harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

feat: add AIEOS identity support and harden cron scheduler security

Browse source 
- Add IdentityConfig with format=openclaw|aieos, aieos_path, and aieos_inline
- Implement AIEOS v1.1 JSON parser and system prompt injection
- Add build_system_prompt_with_identity() supporting both OpenClaw markdown and AIEOS JSON
- Harden cron scheduler with SecurityPolicy checks (command allowlist, forbidden path arguments)
- Skip retries on deterministic security policy violations
- Add comprehensive tests for AIEOS config and cron security edge cases
- Update README with AIEOS documentation and schema overview
- Add .dockerignore tests for build context security validation
This commit is contained in:
argenis de la rosa 2026-02-14 13:26:08 -05:00
parent 76074cb789
commit acea042bdb
7 changed files with 790 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/dockerignore_test.rs
View file

@ -12,6 +12,7 @@ use std::path::Path;
/// Paths that MUST be excluded from Docker build context (security/performance)
const MUST_EXCLUDE: &[&str] = &[
".git",
".githooks",
"target",
"docs",
"examples",
@ -22,10 +23,10 @@ const MUST_EXCLUDE: &[&str] = &[
"*.db-journal",
".DS_Store",
".github",
".githooks",
"deny.toml",
"LICENSE",
".env",
".tmp_*",
];
/// Paths that MUST NOT be excluded (required for build)
@ -299,20 +300,24 @@ fn dockerignore_pattern_matching_edge_cases() {
// Test the pattern matching logic itself
let patterns = vec![
".git".to_string(),
".githooks".to_string(),
"target".to_string(),
"*.md".to_string(),
"*.db".to_string(),
".tmp_*".to_string(),
".env".to_string(),
];
// Should match
assert!(is_excluded(&patterns, ".git"));
assert!(is_excluded(&patterns, ".git/config"));
assert!(is_excluded(&patterns, ".githooks"));
assert!(is_excluded(&patterns, "target"));
assert!(is_excluded(&patterns, "target/debug/build"));
assert!(is_excluded(&patterns, "README.md"));
assert!(is_excluded(&patterns, "brain.db"));
assert!(is_excluded(&patterns, ".tmp_todo_probe"));
assert!(is_excluded(&patterns, ".env"));
// Should NOT match
assert!(!is_excluded(&patterns, "src"));