@codyswann/lisa 2.144.0 → 2.145.1

package/plugins/lisa-wiki/scripts/wiki-safety.mjs

@@ -236,6 +236,82 @@ export function serializeWikiSafetyFindings(result) {
   );
 }
 
+function normalizeSafetyResults(results) {
+  if (Array.isArray(results)) return results;
+  if (!results) return [];
+  return [results];
+}
+
+function summarizeEntityTypes(results) {
+  const byType = new Map();
+  for (const result of results) {
+    for (const finding of result?.findings ?? []) {
+      const entityType = finding?.entityType ?? "unknown";
+      const current = byType.get(entityType) ?? {
+        entityType,
+        confidence: finding?.confidence ?? "unknown",
+        count: 0,
+      };
+      current.count += Number.isFinite(finding?.count) ? finding.count : 1;
+      if (current.confidence !== "high" && finding?.confidence === "high") {
+        current.confidence = "high";
+      }
+      byType.set(entityType, current);
+    }
+  }
+  return [...byType.values()].sort((a, b) =>
+    a.entityType.localeCompare(b.entityType)
+  );
+}
+
+export function createWikiIngestPublicationPolicy(options = {}) {
+  const safetyResults = normalizeSafetyResults(options.safetyResults);
+  const externalWrite = Boolean(options.externalWrite);
+  const entityTypes = summarizeEntityTypes(safetyResults);
+  const findingCount = entityTypes.reduce((sum, item) => sum + item.count, 0);
+  const reviewRequired =
+    externalWrite ||
+    findingCount > 0 ||
+    safetyResults.some(result => Boolean(result?.reviewRequired));
+  const reasons = [
+    ...(externalWrite ? ["external-write source"] : []),
+    ...(findingCount > 0 ? ["redacted or sensitive findings"] : []),
+    ...(!externalWrite &&
+    findingCount === 0 &&
+    safetyResults.some(result => Boolean(result?.reviewRequired))
+      ? ["source safety review requested"]
+      : []),
+  ];
+
+  const findingLines =
+    entityTypes.length > 0
+      ? entityTypes.map(
+          item =>
+            `- ${item.entityType}: ${item.count} ${item.count === 1 ? "finding" : "findings"} (${item.confidence})`
+        )
+      : ["- none"];
+
+  return {
+    autoMergeAllowed: !reviewRequired,
+    reviewRequired,
+    reasons,
+    findingCount,
+    entityTypes,
+    prSummaryMarkdown: [
+      "## Wiki Safety Review",
+      "",
+      `Auto-merge: ${reviewRequired ? "disabled" : "allowed"}`,
+      `Human review required: ${reviewRequired ? "yes" : "no"}`,
+      `Reason: ${reasons.length > 0 ? reasons.join("; ") : "no redactions or sensitive findings"}`,
+      "",
+      "Finding summary:",
+      ...findingLines,
+      "",
+      "Raw sensitive values are intentionally omitted from this summary.",
+    ].join("\n"),
+  };
+}
+
 export function isWikiSafetyScanTarget(filePath, options = {}) {
   const pathModule = options.pathModule;
   if (!pathModule) {

package/plugins/lisa-wiki/skills/lisa-wiki-ingest/SKILL.md

@@ -50,11 +50,14 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
 7. **Commit/PR**: commit only the ingestion changes per `config.git` policy. If the ingest started on
    the default branch, create a dedicated ingestion branch first — never commit ingestion straight to
    the default. Push the branch and **open a PR targeting the default remote branch** (via the host's
-   PR mechanism — e.g. `gh pr create --base <default>`), then **enable auto-merge when possible**
-   (`gh pr merge --auto`, or the host's equivalent). `external-write` runs and sensitive content are
-   the exception — open the PR **without** auto-merge so a human reviews them before it lands. If
-   auto-merge cannot be enabled (the host doesn't support it, or branch protection forbids it), leave
-   the PR open and note that a human must merge.
+   PR mechanism — e.g. `gh pr create --base <default>`). Before enabling auto-merge, feed the safety
+   scan output into `createWikiIngestPublicationPolicy` from `scripts/wiki-safety.mjs`. Enable
+   auto-merge only when `autoMergeAllowed` is true. `external-write` runs, redacted runs, and any run
+   with sensitive findings are the exception — open the PR **without** auto-merge so a human reviews
+   them before it lands. The PR summary must include the policy's safe review summary: counts and
+   entity types only, never raw values, ranges, tokens, source snippets, or scanner output. If
+   auto-merge cannot be enabled (the host doesn't support it, branch protection forbids it, or the
+   policy requires review), leave the PR open and note that a human must merge.
 
 ## Rules
 - **Bookend every ingest with git hygiene:** sync the branch with the default remote branch *before*
@@ -71,6 +74,10 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
   select `--scanner gitleaks` for local parity with Gitleaks, and may use
   `--scanner trufflehog` as a stricter optional verification pass when installed;
   if a selected scanner is unavailable, keep the ingest blocked for review.
+- Redaction and review policy is centralized in `scripts/wiki-safety.mjs`. Treat
+  `reviewRequired` or any summarized finding as a hard auto-merge stop. Use the
+  generated PR summary text as-is or preserve its shape so reviewers see entity
+  types and counts without raw sensitive values.
 - Connector execution and the connector contract are detailed in the connector skills (M2+); this
   router defines and enforces the ordering and side-effect rules above.
 

package/plugins/lisa-wiki-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.144.0",
+  "version": "2.145.1",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-agy/scripts/wiki-safety.mjs

@@ -236,6 +236,82 @@ export function serializeWikiSafetyFindings(result) {
   );
 }
 
+function normalizeSafetyResults(results) {
+  if (Array.isArray(results)) return results;
+  if (!results) return [];
+  return [results];
+}
+
+function summarizeEntityTypes(results) {
+  const byType = new Map();
+  for (const result of results) {
+    for (const finding of result?.findings ?? []) {
+      const entityType = finding?.entityType ?? "unknown";
+      const current = byType.get(entityType) ?? {
+        entityType,
+        confidence: finding?.confidence ?? "unknown",
+        count: 0,
+      };
+      current.count += Number.isFinite(finding?.count) ? finding.count : 1;
+      if (current.confidence !== "high" && finding?.confidence === "high") {
+        current.confidence = "high";
+      }
+      byType.set(entityType, current);
+    }
+  }
+  return [...byType.values()].sort((a, b) =>
+    a.entityType.localeCompare(b.entityType)
+  );
+}
+
+export function createWikiIngestPublicationPolicy(options = {}) {
+  const safetyResults = normalizeSafetyResults(options.safetyResults);
+  const externalWrite = Boolean(options.externalWrite);
+  const entityTypes = summarizeEntityTypes(safetyResults);
+  const findingCount = entityTypes.reduce((sum, item) => sum + item.count, 0);
+  const reviewRequired =
+    externalWrite ||
+    findingCount > 0 ||
+    safetyResults.some(result => Boolean(result?.reviewRequired));
+  const reasons = [
+    ...(externalWrite ? ["external-write source"] : []),
+    ...(findingCount > 0 ? ["redacted or sensitive findings"] : []),
+    ...(!externalWrite &&
+    findingCount === 0 &&
+    safetyResults.some(result => Boolean(result?.reviewRequired))
+      ? ["source safety review requested"]
+      : []),
+  ];
+
+  const findingLines =
+    entityTypes.length > 0
+      ? entityTypes.map(
+          item =>
+            `- ${item.entityType}: ${item.count} ${item.count === 1 ? "finding" : "findings"} (${item.confidence})`
+        )
+      : ["- none"];
+
+  return {
+    autoMergeAllowed: !reviewRequired,
+    reviewRequired,
+    reasons,
+    findingCount,
+    entityTypes,
+    prSummaryMarkdown: [
+      "## Wiki Safety Review",
+      "",
+      `Auto-merge: ${reviewRequired ? "disabled" : "allowed"}`,
+      `Human review required: ${reviewRequired ? "yes" : "no"}`,
+      `Reason: ${reasons.length > 0 ? reasons.join("; ") : "no redactions or sensitive findings"}`,
+      "",
+      "Finding summary:",
+      ...findingLines,
+      "",
+      "Raw sensitive values are intentionally omitted from this summary.",
+    ].join("\n"),
+  };
+}
+
 export function isWikiSafetyScanTarget(filePath, options = {}) {
   const pathModule = options.pathModule;
   if (!pathModule) {

package/plugins/lisa-wiki-agy/skills/lisa-wiki-ingest/SKILL.md

@@ -50,11 +50,14 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
 7. **Commit/PR**: commit only the ingestion changes per `config.git` policy. If the ingest started on
    the default branch, create a dedicated ingestion branch first — never commit ingestion straight to
    the default. Push the branch and **open a PR targeting the default remote branch** (via the host's
-   PR mechanism — e.g. `gh pr create --base <default>`), then **enable auto-merge when possible**
-   (`gh pr merge --auto`, or the host's equivalent). `external-write` runs and sensitive content are
-   the exception — open the PR **without** auto-merge so a human reviews them before it lands. If
-   auto-merge cannot be enabled (the host doesn't support it, or branch protection forbids it), leave
-   the PR open and note that a human must merge.
+   PR mechanism — e.g. `gh pr create --base <default>`). Before enabling auto-merge, feed the safety
+   scan output into `createWikiIngestPublicationPolicy` from `scripts/wiki-safety.mjs`. Enable
+   auto-merge only when `autoMergeAllowed` is true. `external-write` runs, redacted runs, and any run
+   with sensitive findings are the exception — open the PR **without** auto-merge so a human reviews
+   them before it lands. The PR summary must include the policy's safe review summary: counts and
+   entity types only, never raw values, ranges, tokens, source snippets, or scanner output. If
+   auto-merge cannot be enabled (the host doesn't support it, branch protection forbids it, or the
+   policy requires review), leave the PR open and note that a human must merge.
 
 ## Rules
 - **Bookend every ingest with git hygiene:** sync the branch with the default remote branch *before*
@@ -71,6 +74,10 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
   select `--scanner gitleaks` for local parity with Gitleaks, and may use
   `--scanner trufflehog` as a stricter optional verification pass when installed;
   if a selected scanner is unavailable, keep the ingest blocked for review.
+- Redaction and review policy is centralized in `scripts/wiki-safety.mjs`. Treat
+  `reviewRequired` or any summarized finding as a hard auto-merge stop. Use the
+  generated PR summary text as-is or preserve its shape so reviewers see entity
+  types and counts without raw sensitive values.
 - Connector execution and the connector contract are detailed in the connector skills (M2+); this
   router defines and enforces the ordering and side-effect rules above.
 

package/plugins/lisa-wiki-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.144.0",
+  "version": "2.145.1",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-copilot/scripts/wiki-safety.mjs

@@ -236,6 +236,82 @@ export function serializeWikiSafetyFindings(result) {
   );
 }
 
+function normalizeSafetyResults(results) {
+  if (Array.isArray(results)) return results;
+  if (!results) return [];
+  return [results];
+}
+
+function summarizeEntityTypes(results) {
+  const byType = new Map();
+  for (const result of results) {
+    for (const finding of result?.findings ?? []) {
+      const entityType = finding?.entityType ?? "unknown";
+      const current = byType.get(entityType) ?? {
+        entityType,
+        confidence: finding?.confidence ?? "unknown",
+        count: 0,
+      };
+      current.count += Number.isFinite(finding?.count) ? finding.count : 1;
+      if (current.confidence !== "high" && finding?.confidence === "high") {
+        current.confidence = "high";
+      }
+      byType.set(entityType, current);
+    }
+  }
+  return [...byType.values()].sort((a, b) =>
+    a.entityType.localeCompare(b.entityType)
+  );
+}
+
+export function createWikiIngestPublicationPolicy(options = {}) {
+  const safetyResults = normalizeSafetyResults(options.safetyResults);
+  const externalWrite = Boolean(options.externalWrite);
+  const entityTypes = summarizeEntityTypes(safetyResults);
+  const findingCount = entityTypes.reduce((sum, item) => sum + item.count, 0);
+  const reviewRequired =
+    externalWrite ||
+    findingCount > 0 ||
+    safetyResults.some(result => Boolean(result?.reviewRequired));
+  const reasons = [
+    ...(externalWrite ? ["external-write source"] : []),
+    ...(findingCount > 0 ? ["redacted or sensitive findings"] : []),
+    ...(!externalWrite &&
+    findingCount === 0 &&
+    safetyResults.some(result => Boolean(result?.reviewRequired))
+      ? ["source safety review requested"]
+      : []),
+  ];
+
+  const findingLines =
+    entityTypes.length > 0
+      ? entityTypes.map(
+          item =>
+            `- ${item.entityType}: ${item.count} ${item.count === 1 ? "finding" : "findings"} (${item.confidence})`
+        )
+      : ["- none"];
+
+  return {
+    autoMergeAllowed: !reviewRequired,
+    reviewRequired,
+    reasons,
+    findingCount,
+    entityTypes,
+    prSummaryMarkdown: [
+      "## Wiki Safety Review",
+      "",
+      `Auto-merge: ${reviewRequired ? "disabled" : "allowed"}`,
+      `Human review required: ${reviewRequired ? "yes" : "no"}`,
+      `Reason: ${reasons.length > 0 ? reasons.join("; ") : "no redactions or sensitive findings"}`,
+      "",
+      "Finding summary:",
+      ...findingLines,
+      "",
+      "Raw sensitive values are intentionally omitted from this summary.",
+    ].join("\n"),
+  };
+}
+
 export function isWikiSafetyScanTarget(filePath, options = {}) {
   const pathModule = options.pathModule;
   if (!pathModule) {

package/plugins/lisa-wiki-copilot/skills/lisa-wiki-ingest/SKILL.md

@@ -50,11 +50,14 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
 7. **Commit/PR**: commit only the ingestion changes per `config.git` policy. If the ingest started on
    the default branch, create a dedicated ingestion branch first — never commit ingestion straight to
    the default. Push the branch and **open a PR targeting the default remote branch** (via the host's
-   PR mechanism — e.g. `gh pr create --base <default>`), then **enable auto-merge when possible**
-   (`gh pr merge --auto`, or the host's equivalent). `external-write` runs and sensitive content are
-   the exception — open the PR **without** auto-merge so a human reviews them before it lands. If
-   auto-merge cannot be enabled (the host doesn't support it, or branch protection forbids it), leave
-   the PR open and note that a human must merge.
+   PR mechanism — e.g. `gh pr create --base <default>`). Before enabling auto-merge, feed the safety
+   scan output into `createWikiIngestPublicationPolicy` from `scripts/wiki-safety.mjs`. Enable
+   auto-merge only when `autoMergeAllowed` is true. `external-write` runs, redacted runs, and any run
+   with sensitive findings are the exception — open the PR **without** auto-merge so a human reviews
+   them before it lands. The PR summary must include the policy's safe review summary: counts and
+   entity types only, never raw values, ranges, tokens, source snippets, or scanner output. If
+   auto-merge cannot be enabled (the host doesn't support it, branch protection forbids it, or the
+   policy requires review), leave the PR open and note that a human must merge.
 
 ## Rules
 - **Bookend every ingest with git hygiene:** sync the branch with the default remote branch *before*
@@ -71,6 +74,10 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
   select `--scanner gitleaks` for local parity with Gitleaks, and may use
   `--scanner trufflehog` as a stricter optional verification pass when installed;
   if a selected scanner is unavailable, keep the ingest blocked for review.
+- Redaction and review policy is centralized in `scripts/wiki-safety.mjs`. Treat
+  `reviewRequired` or any summarized finding as a hard auto-merge stop. Use the
+  generated PR summary text as-is or preserve its shape so reviewers see entity
+  types and counts without raw sensitive values.
 - Connector execution and the connector contract are detailed in the connector skills (M2+); this
   router defines and enforces the ordering and side-effect rules above.
 

package/plugins/lisa-wiki-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.144.0",
+  "version": "2.145.1",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-cursor/scripts/wiki-safety.mjs

@@ -236,6 +236,82 @@ export function serializeWikiSafetyFindings(result) {
   );
 }
 
+function normalizeSafetyResults(results) {
+  if (Array.isArray(results)) return results;
+  if (!results) return [];
+  return [results];
+}
+
+function summarizeEntityTypes(results) {
+  const byType = new Map();
+  for (const result of results) {
+    for (const finding of result?.findings ?? []) {
+      const entityType = finding?.entityType ?? "unknown";
+      const current = byType.get(entityType) ?? {
+        entityType,
+        confidence: finding?.confidence ?? "unknown",
+        count: 0,
+      };
+      current.count += Number.isFinite(finding?.count) ? finding.count : 1;
+      if (current.confidence !== "high" && finding?.confidence === "high") {
+        current.confidence = "high";
+      }
+      byType.set(entityType, current);
+    }
+  }
+  return [...byType.values()].sort((a, b) =>
+    a.entityType.localeCompare(b.entityType)
+  );
+}
+
+export function createWikiIngestPublicationPolicy(options = {}) {
+  const safetyResults = normalizeSafetyResults(options.safetyResults);
+  const externalWrite = Boolean(options.externalWrite);
+  const entityTypes = summarizeEntityTypes(safetyResults);
+  const findingCount = entityTypes.reduce((sum, item) => sum + item.count, 0);
+  const reviewRequired =
+    externalWrite ||
+    findingCount > 0 ||
+    safetyResults.some(result => Boolean(result?.reviewRequired));
+  const reasons = [
+    ...(externalWrite ? ["external-write source"] : []),
+    ...(findingCount > 0 ? ["redacted or sensitive findings"] : []),
+    ...(!externalWrite &&
+    findingCount === 0 &&
+    safetyResults.some(result => Boolean(result?.reviewRequired))
+      ? ["source safety review requested"]
+      : []),
+  ];
+
+  const findingLines =
+    entityTypes.length > 0
+      ? entityTypes.map(
+          item =>
+            `- ${item.entityType}: ${item.count} ${item.count === 1 ? "finding" : "findings"} (${item.confidence})`
+        )
+      : ["- none"];
+
+  return {
+    autoMergeAllowed: !reviewRequired,
+    reviewRequired,
+    reasons,
+    findingCount,
+    entityTypes,
+    prSummaryMarkdown: [
+      "## Wiki Safety Review",
+      "",
+      `Auto-merge: ${reviewRequired ? "disabled" : "allowed"}`,
+      `Human review required: ${reviewRequired ? "yes" : "no"}`,
+      `Reason: ${reasons.length > 0 ? reasons.join("; ") : "no redactions or sensitive findings"}`,
+      "",
+      "Finding summary:",
+      ...findingLines,
+      "",
+      "Raw sensitive values are intentionally omitted from this summary.",
+    ].join("\n"),
+  };
+}
+
 export function isWikiSafetyScanTarget(filePath, options = {}) {
   const pathModule = options.pathModule;
   if (!pathModule) {

package/plugins/lisa-wiki-cursor/skills/lisa-wiki-ingest/SKILL.md

@@ -50,11 +50,14 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
 7. **Commit/PR**: commit only the ingestion changes per `config.git` policy. If the ingest started on
    the default branch, create a dedicated ingestion branch first — never commit ingestion straight to
    the default. Push the branch and **open a PR targeting the default remote branch** (via the host's
-   PR mechanism — e.g. `gh pr create --base <default>`), then **enable auto-merge when possible**
-   (`gh pr merge --auto`, or the host's equivalent). `external-write` runs and sensitive content are
-   the exception — open the PR **without** auto-merge so a human reviews them before it lands. If
-   auto-merge cannot be enabled (the host doesn't support it, or branch protection forbids it), leave
-   the PR open and note that a human must merge.
+   PR mechanism — e.g. `gh pr create --base <default>`). Before enabling auto-merge, feed the safety
+   scan output into `createWikiIngestPublicationPolicy` from `scripts/wiki-safety.mjs`. Enable
+   auto-merge only when `autoMergeAllowed` is true. `external-write` runs, redacted runs, and any run
+   with sensitive findings are the exception — open the PR **without** auto-merge so a human reviews
+   them before it lands. The PR summary must include the policy's safe review summary: counts and
+   entity types only, never raw values, ranges, tokens, source snippets, or scanner output. If
+   auto-merge cannot be enabled (the host doesn't support it, branch protection forbids it, or the
+   policy requires review), leave the PR open and note that a human must merge.
 
 ## Rules
 - **Bookend every ingest with git hygiene:** sync the branch with the default remote branch *before*
@@ -71,6 +74,10 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
   select `--scanner gitleaks` for local parity with Gitleaks, and may use
   `--scanner trufflehog` as a stricter optional verification pass when installed;
   if a selected scanner is unavailable, keep the ingest blocked for review.
+- Redaction and review policy is centralized in `scripts/wiki-safety.mjs`. Treat
+  `reviewRequired` or any summarized finding as a hard auto-merge stop. Use the
+  generated PR summary text as-is or preserve its shape so reviewers see entity
+  types and counts without raw sensitive values.
 - Connector execution and the connector contract are detailed in the connector skills (M2+); this
   router defines and enforces the ordering and side-effect rules above.
 

package/plugins/src/wiki/scripts/wiki-safety.mjs

@@ -236,6 +236,82 @@ export function serializeWikiSafetyFindings(result) {
   );
 }
 
+function normalizeSafetyResults(results) {
+  if (Array.isArray(results)) return results;
+  if (!results) return [];
+  return [results];
+}
+
+function summarizeEntityTypes(results) {
+  const byType = new Map();
+  for (const result of results) {
+    for (const finding of result?.findings ?? []) {
+      const entityType = finding?.entityType ?? "unknown";
+      const current = byType.get(entityType) ?? {
+        entityType,
+        confidence: finding?.confidence ?? "unknown",
+        count: 0,
+      };
+      current.count += Number.isFinite(finding?.count) ? finding.count : 1;
+      if (current.confidence !== "high" && finding?.confidence === "high") {
+        current.confidence = "high";
+      }
+      byType.set(entityType, current);
+    }
+  }
+  return [...byType.values()].sort((a, b) =>
+    a.entityType.localeCompare(b.entityType)
+  );
+}
+
+export function createWikiIngestPublicationPolicy(options = {}) {
+  const safetyResults = normalizeSafetyResults(options.safetyResults);
+  const externalWrite = Boolean(options.externalWrite);
+  const entityTypes = summarizeEntityTypes(safetyResults);
+  const findingCount = entityTypes.reduce((sum, item) => sum + item.count, 0);
+  const reviewRequired =
+    externalWrite ||
+    findingCount > 0 ||
+    safetyResults.some(result => Boolean(result?.reviewRequired));
+  const reasons = [
+    ...(externalWrite ? ["external-write source"] : []),
+    ...(findingCount > 0 ? ["redacted or sensitive findings"] : []),
+    ...(!externalWrite &&
+    findingCount === 0 &&
+    safetyResults.some(result => Boolean(result?.reviewRequired))
+      ? ["source safety review requested"]
+      : []),
+  ];
+
+  const findingLines =
+    entityTypes.length > 0
+      ? entityTypes.map(
+          item =>
+            `- ${item.entityType}: ${item.count} ${item.count === 1 ? "finding" : "findings"} (${item.confidence})`
+        )
+      : ["- none"];
+
+  return {
+    autoMergeAllowed: !reviewRequired,
+    reviewRequired,
+    reasons,
+    findingCount,
+    entityTypes,
+    prSummaryMarkdown: [
+      "## Wiki Safety Review",
+      "",
+      `Auto-merge: ${reviewRequired ? "disabled" : "allowed"}`,
+      `Human review required: ${reviewRequired ? "yes" : "no"}`,
+      `Reason: ${reasons.length > 0 ? reasons.join("; ") : "no redactions or sensitive findings"}`,
+      "",
+      "Finding summary:",
+      ...findingLines,
+      "",
+      "Raw sensitive values are intentionally omitted from this summary.",
+    ].join("\n"),
+  };
+}
+
 export function isWikiSafetyScanTarget(filePath, options = {}) {
   const pathModule = options.pathModule;
   if (!pathModule) {

package/plugins/src/wiki/skills/lisa-wiki-ingest/SKILL.md

@@ -50,11 +50,14 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
 7. **Commit/PR**: commit only the ingestion changes per `config.git` policy. If the ingest started on
    the default branch, create a dedicated ingestion branch first — never commit ingestion straight to
    the default. Push the branch and **open a PR targeting the default remote branch** (via the host's
-   PR mechanism — e.g. `gh pr create --base <default>`), then **enable auto-merge when possible**
-   (`gh pr merge --auto`, or the host's equivalent). `external-write` runs and sensitive content are
-   the exception — open the PR **without** auto-merge so a human reviews them before it lands. If
-   auto-merge cannot be enabled (the host doesn't support it, or branch protection forbids it), leave
-   the PR open and note that a human must merge.
+   PR mechanism — e.g. `gh pr create --base <default>`). Before enabling auto-merge, feed the safety
+   scan output into `createWikiIngestPublicationPolicy` from `scripts/wiki-safety.mjs`. Enable
+   auto-merge only when `autoMergeAllowed` is true. `external-write` runs, redacted runs, and any run
+   with sensitive findings are the exception — open the PR **without** auto-merge so a human reviews
+   them before it lands. The PR summary must include the policy's safe review summary: counts and
+   entity types only, never raw values, ranges, tokens, source snippets, or scanner output. If
+   auto-merge cannot be enabled (the host doesn't support it, branch protection forbids it, or the
+   policy requires review), leave the PR open and note that a human must merge.
 
 ## Rules
 - **Bookend every ingest with git hygiene:** sync the branch with the default remote branch *before*
@@ -71,6 +74,10 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
   select `--scanner gitleaks` for local parity with Gitleaks, and may use
   `--scanner trufflehog` as a stricter optional verification pass when installed;
   if a selected scanner is unavailable, keep the ingest blocked for review.
+- Redaction and review policy is centralized in `scripts/wiki-safety.mjs`. Treat
+  `reviewRequired` or any summarized finding as a hard auto-merge stop. Use the
+  generated PR summary text as-is or preserve its shape so reviewers see entity
+  types and counts without raw sensitive values.
 - Connector execution and the connector contract are detailed in the connector skills (M2+); this
   router defines and enforces the ordering and side-effect rules above.