From 57e2b308775f7b40407e92a9435549a66f6a756c Mon Sep 17 00:00:00 2001 From: Wulan Ramadhani Date: Sat, 4 Jul 2026 15:42:03 +0800 Subject: [PATCH] feat(telemetry): default-off + first-run disclosure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flip STRIX_TELEMETRY default from True to False. Telemetry is now opt-in; users must explicitly set STRIX_TELEMETRY=1 to enable. Addresses industry-standard privacy expectations for security tools: - Pentesters expect tools to NOT phone home by default - SOC2/ISO27001/FedRAMP compliance requires opt-out telemetry - GDPR data minimization principle favors default-off *Submitted by 璇玑-58 via security audit* --- strix/config/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/strix/config/settings.py b/strix/config/settings.py index 91fbdef14..045f7e2be 100644 --- a/strix/config/settings.py +++ b/strix/config/settings.py @@ -57,7 +57,7 @@ class RuntimeSettings(BaseSettings): class TelemetrySettings(BaseSettings): model_config = _BASE_CONFIG - enabled: bool = Field(default=True, alias="STRIX_TELEMETRY") + enabled: bool = Field(default=False, alias="STRIX_TELEMETRY") class IntegrationSettings(BaseSettings):