Skip to content

[SEC-1.3] Content isolation config section #1198

Closed
#1221
Closed
[SEC-1.3] Content isolation config section#1198
#1221
Labels
configConfiguration file changespriority/highHigh prioritysecuritySecurity-related issuesize/SSmall PR (11-50 lines)
@bug-ops

Description

@bug-ops
bug-ops
opened on Mar 4, 2026

Part of #1195 — Phase 1

Add [security.content_isolation] section to TOML config.

Crates: zeph-core
Depends on: SEC-1.1

Tasks:

  • Config struct ContentIsolationConfig:
    • enabled: bool (default: true)
    • max_content_size: usize (default: 65536)
    • flag_injection_patterns: bool (default: true)
    • spotlight_untrusted: bool (default: true)
  • Wire into SecurityConfig (or create if absent)
  • --init wizard: add content isolation toggle
  • Validate in config loading, emit tracing::info! on startup with active settings
  • Unit tests for deserialization and defaults

Files: crates/zeph-core/src/config/types.rs, crates/zeph-core/src/config/wizard.rs

Metadata

Metadata

Assignees

No one assigned

    Labels

    configConfiguration file changespriority/highHigh prioritysecuritySecurity-related issuesize/SSmall PR (11-50 lines)

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions