* fix(gateway): honor config bind settings and persist pairing
Resolve docker-compose startup and restart friction by:
- using config host/port defaults for gateway/daemon unless CLI flags are passed
- persisting paired token hashes to config.toml on successful /pair
- running container default command as 'zeroclaw gateway' (no hardcoded --host/--port overrides)
- updating compose image/docs to zeroclaw-labs namespace
- adding MODEL env fallback for default_model override and targeted regression tests
* chore(ci): sync lockfile and restore rustfmt parity
Update Cargo.lock to match Cargo.toml and format src/service/mod.rs so rust quality gates stop failing with unrelated baseline drift.
Pin all FROM images in Dockerfile and dev/ci/Dockerfile to their
current SHA256 manifest digests for reproducible builds.
- rust:1.93-slim-trixie → @sha256:9663b80a...
- busybox:latest → busybox:1.37@sha256:b3255e7d...
- debian:trixie-slim → @sha256:f6e2cfac...
- gcr.io/distroless/cc-debian13:nonroot → @sha256:84fcd3c2...
- rust:1.92-slim → @sha256:bf3368a9...
Closes#359
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(config): apply env overrides at runtime and fix Docker compose defaults
- Call apply_env_overrides() after Config::load_or_init() in main.rs so
environment variables (API_KEY, PROVIDER, ZEROCLAW_GATEWAY_PORT, etc.)
are actually applied at runtime, not just in tests
- Add ZEROCLAW_ALLOW_PUBLIC_BIND env var support for gateway bind policy
- Fix docker-compose.yml: correct volume path (/zeroclaw-data not /data),
add ZEROCLAW_ALLOW_PUBLIC_BIND=true for container networking, make host
port configurable via HOST_PORT env var
- Add docker-compose.override.yml to .gitignore for local dev overrides
* feat(discord): add listen_to_bots config and fix model IDs across codebase
Add listen_to_bots field to DiscordConfig so bot messages are processed
when explicitly enabled (defaults to false for backward compat). Remove
ZEROCLAW_MODEL from Dockerfile release stage so config.toml is the
source of truth for model selection. Fix all hardcoded model IDs from
the dated anthropic/claude-sonnet-4-20250514 to the valid OpenRouter
identifier anthropic/claude-sonnet-4.
This fixes issue #271 where cargo build fails due to openssl-sys dependency
being pulled in even though the project uses rustls-tls for all TLS connections.
**Problem:**
- The Dockerfile installed `libssl-dev` in the builder stage
- This caused `openssl-sys` to be activated as a dependency
- Users without OpenSSL installed would get build failures:
```
error: failed to run custom build command for openssl-sys v0.9.111
Could not find directory of OpenSSL installation
```
**Solution:**
- Remove `libssl-dev` from Dockerfile build dependencies
- ZeroClaw uses `rustls-tls` exclusively for all TLS connections:
- reqwest: `features = ["rustls-tls"]`
- lettre: `features = ["rustls-tls"]`
- tokio-tungstenite: `features = ["rustls-tls-webpki-roots"]`
**Benefits:**
- Smaller Docker images (no OpenSSL headers/libs needed)
- Faster builds (fewer dependencies to compile)
- Consistent builds regardless of system OpenSSL availability
- True pure-Rust TLS stack without C dependencies
**Affected platforms:**
- Users without OpenSSL dev packages can now build directly
- Docker builds are more portable and reproducible
- Binary distributions don't depend on system OpenSSL version
All tests pass.
Related to #271
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Dockerfile builder image 1.93-slim is (now?) based on debian trixie (13)
The production runtime image was created based on debian-12 which did
not have the version of libc that zeroclaw was built against and that
caused this error:
[zeroclaw] | zeroclaw: /lib/x86_64-linux-gnu/libc.so.6: version
`GLIBC_2.39' not found (required by zeroclaw)
Upgraded runtime image to debian 13 to solve the issue
