harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/CHANGELOG.md
Chummy 4531c342f5 fix(onboard): remove fragile numeric channel dispatch 
Use enum-backed channel menu dispatch to prevent duplicated match-arm indices and unreachable-pattern warnings (issue #913).

Also switch OpenAI native tool spec parsing to owned serde structs so tool-schema validation compiles.
2026-02-20 01:56:41 +08:00

3.3 KiB
Raw Blame History

Changelog

All notable changes to ZeroClaw will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Security

  • Legacy XOR cipher migration: The enc: prefix (XOR cipher) is now deprecated. Secrets using this format will be automatically migrated to enc2: (ChaCha20-Poly1305 AEAD) when decrypted via decrypt_and_migrate(). A tracing::warn! is emitted when legacy values are encountered. The XOR cipher will be removed in a future release.

Added

  • SecretStore::decrypt_and_migrate() — Decrypts secrets and returns a migrated enc2: value if the input used the legacy enc: format
  • SecretStore::needs_migration() — Check if a value uses the legacy enc: format
  • SecretStore::is_secure_encrypted() — Check if a value uses the secure enc2: format
  • Telegram mention_only mode — New config option mention_only for Telegram channel. When enabled, bot only responds to messages that @-mention the bot in group chats. Direct messages always work regardless of this setting. Default: false.

Deprecated

  • enc: prefix for encrypted secrets — Use enc2: (ChaCha20-Poly1305) instead. Legacy values are still decrypted for backward compatibility but should be migrated.

Fixed

  • Onboarding channel menu dispatch now uses an enum-backed selector instead of hard-coded numeric match arms, preventing duplicated pattern arms and related unreachable pattern compiler warnings in src/onboard/wizard.rs.
  • OpenAI native tool spec parsing now uses owned serializable/deserializable structs, fixing a compile-time type mismatch when validating tool schemas before API calls.

0.1.0 - 2026-02-13

Added

  • Core Architecture: Trait-based pluggable system for Provider, Channel, Observer, RuntimeAdapter, Tool
  • Provider: OpenRouter implementation (access Claude, GPT-4, Llama, Gemini via single API)
  • Channels: CLI channel with interactive and single-message modes
  • Observability: NoopObserver (zero overhead), LogObserver (tracing), MultiObserver (fan-out)
  • Security: Workspace sandboxing, command allowlisting, path traversal blocking, autonomy levels (ReadOnly/Supervised/Full), rate limiting
  • Tools: Shell (sandboxed), FileRead (path-checked), FileWrite (path-checked)
  • Memory (Brain): SQLite persistent backend (searchable, survives restarts), Markdown backend (plain files, human-readable)
  • Heartbeat Engine: Periodic task execution from HEARTBEAT.md
  • Runtime: Native adapter for Mac/Linux/Raspberry Pi
  • Config: TOML-based configuration with sensible defaults
  • Onboarding: Interactive CLI wizard with workspace scaffolding
  • CLI Commands: agent, gateway, status, cron, channel, tools, onboard
  • CI/CD: GitHub Actions with cross-platform builds (Linux, macOS Intel/ARM, Windows)
  • Tests: 159 inline tests covering all modules and edge cases
  • Binary: 3.1MB optimized release build (includes bundled SQLite)

Security

  • Path traversal attack prevention
  • Command injection blocking
  • Workspace escape prevention
  • Forbidden system path protection (/etc, /root, ~/.ssh)