zeroclaw

harald/zeroclaw

Fork 0

Commit graph

Author	SHA1	Message	Date
argenis de la rosa	f8befafe4d	feat: add Composio tool provider + encrypted secret store + wizard integration - src/tools/composio.rs: ComposioTool implementing Tool trait - list/execute/connect actions via Composio API (1000+ OAuth apps) - 60s timeout, proper error handling, JSON schema for LLM - 12 tests covering schema, validation, serde, error paths - src/security/secrets.rs: SecretStore for encrypted credential storage - XOR cipher with random 32-byte key stored in ~/.zeroclaw/.secret_key - enc: prefix for encrypted values, plaintext passthrough (backward compat) - Key file created with 0600 permissions (Unix) - 16 tests: roundtrip, unicode, long secrets, corrupt hex, permissions - src/config/schema.rs: ComposioConfig + SecretsConfig structs - Composio: enabled (default: false), api_key, entity_id - Secrets: encrypt (default: true) - Both with serde(default) for backward compatibility - 8 new config tests - src/onboard/wizard.rs: new Step 5 'Tool Mode & Security' - Sovereign (local only) vs Composio (managed OAuth) selection - Encrypted secret storage toggle (default: on) - 7-step wizard (was 6) - src/tools/mod.rs: all_tools() now accepts optional composio_key - src/agent/loop_.rs: wires Composio key from config into tool registry - README.md: Composio integration + encrypted secrets documentation 1017 tests, 0 clippy warnings, cargo fmt clean.	2026-02-14 02:41:29 -05:00
argenis de la rosa	b2aff60722	security: pass all 4 checklist items — gateway not public, pairing required, filesystem scoped, tunnel access Security checklist from @anshnanda / @ledger_eth: ✅ Gateway not public — default bind 127.0.0.1, refuses 0.0.0.0 without tunnel or explicit allow_public_bind=true in config ✅ Pairing required — one-time 6-digit code printed on startup, exchanged for bearer token via POST /pair, enforced on all /webhook requests ✅ Filesystem scoped (no /) — workspace_only=true by default, null byte injection blocked, 14 system dirs + 4 sensitive dotfiles in forbidden list, is_resolved_path_allowed() for symlink escape prevention ✅ Access via Tailscale/SSH tunnel — tunnel system integrated, gateway refuses public bind without active tunnel New files: src/security/pairing.rs — PairingGuard with OTP generation, constant-time code comparison, bearer token issuance, token persistence Changed files: src/config/schema.rs — GatewayConfig (require_pairing, allow_public_bind, paired_tokens), expanded AutonomyConfig forbidden_paths src/config/mod.rs — export GatewayConfig src/gateway/mod.rs — public bind guard, pairing enforcement on /webhook, /pair endpoint, /health no longer leaks version/memory info src/security/policy.rs — null byte blocking, is_resolved_path_allowed(), expanded forbidden_paths (14 system dirs + 4 dotfiles) src/security/mod.rs — export pairing module src/onboard/wizard.rs — wire gateway config 935 tests passing (up from 905), 0 clippy warnings, cargo fmt clean	2026-02-14 00:39:51 -05:00
argenis de la rosa	05cb353f7f	feat: initial release — ZeroClaw v0.1.0 - 22 AI providers (OpenRouter, Anthropic, OpenAI, Mistral, etc.) - 7 channels (CLI, Telegram, Discord, Slack, iMessage, Matrix, Webhook) - 5-step onboarding wizard with Project Context personalization - OpenClaw-aligned system prompt (SOUL.md, IDENTITY.md, USER.md, AGENTS.md, etc.) - SQLite memory backend with auto-save - Skills system with on-demand loading - Security: autonomy levels, command allowlists, cost limits - 532 tests passing, 0 clippy warnings	2026-02-13 12:19:14 -05:00

Author

SHA1

Message

Date

argenis de la rosa

f8befafe4d

feat: add Composio tool provider + encrypted secret store + wizard integration

- src/tools/composio.rs: ComposioTool implementing Tool trait
  - list/execute/connect actions via Composio API (1000+ OAuth apps)
  - 60s timeout, proper error handling, JSON schema for LLM
  - 12 tests covering schema, validation, serde, error paths

- src/security/secrets.rs: SecretStore for encrypted credential storage
  - XOR cipher with random 32-byte key stored in ~/.zeroclaw/.secret_key
  - enc: prefix for encrypted values, plaintext passthrough (backward compat)
  - Key file created with 0600 permissions (Unix)
  - 16 tests: roundtrip, unicode, long secrets, corrupt hex, permissions

- src/config/schema.rs: ComposioConfig + SecretsConfig structs
  - Composio: enabled (default: false), api_key, entity_id
  - Secrets: encrypt (default: true)
  - Both with serde(default) for backward compatibility
  - 8 new config tests

- src/onboard/wizard.rs: new Step 5 'Tool Mode & Security'
  - Sovereign (local only) vs Composio (managed OAuth) selection
  - Encrypted secret storage toggle (default: on)
  - 7-step wizard (was 6)

- src/tools/mod.rs: all_tools() now accepts optional composio_key
- src/agent/loop_.rs: wires Composio key from config into tool registry
- README.md: Composio integration + encrypted secrets documentation

1017 tests, 0 clippy warnings, cargo fmt clean.

2026-02-14 02:41:29 -05:00

argenis de la rosa

b2aff60722

security: pass all 4 checklist items — gateway not public, pairing required, filesystem scoped, tunnel access

Security checklist from @anshnanda / @ledger_eth:
  ✅ Gateway not public — default bind 127.0.0.1, refuses 0.0.0.0 without
     tunnel or explicit allow_public_bind=true in config
  ✅ Pairing required — one-time 6-digit code printed on startup, exchanged
     for bearer token via POST /pair, enforced on all /webhook requests
  ✅ Filesystem scoped (no /) — workspace_only=true by default, null byte
     injection blocked, 14 system dirs + 4 sensitive dotfiles in forbidden
     list, is_resolved_path_allowed() for symlink escape prevention
  ✅ Access via Tailscale/SSH tunnel — tunnel system integrated, gateway
     refuses public bind without active tunnel

New files:
  src/security/pairing.rs — PairingGuard with OTP generation, constant-time
    code comparison, bearer token issuance, token persistence

Changed files:
  src/config/schema.rs — GatewayConfig (require_pairing, allow_public_bind,
    paired_tokens), expanded AutonomyConfig forbidden_paths
  src/config/mod.rs — export GatewayConfig
  src/gateway/mod.rs — public bind guard, pairing enforcement on /webhook,
    /pair endpoint, /health no longer leaks version/memory info
  src/security/policy.rs — null byte blocking, is_resolved_path_allowed(),
    expanded forbidden_paths (14 system dirs + 4 dotfiles)
  src/security/mod.rs — export pairing module
  src/onboard/wizard.rs — wire gateway config

935 tests passing (up from 905), 0 clippy warnings, cargo fmt clean

2026-02-14 00:39:51 -05:00

argenis de la rosa

05cb353f7f

feat: initial release — ZeroClaw v0.1.0

- 22 AI providers (OpenRouter, Anthropic, OpenAI, Mistral, etc.)
- 7 channels (CLI, Telegram, Discord, Slack, iMessage, Matrix, Webhook)
- 5-step onboarding wizard with Project Context personalization
- OpenClaw-aligned system prompt (SOUL.md, IDENTITY.md, USER.md, AGENTS.md, etc.)
- SQLite memory backend with auto-save
- Skills system with on-demand loading
- Security: autonomy levels, command allowlists, cost limits
- 532 tests passing, 0 clippy warnings

2026-02-13 12:19:14 -05:00

3 commits