fix(addie): scrub model/provider self-disclosure from responses#5506
fix(addie): scrub model/provider self-disclosure from responses#5506andybevan-scope3 wants to merge 2 commits into
Conversation
Add a deterministic backstop so Addie can't break character and disclose the underlying model or vendor under task-stress (a tool failure, an out-of-scope request) when the prompt-level identity rule alone isn't enough. - rewritePersonaCollapse() removes any sentence disclosing the model or provider, wired into applyResponsePipeline at every response return site - identity.md gains an "Identity continuity" hard rule - security.ts flags identity-substitution injection on input and the same disclosure patterns on output (audit canary) - log-on-catch warns when the backstop actually scrubs a disclosure Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
IPR Policy Agreement Required@andybevan-scope3 — thanks for the contribution. Before this PR can be merged, the AgenticAdvertising.Org IPR Policy requires your agreement. To agree, post a new comment on this PR with the exact phrase: Your signature is recorded once and covers all contributions to AAO repositories. See |
|
I have read the IPR Policy |
IPR Policy — signedThanks, @andybevan-scope3. Your agreement to the IPR Policy is recorded at |
![aao-release-bot[bot]](https://avatars.githubusercontent.com/u/221690821?s=60&v=4){kind=small}
There was a problem hiding this comment.
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final gh pr review). A human reviewer should take this PR.
This is an automated message from the Argus AI review workflow.
There was a problem hiding this comment.
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final gh pr review). A human reviewer should take this PR.
This is an automated message from the Argus AI review workflow.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
The automated review encountered an issue (possibly reached max turns, timed out, or failed to post the final gh pr review). A human reviewer should take this PR.
This is an automated message from the Argus AI review workflow.
1 participant
Adds a deterministic backstop so the community assistant cannot break character and disclose the underlying model or vendor under task-stress (a tool failure, an out-of-scope request) when the prompt-level identity rule alone is not enough.
Changes
rewritePersonaCollapse()removes any sentence that discloses the underlying model or provider, wired intoapplyResponsePipelineat every response return site. Sentence-level (keeps the rest of the reply), preserves fenced code blocks, idempotent. Precision-tuned so legitimate client references ("Claude Code", "Claude Desktop") and ordinary prose ("serves as a model for…") pass through untouched.security.ts) — flags identity-substitution prompt injection on input ("you are actually …") and the same disclosure patterns on output as an audit signal.Tests
🤖 Generated with Claude Code