Skip to content

feat(security): quarantined summarizer for high-risk content (Phase 3, #1195)#1243

Merged
bug-ops merged 4 commits intomainfrom
feat/m33/quarantined-summarizer
Mar 5, 2026
Merged

feat(security): quarantined summarizer for high-risk content (Phase 3, #1195)#1243
bug-ops merged 4 commits intomainfrom
feat/m33/quarantined-summarizer

Conversation

@bug-ops
Copy link
Owner

@bug-ops bug-ops commented Mar 5, 2026

Summary

  • Implement QuarantinedSummarizer — Dual LLM pattern that routes high-risk external content (web scrape, A2A messages) through an isolated, tool-less LLM extraction call before it enters the main agent context
  • Refactor sanitizer.rs into sanitizer/{mod,quarantine}.rs module structure
  • Add [security.content_isolation.quarantine] config section (opt-in, disabled by default)
  • Re-sanitize quarantine LLM output through detect_injections + escape_delimiter_tags before spotlighting
  • Guard quarantine step behind sanitizer.is_enabled() to prevent unnecessary LLM calls
  • Add quarantine_invocations / quarantine_failures counters to MetricsSnapshot
  • 22 new tests (3795 → 3817)

Part of #1195 (Phase 3). Closes #1204.

Test plan

  • cargo +nightly fmt --check clean
  • cargo clippy --workspace -- -D warnings zero warnings
  • cargo nextest run --workspace --lib --bins 3817 passed, 11 skipped
  • Unit tests: config defaults, serde roundtrip, should_quarantine routing, extract_facts success/error/empty, from_str_opt, system prompt content
  • Integration tests: quarantine invoked for web_scrape, fallback on LLM error, skipped for non-quarantine sources, metrics incremented
  • Security audit: re-sanitization of quarantine output, escape_delimiter_tags before spotlight, no raw content paths
  • Performance: zero-cost when disabled, provider resolved at startup not per-call

bug-ops added 3 commits March 5, 2026 18:35
@bug-ops
feat(security): quarantined summarizer for high-risk content (Phase 3,
6650fa0 
…#1195)

Dual LLM pattern: high-risk external content (web scrape, A2A) passes
through an isolated, tool-less LLM extraction call that returns only
factual information before entering the main agent context.

- QuarantinedSummarizer with extract_facts() async method
- [security.content_isolation.quarantine] config (opt-in, disabled by default)
- Re-sanitize quarantine output: detect_injections + escape_delimiter_tags
- Guard quarantine behind sanitizer.is_enabled()
- quarantine_invocations/failures metrics in MetricsSnapshot
- Refactor sanitizer.rs to sanitizer/{mod,quarantine}.rs
- 22 new tests (3795 -> 3817)

Closes #1204
@bug-ops
docs: add quarantined summarizer to security and config reference
82c495c 
Update untrusted-content-isolation.md with Dual LLM pattern section,
re-sanitization details, quarantine config, and metrics.
Add [security.content_isolation.quarantine] to configuration.md.
@bug-ops
docs: update READMEs with quarantined summarizer feature
e792ec2 
Add QuarantinedSummarizer (Dual LLM pattern) to root README defense-in-depth
row and zeph-core README sanitizer module description.
@bug-ops bug-ops enabled auto-merge (squash) March 5, 2026 17:42
@github-actions github-actions bot added documentation Improvements or additions to documentation rust Rust code changes core zeph-core crate config Configuration file changes enhancement New feature or request size/XL Extra large PR (500+ lines) labels Mar 5, 2026
@bug-ops
fix: add missing agent_setup imports and Box::pin large futures
7642169 
- Add `use crate::agent_setup` to daemon.rs and acp.rs (missing after
  Phase 3 wiring, only visible with --features full)
- Box::pin run_acp_server/run_acp_http_server calls in runner.rs to
  satisfy clippy::large_futures (16 KiB+ future size)
@bug-ops bug-ops disabled auto-merge March 5, 2026 18:15
@bug-ops bug-ops enabled auto-merge (squash) March 5, 2026 18:15
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 5, 2026
View reviewed changes
@bug-ops bug-ops merged commit 8e57dc7 into main Mar 5, 2026
27 of 28 checks passed
@bug-ops bug-ops deleted the feat/m33/quarantined-summarizer branch March 5, 2026 18:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

config Configuration file changes core zeph-core crate documentation Improvements or additions to documentation enhancement New feature or request rust Rust code changes size/XL Extra large PR (500+ lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SEC-3.1] QuarantinedSummarizer for high-risk sources

1 participant

@bug-ops