete command strings are intentionally project-local.sensitive_data.phone-number for code numeric literals in a Rust-embedded Lua template, specifically size thresholds such as 1048576 and 1073741824.sensitive_data.email-address for reserved documentation examples such as dev@example.com.
Expected behavior
pk-commands should be validated for required keys/schema, but not compared byte-for-byte against the processkit template command values.- Reserved example domains from RFC 2606 / RFC 6761 (
example.com, example.net, example.org) should not produce personal-data warnings.
- Plain numeric code literals in code contexts should not be interpreted as phone numbers.
Local remediation tested in aibox
A local checker patch made these changes:
- Added
PROJECT_LOCAL_MANAGED_BLOCKS = {"pk-commands"} in agents_md_hygiene.py and skipped template hash drift checks for those blocks while preserving schema validation.
- Added reserved example-domain filtering in
sensitive_data.py.
- Added a code-literal false-positive filter for phone-number matches where the excerpt is only digits on a code line containing operators/comparisons.
Validation in /workspace:
python3 -m py_compile context/skills/processkit/pk-doctor/scripts/checks/agents_md_hygiene.py context/skills/processkit/pk-doctor/scripts/checks/sensitive_data.py passed.- Focused
pk-doctor --category=agents_md_hygiene passed with 0 warn.
- Focused
pk-doctor --category=sensitive_data passed with 0 deterministic findings.
- Full
pk-doctor --json passed with 0 ERROR / 0 WARN / 68 INFO and 0 actionable.
Why this belongs upstream
These findings are not aibox-specific content defects. They are general pk-doctor false positives that could affect any derived project with project-specific command adapters, documentation using reserved example domains, or code containing 10-digit numeric constants.
Summary
In aibox, pk-doctor reported actionable warnings for content that should not require local remediation:
agents_md_hygiene.managed-block-driftfor thepk-commandsmanaged block, even though the block is a project command adapter. The schema is processkit-owned, but concrete command strings are intentionally project-local.sensitive_data.phone-numberfor code numeric literals in a Rust-embedded Lua template, specifically size thresholds such as1048576and1073741824.sensitive_data.email-addressfor reserved documentation examples such asdev@example.com.Expected behavior
pk-commandsshould be validated for required keys/schema, but not compared byte-for-byte against the processkit template command values.example.com,example.net,example.org) should not produce personal-data warnings.Local remediation tested in aibox
A local checker patch made these changes:
PROJECT_LOCAL_MANAGED_BLOCKS = {"pk-commands"}inagents_md_hygiene.pyand skipped template hash drift checks for those blocks while preserving schema validation.sensitive_data.py.Validation in
/workspace:python3 -m py_compile context/skills/processkit/pk-doctor/scripts/checks/agents_md_hygiene.py context/skills/processkit/pk-doctor/scripts/checks/sensitive_data.pypassed.pk-doctor --category=agents_md_hygienepassed with0 warn.pk-doctor --category=sensitive_datapassed with0 deterministic findings.pk-doctor --jsonpassed with0 ERROR / 0 WARN / 68 INFOand0 actionable.Why this belongs upstream
These findings are not aibox-specific content defects. They are general pk-doctor false positives that could affect any derived project with project-specific command adapters, documentation using reserved example domains, or code containing 10-digit numeric constants.