Fix: Add privacy protections to persistent memory system

Revises memory_usage.txt prompt to enforce moderate privacy level:
- ALLOWED: First names, general region, occupation category, interests, learning data
- EXCLUDED: Age, specific location, family names, sensitive details, travel dates

Updates remember.py tool examples to align with privacy guidelines.
Implements implicit consent model via SUPERMEMORY_API_KEY configuration.

Includes minor ruff formatting fixes for code style consistency.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

reachy_mini_language_tutor/console.py

@@ -421,10 +421,9 @@ class LocalStream:
         # GET /settings/idle -> get current idle signal configuration
         @self._settings_app.get("/settings/idle")
         def _get_idle_settings() -> JSONResponse:
-            return JSONResponse({
-                "enable_idle_signals": config.ENABLE_IDLE_SIGNALS,
-                "idle_signal_timeout": config.IDLE_SIGNAL_TIMEOUT
-            })
+            return JSONResponse(
+                {"enable_idle_signals": config.ENABLE_IDLE_SIGNALS, "idle_signal_timeout": config.IDLE_SIGNAL_TIMEOUT}
+            )
 
         # POST /settings/idle -> update and persist idle signal settings
         @self._settings_app.post("/settings/idle")
@@ -435,8 +434,7 @@ class LocalStream:
             # Validate timeout range
             if not (30 <= timeout <= 900):
                 return JSONResponse(
-                    {"ok": False, "error": "timeout_out_of_range", "min": 30, "max": 900},
-                    status_code=400
+                    {"ok": False, "error": "timeout_out_of_range", "min": 30, "max": 900}, status_code=400
                 )
 
             # Update config immediately (applies to current session)
@@ -594,8 +592,7 @@ class LocalStream:
                 self._robot.media.audio.clear_output_buffer()
             else:
                 logger.warning(
-                    "clear_output_buffer() not available on this SDK version, "
-                    "only clearing handler output queue"
+                    "clear_output_buffer() not available on this SDK version, only clearing handler output queue"
                 )
         self.handler.output_queue = asyncio.Queue()
 

reachy_mini_language_tutor/gradio_tutor_selector.py

@@ -33,16 +33,10 @@ class TutorSelectorUI:
 
         # Tutor metadata
         self.tutor_metadata = self._load_metadata()
-        self.tutor_profiles = [
-            {**data, "id": profile_id}
-            for profile_id, data in self.tutor_metadata.items()
-        ]
+        self.tutor_profiles = [{**data, "id": profile_id} for profile_id, data in self.tutor_metadata.items()]
 
         # Track current selection (find default profile index)
-        self.selected_index = next(
-            (i for i, p in enumerate(self.tutor_profiles) if p["id"] == "default"),
-            0
-        )
+        self.selected_index = next((i for i, p in enumerate(self.tutor_profiles) if p["id"] == "default"), 0)
 
     def _load_metadata(self) -> dict[str, Any]:
         """Load tutor metadata from JSON file.
@@ -101,9 +95,9 @@ class TutorSelectorUI:
         checkmark = ""
         if is_selected:
             selected_styles = f"""
-                background: linear-gradient(135deg, {profile['accent_color']}10 0%, {profile['accent_color']}20 100%);
-                border-left: 6px solid {profile['accent_color']};
-                box-shadow: 0 4px 16px {profile['accent_color']}40;
+                background: linear-gradient(135deg, {profile["accent_color"]}10 0%, {profile["accent_color"]}20 100%);
+                border-left: 6px solid {profile["accent_color"]};
+                box-shadow: 0 4px 16px {profile["accent_color"]}40;
                 transform: scale(1.02);
             """
             checkmark = f"""
@@ -111,7 +105,7 @@ class TutorSelectorUI:
                     position: absolute;
                     top: 12px;
                     right: 12px;
-                    background: {profile['accent_color']};
+                    background: {profile["accent_color"]};
                     color: white;
                     width: 28px;
                     height: 28px;
@@ -131,12 +125,12 @@ class TutorSelectorUI:
         <div class="tutor-card" style="{selected_styles} position: relative;">
             {checkmark}
             <div class="tutor-header">
-                <span class="tutor-flag">{profile['flag_emoji']}</span>
-                <h3 class="tutor-name">{profile['display_name']}</h3>
+                <span class="tutor-flag">{profile["flag_emoji"]}</span>
+                <h3 class="tutor-name">{profile["display_name"]}</h3>
             </div>
-            <p class="tutor-language">{profile['language']}</p>
-            <p class="tutor-description">{profile['short_description']}</p>
-            <span class="tutor-level">{profile['level']}</span>
+            <p class="tutor-language">{profile["language"]}</p>
+            <p class="tutor-description">{profile["short_description"]}</p>
+            <span class="tutor-level">{profile["level"]}</span>
         </div>
         """
 
@@ -156,7 +150,7 @@ class TutorSelectorUI:
             font-size: clamp(2rem, 5vw, 3rem);
             font-weight: 700;
             letter-spacing: -0.02em;
-            background: linear-gradient(135deg, {profile['accent_color']} 0%, {profile['accent_color']}99 50%, {profile['accent_color']}66 100%);
+            background: linear-gradient(135deg, {profile["accent_color"]} 0%, {profile["accent_color"]}99 50%, {profile["accent_color"]}66 100%);
             -webkit-background-clip: text;
             -webkit-text-fill-color: transparent;
             background-clip: text;
@@ -164,7 +158,7 @@ class TutorSelectorUI:
             padding: 16px 0;
             text-align: center;
         ">
-            {profile['flag_emoji']} {profile['display_name']}
+            {profile["flag_emoji"]} {profile["display_name"]}
         </h1>
         """
 
@@ -239,6 +233,7 @@ class TutorSelectorUI:
             blocks: Gradio Blocks context (stream.ui).
 
         """
+
         # Tutor card selection handler
         async def _on_tutor_selected(evt: gr.SelectData) -> tuple[str, gr.Dataset, str]:
             """Handle tutor card selection and apply personality.
@@ -271,7 +266,11 @@ class TutorSelectorUI:
                 logger.error(f"Error applying tutor profile: {e}", exc_info=True)
                 # Keep current state on error
                 current_profile = self.tutor_profiles[self.selected_index]
-                return self._render_title(current_profile), gr.Dataset(samples=self._render_all_cards()), f"❌ Error switching tutor: {e}"
+                return (
+                    self._render_title(current_profile),
+                    gr.Dataset(samples=self._render_all_cards()),
+                    f"❌ Error switching tutor: {e}",
+                )
 
         # Wire the selection event within the Blocks context
         with blocks:

reachy_mini_language_tutor/prompts/language_tutoring/memory_usage.txt

@@ -1,5 +1,34 @@
+## PRIVACY GUIDELINES
+You have persistent memory of this learner across sessions, but you must protect their privacy. Follow these rules:
+
+ALLOWED - Learning-focused information:
+- First name only (never family/last names)
+- General region or country (e.g., "from Canada", "in Europe") - NOT specific cities or addresses
+- General occupation category (e.g., "works in healthcare", "student") - NOT company names or job titles
+- Broad interests and hobbies (e.g., "enjoys cooking", "plays guitar", "loves jazz music")
+- Learning goals, progress, preferences, and struggles
+- Language skill levels and practice history
+- Cultural background in general terms (e.g., "has Mexican heritage", "grew up bilingual")
+
+NEVER STORE:
+- Age, birth date, or specific dates
+- Specific location (city, address, neighborhood, workplace location)
+- Family member names or detailed family information
+- Full job titles, company names, or workplace-specific details
+- Sensitive personal information (health conditions, financial status, relationship details)
+- Specific travel dates or detailed travel itineraries
+
+WHEN IN DOUBT, GENERALIZE:
+- "Lives in Phoenix" → "From the US, Southwest region" or just "From the US"
+- "Senior Software Engineer at Google" → "Works in tech"
+- "32 years old" → [Don't store age at all]
+- "Traveling to Paris on June 15th" → "Planning to travel to France"
+- "Mother Maria speaks Spanish" → "Has Spanish-speaking family members"
+
+Remember: Your role is to help with language learning. Personal context makes lessons engaging, but privacy protection comes first.
+
 ## MEMORY USAGE
-You have persistent memory of this learner across sessions. Use it wisely:
+Use your persistent memory wisely:
 
 RECALL: Use the recall tool to search your memory when:
 - **Starting a new session** (CRITICAL: Check for their name and personal info FIRST!)
@@ -11,18 +40,30 @@ RECALL: Use the recall tool to search your memory when:
 REMEMBER: Use the remember tool to store important observations:
 
 **Personal Information** (category: personal):
-- **Identity basics**: Name (ALWAYS ask and store on first session!), age, location, occupation
-- **Interests & hobbies**: Favorite foods, music, sports, activities, books, movies
-- **Learning context**: Why learning [LANGUAGE], travel plans, [LANGUAGE]-speaking connections, target goals
-- **Personal relationships**: Family members mentioned, friends, pets, cultural connections
-- **Life context**: Work/school details, living situation, cultural background
-
-Examples:
-- "Learner's name is [Example Name]" (category: personal)
-- "Lives in [Example City], works as [Example Occupation]" (category: personal)
-- "Learning [LANGUAGE] to [Example Reason]" (category: personal)
-- "Loves [Example Interest]" (category: personal)
-- "Has [Example Connection]" (category: personal)
+- **First name**: ALWAYS ask and store on first session! Use first name only, never last names.
+- **General location**: Country or broad region (e.g., "from Canada", "in Europe", "lives in Southeast Asia") - NEVER specific cities, addresses, or neighborhoods
+- **Occupation category**: General field only (e.g., "works in education", "student", "retired", "works in tech") - NEVER company names, specific job titles, or workplace locations
+- **Interests & hobbies**: Favorite foods, music genres, sports, activities, books, movies, cultural interests
+- **Learning context**: Why learning [LANGUAGE], general goals (e.g., "for travel", "family connections", "career"), preferred learning style, practice frequency
+- **Language connections**: [LANGUAGE]-speaking friends/family (in general terms, not names), cultural background, prior language experience
+
+Privacy-Safe Examples:
+- "Learner's first name is Alex" (category: personal)
+- "From the United States, Midwest region" (category: personal)
+- "Works in healthcare field" (category: personal)
+- "Learning Spanish to connect with family heritage" (category: personal)
+- "Enjoys cooking Italian food and watching soccer" (category: personal)
+- "Has Spanish-speaking relatives" (category: personal)
+- "Prefers structured lessons with written examples" (category: personal)
+- "Practices 2-3 times per week" (category: personal)
+
+TOO SPECIFIC - Never Store:
+- ❌ "Alex Johnson is 32 years old"
+- ❌ "Lives in Chicago, Illinois" or "Lives at 123 Maple Street"
+- ❌ "Works as Senior Nurse Manager at Northwestern Memorial Hospital"
+- ❌ "Traveling to Madrid on March 15-22, 2025"
+- ❌ "Grandmother Elena speaks Spanish" or "Has 2 children named Sofia and Miguel"
+- ❌ "Divorced last year" or "Has diabetes"
 
 **Learning Progress** (use existing categories):
 - When learner masters a difficult concept (category: success)
@@ -30,4 +71,6 @@ Examples:
 - When learner expresses learning preferences (category: preference)
 - General progress notes (category: progress)
 
+**REMINDER**: Focus memory on language learning. Personal context enhances lessons, but privacy comes first.
+
 Always start sessions by checking your memory for context about this learner.

reachy_mini_language_tutor/tools/core_tools.py

@@ -10,6 +10,7 @@ from pathlib import Path
 from dataclasses import dataclass
 
 from reachy_mini import ReachyMini
+
 # Import config to ensure .env is loaded before reading REACHY_MINI_CUSTOM_PROFILE
 from reachy_mini_language_tutor.config import config  # noqa: F401
 

reachy_mini_language_tutor/tools/remember.py

@@ -23,7 +23,7 @@ class RememberTool(Tool):
                 "description": (
                     "The fact to remember, e.g., 'Learner struggles with verb conjugation', "
                     "'Prefers topics about travel and culture', 'Successfully used past tense today', "
-                    "'Learner's name is Alex', 'Lives in Boston', 'Works as an engineer'"
+                    "'Learner's first name is Alex', 'From the US, Northeast region', 'Works in engineering field'"
                 ),
             },
             "category": {
@@ -32,7 +32,7 @@ class RememberTool(Tool):
                 "description": (
                     "Category of the memory: progress (general notes), preference (what they like), "
                     "struggle (what's difficult), success (what they mastered), "
-                    "personal (identity, interests, background, goals)"
+                    "personal (first name, general region, occupation category, interests, learning goals - see privacy guidelines)"
                 ),
             },
         },

tests/test_prompt_placeholders.py

@@ -1,6 +1,5 @@
 """Tests for prompt placeholder expansion in language tutor profiles."""
 
-
 import pytest
 
 from reachy_mini_language_tutor.prompts import (
@@ -83,14 +82,10 @@ class TestPlaceholderExpansion:
         expanded = _expand_prompt_includes(instructions)
 
         # Verify no unexpanded language_tutoring placeholders remain
-        assert (
-            "[language_tutoring/" not in expanded
-        ), f"Unexpanded placeholders found in {tutor}"
+        assert "[language_tutoring/" not in expanded, f"Unexpanded placeholders found in {tutor}"
 
         # Verify minimum expected length (shared content ~165 lines + unique content)
-        assert (
-            len(expanded) > 5000
-        ), f"Expanded instructions too short for {tutor}: {len(expanded)} chars"
+        assert len(expanded) > 5000, f"Expanded instructions too short for {tutor}: {len(expanded)} chars"
 
         # Verify key shared sections are present
         assert "## PROACTIVE ENGAGEMENT" in expanded
@@ -125,14 +120,12 @@ class TestPlaceholderExpansion:
             ("portuguese_tutor", "BRAZILIAN PORTUGUESE SPECIFICS"),
         ],
     )
-    def test_language_specific_sections_preserved(
-        self, tutor: str, language_specific_section: str
-    ):
+    def test_language_specific_sections_preserved(self, tutor: str, language_specific_section: str):
         """Test that language-specific teaching sections are preserved."""
         instructions_file = PROFILES_DIRECTORY / tutor / "instructions.txt"
         instructions = instructions_file.read_text(encoding="utf-8")
         expanded = _expand_prompt_includes(instructions)
 
-        assert (
-            language_specific_section in expanded
-        ), f"Language-specific section '{language_specific_section}' missing in {tutor}"
+        assert language_specific_section in expanded, (
+            f"Language-specific section '{language_specific_section}' missing in {tutor}"
+        )