fix(privacy): remove exposed email data

[jeanduplessis]

Summary

Code-related pentest findings [private access to Kilo team members only] are now addressed without broad product rewrites. Each fix focuses on closing the reported behavior while preserving existing auth, analytics, payments, and device-token flows.

L2: Email exposure guardrails

• Why needed: Historical email exposure requires operational cleanup, but current code should avoid personal email literals and should not expose authenticated PII to third-party tag scripts.
• Solution chosen: Moved contributor champion personal email allowlisting to CONTRIBUTOR_CHAMPION_TEAM_EMAILS, removed raw email/name from GTM dataLayer events, and added a production-source email literal guardrail test with explicit role-alias allowlist.
• Trade-off: Kept intentional public role aliases such as hi@kilo.ai and sales@kilocode.ai; removing them would change product contact behavior rather than close accidental exposure.
• Rollout note: CONTRIBUTOR_CHAMPION_TEAM_EMAILS must be configured before deploy if internal team members should keep contributor-champion classification. This intentionally avoids a code fallback to the previously hardcoded personal email so the literal stays out of source going forward.

Verification

• Spec alignment: matched .plans/pentest-findings.md for code-related L1 scope.
• Code evaluations: security, logic, types, data, resource, and style review agents ran across the implementation. Security review found a GTM dataLayer PII issue, the issue was fixed, and security re-review reported no findings.
• Browser evaluations: agent-browser verified fake user login, CSP presence with nonce/Stripe sources, /api/user returning 401 after revocation with stale cookie, re-login after revocation, and stale admin route rejection for /admin/api/credit-categories.

Visual Changes

N/A

Reviewer Notes

Code Reviewer Notes

• Contributor champion personal email allowlist is now env-backed via CONTRIBUTOR_CHAMPION_TEAM_EMAILS.
• The app no longer sends raw email or name values to GTM dataLayer events; it keeps the non-PII is_new_user signal.
• The guardrail test scans production app source for unapproved email literals and allows explicit public role aliases only.
• Approved public aliases remain explicit in the guardrail test so accidental personal email literals fail tests.
• Includes the dataLayer type correction needed by the updated dataLayer usage.

[kilo-code-bot]

Code Review Summary

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	0
WARNING	1
SUGGESTION	0

Issue Details (click to expand)

WARNING

File	Line	Issue
apps/web/src/lib/config.server.ts	19	Empty-string fallback lets a missing CONTRIBUTOR_CHAMPION_TEAM_EMAILS config reclassify internal contributors as external users.

Other Observations (not in diff)

No additional issues found outside the diff.

Files Reviewed (6 files)

• apps/web/src/components/DataLayerProvider.tsx - 0 issues
• apps/web/src/lib/config.server.ts - 1 issue
• apps/web/src/lib/contributor-champions/service.test.ts - 0 issues
• apps/web/src/lib/contributor-champions/service.ts - 0 issues
• apps/web/src/lib/email-literal-guardrail.test.ts - 0 issues
• apps/web/src/types/datalayer.d.ts - 0 issues

---

_{Reviewed by gpt-5.4-20260305 · 449,143 tokens}