fix: cp1252 Unicode decode, English-only hardening, privacy notice

Fixes #62, #63

- tools.py: add encoding='utf-8', errors='replace' to subprocess.run
  (fixes UnicodeDecodeError on Windows cp1252 when doctor/audit output
  contains checkmarks U+2713/U+2717)
- runner.py: move LANGUAGE DIRECTIVE to very first line of system prompt;
  inject [LANG:EN] prefix on every user message; add _has_non_english()
  detector; auto-correction turn when response is in non-English script
- PRIVACY.md: no telemetry, data flows only to user-configured LLM provider,
  patent search queries go to USPTO Open Data Portal

Co-Authored-By: Oz <oz-agent@warp.dev>

Author: tbitcs

PRIVACY.md

@@ -0,0 +1,69 @@
+# specsmith — Privacy Policy
+
+**Last updated: April 2026**
+
+## Summary
+
+specsmith is a local CLI tool. It collects no telemetry, sends no analytics, and stores no data on BitConcepts servers. The only external network calls it makes are those you explicitly configure.
+
+---
+
+## What data leaves your machine
+
+### LLM providers (only when you run `specsmith run`)
+
+When you start an agent session, specsmith sends your project's governance files (AGENTS.md, LEDGER.md snippets) and your chat messages to the LLM provider you have configured:
+
+| Provider | Data destination | Privacy policy |
+|---|---|---|
+| Anthropic (Claude) | api.anthropic.com | https://www.anthropic.com/privacy |
+| OpenAI (GPT) | api.openai.com | https://openai.com/policies/privacy-policy |
+| Google (Gemini) | generativelanguage.googleapis.com | https://policies.google.com/privacy |
+| Mistral | api.mistral.ai | https://mistral.ai/privacy |
+| Ollama | localhost (no network call) | n/a — runs locally |
+
+You control which provider is used. BitConcepts has no visibility into what is sent to these providers — all requests go directly from your machine to their API.
+
+### GitHub issues (`specsmith` doesn't file issues automatically)
+
+The specsmith CLI itself never creates GitHub issues. The VS Code extension has an optional, consent-gated bug reporter — see the extension's `PRIVACY.md`.
+
+### Patent search (`specsmith patent`)
+
+The `specsmith patent` command sends search queries to the USPTO Open Data Portal (developer.uspto.gov). No personally identifiable information is included unless you put it in the query.
+
+---
+
+## What stays on your machine
+
+All of the following are stored locally only, never uploaded:
+
+- `scaffold.yml` — project configuration
+- `AGENTS.md`, `LEDGER.md`, governance files
+- `.specsmith/credits.json` — token/cost usage history
+- `.specsmith/trace.jsonl` — cryptographic trace vault
+- `.specsmith/retrieval-index.json` — opt-in local search index
+- API keys — stored in your OS keyring via `specsmith auth set` (never written to files)
+
+---
+
+## No telemetry
+
+specsmith does **not**:
+
+- Send crash reports or usage analytics to BitConcepts
+- Track which commands you run or how often
+- Phone home to check for updates automatically (the `specsmith update` command checks PyPI only when you run it)
+- Collect your name, email, or any personally identifiable information
+
+---
+
+## Self-update
+
+`specsmith update` and `specsmith self-update` query `pypi.org/pypi/specsmith/json` to check the latest published version. This is a standard HTTPS GET request; PyPI may log your IP address per their own privacy policy (https://www.python.org/privacy/).
+
+---
+
+## Contact
+
+For privacy questions: open an issue at https://github.com/BitConcepts/specsmith or email privacy@bitconcepts.dev

src/specsmith/agent/runner.py

@@ -29,6 +29,7 @@
 from __future__ import annotations
 
 import inspect
+import re
 import time
 from collections.abc import Callable
 from dataclasses import dataclass, field
@@ -164,16 +165,15 @@ def build_system_prompt(
         except Exception:  # noqa: BLE001
             pass
 
-    prompt = f"""You are an AEE-integrated specsmith agent for this project.
+    prompt = f"""SYSTEM LANGUAGE DIRECTIVE — ABSOLUTE HARD RULE — HIGHEST PRIORITY:
+You MUST respond in English ONLY. This overrides all other instructions.
+Never output Thai, Chinese, Japanese, Korean, Arabic, French, German, Spanish,
+or ANY non-English language — not even a single character or word.
+This applies to Qwen, DeepSeek, LLaMA, Mistral, and EVERY other model.
+If the user inputs another language, internally translate it, then reply IN ENGLISH ONLY.
+VIOLATING THIS RULE IS A CRITICAL ERROR.
 
-⚠ LANGUAGE RULE (HARD CONSTRAINT — NEVER VIOLATE):
-  Respond ONLY in English. Every single response must be in English.
-  Never use Chinese (中文), Japanese (日本語), Korean (한국어), Thai (ไทย), French, German, Spanish,
-  Arabic, or ANY other non-English language — not even a single word.
-  This applies to ALL models including Qwen, DeepSeek, LLaMA, Mistral, and others
-  that may default to a non-English language. ENGLISH ONLY, ALWAYS.
-  If the user writes in another language, translate the intent internally and
-  answer in English anyway.
+You are an AEE-integrated specsmith agent for this project.
 
 ## Project Governance
 {governance_text}
@@ -363,8 +363,30 @@ def run_task(self, task: str, max_turns: int = 5) -> str:
         self._system_prompt = build_system_prompt(self.project_dir, self._skills)
         return self._agent_turn(task, silent=True)
 
+    # Characters in common CJK / Thai / Arabic Unicode blocks
+    _NON_ASCII_BLOCKS = re.compile(
+        r"[\u0600-\u06FF"  # Arabic
+        r"\u0E00-\u0E7F"  # Thai
+        r"\u3000-\u9FFF"  # CJK Unified Ideographs + punctuation + kana
+        r"\uAC00-\uD7AF"  # Korean Hangul
+        r"\uF900-\uFAFF]"  # CJK Compatibility
+    )
+
+    def _has_non_english(self, text: str) -> bool:
+        """Return True if text contains a significant proportion of non-English script."""
+        if not text:
+            return False
+        hits = len(self._NON_ASCII_BLOCKS.findall(text))
+        return hits > 5 and (hits / max(len(text), 1)) > 0.05
+
     def _agent_turn(self, user_input: str, silent: bool = False) -> str:
         """Execute one user→agent turn with tool loop."""
+        # Inject a lightweight English-only reminder into every user message.
+        # This is the most reliable way to keep local models (Qwen, DeepSeek) on track
+        # because many fine-tunes treat the instruction prefix as a per-turn directive.
+        _ENG_PFXS = ("[ENGLISH ONLY]", "[RESPOND IN ENGLISH", "[LANG:EN]")
+        if not any(user_input.startswith(p) for p in _ENG_PFXS):
+            user_input = "[LANG:EN] " + user_input
         # Add user message
         self._state.messages.append(Message(role=Role.USER, content=user_input))
 
@@ -403,6 +425,19 @@ def _agent_turn(self, user_input: str, silent: bool = False) -> str:
                 final_response = response.content
 
             if not response.has_tool_calls:
+                # Non-English correction: if response appears to be in another language,
+                # issue a single correction turn rather than showing the wrong-language response.
+                if response.content and self._has_non_english(response.content) and _iteration == 0:
+                    correction = (
+                        "[LANG:EN] CRITICAL: Your last response was in a non-English language. "
+                        "You MUST respond in English ONLY. Please re-answer in English."
+                    )
+                    self._state.messages.append(
+                        Message(role=Role.ASSISTANT, content=response.content)
+                    )
+                    self._state.messages.append(Message(role=Role.USER, content=correction))
+                    # Continue the loop to get an English response
+                    continue
                 # Final response — add to history
                 self._state.messages.append(Message(role=Role.ASSISTANT, content=response.content))
                 break

src/specsmith/agent/tools.py

@@ -47,6 +47,8 @@ def _run_specsmith(args: list[str], project_dir: str = ".") -> str:
             cmd,
             capture_output=True,
             text=True,
+            encoding="utf-8",  # always decode as UTF-8, not the system locale (cp1252 on Windows)
+            errors="replace",  # replace un-decodable bytes rather than raising UnicodeDecodeError
             timeout=120,
             env=_SUBPROCESS_ENV,
         )