XF/GIA
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bca4d6898f6751d58f6babb969bbb673dd7afaf4
GIA/CLAUDE.md
Mark Veidemanis 611de57bf8 Improve security
2026-03-07 15:34:23 +00:00

49 lines
2.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# GIA — Claude Code Rules
## Privacy: No Real Contact Data in Code
**NEVER use real contact identifiers in tests, fixtures, seeds, or any committed file.**
Real contact data includes: phone numbers, JIDs, email addresses, usernames, or any identifier belonging to an actual person in the user's contacts.
### Use fictitious data instead
| Type | Safe fictitious examples |
|---|---|
| UK mobile (E.164) | `+447700900001`, `+447700900002` (Ofcom-reserved range 07700 900000900999) |
| UK mobile (no +) | `447700900001`, `447700900002` |
| US phone | `+15550001234`, `+15550009999` (555-0xxx NANP reserved range) |
| Email | `test@example.com`, `user@example.invalid` |
| WhatsApp JID | `447700900001@s.whatsapp.net`, `447700900001@g.us` |
### Why this matters
AI coding tools (Copilot, Claude) will reuse any values they see in context. A real number placed in a test becomes training signal and will be suggested in future completions — potentially leaking it further.
### Quick check
Before committing test files, verify no identifier matches a real person:
- No number outside the reserved fictitious ranges above
- No name that corresponds to a real contact used as a literal identifier
## Naming: Avoid Ambiguous Role Labels
**Never use "User", "Bot", "Us", or "Them" as role labels without qualification — these terms are context-dependent and misleading in this codebase.**
GIA acts in multiple roles simultaneously:
- It is a Django **User** (account holder) from the perspective of external services (XMPP, WhatsApp, Signal).
- It is a **component** (gateway/bot) from the perspective of contacts.
- The human who owns and operates the GIA instance is the **account holder** or **operator** (not "user", which collides with `User` model).
- Remote people the system communicates with are **contacts**.
Preferred terms:
| Avoid | Prefer |
| ------------------ | --------------------------------------------------------------- |
| "User" (ambiguous) | "account holder" or "operator" (for the Django `User`) |
| "Bot" | "component" or "gateway" (for the XMPP/transport layer) |
| "Us" | name the specific actor: "GIA", "the component", "the operator" |
| "Them" | "contact" or "remote party" |
Apply this in: comments, template labels, log messages, and variable names.
Reference in New Issue View Git Blame Copy Permalink