feat(gdpr): author erasure (PR5 of #6701) (#7550)

* docs: PR5 GDPR author erasure design spec

* docs: PR5 GDPR author erasure implementation plan

* feat(gdpr): AuthorManager.anonymizeAuthor — Art. 17 erasure

* test(gdpr): AuthorManager.anonymizeAuthor unit tests

* feat(gdpr): REST anonymizeAuthor on API version 1.3.1

* test(gdpr): REST anonymizeAuthor end-to-end

* docs(gdpr): right-to-erasure section + anonymizeAuthor example

* fix(gdpr): make anonymizeAuthor resumable on partial failure

Qodo review: the `erased: true` sentinel was written before the chat
scrub loop, so a throw during scrub left chat messages untouched
while subsequent calls short-circuited on `existing.erased` and never
finished. Split the write: zero the display identity first (still
hides the name), run the chat scrub, and only then stamp
`erased: true` so a retry resumes the sweep. Regression test
covers the partial-run → retry path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
John McLear 2026-05-03 19:30:49 +08:00 committed by GitHub
parent 487842006c
commit 69bb1e19c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 1093 additions and 6 deletions

View file

@ -286,6 +286,9 @@ export type SettingsType = {
enabled: boolean,
keepRevisions: number,
},
gdprAuthorErasure: {
enabled: boolean,
},
scrollWhenFocusLineIsOutOfViewport: {
percentage: {
editionAboveViewport: number,
@ -639,6 +642,13 @@ const settings: SettingsType = {
enabled: false,
keepRevisions: 100,
},
/*
* GDPR Art. 17 author erasure REST endpoint (anonymizeAuthor).
* Disabled by default; operators must opt in.
*/
gdprAuthorErasure: {
enabled: false,
},
/*
* By default, when caret is moved out of viewport, it scrolls the minimum
* height needed to make this line visible.