harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
457 commits 1 branch 0 tags 7.8 MiB
Commit graph

8 commits

Author SHA1 Message Date
Chummy
1711f140be fix(security): remediate unassigned CodeQL findings 
- harden URL/request handling for composio and whatsapp integrations
- reduce cleartext logging exposure across providers/tools/gateway
- hash and constant-time compare gateway webhook secrets
- expand nested secret encryption coverage in config
- align feature aliases and add regression tests for security paths
- fix bubblewrap all-features test invocation surfaced during deep validation
 2026-02-17 19:19:06 +08:00
Chummy
3234159c6c
chore(clippy): clear warning backlog and harden conversions (#383) 2026-02-17 00:32:33 +08:00
Chummy
23b0f360c2
fix(composio): align v3 execute path and honor configured entity_id (#322) 2026-02-16 23:40:37 +08:00
Chummy
ef41f2ab10 chore(fmt): format composio conflict-resolution tests 2026-02-16 21:54:19 +08:00
argenis de la rosa
58693ae5a1 fix: update Composio API endpoint from v2 to v3 
Fixes #309 - Composio v2 endpoint has been discontinued. Updated to v3
endpoint which is the current supported version.

Composio v2 API is no longer available, causing all Composio tool
executions to fail. This updates the base URL to use v3.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 21:40:22 +08:00
Chummy
79a6f180a8
fix(composio): migrate tool API calls to v3 with v2 fallback (#309) (#310) 2026-02-16 05:58:06 -05:00
argenis de la rosa
1fd51f1984 fix: resolve all clippy --all-targets warnings across 15 files 
- gateway/mod.rs: move send_json before test module (items_after_test_module)
- memory/vector.rs: fix float_cmp, cast_precision_loss, approx_constant
- memory/chunker.rs: fix format_collect, format_push_string, write_with_newline
- memory/sqlite.rs: fix useless_vec
- heartbeat/engine.rs: fix format_collect, write_with_newline
- config/schema.rs: fix needless_raw_string_hashes
- tools/composio.rs: fix needless_raw_string_hashes
- integrations/registry.rs: fix uninlined_format_args, unused import
- tunnel/mod.rs: fix doc_markdown
- skills/mod.rs: allow similar_names in test module
- channels/cli.rs: fix unreadable_literal
- observability/mod.rs: fix manual_string_new
- runtime/mod.rs: fix manual_string_new
- examples/custom_memory.rs: add Default impl (new_without_default)
- examples/custom_channel.rs: fix needless_borrows_for_generic_args
 2026-02-14 03:52:57 -05:00
argenis de la rosa
f8befafe4d feat: add Composio tool provider + encrypted secret store + wizard integration 
- src/tools/composio.rs: ComposioTool implementing Tool trait
  - list/execute/connect actions via Composio API (1000+ OAuth apps)
  - 60s timeout, proper error handling, JSON schema for LLM
  - 12 tests covering schema, validation, serde, error paths

- src/security/secrets.rs: SecretStore for encrypted credential storage
  - XOR cipher with random 32-byte key stored in ~/.zeroclaw/.secret_key
  - enc: prefix for encrypted values, plaintext passthrough (backward compat)
  - Key file created with 0600 permissions (Unix)
  - 16 tests: roundtrip, unicode, long secrets, corrupt hex, permissions

- src/config/schema.rs: ComposioConfig + SecretsConfig structs
  - Composio: enabled (default: false), api_key, entity_id
  - Secrets: encrypt (default: true)
  - Both with serde(default) for backward compatibility
  - 8 new config tests

- src/onboard/wizard.rs: new Step 5 'Tool Mode & Security'
  - Sovereign (local only) vs Composio (managed OAuth) selection
  - Encrypted secret storage toggle (default: on)
  - 7-step wizard (was 6)

- src/tools/mod.rs: all_tools() now accepts optional composio_key
- src/agent/loop_.rs: wires Composio key from config into tool registry
- README.md: Composio integration + encrypted secrets documentation

1017 tests, 0 clippy warnings, cargo fmt clean.
 2026-02-14 02:41:29 -05:00