harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
936 commits 1 branch 0 tags 7.8 MiB
Commit graph

936 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jayson Reis
b9af601943 chore: Remove blocking read strings 2026-02-19 14:52:29 +08:00
Chummy
bc0be9a3c1 fix(linq): accept prefixed and uppercase webhook signatures 2026-02-19 14:49:52 +08:00
George McCain
361e750576 feat(channels): add Linq channel for iMessage/RCS/SMS support 
The existing iMessage channel relies on AppleScript and only works on macOS.
Linq provides a REST API for iMessage, RCS, and SMS — this gives ZeroClaw
native iMessage support on any platform via webhooks.

Implements LinqChannel following the same patterns as WhatsAppChannel:
- Channel trait impl (send, listen, health_check, typing indicators)
- Webhook handler with HMAC-SHA256 signature verification
- Sender allowlist filtering
- Onboarding wizard step with connection testing
- 18 unit tests covering parsing, auth, and signature verification

Resolves #656 — the prior issue was closed without a merged PR, so this
is the actual implementation.
 2026-02-19 14:49:52 +08:00
Chummy
e23edde44b docs(readme): add multilingual announcement board and oauth warning 2026-02-19 14:39:27 +08:00
Chummy
cf476a81c1 fix(provider): preserve native Ollama tool history structure 2026-02-19 14:32:43 +08:00
reidliu41
cd59dc65c4 fix(provider): enable native tool calling for OllamaProvider 2026-02-19 14:32:43 +08:00
Chummy
d548caa5f3 fix(channel): clamp configurable timeout to minimum 30s 2026-02-19 14:19:49 +08:00
ZeroClaw Contributor
41a6ed30dd feat(channel): make message timeout configurable via channels_config.message_timeout_secs 
Add configurable timeout for processing channel messages (LLM + tools).
Default: 300s (optimized for on-device LLMs like Ollama).
Can be overridden in config.toml:

[channels_config]
message_timeout_secs = 600
 2026-02-19 14:19:49 +08:00
Alex Gorevski
3abadc4574 remove cost optimization analysis doc 2026-02-18 21:30:09 -08:00
Alex Gorevski
00c0995213 fix(ci): restore broken YAML structure in 3 workflows, revert aggressive STALE_HOURS 
- pr-auto-response.yml: restore permissions, steps, and checkout in
  contributor-tier-issues job (broken by runner swap)
- pr-check-stale.yml: restore steps block and step name
- pr-intake-checks.yml: restore steps block, checkout, and timeout
- pr-check-status.yml: revert STALE_HOURS from 4 to 48 (not a cost
  optimization; 4h is too aggressive), switch to ubuntu-latest per
  PR description

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 21:26:14 -08:00
wonder_land
4ecaf6070c fix(tools): remove non-string enum from pushover priority for Gemini compat 
The pushover tool priority parameter schema used integer enum values
[-2, -1, 0, 1, 2]. OpenAI-compatible APIs accept this, but the Gemini
API (and Gemini-relay proxies) strictly require all enum values to be
strings, rejecting the request with 400 Bad Request.

This causes every agent turn to fail with a non_retryable error when
using Gemini models, regardless of user message content, because tool
schemas are included in every request.

Fix: remove the enum constraint, keeping integer type and description
documenting the valid range. This is valid for both OpenAI and Gemini
providers and requires no changes to execute() which already uses
as_i64() with range validation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 13:24:23 +08:00
Alex Gorevski
8a2d7fe0a6 Merge branch 'algore/cicd-descript-release-matrix' of https://github.com/agorevski/zeroclaw into algore/cicd-descript-release-matrix 2026-02-18 21:23:42 -08:00
Alex Gorevski
a17c35679e add params to actions data 2026-02-18 21:23:31 -08:00
Alex Gorevski
825f42071c
Merge branch 'main' into algore/cicd-descript-release-matrix 2026-02-18 21:15:51 -08:00
Alex Gorevski
44725da08c perf(ci): reduce GitHub Actions costs ~60-65% across all workflows 
Analysis of Feb 17 data showed 400+ workflow runs/day consuming ~398 billable minutes (~200 hours/month projected). Implemented targeted optimizations:

High-impact changes:

- sec-audit.yml: add path filters (Cargo.toml, src/**, crates/**, deny.toml); skip docs-only PRs

- test-benchmarks.yml: move from every-push-to-main to weekly schedule; retention 30d -> 7d

- pub-docker-img.yml: tighten PR smoke build path filters to Docker-specific files only

- sec-codeql.yml: reduce from twice-daily (14 runs/week) to weekly

Medium-impact changes:

- ci-run.yml: merge lint + lint-strict-delta into single job; drop --release from smoke build

- feature-matrix.yml: remove push trigger (weekly-only); remove redundant cargo test step

- dependabot.yml: monthly instead of weekly; reduce PR limits from 11 to 5/month; group all deps

Runner cost savings:

- Switch 6 lightweight API-only workflows to ubuntu-latest (PR Labeler, Intake, Auto Responder, Check Stale, Check Status, Sync Contributors)

- pr-check-status.yml: reduce from every 12h to daily

New files:

- docs/ci-cost-optimization.md: comprehensive analysis and revised architecture documentation

- scripts/ci/fetch_actions_data.py: reusable GitHub Actions cost analysis script

Estimated impact: daily billable minutes ~400 -> ~120-150 (60-65%% reduction), monthly hours ~200 -> ~60-75, Dependabot PRs ~44/month -> ~5 (89%% reduction)
 2026-02-18 21:14:47 -08:00
Alex Gorevski
52dc9fd9e9
Merge pull request #883 from agorevski/fix/cleartext-logging-sensitive-data 
fix(security): prevent cleartext logging of sensitive data
 2026-02-18 21:11:31 -08:00
Alex Gorevski
bbbcd06cca
Merge pull request #882 from agorevski/fix/hardcoded-crypto-test-values-v2 
fix(security): replace hard-coded crypto test values with runtime-generate secrets
 2026-02-18 21:11:23 -08:00
Alex Gorevski
5f9d5a019d
Merge pull request #881 from agorevski/fix/cleartext-transmission-https-enforcement 
fix(security): enforce HTTPS for sensitive data transmission
 2026-02-18 21:11:18 -08:00
Alex Gorevski
4a9fc9b6cc fix(security): prevent cleartext logging of sensitive data 
Address CodeQL rust/cleartext-logging alerts by breaking data-flow taint
chains from sensitive variables (api_key, credential, session_id, user_id)
to log/print sinks. Changes include:

- Replace tainted profile IDs in println! with untainted local variables
- Add redact() helper for safe logging of sensitive values
- Redact account identifiers in auth status output
- Rename session_id locals in memory backends to break name-based taint
- Rename user_id/user_id_hint in channels to break name-based taint
- Custom Debug impl for ComputerUseConfig to redact api_key field
- Break taint chain in provider credential factory via string reconstruction
- Remove client IP from gateway rate-limit log messages
- Break taint on auth token extraction and wizard credential flow
- Rename composio account ref variable to break name-based taint

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 20:12:45 -08:00
Alex Gorevski
9a784954f6 fix(security): replace hard-coded crypto test values with runtime-generated secrets 
Replace hard-coded string literals used as cryptographic keys/secrets in
gateway webhook and WhatsApp signature verification tests with runtime-
generated random values. This resolves CodeQL rust/hard-coded-cryptographic-value
alerts while maintaining identical test coverage.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 20:03:38 -08:00
Alex Gorevski
925a352454 fix(security): enforce HTTPS for sensitive data transmission 
Add URL scheme validation before HTTP requests that transmit sensitive
data (account IDs, phone numbers, user IDs). All endpoints already use
HTTPS URLs, but this explicit check satisfies CodeQL rust/cleartext-
transmission analysis and prevents future regressions if URLs are
changed.

Affected files: composio.rs, whatsapp.rs, qq.rs

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 20:03:02 -08:00
Will Sarg
66c838c374
fix(workflow): reduce STALE_HOURS from 48 to 4 for timely PR nudges (#873) 2026-02-18 22:21:57 -05:00
Chummy
8f7d879fd5 feat(onboard): add and harden Lark/Feishu wizard support 
- add interactive Lark/Feishu setup in onboarding
- validate credentials with timeouts and clearer diagnostics
- add webhook/allowlist safety warnings for insecure defaults
- document interactive onboarding workflow in channels reference

Co-authored-by: HalcyonAzure <53591299+HalcyonAzure@users.noreply.github.com>
 2026-02-19 10:37:47 +08:00
Chummy
606f2860a0 fix(matrix): send markdown replies and improve e2ee diagnostics 
Enable matrix-sdk markdown support and send Matrix messages with text_markdown so clients can render formatted_body.

Add listener startup diagnostics for device verification and backup state to reduce confusion around matrix_sdk_crypto backup warnings.

Expand Matrix docs with backup-warning interpretation, unverified-device guidance, markdown formatting expectations, and updated log keyword appendix.
 2026-02-19 10:23:10 +08:00
Will Sarg
a9fcf6b58c
Add Contributor Covenant Code of Conduct (#867) 
Added Contributor Covenant Code of Conduct to outline community standards and enforcement guidelines.
 2026-02-18 20:28:41 -05:00
Alex Gorevski
7f03ab77a9 test: add systematic test coverage for 7 bug pattern groups (#852) 
Add ~105 test cases across 7 test groups identified in issue #852:

TG1 - Provider resolution (27 tests): Factory resolution, alias mapping,
      custom URLs, auth styles, credential wiring
TG2 - Config persistence (18 tests): Config defaults, TOML roundtrip,
      agent/memory config, workspace dirs
TG3 - Channel routing (14 tests): ChannelMessage identity contracts,
      SendMessage construction, Channel trait send/listen roundtrip
TG4 - Agent loop robustness (12 integration + 14 inline tests): Malformed
      tool calls, failing tools, iteration limits, empty responses, unicode
TG5 - Memory restart (14 tests): Dedup on same key, restart persistence,
      session scoping, recall, concurrent stores, categories
TG6 - Channel message splitting (8+8 inline tests): Code blocks at boundary,
      long words, emoji, CJK chars, whitespace edge cases
TG7 - Provider schema (21 tests): ChatMessage/ToolCall/ChatResponse
      serialization, tool_call_id preservation, auth style variants

Also fixes a bug in split_message_for_telegram() where byte-based indexing
could panic on multi-byte characters (emoji, CJK). Now uses char_indices()
consistent with the Discord split implementation.

Closes #852

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 15:28:34 -08:00
Youhana Sheriff
b43e9eb325 fix(provider): polish kimi-code wiring and onboarding parity 2026-02-19 01:15:02 +08:00
Youhana Sheriff
cb91a2f914 feat(provider): add dedicated kimi-code provider support 2026-02-19 01:15:02 +08:00
Chummy
e8e9c0ea6c Revert "feat(provider): add dedicated kimi-code provider support" 
This reverts commit 88dcd17a30.
 2026-02-19 01:15:02 +08:00
Chummy
5563b755dc Revert "fix(provider): polish kimi-code wiring and onboarding parity" 
This reverts commit 0b66ed026c.
 2026-02-19 01:15:02 +08:00
Chummy
4ec7875c67 chore(docs): remove reports directory 2026-02-18 23:19:10 +08:00
Chummy
dea5dcad36 fix(onboard): refine nvidia nim onboarding catalogs and docs 2026-02-18 23:13:18 +08:00
Chummy
daef8f8094 docs(docs): align navigation inventory and model examples for #774 2026-02-18 22:53:21 +08:00
Chummy
e1aeabdb5f fix(providers): align compatible chat client and response test 2026-02-18 22:50:02 +08:00
Chummy
b4b379e3e7 fix(providers): harden tool fallback and refresh model catalogs 2026-02-18 22:50:02 +08:00
Chummy
43494f8331 fix(observability): remove duplicate no-op observer event arms 2026-02-18 22:47:22 +08:00
Chummy
18b6ea1e79 feat(matrix): enable e2ee flow and add channel operations docs 2026-02-18 22:45:11 +08:00
Chummy
e6029e8cec
test(channels): guard max_tool_iterations wiring for channel runtime (#817) 
* test(channels): add regression coverage for configured tool iteration limits

* chore(ci): refresh checks after first-interaction workflow fix

* test(channels): reconcile merged runtime-route and iteration tests
 2026-02-18 22:40:22 +08:00
Chummy
586254a928 chore(licenses): allow BSL-1.0 in cargo-deny policy 2026-02-18 22:33:51 +08:00
Chummy
0bd2fbba2a feat(providers): add MiniMax OAuth credential flow 2026-02-18 22:31:20 +08:00
Chummy
e3c949b637
fix(workflow): align first-interaction input keys (#821) 
* fix(workflow): use valid first-interaction input keys

* fix(workflows): wire shared label policy path in label jobs
 2026-02-18 22:24:51 +08:00
Chummy
8988a069a6 feat(channels): add runtime provider/model switching for telegram and discord 2026-02-18 22:23:13 +08:00
Chummy
0b66ed026c fix(provider): polish kimi-code wiring and onboarding parity 2026-02-18 22:22:10 +08:00
Chummy
88dcd17a30 feat(provider): add dedicated kimi-code provider support 2026-02-18 22:22:10 +08:00
Chummy
ce104bed45 feat(proxy): add scoped proxy configuration and docs runbooks 
- add scope-aware proxy schema and runtime wiring for providers/channels/tools

- add agent callable proxy_config tool for fast proxy setup

- standardize docs system with index, template, and playbooks
 2026-02-18 22:10:42 +08:00
Chummy
13ee9e6398 test: cover deterministic HashMap ordering paths 2026-02-18 21:55:40 +08:00
Syeda Anshrah Gillani
58bb9fa9a7 refactor: sort HashMap keys for deterministic output in identity and doctor 2026-02-18 21:55:40 +08:00
Chummy
58acf1efd3 fix(provider): surface actionable custom-provider failure diagnostics 2026-02-18 21:50:14 +08:00
Chummy
63364a4bfe docs(mattermost): document mention_only behavior 2026-02-18 21:25:28 +08:00
Chummy
fed8ba21b8 fix(mattermost): handle mention boundary scanning correctly 2026-02-18 21:25:28 +08:00