mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-07-09 16:00:59 +00:00
Per maintainer decision: the cloud-context-privacy feature was bloat. The real fix for the "useless Assistant on cloud" problem was the earlier sensitivity recalibration (ordinary workloads = Internal, not redacted); the dial layered a configurable knob on top of an already-solved problem, guarding mostly-non-secret data on a destination the operator opted into, and demanded every model-bound path stay dial-aware (a standing leak surface). The privacy control users actually understand is the choice of model — cloud provider vs. local Ollama. Removed entirely: - AIConfig.CloudContextPrivacy dial + constants + GetCloudContextPrivacy / NormalizeCloudContextPrivacy, AND the now-dead legacy ShareOperationalContextWithCloud boolean + ShouldShareOperationalContextWithCloud (internal/config/ai.go); the config-load migration (persistence.go). - Both fields from the /api/settings/ai request/response, validation, and sync (ai_handlers.go) + the JSON contract snapshots. - The "Cloud model privacy" 3-option UI control, form field, presentation copy, and CloudContextPrivacy type (frontend), plus their tests. - The dial branching in the seam: chat/service.go cloudPrivacyLevel, CloudContextPolicy.Level + local_only suppression + the localOnly directive (context_prefetch.go), the inventory resourceLabel dial logic (resource_context*), and the modelboundary RedactLocalOnlyResourcesOnly option. Fixed lean posture (no setting): a cloud-routed model receives real infrastructure context, with two always-on invariants enforced by the model-boundary sanitizer — credentials are always stripped, and local-only/Restricted resources (the floor) never leave the local trust boundary. Local (Ollama) always full. The sanitizer's default is now the local-only floor; it remains the universal backstop installed on EVERY model-bound path (chat, session compaction, discovery/report/analysis via the shared helper). Kept the two standalone fixes from this effort: compaction now routes through the sanitizer, and directives no longer inject the "redacted by policy" placeholder. Governance: ai-runtime contract rewritten to a fixed-posture rule; api-contracts / frontend-primitives / agent-lifecycle / storage-recovery dial references removed. Tests updated to the floor-only behavior (local-only redacted, Sensitive flows, secrets stripped). Full internal/ai/..., config, api suites green; frontend type-check + tests + lint green. |
||
|---|---|---|
| .. | ||
| prompt_secret_sanitizer_test.go | ||
| resource_policy_sanitizer.go | ||
| resource_policy_sanitizer_test.go | ||