Description

Context

apps/signal-bot/src/src/utils/room-catchup.ts:97-107 calls callAI({ ..., preferLocal: true }). The preferLocal flag tries LocalAI first, then silently falls back to OpenAI if LocalAI is unreachable.

For the per-room catch-up summary (which feeds the last 3 hours of group conversation to an LLM), the privacy intent is "stay on community-hosted infra when possible." A silent fallback to a third-party model defeats that intent without any user-visible signal.

Acceptance criteria

  • [ ] Add a new requireLocal: boolean flag to AICallParams in packages/shared-utils/src/ai-provider.ts
  • [ ] When requireLocal: true and LocalAI is unreachable, return null (or a typed "local-only failed" result) instead of falling through to OpenAI
  • [ ] Update room-catchup.ts to use requireLocal: true (or keep preferLocal but check the result's provider field and reject if it's openai)
  • [ ] On requireLocal failure, return { status: 'skipped_no_ai' } instead of { status: 'failed' } so the welcome flow handles it gracefully
  • [ ] Add a unit test asserting requireLocal=true + LocalAI down returns null (not an OpenAI response)
  • [ ] Document the policy in the file header of room-catchup.ts so future changes don't accidentally regress

Why this matters

Every member who joins a Signal group while the bot is running has the last 3 hours of that group's chat content potentially routed through OpenAI's API today, depending on LocalAI uptime. That's not an active leak (no PII deliberately included), but it's also not what the user understands the privacy posture to be when they see "preferLocal: true" in the code.

Technical hints

  • The shared-utils callAI already returns { content, provider } — provider is 'openai' | 'localai'. The simplest enforcement is a post-call check: if (requireLocal && result.provider !== 'localai') return null;
  • Health-check LocalAI before the call: a 1-second fetch with timeout to its /health endpoint, cache result for 60 seconds

--- *S-tier (50 pts + 40 merge_pr = 90). Privacy-policy enforcement; no exploitable bug, but quietly violates user expectations today.*

Relevant files

No relevant files linked yet.

Hints

No hints yet.

Activity

  • +50 Günther Van der Eecken earned S bounty Jun 14

Comments

No comments yet. Be the first to weigh in.

↑ Top