The GLM/Zhipu provider was using the generic OpenAI-compatible provider,
which failed because:
- Zhipu requires JWT authentication (HS256 with sign_type: SIGN header),
not raw Bearer tokens
- The endpoint uses /v4/chat/completions, not /v1/
- default_model_for_provider() had no GLM case, silently defaulting to
a Claude model
Changes:
- Add src/providers/glm.rs with JWT token generation, caching, and
correct Z.AI international endpoint
- Wire GLM provider into factory (mod.rs) replacing the broken
OpenAI-compatible shim
- Add ring dependency for HMAC-SHA256 signing
- Add GLM-4.7 and GLM-4.7-Flash to onboarding wizard model list
- Fix default_model_for_provider() to return glm-4.7 for GLM provider
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tests that set/remove the same environment variables can race when
cargo test runs them in parallel. Merges each racing pair into a
single test function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tests that set/remove the same environment variables can race when
cargo test runs them in parallel. Merges each racing pair into a
single test function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extends the temperature test fix to also cover provider, api_key, port,
and host env-var tests that had the same race condition.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tests that set/remove the same environment variables can race when
cargo test runs them in parallel. Merges each racing pair into a
single test function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tests that set/remove the same environment variables (PROVIDER,
PORT, HOST, TEMPERATURE, API_KEY) can race when cargo test runs
them in parallel. Merges each racing pair into a single test function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add open-skills auto-clone/pull/sync support in skills loader
- Clone https://github.com/besoeasy/open-skills to ~/open-skills
- Weekly sync via .zeroclaw-open-skills-sync marker
- Env controls: ZEROCLAW_OPEN_SKILLS_ENABLED, ZEROCLAW_OPEN_SKILLS_DIR
- Load open-skills markdown files before workspace skills
- Track Skill.location for accurate prompt rendering
- Update system prompt to render skill.location with fallback
- Use actual file path when available
- Maintain backward compatibility with workspace SKILL.md path
- Fix clippy warnings across tests and supporting files
- Readable timestamp literals
- Remove underscore bindings in tests
- Use struct update syntax for Config::default() patterns
- Fix module inception, duplicate attributes, manual strip
- Clean raw string hashes and empty string construction
Resolves: #77
The `is_multiple_of` method is unstable before Rust 1.87, breaking Docker
builds that use rust:1.83-slim. Also merges the two temperature env-var
tests into one to eliminate the race condition when tests run in parallel.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use bitwise & instead of && to avoid short-circuit timing leak
- Use get().unwrap_or(&0) instead of if/else for branchless byte access
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Check for empty USERNAME env var before running icacls to avoid a
doomed invocation with ":F" grant argument
- Log a clear warning when USERNAME is empty
- Add tracing::debug on successful permission set
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add missing assertion for variant_match (byte[8] UUID v4 variant bits)
which was computed but never checked.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- use rusqlite with SQLITE_OPEN_READ_ONLY | SQLITE_OPEN_NO_MUTEX
- run sync sqlite reads via spawn_blocking
- bind since_rowid with ?1 parameter to avoid SQL interpolation
- add comprehensive edge-case tests for message fetch and rowid helpers
Fixes#50
Add tower-http TimeoutLayer with the existing REQUEST_TIMEOUT_SECS (30s)
constant and 408 Request Timeout status code. Previously, the constant
was defined but no timeout middleware was applied, allowing slow
requests to hold connections indefinitely (slow-loris risk).
Closes#60
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the early return on length mismatch that leaked length
information via timing. Now iterates over max(a.len(), b.len()),
padding the shorter input with zeros, and checks both byte-level
differences and length equality at the end.
Closes#57
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace silently discarded icacls result with proper error handling
that logs a tracing::warn! on failure. Previously, if icacls failed
(binary not found, permission denied), the key file would remain
world-readable on Windows with no indication of the problem.
Closes#56
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Log full error details server-side with tracing::error! and return
generic messages to clients. Previously, the raw anyhow error chain
(which could include provider URLs, HTTP status codes, or partial
request bodies) was forwarded to end users.
Closes#59
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use ChaCha20Poly1305::generate_key(&mut OsRng) to generate encryption
keys directly from the OS CSPRNG, providing full 256-bit entropy without
the fixed version/variant bits that UUID v4 introduces (6 fixed bits
per 128-bit UUID = only 244 effective bits from two UUIDs).
Closes#54
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add .github/workflows/docker.yml for automated Docker builds
- Publishes to ghcr.io/theonlyhennygod/zeroclaw
- Builds on push to main and tags (v*)
- Multi-platform support (linux/amd64, linux/arm64)
- Update docker-compose.yml to use GHCR image
Part of #45
- Add port and host fields to GatewayConfig with defaults (3000, 127.0.0.1)
- Enhanced apply_env_overrides() to support:
- ZEROCLAW_GATEWAY_PORT or PORT - Gateway server port
- ZEROCLAW_GATEWAY_HOST or HOST - Gateway bind address
- ZEROCLAW_TEMPERATURE - Default temperature (0.0-2.0)
- Add comprehensive tests for all new env var overrides
- Fix clippy warnings (is_multiple_of, too_many_lines)
Closes#45
