zeroclaw

History

argenis de la rosa 542bb80743 security: harden architecture against Moltbot security model - Discord: add allowed_users field + sender validation in listen() - Slack: add allowed_users field + sender validation in listen() - Webhook: add X-Webhook-Secret header auth (401 on mismatch) - SecurityPolicy: add ActionTracker with sliding-window rate limiting - record_action() enforces max_actions_per_hour - is_rate_limited() checks without recording - Gateway: print auth status on startup (ENABLED/DISABLED) - 22 new tests (Discord/Slack allowlists, gateway header extraction, rate limiter: starts at zero, records, allows within limit, blocks over limit, clone independence) - 554 tests passing, 0 clippy warnings	2026-02-13 15:31:21 -05:00
..
mod.rs	feat: initial release — ZeroClaw v0.1.0	2026-02-13 12:19:14 -05:00
wizard.rs	security: harden architecture against Moltbot security model	2026-02-13 15:31:21 -05:00

argenis de la rosa 542bb80743 security: harden architecture against Moltbot security model

- Discord: add allowed_users field + sender validation in listen()
- Slack: add allowed_users field + sender validation in listen()
- Webhook: add X-Webhook-Secret header auth (401 on mismatch)
- SecurityPolicy: add ActionTracker with sliding-window rate limiting
  - record_action() enforces max_actions_per_hour
  - is_rate_limited() checks without recording
- Gateway: print auth status on startup (ENABLED/DISABLED)
- 22 new tests (Discord/Slack allowlists, gateway header extraction,
  rate limiter: starts at zero, records, allows within limit,
  blocks over limit, clone independence)
- 554 tests passing, 0 clippy warnings

2026-02-13 15:31:21 -05:00

mod.rs

feat: initial release — ZeroClaw v0.1.0

2026-02-13 12:19:14 -05:00

wizard.rs

security: harden architecture against Moltbot security model

2026-02-13 15:31:21 -05:00