zeroclaw

harald/zeroclaw

Fork 0

Commit graph

Author	SHA1	Message	Date
Will Sarg	69a3b54968	chore(ci): externalize workflow scripts and relocate main flow doc (#722 ) * feat: Add GitHub Actions workflows for security audits, CodeQL analysis, contributor updates, performance benchmarks, integration tests, fuzz testing, and reusable Rust build jobs - Implemented `sec-audit.yml` for Rust package security audits using `rustsec/audit-check` and `cargo-deny-action`. - Created `sec-codeql.yml` for CodeQL analysis scheduled twice daily. - Added `sync-contributors.yml` to update the NOTICE file with new contributors automatically. - Introduced `test-benchmarks.yml` for performance benchmarks using Criterion. - Established `test-e2e.yml` for running integration and end-to-end tests. - Developed `test-fuzz.yml` for fuzz testing with configurable runtime. - Created `test-rust-build.yml` as a reusable job for executing Rust commands with customizable parameters. - Documented main branch delivery flows in `main-branch-flow.md` for clarity on CI/CD processes. * ci(workflows): update workflow scripts and rename for clarity; remove obsolete lint feedback script * chore(ci): externalize workflow scripts and relocate main flow doc	2026-02-17 19:48:37 -05:00
Alex Gorevski	217a700bfa	ci: add fuzz testing workflow and harnesses (#629 ) Problem: Security-critical parsing surfaces (config loading, tool parameter deserialization) have no fuzz testing coverage. Malformed inputs to these surfaces could cause panics, memory issues, or unexpected behavior in production. Solution: Add a weekly cargo-fuzz CI workflow with two initial harnesses: - fuzz_config_parse: fuzzes TOML config deserialization - fuzz_tool_params: fuzzes JSON tool parameter parsing The workflow runs each target for 300 seconds (configurable via workflow_dispatch input), uses nightly Rust toolchain (required by libfuzzer), and uploads crash artifacts for triage with 30-day retention. Step summaries report pass/fail status per target. Files added: - .github/workflows/fuzz.yml (scheduled + manual dispatch) - fuzz/Cargo.toml (fuzz crate manifest) - fuzz/fuzz_targets/fuzz_config_parse.rs - fuzz/fuzz_targets/fuzz_tool_params.rs Testing: Validated YAML syntax and Cargo.toml structure. Fuzz harnesses use standard libfuzzer-sys patterns. Actual fuzzing will execute on first scheduled or manual CI run. Ref: zeroclaw-labs/zeroclaw#618 (item 4 — Fuzz Testing) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-02-17 15:12:08 -05:00

Author

SHA1

Message

Date

Will Sarg

69a3b54968

chore(ci): externalize workflow scripts and relocate main flow doc (#722 )

* feat: Add GitHub Actions workflows for security audits, CodeQL analysis, contributor updates, performance benchmarks, integration tests, fuzz testing, and reusable Rust build jobs

- Implemented `sec-audit.yml` for Rust package security audits using `rustsec/audit-check` and `cargo-deny-action`.
- Created `sec-codeql.yml` for CodeQL analysis scheduled twice daily.
- Added `sync-contributors.yml` to update the NOTICE file with new contributors automatically.
- Introduced `test-benchmarks.yml` for performance benchmarks using Criterion.
- Established `test-e2e.yml` for running integration and end-to-end tests.
- Developed `test-fuzz.yml` for fuzz testing with configurable runtime.
- Created `test-rust-build.yml` as a reusable job for executing Rust commands with customizable parameters.
- Documented main branch delivery flows in `main-branch-flow.md` for clarity on CI/CD processes.

* ci(workflows): update workflow scripts and rename for clarity; remove obsolete lint feedback script

* chore(ci): externalize workflow scripts and relocate main flow doc

2026-02-17 19:48:37 -05:00

Alex Gorevski

217a700bfa

ci: add fuzz testing workflow and harnesses (#629 )

Problem: Security-critical parsing surfaces (config loading, tool
parameter deserialization) have no fuzz testing coverage. Malformed
inputs to these surfaces could cause panics, memory issues, or
unexpected behavior in production.

Solution: Add a weekly cargo-fuzz CI workflow with two initial
harnesses:
- fuzz_config_parse: fuzzes TOML config deserialization
- fuzz_tool_params: fuzzes JSON tool parameter parsing

The workflow runs each target for 300 seconds (configurable via
workflow_dispatch input), uses nightly Rust toolchain (required by
libfuzzer), and uploads crash artifacts for triage with 30-day
retention. Step summaries report pass/fail status per target.

Files added:
- .github/workflows/fuzz.yml (scheduled + manual dispatch)
- fuzz/Cargo.toml (fuzz crate manifest)
- fuzz/fuzz_targets/fuzz_config_parse.rs
- fuzz/fuzz_targets/fuzz_tool_params.rs

Testing: Validated YAML syntax and Cargo.toml structure. Fuzz
harnesses use standard libfuzzer-sys patterns. Actual fuzzing
will execute on first scheduled or manual CI run.

Ref: zeroclaw-labs/zeroclaw#618 (item 4 — Fuzz Testing)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-02-17 15:12:08 -05:00

2 commits