fix: run Docker container as non-root user (closes #34)

- Switch to gcr.io/distroless/cc-debian12:nonroot
- Add explicit USER 65534:65534 directive
- Add Docker security CI job verifying non-root UID, :nonroot base, and USER directive
- Document CIS Docker Benchmark compliance in SECURITY.md
- Add tests and edge cases for container security

src/channels/mod.rs

@@ -16,7 +16,8 @@ pub use telegram::TelegramChannel;
 pub use traits::Channel;
 pub use whatsapp::WhatsAppChannel;
 
-use crate::config::Config;
+use crate::config::{Config, IdentityConfig};
+use crate::identity::aieos::{parse_aieos_json, AieosEntity};
 use crate::memory::{self, Memory};
 use crate::providers::{self, Provider};
 use anyhow::Result;
@@ -188,6 +189,195 @@ pub fn build_system_prompt(
     }
 }
 
+/// Build a system prompt with AIEOS identity support.
+///
+/// This is the identity-agnostic version that supports both:
+/// - **OpenClaw** (default): Markdown files (IDENTITY.md, SOUL.md, etc.)
+/// - **AIEOS**: JSON-based portable identity (aieos.org v1.1)
+///
+/// When `identity.format = "aieos"`, the AIEOS identity is loaded and injected
+/// instead of the traditional markdown bootstrap files.
+pub fn build_system_prompt_with_identity(
+    workspace_dir: &std::path::Path,
+    model_name: &str,
+    tools: &[(&str, &str)],
+    skills: &[crate::skills::Skill],
+    identity_config: &IdentityConfig,
+) -> String {
+    use std::fmt::Write;
+    let mut prompt = String::with_capacity(8192);
+
+    // ── 1. Tooling ──────────────────────────────────────────────
+    if !tools.is_empty() {
+        prompt.push_str("## Tools\n\n");
+        prompt.push_str("You have access to the following tools:\n\n");
+        for (name, desc) in tools {
+            let _ = writeln!(prompt, "- **{name}**: {desc}");
+        }
+        prompt.push('\n');
+    }
+
+    // ── 2. Safety ───────────────────────────────────────────────
+    prompt.push_str("## Safety\n\n");
+    prompt.push_str(
+        "- Do not exfiltrate private data.\n\
+         - Do not run destructive commands without asking.\n\
+         - Do not bypass oversight or approval mechanisms.\n\
+         - Prefer `trash` over `rm` (recoverable beats gone forever).\n\
+         - When in doubt, ask before acting externally.\n\n",
+    );
+
+    // ── 3. Skills (compact list — load on-demand) ───────────────
+    if !skills.is_empty() {
+        prompt.push_str("## Available Skills\n\n");
+        prompt.push_str(
+            "Skills are loaded on demand. Use `read` on the skill path to get full instructions.\n\n",
+        );
+        prompt.push_str("<available_skills>\n");
+        for skill in skills {
+            let _ = writeln!(prompt, "  <skill>");
+            let _ = writeln!(prompt, "    <name>{}</name>", skill.name);
+            let _ = writeln!(
+                prompt,
+                "    <description>{}</description>",
+                skill.description
+            );
+            let location = workspace_dir
+                .join("skills")
+                .join(&skill.name)
+                .join("SKILL.md");
+            let _ = writeln!(prompt, "    <location>{}</location>", location.display());
+            let _ = writeln!(prompt, "  </skill>");
+        }
+        prompt.push_str("</available_skills>\n\n");
+    }
+
+    // ── 4. Workspace ────────────────────────────────────────────
+    let _ = writeln!(
+        prompt,
+        "## Workspace\n\nWorking directory: `{}`\n",
+        workspace_dir.display()
+    );
+
+    // ── 5. Identity (AIEOS or OpenClaw) ─────────────────────────
+    if identity_config.format.eq_ignore_ascii_case("aieos") {
+        // Try to load AIEOS identity
+        if let Some(aieos_entity) = load_aieos_from_config(workspace_dir, identity_config) {
+            prompt.push_str(&aieos_entity.to_system_prompt());
+        } else {
+            // Fallback to OpenClaw if AIEOS loading fails
+            tracing::warn!("AIEOS identity configured but failed to load; falling back to OpenClaw");
+            inject_openclaw_identity(&mut prompt, workspace_dir);
+        }
+    } else {
+        // Default: OpenClaw markdown files
+        inject_openclaw_identity(&mut prompt, workspace_dir);
+    }
+
+    // ── 6. Date & Time ──────────────────────────────────────────
+    let now = chrono::Local::now();
+    let tz = now.format("%Z").to_string();
+    let _ = writeln!(prompt, "## Current Date & Time\n\nTimezone: {tz}\n");
+
+    // ── 7. Runtime ──────────────────────────────────────────────
+    let host =
+        hostname::get().map_or_else(|_| "unknown".into(), |h| h.to_string_lossy().to_string());
+    let _ = writeln!(
+        prompt,
+        "## Runtime\n\nHost: {host} | OS: {} | Model: {model_name}\n",
+        std::env::consts::OS,
+    );
+
+    if prompt.is_empty() {
+        "You are ZeroClaw, a fast and efficient AI assistant built in Rust. Be helpful, concise, and direct.".to_string()
+    } else {
+        prompt
+    }
+}
+
+/// Load AIEOS entity from config (file path or inline JSON)
+fn load_aieos_from_config(
+    workspace_dir: &std::path::Path,
+    identity_config: &IdentityConfig,
+) -> Option<AieosEntity> {
+    // Try inline JSON first
+    if let Some(ref inline_json) = identity_config.aieos_inline {
+        if !inline_json.is_empty() {
+            match parse_aieos_json(inline_json) {
+                Ok(entity) => {
+                    tracing::info!("Loaded AIEOS identity from inline JSON: {}", entity.display_name());
+                    return Some(entity);
+                }
+                Err(e) => {
+                    tracing::error!("Failed to parse inline AIEOS JSON: {e}");
+                }
+            }
+        }
+    }
+
+    // Try file path
+    if let Some(ref path_str) = identity_config.aieos_path {
+        if !path_str.is_empty() {
+            let path = if std::path::Path::new(path_str).is_absolute() {
+                std::path::PathBuf::from(path_str)
+            } else {
+                workspace_dir.join(path_str)
+            };
+
+            match std::fs::read_to_string(&path) {
+                Ok(content) => match parse_aieos_json(&content) {
+                    Ok(entity) => {
+                        tracing::info!(
+                            "Loaded AIEOS identity from {}: {}",
+                            path.display(),
+                            entity.display_name()
+                        );
+                        return Some(entity);
+                    }
+                    Err(e) => {
+                        tracing::error!("Failed to parse AIEOS file {}: {e}", path.display());
+                    }
+                },
+                Err(e) => {
+                    tracing::error!("Failed to read AIEOS file {}: {e}", path.display());
+                }
+            }
+        }
+    }
+
+    None
+}
+
+/// Inject OpenClaw (markdown) identity files into the prompt
+fn inject_openclaw_identity(prompt: &mut String, workspace_dir: &std::path::Path) {
+    use std::fmt::Write;
+
+    prompt.push_str("## Project Context\n\n");
+    prompt.push_str("The following workspace files define your identity, behavior, and context.\n\n");
+
+    let bootstrap_files = [
+        "AGENTS.md",
+        "SOUL.md",
+        "TOOLS.md",
+        "IDENTITY.md",
+        "USER.md",
+        "HEARTBEAT.md",
+    ];
+
+    for filename in &bootstrap_files {
+        inject_workspace_file(prompt, workspace_dir, filename);
+    }
+
+    // BOOTSTRAP.md — only if it exists (first-run ritual)
+    let bootstrap_path = workspace_dir.join("BOOTSTRAP.md");
+    if bootstrap_path.exists() {
+        inject_workspace_file(prompt, workspace_dir, "BOOTSTRAP.md");
+    }
+
+    // MEMORY.md — curated long-term memory (main session only)
+    inject_workspace_file(prompt, workspace_dir, "MEMORY.md");
+}
+
 /// Inject a single workspace file into the prompt with truncation and missing-file markers.
 fn inject_workspace_file(prompt: &mut String, workspace_dir: &std::path::Path, filename: &str) {
     use std::fmt::Write;