[security] fix(uploads): require explicit opt-in for host-side document conversion (#2332)
* fix: disable host-side upload conversion by default * fix: address PR review comments on upload conversion gate
This commit is contained in:
Hinotobi
+7
-1
@@ -480,7 +480,13 @@ tool_search:
|
||||
# Option 1: Local Sandbox (Default)
|
||||
# Executes commands directly on the host machine
|
||||
uploads:
|
||||
# PDF-to-Markdown converter used when a PDF is uploaded.
|
||||
# Automatic Office/PDF conversion runs on the backend host before sandbox
|
||||
# isolation applies. Keep this disabled unless uploads come from a fully
|
||||
# trusted source and you intentionally accept host-side parser risk.
|
||||
auto_convert_documents: false
|
||||
# Controls which PDF-to-Markdown converter is used whenever PDF conversion
|
||||
# runs. Automatic upload conversion is gated separately by
|
||||
# auto_convert_documents.
|
||||
# auto — prefer pymupdf4llm when installed; fall back to MarkItDown for
|
||||
# image-based or encrypted PDFs (recommended default).
|
||||
# pymupdf4llm — always use pymupdf4llm (must be installed: uv add pymupdf4llm).
|
||||
|
||||
Reference in New Issue
Block a user