M7 N2 Logging-Sensitivität hart validiert und produktiv abgesichert

pdf-umbenenner-adapter-out/src/main/java/de/gecheckt/pdf/umbenenner/adapter/out/configuration/PropertiesConfigurationPortAdapter.java

@@ -108,7 +108,7 @@ public class PropertiesConfigurationPortAdapter implements ConfigurationPort {
     }
 
     private StartConfiguration buildStartConfiguration(Properties props, String apiKey) {
-        boolean logAiSensitive = Boolean.parseBoolean(getOptionalProperty(props, "log.ai.sensitive", "false"));
+        boolean logAiSensitive = parseAiContentSensitivity(props);
         return new StartConfiguration(
                 Paths.get(getRequiredProperty(props, "source.folder")),
                 Paths.get(getRequiredProperty(props, "target.folder")),
@@ -176,4 +176,40 @@ public class PropertiesConfigurationPortAdapter implements ConfigurationPort {
             throw new ConfigurationLoadingException("Invalid URI value for property: " + value, e);
         }
     }
+
+    /**
+     * Parses the {@code log.ai.sensitive} configuration property with strict validation.
+     * <p>
+     * This property controls whether sensitive AI-generated content (raw response, reasoning)
+     * may be written to log files. It must be either the literal string "true" or "false"
+     * (case-insensitive). Any other value is rejected as an invalid startup configuration.
+     * <p>
+     * The default value (when the property is absent) is {@code false}, which is the safe default.
+     *
+     * @return {@code true} if the property is explicitly set to "true", {@code false} otherwise
+     * @throws ConfigurationLoadingException if the property is present but contains an invalid value
+     */
+    private boolean parseAiContentSensitivity(Properties props) {
+        String value = props.getProperty("log.ai.sensitive");
+
+        // If absent, return safe default
+        if (value == null) {
+            return false;
+        }
+
+        String trimmedValue = value.trim().toLowerCase();
+
+        // Only accept literal "true" or "false"
+        if ("true".equals(trimmedValue)) {
+            return true;
+        } else if ("false".equals(trimmedValue)) {
+            return false;
+        } else {
+            // Reject any other value as invalid configuration
+            throw new ConfigurationLoadingException(
+                    "Invalid value for log.ai.sensitive: '" + value + "'. "
+                            + "Must be either 'true' or 'false' (case-insensitive). "
+                            + "Default is 'false' (sensitive content not logged).");
+        }
+    }
 }