Lets admins promote a support ticket to a feedback post (status Reviewing, never auto-published) without leaking customer data, confidential business info, or vented language to the public roadmap. Hard requirement: the original ticket body never appears anywhere outside the support inbox; the generated post is a sanitized rewrite, not a copy.

Pipeline runs in four passes via the BYOK AI provider, every output diffed and reviewed before anything is created:

(1) PII detection - emails, phone numbers, real names, addresses, government IDs, credit cards, API keys/secrets, internal account IDs, customer-identifying URLs. Each match flagged with category and replaced with a generic placeholder ([customer email], [account id]).

(2) Confidentiality detection - competitor names, internal pricing/revenue figures, contract references, employee names, internal codenames, other client names mentioned in the ticket. Same flag-and-replace pattern.

(3) Tone rewrite - translates heated/embarrassing customer language into neutral product language without changing intent ("this is the dumbest UI I have ever seen" -> "the navigation is confusing for new users"). Preserves the underlying request.

(4) Generalisation - strips the specific case context ("for our acme widget integration on plan X") and reframes as a feature/bug request ("the widget integration flow needs better discoverability").

Diff review UI: side-by-side panel showing original ticket (collapsed by default, redacted preview when expanded) vs the proposed post draft. Every redaction is annotated with its category and reason. Every rewrite shows the before/after side by side. Admin must explicitly click Approve - rejection is the default outcome on dismiss. On approve, a draft post is created at status Reviewing in the chosen board with the chosen post type and tags; original ticket gets a support_ticket_links row pointing at the new post (visible only to project members).

Audit table: ticket_to_post_conversions (id, ticket_id, post_id nullable, status drafting|reviewing|approved|rejected|failed, redactions jsonb, original_hash sha256 of source, created_at, approved_by, approved_at). Every conversion attempt logged whether approved or not, so an admin can later audit "what was sanitized and how".

Hard guardrails: requires the BYOK AI provider settings card to be configured - no regex-only fallback (regex misses too much). All passes run with a strict prompt template that forbids the model from preserving identifiers it has been asked to redact; output is JSON-shape-validated before any UI is shown. Conversion gated behind feature flag "support.ticket_conversion" so it stays beta until trust is built. Out of scope: bulk conversion of many tickets at once (one-at-a-time review only in v1), auto-conversion without admin click (never), conversion when AI provider is unset.