claude-code - 💡(How to fix) Fix [FEATURE] Add a preflight checklist item requiring confirmation that user PII has been scrubbed, in every issue template in this repo

Preflight Checklist

• I have searched existing requests and this feature hasn't been requested yet
• This is a single feature request (not multiple features)

Problem Statement

GitHub issue submissions to this repo — and log/transcript submissions via mechanisms like /bug or analogous future feedback channels — can carry personally identifiable information (PII) and sensitive project context from the submitter's session without that being obvious to the submitter at submission time. There is currently no submission-time prompt that requires the submitter to confirm they have scrubbed PII from the title, body, error messages, payloads, file paths, and any attached logs before publishing.

The primary motivation for this request is the agent-drafting-on-behalf-of-user scenario. Issues in this repo are sometimes drafted by AI assistants on the user's behalf rather than hand-typed by the user — Claude Code, Claude in the desktop app's Cowork mode, Claude.ai, and other Anthropic surfaces, often with the user simply saying "file an issue about this." In that flow:

1. The user is not personally re-reading every field of the draft before submission.
2. The model has the full session context in its working memory, including names, file paths, project identifiers, third-party names, and other sensitive content that has appeared in the conversation.
3. The model has no structural cue, at the moment of drafting, to pause and ask itself "has this been scrubbed?"
4. The result, demonstrated in #29121, is that drafts are produced containing real org names, real repo URLs, real file paths, and real internal identifiers that the user never intended to publish.

A required preflight checkbox in every issue template — phrased as a directive the model will read when filling in the template fields — solves this by inserting an unavoidable self-prompt into the drafting flow. When the model reads the template (which it must, in order to fill in the named fields), it encounters the attestation. The checkbox text is the cue. The model is then required to either (a) verify the scrub itself before checking the box, or (b) leave the box unchecked and surface the unscrubbed content to the user for manual review before submission can proceed.

Related context: Issue #29121 ("Claude Code drafts public bug reports containing sensitive project information without anonymising") documents exactly this failure mode. Issue #29434 ("[FEATURE] Mechanism to redact secrets/PII from the context window") addresses redaction in-flight inside the context window. Both are upstream concerns. This request addresses the complementary surface: the submission step, where a final scrub attestation lives in the template itself and serves as a forcing function on both human submitters and AI submitters.

This issue is specifically a request for a uniform attestation checkbox to appear in every issue template in this repository — not just the bug template, not just the feature template, but every template defined under .github/ISSUE_TEMPLATE/ (or wherever templates live in this repo), regardless of category (bug report, feature request, documentation issue, model behavior issue, security disclosure, or any future category) and regardless of template format (YAML issue forms or markdown templates). Selective application would leave gaps that agent submitters could enter through unintentionally.

Proposed Solution

Add the following attestation as a required checklist item to every issue template currently defined in this repository, and require it to be present in any future templates added going forward:

• I have reviewed the title, body, error messages, payloads, file paths, and any attached logs in this submission, and confirmed they contain no personally identifiable information, third-party names, private project identifiers, or sensitive content. If an AI assistant (Claude Code, Cowork, Claude.ai, or any other Anthropic surface) is drafting this submission on a user's behalf, the assistant MUST either (a) verify the scrub against the session context before checking this box, OR (b) leave this box unchecked and surface the unscrubbed content to the user for manual review before submission proceeds.

The second sentence is the key design element. It is addressed directly to AI assistants because they are sometimes the actual authors of issue drafts in this repo, and they read the template content when filling in the named fields. Embedding the directive in the checkbox text means it is encountered at the moment of drafting, not buried in a separate guidance document.

Implementation guidance that is template-shape-agnostic:

1. For every template that already has a "Preflight Checklist" section, append this item to that section. Recommended position: first item, so it is the most visible cue when a human submitter reviews the draft and the most prominent text when an AI assistant parses the template fields in order.
2. For every template that does NOT currently have a "Preflight Checklist" section, introduce one consisting at minimum of this item, placed at the top of the issue body.
3. For YAML issue-form templates (.yml), add this item as a checkboxes field with required: true so submission cannot proceed without an explicit acknowledgment. For markdown issue templates (.md), add the checkbox to the template body with explanatory text noting that it must be checked.
4. Apply this uniformly across every issue submission surface currently in the repo — the Bug Report, Documentation Issue, Feature Request, and Model Behavior Issue templates, plus the security vulnerability disclosure flow surfaced in the template chooser — and to any additional templates added in the future, so a submitter (human or AI) encounters the same attestation regardless of which template they pick.

Alternative Solutions

• Passive guidance in template comments ("please scrub PII before submitting"). Considered, but not chosen because this approach is what currently doesn't exist; even adding it would lack a forcing function — submitters can skip the comment.
• Automated server-side PII scanning at submission time. Considered, but this is a larger feature with cost and false-positive trade-offs; it does not eliminate the need for submitter attestation and would be better tracked as a separate request if pursued.
• Per-template ad-hoc additions (e.g., only add to the bug template). Considered, but not chosen because the entire point of this request is uniform coverage — selective application would reintroduce the inconsistency this is trying to fix.

Priority

Medium - Would be very helpful

Feature Category

Other

Use Case Example

Scenario A — AI assistant drafting on the user's behalf (the primary scenario this addresses):

A user encounters a tool failure while using Claude in Cowork mode. They tell the model "file a bug report about this." The model has the full session context in its working memory: the user's first name from an earlier message, a contact's name from a prior tool call, a file path containing the user's home directory, a project codename in a filename, specific dates tied to the user's plans, and the user's spoken context for why they were doing the work.

Without this feature: the model drafts the issue body using its general drafting judgment. Because there is no structural cue at the submission boundary, the model is likely to preserve a substantial fraction of the session context verbatim under the rationale that "more context helps the engineers debug." The draft is produced. The PII is at risk of entering the public search index of github.com indefinitely if the user does not catch it before submission. This is the failure documented in #29121.

With this feature: when the model parses the issue template to fill in the named fields, it encounters the attestation checkbox at the top. The checkbox text is addressed directly to AI assistants and instructs the model to either verify the scrub or surface the unscrubbed content to the user. The model now has a structural cue at the right moment. It either performs the scrub itself and presents a clean draft, or it presents the unscrubbed draft to the user with an explicit "I left the scrub-attestation unchecked; please review for PII before I submit" message.

Scenario B — Human user pasting from a session:

A user copies a model-generated draft into a new issue manually. They scroll past the body without re-reading every line. The required checkbox at the top of the preflight section forces them to read it before they can submit, and the explicit phrasing prompts a moment of "wait, is my session ID in here? are my coworker's names in here?" review before they continue.

Both scenarios are addressed by the same mechanism: an attestation checkbox in every template, phrased as a directive to whoever (or whatever) is filling in the template fields.

Additional Context

Related issues:

• #29121 — Claude Code drafts public bug reports containing sensitive project information without anonymising (model-side variant)
• #29434 — Mechanism to redact secrets/PII from the context window (in-flight redaction)

This issue does not duplicate either. It addresses the explicit human-attestation step at submission time, which neither of those issues covers.

Complementary changes (out of scope for this request, suggested for future related work):

• Publish a short scrub-guidance document at support.claude.com or code.claude.com/docs covering what categories of data to remove (names, emails, paths, filenames, dates tied to specific events, third-party identifiers, organization names, repo URLs) and what to keep (error strings, tool names, schema-level structure, timestamps, model IDs, client versions) so submissions retain diagnostic value. Link to that document from the attestation item in each template.
• Update agent-side system prompts (Claude Code, Cowork, etc.) to explicitly reference this template behavior, so the agent's instructions and the template's instructions reinforce each other rather than relying on the agent inferring intent from the checkbox text alone.
• For any future feedback-submission mechanisms inside Cowork or Claude Code (slash commands that submit transcripts to Anthropic, in-app feedback widgets, etc.), include an analogous confirmation step before transmission. This issue's scope is the GitHub template surface, but the same principle — a model-readable self-prompt at the submission boundary — applies wherever user content is sent for review.