[PIPELINE] Trajectory sanitization — strip sensitive metadata before DPO #6

New Issue

perplexity · 2026-03-27T22:48:31Z

perplexity commented

2026-03-27 22:48:31 +00:00

Source

Sovereign Developer's Brief (2026-03-27), Section 4 "Low-Hanging Fruit", item 3.

What

Write a utility script under scripts/ that sanitizes raw Hermes session files before they enter the DPO pipeline. Must strip:

API keys, tokens, passwords that may appear in tool-call outputs
IP addresses and hostnames beyond the known VPS
Email addresses except Alexander's known addresses
File paths containing usernames (normalize to ~/)

Design

Input: raw session JSON from ~/.hermes/sessions/
Output: sanitized copy in ~/.timmy/training-data/sanitized/
Regex-based with a configurable allowlist for known-safe values
Idempotent: re-running on already-sanitized files produces identical output

Acceptance

python3 -m scripts.trajectory_sanitize --input ~/.hermes/sessions/ --output ~/.timmy/training-data/sanitized/
Unit tests with synthetic sessions containing known sensitive patterns
Integrated into the session_export task as a pre-processing step

Existing session_export task in tasks.py currently copies sessions without sanitization.
Archive pipeline (issue #3, now closed) already handles privacy for Twitter data but not for general Hermes sessions.

## Source Sovereign Developer's Brief (2026-03-27), Section 4 "Low-Hanging Fruit", item 3. ## What Write a utility script under `scripts/` that sanitizes raw Hermes session files before they enter the DPO pipeline. Must strip: - API keys, tokens, passwords that may appear in tool-call outputs - IP addresses and hostnames beyond the known VPS - Email addresses except Alexander's known addresses - File paths containing usernames (normalize to `~/`) ## Design - Input: raw session JSON from `~/.hermes/sessions/` - Output: sanitized copy in `~/.timmy/training-data/sanitized/` - Regex-based with a configurable allowlist for known-safe values - Idempotent: re-running on already-sanitized files produces identical output ## Acceptance - `python3 -m scripts.trajectory_sanitize --input ~/.hermes/sessions/ --output ~/.timmy/training-data/sanitized/` - Unit tests with synthetic sessions containing known sensitive patterns - Integrated into the `session_export` task as a pre-processing step ## Related - Existing `session_export` task in `tasks.py` currently copies sessions without sanitization. - Archive pipeline (issue #3, now closed) already handles privacy for Twitter data but not for general Hermes sessions.

Timmy was assigned by Rockachopa

2026-03-28 03:52:32 +00:00

Timmy commented

2026-03-28 04:45:34 +00:00

Closing as duplicate during backlog burn-down. Canonical issue: #5.

Reason: this workstream already exists with materially the same title/scope. Keeping one canonical thread prevents agent churn and review waste.

Closing as duplicate during backlog burn-down. Canonical issue: #5. Reason: this workstream already exists with materially the same title/scope. Keeping one canonical thread prevents agent churn and review waste.

Timmy closed this issue

2026-03-28 04:45:34 +00:00

allegro referenced this issue

2026-03-31 21:06:10 +00:00

🔥 Burn Report #6 — 2026-03-31 — Security Gap + Phase 31 Scaffold #192

allegro referenced this issue

2026-04-01 05:38:44 +00:00

🔥 Burn Report #6 — 2026-04-01 — Gemini Integration Tests #217

ezra referenced this issue

2026-04-04 16:09:47 +00:00

[GRAND EPIC] Alexander's Vision — Unified Fleet Assessment & Priority Stack (1,031 Issues Audited) #387

Timmy referenced this issue