The GLM/Zhipu provider was using the generic OpenAI-compatible provider,
which failed because:
- Zhipu requires JWT authentication (HS256 with sign_type: SIGN header),
not raw Bearer tokens
- The endpoint uses /v4/chat/completions, not /v1/
- default_model_for_provider() had no GLM case, silently defaulting to
a Claude model
Changes:
- Add src/providers/glm.rs with JWT token generation, caching, and
correct Z.AI international endpoint
- Wire GLM provider into factory (mod.rs) replacing the broken
OpenAI-compatible shim
- Add ring dependency for HMAC-SHA256 signing
- Add GLM-4.7 and GLM-4.7-Flash to onboarding wizard model list
- Fix default_model_for_provider() to return glm-4.7 for GLM provider
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hash paired bearer tokens with SHA-256 before storing in config and
in-memory. When authenticating, hash the incoming token and compare
against stored hashes. Backward compatible: existing plaintext tokens
(zc_ prefix) are detected and hashed on load; already-hashed tokens
(64-char hex) are stored as-is.
Closes#58
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add port and host fields to GatewayConfig with defaults (3000, 127.0.0.1)
- Enhanced apply_env_overrides() to support:
- ZEROCLAW_GATEWAY_PORT or PORT - Gateway server port
- ZEROCLAW_GATEWAY_HOST or HOST - Gateway bind address
- ZEROCLAW_TEMPERATURE - Default temperature (0.0-2.0)
- Add comprehensive tests for all new env var overrides
- Fix clippy warnings (is_multiple_of, too_many_lines)
Closes#45
- Fixed E0425 error in src/skills/mod.rs by moving println! inside #[cfg(unix)] block where 'dest' variable is in scope
- Added missing 'identity' field to Config struct initializations in src/onboard/wizard.rs
- Fixed import paths for AIEOS identity functions in src/channels/mod.rs
- Added comprehensive symlink edge case tests in src/skills/symlink_tests.rs
- All 840 tests passing, 0 clippy warnings
Resolves issue #28: skills symlink functionality now works correctly on Unix platforms with proper error handling on non-Unix platforms
- Expand communication style presets (professional, expressive, custom)
- Enrich SOUL.md with human-like tone and emoji-awareness guidance
- Add crash recovery and sub-task scoping guidance to AGENTS.md scaffold
- Add 'Use when / Don't use when' guidance to TOOLS.md and runtime prompts
- Implement memory hygiene system with configurable archiving and retention
- Add MemoryConfig options: hygiene_enabled, archive_after_days, purge_after_days, conversation_retention_days
- Archive old daily memory and session files to archive subdirectories
- Purge old archives and prune stale SQLite conversation rows
- Add comprehensive tests for new features
The previous secret store used a repeating-key XOR cipher which is
cryptographically broken:
- Deterministic (no nonce) — identical plaintexts produce identical
ciphertexts
- No authentication — tampered ciphertext decrypts silently
- Vulnerable to known-plaintext attacks (e.g., "sk-" prefix reveals
key bytes)
Replace with ChaCha20-Poly1305 authenticated encryption:
- Random 12-byte nonce per encryption (non-deterministic)
- Poly1305 authentication tag detects tampering
- Uses the same 32-byte key file (no migration needed for keys)
New ciphertext format is `enc2:<hex(nonce || ciphertext || tag)>`.
Legacy `enc:` values (XOR) are still decryptable for backward
compatibility during migration.
Adds chacha20poly1305 0.10 crate (pure Rust, no C dependencies).
New tests: tamper detection, wrong-key rejection, nonce uniqueness,
truncation handling, legacy XOR backward compatibility.
CWE-327 / CRIT-1
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
