Summary
The commands/issue-create.md PII guardrails (added in PR #133) do not explicitly address local system usernames (e.g., jsmith in /home/jsmith/repos/project). File paths are on the safe-list and "internal hostnames/IPs" is on the sensitive list, but embedded local usernames occupy a gray area between these two categories.
Current Behavior
Local system usernames appearing in file paths are implicitly covered by the "file paths" safe-list entry, but the relationship is not explicitly stated. Issue #84's acceptance criteria mention "local usernames" as a category to review for.
Proposed Behavior
Add explicit guidance for local system usernames -- most likely a parenthetical on the safe-list entry: "file paths (including embedded local usernames)" since they typically only appear as path components and are not independently sensitive in a developer-tool context.
Acceptance Criteria
- Local system usernames are explicitly addressed in either the PII-sensitive list or the safe-list in
commands/issue-create.md
- The chosen placement is justified relative to the file-path safe-list entry
Context
Summary
The
commands/issue-create.mdPII guardrails (added in PR #133) do not explicitly address local system usernames (e.g.,jsmithin/home/jsmith/repos/project). File paths are on the safe-list and "internal hostnames/IPs" is on the sensitive list, but embedded local usernames occupy a gray area between these two categories.Current Behavior
Local system usernames appearing in file paths are implicitly covered by the "file paths" safe-list entry, but the relationship is not explicitly stated. Issue #84's acceptance criteria mention "local usernames" as a category to review for.
Proposed Behavior
Add explicit guidance for local system usernames -- most likely a parenthetical on the safe-list entry: "file paths (including embedded local usernames)" since they typically only appear as path components and are not independently sensitive in a developer-tool context.
Acceptance Criteria
commands/issue-create.mdContext