Mark Veidemanis
add685a326
- Replace real phone numbers in tests with Ofcom-reserved fictitious numbers (447700900xxx range) throughout test suite - Add SIGNAL_NUMBER to stack.env.example documenting required env var - Update pre-commit hooks to latest versions (black 26.3.0, isort 8.0.1, flake8 7.3.0, djhtml 3.0.10, ripsecrets v0.1.11) - Add CLAUDE.md with rule prohibiting real contact identifiers in code Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1.2 KiB
1.2 KiB
GIA — Claude Code Rules
Privacy: No Real Contact Data in Code
NEVER use real contact identifiers in tests, fixtures, seeds, or any committed file.
Real contact data includes: phone numbers, JIDs, email addresses, usernames, or any identifier belonging to an actual person in the user's contacts.
Use fictitious data instead
| Type | Safe fictitious examples |
|---|---|
| UK mobile (E.164) | +447700900001, +447700900002 (Ofcom-reserved range 07700 900000–900999) |
| UK mobile (no +) | 447700900001, 447700900002 |
| US phone | +15550001234, +15550009999 (555-0xxx NANP reserved range) |
test@example.com, user@example.invalid |
|
| WhatsApp JID | 447700900001@s.whatsapp.net, 447700900001@g.us |
Why this matters
AI coding tools (Copilot, Claude) will reuse any values they see in context. A real number placed in a test becomes training signal and will be suggested in future completions — potentially leaking it further.
Quick check
Before committing test files, verify no identifier matches a real person:
- No number outside the reserved fictitious ranges above
- No name that corresponds to a real contact used as a literal identifier