Add warning about sensitive data in Kapa AI chat disclaimer#2155
Add warning about sensitive data in Kapa AI chat disclaimer#2155gmarav05 wants to merge 3 commits intomedic:mainfrom
Conversation
Signed-off-by: Aravind <gmarav005@gmail.com>
mrjones-plip
left a comment
mrjones-plip
left a comment
There was a problem hiding this comment.
This looks great - thanks @gmarav05 ! I was able to spin up your branch locally and when I went to use the "Ask AI" feature, your ⚠️ NOTICE was right there. Very helpful!
Not a blocker, but is it possible to add this same warning to the search modal too? Kapa powers our search, so should have the same warning as "Ask AI":
| data-modal-disclaimer="This is a custom LLM for Community Health Toolkit (CHT) with access to all [Documentation](https://docs.communityhealthtoolkit.org), [GitHub Issues and READMEs](https://github.com/medic/cht-core) and the [CHT Forum](https://forum.communityhealthtoolkit.org). Rate the answers to let us know what you think! | ||
|
|
||
| ⚠️ NOTICE: Do not share any PII, PHI or passwords. Chat logs are archived and accessible by both Medic and Kapa." | ||
| data-search-disclaimer="⚠️ NOTICE: Do not share any PII, PHI or passwords. Chat logs are archived and accessible by both Medic and Kapa." |
There was a problem hiding this comment.
I was unable to see where data-search-disclaimer is used. Is this needed?
There was a problem hiding this comment.
yes, it is not used anywhere and I have now removed it. Thanks for pointing it out @mrjones-plip.
| data-modal-ask-ai-input-placeholder="Ask me a question about the CHT..." | ||
| data-consent-required="true" | ||
| data-consent-screen-title="Search and Ask AI are powered by Kapa" | ||
| data-consent-screen-body="NOTICE: Do not share any PII, PHI or passwords. Chat logs are archived and accessible by both Medic and Kapa." |
There was a problem hiding this comment.
I was unable to see where data-consent-screen-body is used. Is this needed?
There was a problem hiding this comment.
Thanks for pointing this out.
I tested data-consent-screen-body, but I wasn't sure about this fix. It was working. But, since issue description asks to add a warning on both search and chat for Kapa.
There was a problem hiding this comment.
So, It pops up like a small consent screen popup that appears before a user can use the AI/search feature. Let me know if you’d like me to add it.
|
@gmarav05 - any updates on the requested changes? |
|
I am working on it. Sorry for the delay i was unavailable due to college exams. Now i can contribute again. I will let you know when i push changes. @mrjones-plip |
Signed-off-by: Aravind <gmarav005@gmail.com>
|
hello @mrjones-plip, While testing my disclaimer changes i found another small bug or just font colour error. Currently the ai generated answers on live site (tables) are showing black colour text. Current Live Site Screenshot So, I tried to fix this as well and here is how it looks now with the disclaimer for both "Ask AI" and "Search". Screen.Recording.2026-04-01.at.9.48.04.AM.mov |
mrjones-plip
left a comment
mrjones-plip
left a comment
There was a problem hiding this comment.
Thanks for the updates @gmarav05 ! I'm unable reproduce the dark text on a dark background on Chromium (and FF). You can see my results of the prompt show base tables of cht below.
Since I'm unable to reproduce, and your fix for this involves a lot semi-invasive changes, lets revert these changes and focus on just the warnings for now. Thanks for your concern though!
|
|
||
| const SEARCH_NOTICE_ID = 'cht-search-notice'; | ||
|
|
||
| const NOTICE_TEXT = '⚠️ NOTICE: Do not share any PII, PHI or passwords. Chat logs are archived and accessible by both Medic and Kapa.'; |
There was a problem hiding this comment.
Love that this is reused, minor tweak to make sure it applies to both chat and search:
| const NOTICE_TEXT = '⚠️ NOTICE: Do not share any PII, PHI or passwords. Chat logs are archived and accessible by both Medic and Kapa.'; | |
| const NOTICE_TEXT = '⚠️ NOTICE: Do not share any PII, PHI or passwords. Queries are archived and accessible by both Medic and Kapa.'; |
Signed-off-by: Aravind <gmarav005@gmail.com>
|
Thanks for letting me know @mrjones-plip, I was using chrome and Microsoft Edge without any dark mode extension. It's fine I removed those styles now. |
2 participants
Description
This PR adds a warning to prevent users from sharing sensitive information such as PII, PHI, or passwords when using Kapa AI on the docs site.
Fixes #2120
Changes
Why
There have been cases where users pasted sensitive information like credentials, instance URLs into the Kapa AI chat. This change improves user awareness and helps prevent accidental data exposure.
Screenshots
License
The software is provided under AGPL-3.0. Contributions to this project are accepted under the same license.