harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

fix(config): change web_search.enabled default to false for explicit opt-in (#986)

Browse source 
Network access (web search via DuckDuckGo) should require explicit user
consent rather than being enabled by default. This aligns with the
least-surprise principle and the project's secure-by-default policy:
users must opt in to external network requests.

Changes:
- WebSearchConfig::default() now sets enabled: false
- Serde default for enabled field changed from default_true to default
  (bool defaults to false)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Alex Gorevski 2026-02-20 01:58:19 -08:00 committed by GitHub
parent 75772cc3a7
commit 1a3be5e54f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/config/schema.rs
View file

@ -909,7 +909,7 @@ fn default_http_timeout_secs() -> u64 {
#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
pub struct WebSearchConfig {
/// Enable `web_search_tool` for web searches
#[serde(default = "default_true")]
#[serde(default)]
pub enabled: bool,
/// Search provider: "duckduckgo" (free, no API key) or "brave" (requires API key)
#[serde(default = "default_web_search_provider")]
@ -940,7 +940,7 @@ fn default_web_search_timeout_secs() -> u64 {
impl Default for WebSearchConfig {
fn default() -> Self {
Self {
enabled: true,
enabled: false,
provider: default_web_search_provider(),
brave_api_key: None,
max_results: default_web_search_max_results(),