Mark Veidemanis
add685a326
- Replace real phone numbers in tests with Ofcom-reserved fictitious numbers (447700900xxx range) throughout test suite - Add SIGNAL_NUMBER to stack.env.example documenting required env var - Update pre-commit hooks to latest versions (black 26.3.0, isort 8.0.1, flake8 7.3.0, djhtml 3.0.10, ripsecrets v0.1.11) - Add CLAUDE.md with rule prohibiting real contact identifiers in code Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
28 lines
1.2 KiB
Markdown
28 lines
1.2 KiB
Markdown
# GIA — Claude Code Rules
|
||
|
||
## Privacy: No Real Contact Data in Code
|
||
|
||
**NEVER use real contact identifiers in tests, fixtures, seeds, or any committed file.**
|
||
|
||
Real contact data includes: phone numbers, JIDs, email addresses, usernames, or any identifier belonging to an actual person in the user's contacts.
|
||
|
||
### Use fictitious data instead
|
||
|
||
| Type | Safe fictitious examples |
|
||
|---|---|
|
||
| UK mobile (E.164) | `+447700900001`, `+447700900002` (Ofcom-reserved range 07700 900000–900999) |
|
||
| UK mobile (no +) | `447700900001`, `447700900002` |
|
||
| US phone | `+15550001234`, `+15550009999` (555-0xxx NANP reserved range) |
|
||
| Email | `test@example.com`, `user@example.invalid` |
|
||
| WhatsApp JID | `447700900001@s.whatsapp.net`, `447700900001@g.us` |
|
||
|
||
### Why this matters
|
||
|
||
AI coding tools (Copilot, Claude) will reuse any values they see in context. A real number placed in a test becomes training signal and will be suggested in future completions — potentially leaking it further.
|
||
|
||
### Quick check
|
||
|
||
Before committing test files, verify no identifier matches a real person:
|
||
- No number outside the reserved fictitious ranges above
|
||
- No name that corresponds to a real contact used as a literal identifier
|