chore(privacy): close gaps — TODO files, CSL upstream emails, CI enforcement

Additional findings caught after the first scrub pass:
- skills/find-journal/TODO_neurointervention_profiles.md leaked a real
  professor name + hospital reference (in a section that was itself
  explaining how to keep such names OUT of the public repo — ironic).
  Replaced with parameterized examples.
- CSL maintainer emails (skills/manage-refs/citation_styles/*.csl) are
  upstream open-source attribution; explicitly whitelisted with provenance
  comment so a future swap-in does not silently pass.
- skills/deidentify/tests/test_phi_korean.csv contains synthetic Korean
  PHI for de-identifier testing. Added tests/README.md asserting all
  values are placeholder/constructed.

Linter strengthening (validate_skills.sh):
- TODO_*.md files at skill top-level are now scanned by rules 6/7/7b
  (PII checks). Previously excluded entirely. Verified with negative
  test (re-add prof name → FAIL → revert → PASS).
- precedent_patterns extended: 임현철, 남유진, 삼성서울, 삼성창원, 서울아산.

GitHub Actions (.github/workflows/validate.yml):
- Server-side enforcement of validate_skills.sh on every push to main and
  every PR. Closes the gap where a local commit with --no-verify (or a
  commit from a different machine without the pre-commit hook) could
  reach the public repo unchecked.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: Yoojin-nam

.github/workflows/validate.yml

@@ -0,0 +1,28 @@
+name: Validate skills (PII + structure)
+
+# Server-side enforcement of validate_skills.sh.
+# This catches commits that bypassed the local pre-commit hook
+# (--no-verify, different machine, different user) before they reach main.
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install Python deps for contract validator
+        run: pip install pyyaml
+
+      - name: Run validate_skills.sh (PII + structure)
+        run: bash scripts/validate_skills.sh

scripts/validate_skills.sh

@@ -111,9 +111,12 @@ for skill_dir in "$SKILLS_DIR"/*/; do
 
   # ---------------- Content Integrity (v2 lints) ----------------
   # Scope: SKILL.md + references/**/*.md only (shipped prose).
-  # Excluded (meta-docs): TODO_*.md, HANDOFF.md, and scripts/yaml files.
+  # Excluded from style checks (rules 8, 9): TODO_*.md, HANDOFF.md.
+  # PII checks (rules 6, 7, 7b) ALSO scan top-level TODO_*.md files because
+  # those still ship publicly even though they are explicitly meta-docs.
 
   integrity_files=()
+  pii_only_files=()  # Scanned by rules 6/7/7b only, not 8/9.
   [ -f "$skill_file" ] && integrity_files+=("$skill_file")
   if [ -d "${skill_dir}references" ]; then
     while IFS= read -r -d '' f; do
@@ -125,15 +128,19 @@ for skill_dir in "$SKILLS_DIR"/*/; do
       integrity_files+=("$f")
     done < <(find "${skill_dir}references" -type f -name "*.md" -print0 2>/dev/null)
   fi
+  # Pick up TODO_*.md at the skill top level for PII-only scanning
+  while IFS= read -r -d '' f; do
+    pii_only_files+=("$f")
+  done < <(find "${skill_dir%/}" -maxdepth 1 -name "TODO_*.md" -type f -print0 2>/dev/null)
 
   # 6. Personal precedent leak (blocklist of project-specific identifiers)
   # Covers: legacy project IDs (CK-N, MA-N, RFA-Adjunct, MeducAI, CBCT, etc.),
   # institution / mentor identifiers, numbered workspace folders, and the
   # historical prefix patterns (Paper ①②③). Keep additions in alphabetical
   # blocks so future maintainers can spot what is being filtered.
   precedent_hits=0
-  precedent_patterns='\bCK-[0-9]+\b|\bMA-[0-9]+\b|\b0_MI2RL\b|\b1_Samsung_Changwon\b|\b5_Personal_Research\b|\b6_Aperivue\b|\b10_Meta_Analysis\b|\b11_CheckUP\b|\b21_Aneurysm\b|01_RFA_Adjunct|02_CBCT_Biopsy|03_CBCT_Ablation|RFA-Adjunct|RFA_Adjunct|CBCT Ablation MA|CBCT Biopsy MA|Du 2023|FD Occlusion AI SR|FD Occlusion|Paper ①|Paper ②|Paper ③|MeducAI|CXRscoliosis|SkullFx|Samsung Changwon|Asan/UoU|\bKKW\b|\bLHC\b|\bKDY\b|\bLWJ\b|김경원|이덕희|김남국|Hyunchul Rhim|Pa Hong|Taein An|Hye Ree Cho|Yoojin Nam|Dong Yeong Kim|Kyung Won Kim|Jeong Min Song|Jaeyoon Kim'
-  for f in "${integrity_files[@]}"; do
+  precedent_patterns='\bCK-[0-9]+\b|\bMA-[0-9]+\b|\b0_MI2RL\b|\b1_Samsung_Changwon\b|\b5_Personal_Research\b|\b6_Aperivue\b|\b10_Meta_Analysis\b|\b11_CheckUP\b|\b21_Aneurysm\b|01_RFA_Adjunct|02_CBCT_Biopsy|03_CBCT_Ablation|RFA-Adjunct|RFA_Adjunct|CBCT Ablation MA|CBCT Biopsy MA|Du 2023|FD Occlusion AI SR|FD Occlusion|Paper ①|Paper ②|Paper ③|MeducAI|CXRscoliosis|SkullFx|Samsung Changwon|삼성서울|삼성창원|서울아산|Asan/UoU|\bKKW\b|\bLHC\b|\bKDY\b|\bLWJ\b|김경원|이덕희|김남국|임현철|남유진|Hyunchul Rhim|Pa Hong|Taein An|Hye Ree Cho|Yoojin Nam|Dong Yeong Kim|Kyung Won Kim|Jeong Min Song|Jaeyoon Kim'
+  for f in "${integrity_files[@]}" ${pii_only_files[@]+"${pii_only_files[@]}"}; do
     if grep -qE "$precedent_patterns" "$f"; then
       hit=$(grep -nE "$precedent_patterns" "$f" | head -1)
       rel="${f#$REPO_ROOT/}"
@@ -145,7 +152,7 @@ for skill_dir in "$SKILLS_DIR"/*/; do
 
   # 7. Absolute path leak (/Users/eugene/ or /home/<user>/)
   path_hits=0
-  for f in "${integrity_files[@]}"; do
+  for f in "${integrity_files[@]}" ${pii_only_files[@]+"${pii_only_files[@]}"}; do
     if grep -qE '/Users/eugene/|/home/eugene/' "$f"; then
       hit=$(grep -nE '/Users/eugene/|/home/eugene/' "$f" | head -1)
       rel="${f#$REPO_ROOT/}"
@@ -155,18 +162,22 @@ for skill_dir in "$SKILLS_DIR"/*/; do
   done
   [ "$path_hits" -eq 0 ] && pass "Absolute paths (no personal home-dir leak)"
 
-  # 7b. Real personal email leak. Whitelist: example.com / example.org /
-  #     known journal editorial-office domains (sciencedirect, lancet, ahajournals,
-  #     wjgnet, kams, wiley, aasld) + `your@email.com` style placeholders.
+  # 7b. Real personal email leak. Whitelist categories:
+  #   - placeholder/example domains
+  #   - known journal editorial-office domains
+  #   - upstream open-source CSL maintainer addresses (vendored from
+  #     citationstyles.org; these are publicly registered style maintainers,
+  #     not user PII). Keep the explicit list here so a typo or rebase that
+  #     swaps in a different email does not silently pass.
   email_hits=0
   email_pattern='[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}'
-  email_whitelist='example\.com|example\.org|your@email\.com|user@host|name@|placeholder|noreply@|@lancet\.com|@strokeahajournal\.org|@aasld\.org|@wjgnet\.com|@wiley\.com|@kams\.or\.kr|@journal\.|aim-aicro\.com'
+  email_whitelist='example\.com|example\.org|your@email\.com|user@host|name@|placeholder|noreply@|@lancet\.com|@strokeahajournal\.org|@aasld\.org|@wjgnet\.com|@wiley\.com|@kams\.or\.kr|@journal\.|aim-aicro\.com|francis\.deng@gmail\.com|obrienpat86@gmail\.com|atunis@gmail\.com|charles\.parnot@gmail\.com|citationstyler@gmail\.com|mberkowi@gmu\.edu'
   # Note: `aim-aicro.com` is a corporate domain that historically appeared in a
   #   personal author roster. We allow the bare domain here only because the
   #   precedent blocklist already catches the full `kyungwon.kim@aim-aicro.com`
   #   string by way of the personal-name patterns above; remove from this
   #   whitelist if the bare domain ever surfaces on its own.
-  for f in "${integrity_files[@]}"; do
+  for f in "${integrity_files[@]}" ${pii_only_files[@]+"${pii_only_files[@]}"}; do
     matches=$(grep -nE "$email_pattern" "$f" | grep -vE "$email_whitelist" || true)
     if [ -n "$matches" ]; then
       rel="${f#$REPO_ROOT/}"

skills/deidentify/tests/README.md

@@ -0,0 +1,26 @@
+# Deidentify Test Fixtures
+
+All CSV files in this directory contain **synthetic test data only**.
+No real patient or person is represented.
+
+- **Names** (`김철수`, `이영희`, `박민수`, etc.) are common Korean placeholder
+  names equivalent to "John Doe" / "Jane Doe" in English. They were chosen
+  precisely because they are generic enough to be unattributable to any
+  real individual.
+- **RRN (주민번호)** values follow the public format specification but the
+  digits are arbitrary and do not validate against the official checksum
+  algorithm used by the Korean civil registry.
+- **Phone numbers**, **addresses**, **emails**, **chart numbers**, and
+  **diagnoses** are all constructed for the purpose of exercising the
+  PHI detector regexes shipped with `/deidentify`.
+
+These fixtures exist to verify that the de-identifier:
+1. Detects the PHI patterns the skill claims to detect.
+2. Leaves non-PHI fields (clinical measurements, dates of routine
+   nature) untouched.
+3. Handles edge cases (mixed date formats, half-width vs full-width
+   digits, comma vs newline separators, missing fields).
+
+If you need to add a new fixture, follow the same rule: every value must
+be either a published format example or a constructed synthetic string.
+Never copy real EMR data into this directory, even for one-off debugging.

skills/find-journal/TODO_neurointervention_profiles.md

@@ -94,12 +94,12 @@ Priority order:
 
 ### 핵심 구분
 
-이 TODO의 Tier 1~3 15개 저널은 **사실상 공용 자산**(Stroke, JNS, Neurosurgery 등 뉴로인터벤션 연구자 누구나 유용). 사용자가 "개인용"이라고 느끼는 이유는 본인 FD Occlusion 프로젝트용이라는 맥락 때문인데, 프로파일 내용 자체는 universal. 따라서 **15개 모두 공개 커밋 권장**.
+이 TODO의 Tier 1~3 15개 저널은 **사실상 공용 자산**(Stroke, JNS, Neurosurgery 등 뉴로인터벤션 연구자 누구나 유용). 특정 프로젝트 컨텍스트에서 추가됐더라도 프로파일 내용 자체는 universal. 따라서 **15개 모두 공개 커밋 권장**.
 
 다만 **진짜 개인적인 프로파일**이 미래에 생길 수 있음:
-- "SMC_internal_radiology_only.md" (삼성서울병원 내부 선호 저널 리스트)
-- "HRP_Rhim_preferred.md" (임현철 교수님이 선호하는 저널 집합)
-- "_submission_blacklist.md" (reject 이력 있는 저널)
+- 기관 내부 선호 저널 리스트 (예: "<Institution>_internal_only.md")
+- 특정 멘토가 선호하는 저널 집합 (예: "<MentorInitials>_preferred.md")
+- Submission blacklist (reject 이력 있는 저널)
 
 이런 건 공개 레포에 올릴 이유가 없음.