After run_tool_call_loop, only the final text response was saved to
per-sender conversation history. All intermediate tool calls and results
were discarded, so on the next turn the LLM had no awareness of what
tools it used or what it discovered — causing poor follow-up ability.
Record the history length before the tool loop, then scan new messages
for tool names after it completes. Prepend a compact [Used tools: ...]
annotation to the assistant message saved in history, giving the LLM
context about its own actions on subsequent turns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously, the memory-enriched message (with [Memory context] block
prepended) was saved to per-sender conversation history. On subsequent
turns the LLM saw stale memory fragments with raw keys baked into
prior "user" messages, creating compounding noise.
Save the original msg.content instead. Memory context is still injected
for the current LLM call but no longer persists across turns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every user message was auto-saved to memory regardless of length,
flooding the store with trivial entries like "ok", "thanks", "hi".
These noise entries competed with real memories during recall, degrading
relevance — especially with keyword-only search.
Skip auto-saving messages shorter than 20 characters. Applied to both
the channel path (channels/mod.rs) and CLI agent path (agent/loop_.rs).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
build_system_prompt() included a "## Tool Use Protocol" section with
the tag format and usage instructions. build_tool_instructions() then
appended another identical "## Tool Use Protocol" section with full
JSON schemas. This wasted ~1-2K tokens on every API call.
Remove the duplicate protocol block from build_system_prompt(), keeping
only the compact tool name/description list. The complete protocol with
schemas is provided by build_tool_instructions().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Channel Capabilities section in build_system_prompt() was hardcoded
to say "You are running as a Discord bot" for ALL channels, including
Telegram. This caused the LLM to misidentify itself and reference
Discord-specific features regardless of the actual channel.
Replace with generic "messaging bot" text. Per-channel delivery
instructions already exist via channel_delivery_instructions().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Extract hard-coded test vector keys into named constants in bedrock.rs
and linq.rs to resolve rust/hard-coded-cryptographic-value alerts
- Replace derived Debug impls with manual impls that redact sensitive
fields (access_token, refresh_token, credential, api_key) on
QwenOauthCredentials, QwenOauthProviderContext, and
ResolvedEmbeddingConfig to resolve rust/cleartext-logging alerts
- Redact Matrix user_id and device_id hints in tracing::warn! diagnostic
messages via crate::security::redact() to resolve cleartext-logging
alert in matrix.rs
Addresses CodeQL alerts: #77, #95-106
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Root cause of #959: resolve_connected_account_ref returned None when the entity had more than one connected account for an app, silently dropping auto-resolve and causing every execute call to fail with 'cannot find connected account'. The LLM then looped re-issuing the OAuth URL even though the account was already connected.
- resolve_connected_account_ref now picks the first usable account (ordered by updated_at DESC from the API) instead of returning None when multiple accounts exist
- Add 'connected_accounts' as a dispatch alias for 'list_accounts' in handler, schema enum, and description
- 8 new regression tests
Closes#959
Add five new idempotency store tests covering: different-key acceptance,
max_keys clamping to minimum of 1, rapid duplicate rejection, TTL-based
key expiry and re-acceptance, and eviction preserving newest entries.
Addresses audit finding on weak gateway idempotency test coverage.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add tests for list_configured_boards() covering enabled/disabled states and
empty/non-empty board configurations. Add test verifying create_peripheral_tools()
returns empty when peripherals are disabled. Addresses audit finding CRITICAL-1
for the untested peripherals module — covers all non-hardware-gated logic paths.
Fix pre-existing Windows build errors in config/schema.rs: make non-unix
sync_directory async and gate unix-only imports behind #[cfg(unix)].
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace bare .unwrap() calls with descriptive .expect() messages in
src/agent/agent.rs and src/tools/shell.rs test modules. Adds meaningful
failure context for memory creation, agent builder, and tool execution
assertions. Addresses audit finding on test assertion quality (§5.2).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds section markers and decision-point comments to the three most complex
control-flow modules. Comments explain loop invariants, retry/fallback
strategy, security policy precedence rules, and error handling rationale.
This improves maintainability by making the reasoning behind complex
branches explicit for reviewers and future contributors.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Every public field in the Config struct hierarchy now has a /// doc comment
explaining its purpose, default value, and usage context. This ensures
operators and extension developers can understand config options directly
from rustdoc without cross-referencing the config reference documentation.
Comments are consistent with docs/config-reference.md descriptions.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The four underdocumented core trait files now include trait-level doc blocks
explaining purpose and architecture role, method-level documentation with
parameter/return/error descriptions, and public struct/enum documentation.
This brings parity with the well-documented provider, channel, tool, and
memory traits, giving extension developers clear guidance for implementing
these core extension points.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The English README contains architecture overview (diagram + trait table),
subscription auth setup (OAuth flow + examples), and memory system design
(vector + FTS5 hybrid search) sections that were missing from the Chinese,
Japanese, and Russian translations.
This closes the content parity gap identified in the documentation audit,
ensuring non-English speakers have access to the same critical architectural
context and setup guidance.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Each major subsystem mod.rs now includes a //! doc block explaining the
subsystem purpose, trait-driven architecture, factory registration pattern,
and extension guidance. This improves the generated rustdoc experience for
developers navigating ZeroClaw's modular architecture.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds onboarding decision tree to getting-started/README.md so users can
quickly identify the right setup command for their situation.
Adds hardware vision overview to hardware/README.md explaining the
Peripheral trait and supported board types.
Expands project/README.md with scope explanation describing the purpose
of project snapshots and how they relate to documentation maintenance.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove merge conflict markers in .github/pull_request_template.md,
keeping the spaced module label format (\<module>: <component>\)
from the chore/labeler-spacing-trusted-tier branch.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The embedding provider factory only recognized "openai" and "custom:*",
causing "openrouter" to silently fall through to NoopEmbedding. This
made vector/semantic search completely non-functional — memory recall
fell back to BM25 keyword-only matching, with 70% of the hybrid score
always returning zero.
Route "openrouter" through OpenAiEmbedding with the OpenRouter API base
URL (https://openrouter.ai/api/v1), which is OpenAI-compatible.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a custom value_parser for the --temperature CLI argument to enforce
the documented 0.0-2.0 range at parse time. Previously, the comment
stated the valid range but clap did not reject out-of-range values,
allowing invalid temperatures to propagate to provider API calls.
- Add parse_temperature() validator that rejects values outside 0.0..=2.0
- Wire it into the Agent subcommand's temperature arg via value_parser
Addresses API surface audit §2.3 (CLI argument range validation).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Improve vague error messages in channel initialization and tool setup
to include specific config key paths and remediation steps, matching
the quality standard set by proxy validation errors.
Changes:
- telegram.rs: Include [channels.telegram] section path and required
fields (bot_token, allowed_users) in missing-config error; add
onboard hint; specify channels.telegram.allowed_users in pairing
message; improve parse error context
- whatsapp.rs: Specify channels.whatsapp.allowed_numbers key path
in unauthorized-number warning
- linq.rs: Specify channels.linq.allowed_senders key path in
unauthorized-sender warning; add onboard hint
- web_search_tool.rs: Include tools.web_search.provider config path
and valid values in unknown-provider error
Addresses API surface audit §8.2 (config context in error messages).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
