zeroclaw

Author	SHA1	Message	Date
Will Sarg	13a42935ae	fix(workflows): correct Blacksmith runner label typo (#437 ) * chore(workflows): complete migration to Blacksmith cloud runners Migrate remaining workflows from self-hosted axecap runners to Blacksmith: - docker.yml: publish job - release.yml: publish job - security.yml: audit and deny jobs (conditional on push events) This completes the transition away from self-hosted infrastructure. Axecap runner registrations (IDs 21, 22) have been removed. All workflows now use blacksmith-2vcpu-ubuntu-2404 label for consistency. * fix(workflows): correct Blacksmith runner label typo Fix typo in runner labels: blacksmith-2vcpu-ubuntu-240 -> blacksmith-2vcpu-ubuntu-2404 Affected workflows: - workflow-sanity.yml: no-tabs and actionlint jobs - ci.yml: test, build, and docs-quality jobs This fixes the stuck workflows that were queued indefinitely waiting for non-existent runner labels.	2026-02-16 16:45:10 -05:00
Will Sarg	081866845f	fix(ci): standardize runner configuration for CI jobs	2026-02-16 16:08:02 -05:00
blacksmith-sh[bot]	15bccf11d7	Migrate workflows to Blacksmith (#428 ) Co-authored-by: blacksmith-sh[bot] <157653362+blacksmith-sh[bot]@users.noreply.github.com>	2026-02-16 15:58:54 -05:00
fettpl	9df5a07640	ci: pin all GitHub Actions to full SHA digests Pin every third-party GitHub Action to its current commit SHA with a version comment, eliminating supply chain risk from mutable version tags. Mutable tags (v4, v2, etc.) can be force-pushed by upstream maintainers; SHA digests are immutable. 18 unique actions pinned across 9 workflow files. Closes #357 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-16 17:32:18 +01:00
Will Sarg	13d411cd2b	ci: route trusted pushes to self-hosted runner (#369 )	2026-02-16 10:56:53 -05:00
dependabot[bot]	bd137c89fb	build(deps): bump DavidAnson/markdownlint-cli2-action from 20 to 22 (#312 ) Bumps [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) from 20 to 22. - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](https://github.com/davidanson/markdownlint-cli2-action/compare/v20...v22) --- updated-dependencies: - dependency-name: DavidAnson/markdownlint-cli2-action dependency-version: '22' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-16 07:42:22 -05:00
Chummy	6d56a040ce	docs: strengthen collaboration governance and AGENTS engineering protocol (#263 ) * docs: harden collaboration policy and review automation * ci(docs): remove unsupported lychee --exclude-mail flag * docs(governance): reduce automation side-effects and tighten risk controls * docs(governance): add backlog pruning and supersede protocol * docs(agents): codify engineering principles and risk-tier workflow * docs(readme): add centered star history section at bottom * docs(agents): enforce privacy-safe and neutral test wording * docs(governance): enforce privacy-safe and neutral collaboration checks * fix(ci): satisfy rustfmt and discord schema test fields * docs(governance): require ZeroClaw-native identity wording * docs(agents): add ZeroClaw identity-safe naming palette * docs(governance): codify code naming and architecture contracts * docs(contributing): add naming and architecture good/bad examples * docs(pr): reduce checkbox TODOs and shift to label-first metadata * docs(pr): remove duplicate collaboration track field * ci(labeler): auto-derive module labels and expand provider hints * ci(labeler): auto-apply trusted contributor on PRs and issues * fix(ci): apply rustfmt updates from latest main * ci(labels): flatten namespaces and add contributor tiers * chore: drop stale rustfmt-only drift * ci: scope Rust and docs checks by change set * ci: exclude non-markdown docs from docs-quality targets * ci: satisfy actionlint shellcheck output style * ci(labels): auto-correct manual contributor tier edits * ci(labeler): auto-correct risk label edits * ci(labeler): auto-correct size label edits --------- Co-authored-by: Chummy <183474434+chumyin@users.noreply.github.com>	2026-02-16 05:59:04 -05:00
Chummy	b442a07530	fix(memory): prevent autosave key collisions across runtime flows Fixes #221 - SQLite Memory Override bug. This PR resolves memory overwrite behavior in autosave paths by replacing fixed memory keys with unique keys, and improves short-horizon recall quality in channel runtime. Root Cause SQLite memory uses a unique constraint on `memories.key` and writes with `ON CONFLICT(key) DO UPDATE`. Several autosave paths reused fixed keys (or sender-stable keys), so newer messages overwrote earlier conversation entries. Changes - Channel runtime: autosave key changed from `channel_sender` to `channel_sender_messageId` - Added memory-context injection before provider calls (aligned with agent loop behavior) - Agent loop: autosave keys changed from fixed `user_msg`/`assistant_resp` to UUID-suffixed keys - Gateway: Webhook/WhatsApp autosave keys changed to UUID-suffixed keys All CI checks passing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 22:55:52 -05:00
Will Sarg	82ffb36f90	chore(ci): document and harden workflow pipeline (#241 ) * docs(ci): add CI workflow map and cross-links * chore(ci): harden workflow determinism and safety * chore(ci): address workflow review feedback * style(ci): normalize workflow and ci-map formatting	2026-02-15 20:42:47 -05:00
Chummy	c80b118963	fix(docker): pin builder to bookworm to avoid glibc runtime mismatch * fix(docker): pin builder to bookworm for glibc compatibility * ci: skip rust lint on non-Rust PRs and allow 0BSD * ci: pin actionlint action to existing release tag * ci: make docs-only matcher shellcheck-clean --------- Co-authored-by: chumyin <chumyin@users.noreply.github.com>	2026-02-15 15:03:29 -05:00
Chummy	dfe648d5ae	chore(ci): establish PR governance for agent collaboration (#177 ) * chore(ci): establish PR governance for agent collaboration * docs: add AGENTS playbook and strengthen agent collaboration workflow --------- Co-authored-by: chumyin <183474434+chumyin@users.noreply.github.com>	2026-02-15 12:41:16 -05:00
Argenis	5cc02c5813	fix: add WhatsApp webhook signature verification (X-Hub-Signature-256) Closes #51 - Add HMAC-SHA256 signature verification for WhatsApp webhooks - Prevents message spoofing attacks (CWE-345) - Add whatsapp_app_secret config field with ZEROCLAW_WHATSAPP_APP_SECRET env override - Add 13 comprehensive unit tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 06:17:24 -05:00
Argenis	658b9fa4fc	Update CI workflow to simplify steps and add build Removed unnecessary steps for formatting and clippy checks, and added a build step.	2026-02-14 17:53:39 -05:00
argenis de la rosa	860b6acc31	ci: make test job non-blocking to unblock PRs	2026-02-14 17:41:09 -05:00
argenis de la rosa	76074cb789	fix: run Docker container as non-root user (closes #34 ) - Switch to gcr.io/distroless/cc-debian12:nonroot - Add explicit USER 65534:65534 directive - Add Docker security CI job verifying non-root UID, :nonroot base, and USER directive - Document CIS Docker Benchmark compliance in SECURITY.md - Add tests and edge cases for container security	2026-02-14 13:16:33 -05:00
argenis de la rosa	05cb353f7f	feat: initial release — ZeroClaw v0.1.0 - 22 AI providers (OpenRouter, Anthropic, OpenAI, Mistral, etc.) - 7 channels (CLI, Telegram, Discord, Slack, iMessage, Matrix, Webhook) - 5-step onboarding wizard with Project Context personalization - OpenClaw-aligned system prompt (SOUL.md, IDENTITY.md, USER.md, AGENTS.md, etc.) - SQLite memory backend with auto-save - Skills system with on-demand loading - Security: autonomy levels, command allowlists, cost limits - 532 tests passing, 0 clippy warnings	2026-02-13 12:19:14 -05:00

16 commits