Back to Details

privacy-review-rails

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Check Privacy — Review Changed Files

检查隐私合规性——审核已修改文件

Prerequisite

前提条件

Dependency path: !
test -d "${CLAUDE_SKILL_DIR}/../privacy-by-design-rails" && echo "${CLAUDE_SKILL_DIR}/../privacy-by-design-rails" || echo "NOT_FOUND"
If the dependency path above is 
NOT_FOUND
, stop and tell the user:
This skill depends on privacy-by-design-rails, which is not installed. Install it with: 
npx skills add codeminer42/skills --skill privacy-by-design-rails
(add 
-g
for global installation)
Do not proceed until the dependency is installed.
依赖路径:!
test -d "${CLAUDE_SKILL_DIR}/../privacy-by-design-rails" && echo "${CLAUDE_SKILL_DIR}/../privacy-by-design-rails" || echo "NOT_FOUND"
如果上述依赖路径显示为
NOT_FOUND
,请停止操作并告知用户:
此技能依赖privacy-by-design-rails,但该依赖未安装。 请使用以下命令安装:
npx skills add codeminer42/skills --skill privacy-by-design-rails
(添加
-g
参数进行全局安装)
在依赖安装完成前,请勿继续后续操作。

Step 1: Scan Changed Files + Related Files

步骤1:扫描已修改文件及关联文件

If 
ruby
is not found when running the command below, ask the user how to run Ruby in their environment instead of trying to resolve it yourself.
Run the scanner in 
--changed-only
mode. This scans the changed files AND automatically pulls in related files (e.g., a changed migration pulls in its model and 
filter_parameter_logging.rb
; a changed mailer template pulls in its mailer class):
bash
ruby ${CLAUDE_SKILL_DIR}/../privacy-by-design-rails/scripts/scanner.rb --changed-only
Parse the JSON output. It includes:
  • changed_files
     — files the developer actually modified
  • related_files
     — files pulled in for context (not changed, but affected by the changes)
  • findings
     — scanner findings across both changed and related files
  • checklist
     — privacy checklist status
If 
changed_files
is empty, tell the user there are no privacy-relevant changes and stop.
如果运行以下命令时未找到
ruby
,请询问用户在其环境中如何运行Ruby,不要自行尝试解决。
--changed-only
模式运行扫描器。该模式会扫描已修改的文件,并自动关联相关文件(例如,修改的迁移文件会关联对应的模型文件和
filter_parameter_logging.rb
;修改的邮件模板会关联对应的邮件类):
bash
ruby ${CLAUDE_SKILL_DIR}/../privacy-by-design-rails/scripts/scanner.rb --changed-only
解析JSON格式的输出结果,其中包含:
  • changed_files
     —— 开发者实际修改的文件
  • related_files
     —— 为提供上下文而关联的文件(未被修改,但受变更影响)
  • findings
     —— 扫描器在已修改文件和关联文件中发现的问题
  • checklist
     —— 隐私合规检查清单的完成状态
如果
changed_files
为空,请告知用户当前没有与隐私相关的修改,并停止操作。

Step 2: Deep-Dive on Changed Files

步骤2:深入审核已修改文件

The scanner catches mechanical violations. Now verify the findings and check for things the scanner can't detect. For each changed file, apply the relevant checks from 
${CLAUDE_SKILL_DIR}/../privacy-by-design-rails/references/pii-definition.md
and the rules in 
${CLAUDE_SKILL_DIR}/../privacy-by-design-rails/rules/
:
扫描器可检测出机械性违规情况。现在需要验证扫描结果,并检查扫描器无法检测到的问题。针对每个已修改文件,参考
${CLAUDE_SKILL_DIR}/../privacy-by-design-rails/references/pii-definition.md
中的相关检查项,以及
${CLAUDE_SKILL_DIR}/../privacy-by-design-rails/rules/
中的规则:

For changed models:

针对已修改的模型文件:

  • PII classification: Read the model and its schema columns. Apply the Mandatory Classification Rules (Rules 1-4) from 
    references/pii-definition.md
    to classify every column. Don't just rely on the scanner's pattern matching — check for domain-specific fields with non-standard names.
  • Encryption: Does every PII column have 
    encrypts
    ?
  • filter_attributes: Does the model declare 
    self.filter_attributes
    listing all its PII fields?
  • ransackable_attributes: If the model defines 
    ransackable_attributes
    , are sensitive fields (encrypted_password, reset_password_token) or PII fields exposed?
  • PII分类:阅读模型及其架构列,应用
    references/pii-definition.md
    中的强制分类规则(规则1-4)对每一列进行分类。不要仅依赖扫描器的模式匹配——需检查具有非标准名称的特定领域字段。
  • 加密:所有PII列是否都配置了
    encrypts
  • filter_attributes:模型是否声明了
    self.filter_attributes
    并列出所有PII字段?
  • ransackable_attributes:如果模型定义了
    ransackable_attributes
    ,是否暴露了敏感字段(如encrypted_password、reset_password_token)或PII字段?

For changed migrations:

针对已修改的迁移文件:

  • Read the corresponding model (from 
    related_files
    ) to check if 
    encrypts
    declarations exist for new PII columns.
  • Check if 
    config/initializers/filter_parameter_logging.rb
    (from 
    related_files
    ) includes the new PII field names.
  • 查看对应的模型文件(来自
    related_files
    ),检查新添加的PII列是否已声明
    encrypts
  • 检查
    config/initializers/filter_parameter_logging.rb
    (来自
    related_files
    )是否包含新添加的PII字段名称。

For changed mailers/templates:

针对已修改的邮件类/模板:

  • Check 
    from:
    addresses for PII (user emails as sender).
  • Check subject lines for PII (names, emails visible in inbox previews).
  • Check template bodies: distinguish emails sent to OTHER users (violation) vs emails sent to the data subject themselves (acceptable — note with justification).
  • 检查
    from:
    地址是否包含PII(如使用用户邮箱作为发件人)。
  • 检查邮件主题是否包含PII(如姓名、邮箱会在收件箱预览中显示)。
  • 检查邮件模板内容:区分发送给其他用户的邮件(属于违规)和发送给数据主体本人的邮件(合规——需注明理由)。

For changed jobs/workers:

针对已修改的任务/工作器:

  • Does the base class (
    ApplicationJob
    ) set 
    self.log_arguments = false
    ?
  • Do 
    perform
    parameters pass PII data instead of record IDs?
  • 基类(
    ApplicationJob
    )是否设置了
    self.log_arguments = false
  • perform
    参数是否传递了PII数据而非记录ID?

For changed controllers:

针对已修改的控制器:

  • Is 
    session[...]
    assigned a full ActiveRecord object instead of just an ID?
  • Do 
    render json:
    responses include PII that shouldn't be exposed?
  • session[...]
    是否存储了完整的ActiveRecord对象而非仅ID?
  • render json:
    响应是否包含不应暴露的PII?

For changed initializers:

针对已修改的初始化文件:

  • If it configures an error reporter (Rollbar, Sentry, Bugsnag): are 
    scrub_fields
    configured? Is 
    anonymize_user_ip
    enabled? Are 
    person_*_method
    settings restricted to ID only?
  • 如果配置了错误报告工具(如Rollbar、Sentry、Bugsnag):是否配置了
    scrub_fields
    ?是否启用了
    anonymize_user_ip
    person_*_method
    设置是否仅限制为ID?

For changed services:

针对已修改的服务文件:

  • Does the service send data to an external API? If so, does the payload include PII?
  • 该服务是否向外部API发送数据?如果是,请求 payload 是否包含PII?

Step 3: Report

步骤3:生成报告

Group verified violations by severity (CRITICAL > HIGH > MEDIUM). For each violation:
  • Location: 
    file:line
  • What's wrong: clear description
  • Correct pattern: code example from the relevant rule in 
    ${CLAUDE_SKILL_DIR}/../privacy-by-design-rails/rules/
  • Changed vs related: note whether the violation is in a changed file (developer should fix) or a related file (pre-existing issue exposed by the change)
For scanner findings you verified as false positives, briefly explain why you dismissed them.
If no violations, tell the user their changes look privacy-compliant.
按照严重程度(CRITICAL > HIGH > MEDIUM)对已验证的违规情况进行分组。每个违规项需包含:
  • 位置
    文件路径:行号
  • 问题描述:清晰说明违规内容
  • 正确示例:参考
    ${CLAUDE_SKILL_DIR}/../privacy-by-design-rails/rules/
    中对应规则的代码示例
  • 文件类型:注明违规情况出现在已修改文件中(开发者需修复)还是关联文件中(变更暴露的既有问题)
对于已验证为误报的扫描结果,简要说明驳回理由。
如果未发现违规情况,请告知用户其修改符合隐私合规要求。

Step 4: Offer to Fix

步骤4:提供修复建议

Ask the user if they want fixes applied. Apply unambiguous fixes directly; ask about ambiguous ones (e.g., deterministic vs non-deterministic encryption, whether a field is genuinely PII).
询问用户是否需要应用修复方案。对于明确的违规项直接修复;对于模糊不清的情况(如确定性加密与非确定性加密的选择、字段是否属于PII),需先与用户确认。