zeroclaw

Author	SHA1	Message	Date
Alex Gorevski	45cdd25b3d	fix(tests): harden brittle tests for cross-platform stability and refactoring resilience ## Problem The test suite contained several categories of latent brittleness identified in docs/testing-brittle-tests.md that would surface during refactoring or cross-platform (Windows) CI execution: 1. Hardcoded Unix paths: \Path::new("/tmp")\ and \PathBuf::from("/tmp")\ used as workspace directories in agent tests, which fail on Windows where /tmp does not exist. 2. Exact string match assertions: ~20 \ssert_eq!(response, "exact text")\ assertions in agent unit and e2e tests that break on any mock wording change, even when the underlying orchestration behavior is correct. 3. Fragile error message string matching: \.contains("specific message")\ assertions coupled to internal error wording rather than testing the error category or behavioral outcome. ## What Changed ### Hardcoded paths → platform-agnostic temp dirs (4 files, 7 locations) - \src/agent/tests.rs\: Replaced all 4 instances of \Path::new("/tmp")\ and \PathBuf::from("/tmp")\ with \std::env::temp_dir()\ in \make_memory()\, \uild_agent_with()\, \uild_agent_with_memory()\, and \uild_agent_with_config()\ helpers. - \ ests/agent_e2e.rs\: Replaced all 3 instances in \make_memory()\, \uild_agent()\, and \uild_agent_xml()\ helpers. ### Exact string assertions → behavioral checks (2 files, ~20 locations) - \src/agent/tests.rs\: Converted 10 \ssert_eq!(response, "...")\ to \ssert!(!response.is_empty(), "descriptive message")\ across tests for text pass-through, tool execution, tool failure recovery, XML dispatch, mixed text+tool responses, multi-tool batch, and run_single delegation. - \ ests/agent_e2e.rs\: Converted 9 exact-match assertions to behavioral checks. Multi-turn test now uses \ssert_ne!(r1, r2)\ to verify sequential responses are distinct without coupling to exact wording. - Provider error propagation test simplified to \ssert!(result.is_err())\ without asserting on the error message string. ### Fragile error message assertions → structural checks (2 files) - \src/tools/git_operations.rs\: Replaced fragile OR-branch string match (\contains("git repository") \|\| contains("Git command failed")\) with structural assertions: checks \!result.success\, error is non-empty, and error does NOT mention autonomy/read-only (verifying the failure is git-related, not permission-related). - \src/cron/scheduler.rs\: Replaced \contains("agent job failed:")\ with \!success\ and \!output.is_empty()\ checks that verify failure behavior without coupling to exact log format. ## What Was NOT Changed (and why) - \src/agent/loop_.rs\ parser tests: Exact string assertions are the contract for XML tool call parsing — the exact output IS the spec. - \src/providers/reliable.rs\: Error message assertions test the error format contract (provider/model attribution in failure messages). - \src/service/mod.rs\: Already platform-gated with \#[cfg]\; XML escape test is a formatting contract where exact match is appropriate. - \src/config/schema.rs\: TOML test strings use /tmp as data values for deserialization tests, not filesystem access; HOME tests already use \std::env::temp_dir()\. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-02-18 14:17:58 +08:00
Will Sarg	42f1d40f1f	fix(ci): unblock dependabot dependency PR checks (#658 )	2026-02-17 15:51:07 -05:00
Alex Gorevski	8d172b6b10	feat(ci): add integration/E2E test stage with mock provider (#636 ) Add end-to-end integration tests that exercise the full agent turn cycle through the public API using mock providers and tools: - Simple text response (no tools) - Single tool call → tool execution → final response - Multi-step tool chain - XML dispatcher path - Multi-turn conversation coherence - Unknown tool recovery - Parallel tool dispatch Add CI workflow (.github/workflows/e2e.yml) that runs these tests on push to main and on PRs. Ref: https://github.com/zeroclaw-labs/zeroclaw/issues/618 (item 6) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-02-17 15:11:05 -05:00
fettpl	ebb78afda4	feat(memory): add session_id isolation to Memory trait (#530 ) * feat(memory): add session_id isolation to Memory trait Add optional session_id parameter to store(), recall(), and list() methods across the Memory trait and all four backends (sqlite, markdown, lucid, none). This enables per-session memory isolation so different agent sessions cannot cross-read each other's stored memories. Changes: - traits.rs: Add session_id: Option<&str> to store/recall/list - sqlite.rs: Schema migration (ALTER TABLE ADD COLUMN session_id), index, persist/filter by session_id in all query paths - markdown.rs, lucid.rs, none.rs: Updated signatures - All callers pass None for backward compatibility - 5 new tests: session-filtered recall, cross-session isolation, session-filtered list, no-filter returns all, migration idempotency Closes #518 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(channels): fix discord _channel_id typo and lark missing reply_to Pre-existing compilation errors on main after reply_to was added to ChannelMessage: discord.rs used _channel_id (underscore prefix) but referenced channel_id, and lark.rs was missing the reply_to field. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 07:44:05 -05:00
Chummy	b442a07530	fix(memory): prevent autosave key collisions across runtime flows Fixes #221 - SQLite Memory Override bug. This PR resolves memory overwrite behavior in autosave paths by replacing fixed memory keys with unique keys, and improves short-horizon recall quality in channel runtime. Root Cause SQLite memory uses a unique constraint on `memories.key` and writes with `ON CONFLICT(key) DO UPDATE`. Several autosave paths reused fixed keys (or sender-stable keys), so newer messages overwrote earlier conversation entries. Changes - Channel runtime: autosave key changed from `channel_sender` to `channel_sender_messageId` - Added memory-context injection before provider calls (aligned with agent loop behavior) - Agent loop: autosave keys changed from fixed `user_msg`/`assistant_resp` to UUID-suffixed keys - Gateway: Webhook/WhatsApp autosave keys changed to UUID-suffixed keys All CI checks passing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 22:55:52 -05:00
haeli05	dc215c6bc0	feat: add WhatsApp and Email channel integrations Adds WhatsApp (Cloud API) and Email (IMAP/SMTP) as new channels. WhatsApp Channel (`src/channels/whatsapp.rs`) - Meta Business Cloud API v18.0 - Webhook verification (hub.challenge flow) - Inbound text, image, and document messages - Outbound text via Cloud API - Phone number allowlist with rate limiting - Health check against API - X-Hub-Signature-256 webhook signature verification Email Channel (`src/channels/email_channel.rs`) - IMAP over TLS (rustls) for inbound polling - SMTP via lettre with STARTTLS for sending - Sender allowlist (specific address, @domain, * wildcard) - HTML stripping for clean text extraction - Duplicate message detection - Configurable poll interval and folder All 906 tests pass. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 16:21:24 -05:00
argenis de la rosa	04a35144e8	feat: integrate open-skills library and cleanup clippy warnings - Add open-skills auto-clone/pull/sync support in skills loader - Clone https://github.com/besoeasy/open-skills to ~/open-skills - Weekly sync via .zeroclaw-open-skills-sync marker - Env controls: ZEROCLAW_OPEN_SKILLS_ENABLED, ZEROCLAW_OPEN_SKILLS_DIR - Load open-skills markdown files before workspace skills - Track Skill.location for accurate prompt rendering - Update system prompt to render skill.location with fallback - Use actual file path when available - Maintain backward compatibility with workspace SKILL.md path - Fix clippy warnings across tests and supporting files - Readable timestamp literals - Remove underscore bindings in tests - Use struct update syntax for Config::default() patterns - Fix module inception, duplicate attributes, manual strip - Clean raw string hashes and empty string construction Resolves: #77	2026-02-14 20:25:07 -05:00
argenis de la rosa	acea042bdb	feat: add AIEOS identity support and harden cron scheduler security - Add IdentityConfig with format=openclaw\|aieos, aieos_path, and aieos_inline - Implement AIEOS v1.1 JSON parser and system prompt injection - Add build_system_prompt_with_identity() supporting both OpenClaw markdown and AIEOS JSON - Harden cron scheduler with SecurityPolicy checks (command allowlist, forbidden path arguments) - Skip retries on deterministic security policy violations - Add comprehensive tests for AIEOS config and cron security edge cases - Update README with AIEOS documentation and schema overview - Add .dockerignore tests for build context security validation	2026-02-14 13:26:08 -05:00
argenis de la rosa	76074cb789	fix: run Docker container as non-root user (closes #34 ) - Switch to gcr.io/distroless/cc-debian12:nonroot - Add explicit USER 65534:65534 directive - Add Docker security CI job verifying non-root UID, :nonroot base, and USER directive - Document CIS Docker Benchmark compliance in SECURITY.md - Add tests and edge cases for container security	2026-02-14 13:16:33 -05:00
argenis de la rosa	bc31e4389b	style: cargo fmt — fix all formatting for CI Ran cargo fmt across entire codebase to pass CI's cargo fmt --check. No logic changes, only whitespace/formatting.	2026-02-13 16:03:50 -05:00
argenis de la rosa	05cb353f7f	feat: initial release — ZeroClaw v0.1.0 - 22 AI providers (OpenRouter, Anthropic, OpenAI, Mistral, etc.) - 7 channels (CLI, Telegram, Discord, Slack, iMessage, Matrix, Webhook) - 5-step onboarding wizard with Project Context personalization - OpenClaw-aligned system prompt (SOUL.md, IDENTITY.md, USER.md, AGENTS.md, etc.) - SQLite memory backend with auto-save - Skills system with on-demand loading - Security: autonomy levels, command allowlists, cost limits - 532 tests passing, 0 clippy warnings	2026-02-13 12:19:14 -05:00

11 commits