security: plaintext PII/secrets risk in compression_failure_pairs table

## Summary

`compressed_context` in the `compression_failure_pairs` SQLite table stores compaction summaries verbatim. If a conversation contained vault secrets, API keys, or PII that survived summarization, they would be stored in plaintext SQLite without applying the `redact` module or `ContentSanitizer`.

## Mitigating Factors

- Data is summarized (not raw conversation)
- Feature is off by default (`enabled = false`)
- Cleanup bounds storage at 100 rows
- Database is local-only

## Recommended Fix

Apply `ContentSanitizer` or the existing `redact` module to `compressed_context` before storing it in `log_compression_failure()`.

File: `crates/zeph-memory/src/sqlite/compression_guidelines.rs:84-103`

Identified by code reviewer (REVIEW-6) during ACON compression guidelines PR (#1647) review.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

security: plaintext PII/secrets risk in compression_failure_pairs table #1801

Summary

Mitigating Factors

Recommended Fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

security: plaintext PII/secrets risk in compression_failure_pairs table #1801

Description

Summary

Mitigating Factors

Recommended Fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions