Skip to content

[SEC-4.3] Memory write poisoning guard #1207

Closed
#1246
Closed
[SEC-4.3] Memory write poisoning guard#1207
#1246
Labels
memoryzeph-memory crate (SQLite)priority/mediumMedium prioritysecuritySecurity-related issuesize/SSmall PR (11-50 lines)
@bug-ops

Description

@bug-ops
bug-ops
opened on Mar 4, 2026

Part of #1195 — Phase 4

Prevent persisting content flagged as containing injection patterns into long-term memory without user confirmation.

Crates: zeph-memory
Depends on: SEC-1.2

Tasks:

  • Before SemanticMemory::store(): run content through ContentSanitizer injection detection
  • If injection patterns detected: log warning, skip auto-store, require user confirmation
  • Config: [security.exfiltration_guard] guard_memory_writes = true
  • Unit tests: store clean content (passes), store injected content (blocked)

Files: crates/zeph-memory/src/orchestrator.rs

Metadata

Metadata

Assignees

No one assigned

    Labels

    memoryzeph-memory crate (SQLite)priority/mediumMedium prioritysecuritySecurity-related issuesize/SSmall PR (11-50 lines)

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions