polymech/zeroclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,114 Commits 104 Branches 136 Tags 159 MiB
69f4b95f8e
Commit Graph

129 Commits

Author SHA1 Message Date
xj
69f4b95f8e fix(hooks): add JsonSchema derive to HooksConfig and BuiltinHooksConfig 
Upstream main now derives schemars::JsonSchema on all config structs.
Our HooksConfig and BuiltinHooksConfig were missing it, causing CI
Build (Smoke) failure when the merge commit was compiled.
 2026-02-21 13:34:09 +08:00
EC2 Default User
9ff86c372f fix(tools): reject empty old_string in file_edit 2026-02-21 13:32:59 +08:00
reidliu41
34ec788968 feat(tools): add file_edit tool for precise in-place text replacement 2026-02-21 13:32:59 +08:00
Aleksandr Prilipko
0a2609d538 fix(tools): file_read binary file support — PDF extraction + lossy fallback 
Add cascading fallback to file_read tool: UTF-8 → PDF text extraction
(via pdf-extract) → lossy UTF-8 conversion. Binary files no longer
produce errors; PDFs return extracted text, other binaries get lossy
output with U+FFFD replacement characters.

Changes:
- Cargo.toml: add rag-pdf to default features
- file_read.rs: cascading fallback logic + try_extract_pdf_text helper
- file_read.rs: update tool description
- test_document.pdf: replace empty fixture with PDF containing "Hello PDF"
- Tests: remove file_read_rejects_binary_pdf, add unit + e2e tests for
  PDF extraction and lossy binary reads (including live OpenAI Codex e2e)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-21 13:03:13 +08:00
Aleksandr Prilipko
2393b9a551 fix: resolve clippy warnings and rustfmt across codebase 
Address clippy lints (redundant continue, as-cast, match arms, elided
lifetimes, format vs write!) and reformat long cfg attributes and assert
macros to pass `cargo fmt --check` and `cargo clippy -D warnings`.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-21 12:39:34 +08:00
s04
dce3c36053 fix: add usage field to ChatResponse constructors added upstream 
Tests and mock providers added upstream after the branch point now
need the usage field that was introduced in the first commit.
 2026-02-21 12:29:02 +08:00
Aleksandr Prilipko
2af6a25ac2 fix: resolve all compilation, test, and fmt errors on main 
- Remove duplicate `chat` method in reliable.rs (E0201)
- Fix `futures` → `futures_util` imports in agent.rs and loop_.rs (E0433)
- Gate PostgresMemory behind `memory-postgres` feature in cli.rs (E0433)
- Fix regex backreference in XML tool parser (unsupported by regex crate)
- Add missing `skills_prompt_mode` argument in test
- Apply rustfmt to files with formatting issues on main
 2026-02-21 12:09:06 +08:00
EC2 Default User
d32dd7f7c7 fix(tool): pass security policy to cron tools in registry 2026-02-21 02:27:54 +08:00
reidliu41
955ae92f9f feat(tool): add glob_search for workspace file pattern search 
- Problem: Agent relies on `shell` + `find` for file search — fragile syntax, raw output, broad permissions
  - Why it matters: Structured tool reduces failed tool calls and tightens security boundary
  - What changed: New `glob_search` tool in `default_tools` and `all_tools`; searches workspace by glob pattern with
  full security checks
  - What did **not** change (scope boundary): No changes to security policy, config schema, providers, or agent loop
 2026-02-21 02:27:54 +08:00
reidliu41
3db0fa34f2 feat(tool): add line numbers and partial reading to file_read 2026-02-21 02:22:41 +08:00
Chummy
723426c68e fix(tools): adapt pdf_read registration to Arc tool registry 2026-02-21 01:58:25 +08:00
Chummy
ac9e5cb03c fix(tools): surface pdf_read empty-text warning in output 2026-02-21 01:58:25 +08:00
reidliu41
a5521ab7bc feat(tools): add pdf_read tool for workspace PDF text extraction 2026-02-21 01:58:25 +08:00
fettpl
90a565ac5a fix(security): enforce cron tool policy gates 2026-02-20 23:27:05 +08:00
Chummy
2d910e77a7 fix(security): enforce schedule cron and policy gates 2026-02-20 22:04:26 +08:00
Chummy
e6961e0eed feat(delegate): add safe agentic sub-agent tool loop 2026-02-20 19:55:49 +08:00
Chummy
8cafeb02e8
fix(composio): request latest v3 tool versions by default (#1039) 2026-02-19 23:29:09 -05:00
Alex Gorevski
9d0ff54037
Merge pull request #1016 from zeroclaw-labs/test/improve-test-assertions 
test(quality): replace bare .unwrap() with .expect() in agent and shell tests
 2026-02-19 16:16:42 -08:00
Alex Gorevski
c6de02b93b
Merge pull request #1008 from zeroclaw-labs/fix/docs-module-level-docs 
docs(code): add module-level doc blocks to providers, channels, tools, and security
 2026-02-19 15:58:56 -08:00
Argenis
96d5ae0c43
fix(composio): pick first usable account when multiple exist, add connected_accounts alias (#1003) 
Root cause of #959: resolve_connected_account_ref returned None when the entity had more than one connected account for an app, silently dropping auto-resolve and causing every execute call to fail with 'cannot find connected account'. The LLM then looped re-issuing the OAuth URL even though the account was already connected.

- resolve_connected_account_ref now picks the first usable account (ordered by updated_at DESC from the API) instead of returning None when multiple accounts exist
- Add 'connected_accounts' as a dispatch alias for 'list_accounts' in handler, schema enum, and description
- 8 new regression tests

Closes #959
 2026-02-19 17:19:04 -05:00
Alex Gorevski
22bd03c65a test(quality): replace bare .unwrap() with .expect() in agent and shell tests 
Replace bare .unwrap() calls with descriptive .expect() messages in
src/agent/agent.rs and src/tools/shell.rs test modules. Adds meaningful
failure context for memory creation, agent builder, and tool execution
assertions. Addresses audit finding on test assertion quality (§5.2).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-19 13:23:33 -08:00
Alex Gorevski
4a7dff6ef1 docs(code): add module-level doc blocks to providers, channels, tools, and security 
Each major subsystem mod.rs now includes a //! doc block explaining the
subsystem purpose, trait-driven architecture, factory registration pattern,
and extension guidance. This improves the generated rustdoc experience for
developers navigating ZeroClaw's modular architecture.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-19 13:19:46 -08:00
Alex Gorevski
cc07cb66c3 fix(errors): improve config error messages with section paths and remediation hints 
Improve vague error messages in channel initialization and tool setup
to include specific config key paths and remediation steps, matching
the quality standard set by proxy validation errors.

Changes:
- telegram.rs: Include [channels.telegram] section path and required
  fields (bot_token, allowed_users) in missing-config error; add
  onboard hint; specify channels.telegram.allowed_users in pairing
  message; improve parse error context
- whatsapp.rs: Specify channels.whatsapp.allowed_numbers key path
  in unauthorized-number warning
- linq.rs: Specify channels.linq.allowed_senders key path in
  unauthorized-sender warning; add onboard hint
- web_search_tool.rs: Include tools.web_search.provider config path
  and valid values in unknown-provider error

Addresses API surface audit §8.2 (config context in error messages).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-19 11:44:04 -08:00
Chummy
14fb3fbcae fix(composio): resolve connected account refs after OAuth 2026-02-20 01:28:19 +08:00
Chummy
4c249c579f fix(composio): repair v3 execute path and enable alias 2026-02-20 00:07:28 +08:00
Chummy
dcd0bf641d feat: add multimodal image marker support with Ollama vision 2026-02-19 21:25:21 +08:00
Chummy
a5d7911923 feat(runtime): add reasoning toggle for ollama 2026-02-19 21:05:19 +08:00
Chummy
916c0c823b fix: sync gateway pairing persistence and proxy null clears 2026-02-19 18:04:55 +08:00
Jayson Reis
f1ca73d3d2 chore: Remove more blocking io calls 2026-02-19 18:04:55 +08:00
Chummy
268a1dee09 style: apply rustfmt after rebase 2026-02-19 18:03:09 +08:00
Chummy
275d3e7791 style: apply rustfmt to async fs updates 2026-02-19 14:52:29 +08:00
Jayson Reis
b9af601943 chore: Remove blocking read strings 2026-02-19 14:52:29 +08:00
wonder_land
4ecaf6070c fix(tools): remove non-string enum from pushover priority for Gemini compat 
The pushover tool priority parameter schema used integer enum values
[-2, -1, 0, 1, 2]. OpenAI-compatible APIs accept this, but the Gemini
API (and Gemini-relay proxies) strictly require all enum values to be
strings, rejecting the request with 400 Bad Request.

This causes every agent turn to fail with a non_retryable error when
using Gemini models, regardless of user message content, because tool
schemas are included in every request.

Fix: remove the enum constraint, keeping integer type and description
documenting the valid range. This is valid for both OpenAI and Gemini
providers and requires no changes to execute() which already uses
as_i64() with range validation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-19 13:24:23 +08:00
Alex Gorevski
52dc9fd9e9
Merge pull request #883 from agorevski/fix/cleartext-logging-sensitive-data 
fix(security): prevent cleartext logging of sensitive data
 2026-02-18 21:11:31 -08:00
Alex Gorevski
4a9fc9b6cc fix(security): prevent cleartext logging of sensitive data 
Address CodeQL rust/cleartext-logging alerts by breaking data-flow taint
chains from sensitive variables (api_key, credential, session_id, user_id)
to log/print sinks. Changes include:

- Replace tainted profile IDs in println! with untainted local variables
- Add redact() helper for safe logging of sensitive values
- Redact account identifiers in auth status output
- Rename session_id locals in memory backends to break name-based taint
- Rename user_id/user_id_hint in channels to break name-based taint
- Custom Debug impl for ComputerUseConfig to redact api_key field
- Break taint chain in provider credential factory via string reconstruction
- Remove client IP from gateway rate-limit log messages
- Break taint on auth token extraction and wizard credential flow
- Rename composio account ref variable to break name-based taint

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 20:12:45 -08:00
Alex Gorevski
925a352454 fix(security): enforce HTTPS for sensitive data transmission 
Add URL scheme validation before HTTP requests that transmit sensitive
data (account IDs, phone numbers, user IDs). All endpoints already use
HTTPS URLs, but this explicit check satisfies CodeQL rust/cleartext-
transmission analysis and prevents future regressions if URLs are
changed.

Affected files: composio.rs, whatsapp.rs, qq.rs

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 20:03:02 -08:00
Chummy
ce104bed45 feat(proxy): add scoped proxy configuration and docs runbooks 
- add scope-aware proxy schema and runtime wiring for providers/channels/tools

- add agent callable proxy_config tool for fast proxy setup

- standardize docs system with index, template, and playbooks
 2026-02-18 22:10:42 +08:00
Chummy
219764d4d8 fix(channels): recover malformed invoke/tool_call output in daemon mode 2026-02-18 17:01:36 +08:00
Xiangjun Ma
118cd53922 feat(channel): stream LLM responses to Telegram via draft message edits 
Wire the existing provider-layer streaming infrastructure through the
channel trait and agent loop so Telegram users see tokens arrive
progressively via editMessageText, instead of waiting for the full
response.

Changes:
- Add StreamMode enum (off/partial/block) and draft_update_interval_ms
  to TelegramConfig (backward-compatible defaults: off, 1000ms)
- Add supports_draft_updates/send_draft/update_draft/finalize_draft to
  Channel trait with no-op defaults (zero impact on existing channels)
- Implement draft methods on TelegramChannel using sendMessage +
  editMessageText with rate limiting and Markdown fallback
- Add on_delta mpsc::Sender<String> parameter to run_tool_call_loop
  (None preserves existing behavior)
- Wire streaming in process_channel_message: when channel supports
  drafts, send initial draft, spawn updater task, finalize on completion

Edge cases handled:
- 4096-char limit: finalize draft and fall back to chunked send
- Broken Markdown: use no parse_mode during streaming, apply on finalize
- Edit failures: fall back to sending complete response as new message
- Rate limiting: configurable draft_update_interval_ms (default 1s)
 2026-02-18 16:33:33 +08:00
Chummy
a0b277b21e fix(web-search): harden config handling and trim unrelated CI edit 2026-02-18 15:24:21 +08:00
adisusilayasa
1757add64a feat(tools): add web_search_tool for internet search 
Add native web search capability that works regardless of LLM tool-calling
support. This is particularly useful for GLM models via Z.AI that don't
reliably support standard tool calling formats.

Features:
- DuckDuckGo provider (free, no API key required)
- Brave Search provider (optional, requires API key)
- Configurable max results and timeout
- Enabled by default

Configuration (config.toml):
  [web_search]
  enabled = true
  provider = "duckduckgo"
  max_results = 5

The tool allows agents to search the web for current information without
requiring proper tool calling support from the LLM.

Also includes CI workflow fix for first-interaction action inputs.
 2026-02-18 15:24:21 +08:00
Alex Gorevski
9a6fa76825 readd tests, remove markdown files 2026-02-18 14:42:39 +08:00
Chummy
431287184b style(tests): apply rustfmt to brittle-test hardening changes 2026-02-18 14:17:58 +08:00
Alex Gorevski
45cdd25b3d fix(tests): harden brittle tests for cross-platform stability and refactoring resilience 
## Problem

The test suite contained several categories of latent brittleness
identified in docs/testing-brittle-tests.md that would surface during
refactoring or cross-platform (Windows) CI execution:

1. Hardcoded Unix paths: \Path::new("/tmp")\ and \PathBuf::from("/tmp")\
   used as workspace directories in agent tests, which fail on Windows
   where /tmp does not exist.

2. Exact string match assertions: ~20 \ssert_eq!(response, "exact text")\
   assertions in agent unit and e2e tests that break on any mock wording
   change, even when the underlying orchestration behavior is correct.

3. Fragile error message string matching: \.contains("specific message")\
   assertions coupled to internal error wording rather than testing the
   error category or behavioral outcome.

## What Changed

### Hardcoded paths → platform-agnostic temp dirs (4 files, 7 locations)
- \src/agent/tests.rs\: Replaced all 4 instances of \Path::new("/tmp")\
  and \PathBuf::from("/tmp")\ with \std::env::temp_dir()\ in
  \make_memory()\, \uild_agent_with()\, \uild_agent_with_memory()\,
  and \uild_agent_with_config()\ helpers.
- \	ests/agent_e2e.rs\: Replaced all 3 instances in \make_memory()\,
  \uild_agent()\, and \uild_agent_xml()\ helpers.

### Exact string assertions → behavioral checks (2 files, ~20 locations)
- \src/agent/tests.rs\: Converted 10 \ssert_eq!(response, "...")\ to
  \ssert!(!response.is_empty(), "descriptive message")\ across tests for
  text pass-through, tool execution, tool failure recovery, XML dispatch,
  mixed text+tool responses, multi-tool batch, and run_single delegation.
- \	ests/agent_e2e.rs\: Converted 9 exact-match assertions to behavioral
  checks. Multi-turn test now uses \ssert_ne!(r1, r2)\ to verify
  sequential responses are distinct without coupling to exact wording.
- Provider error propagation test simplified to \ssert!(result.is_err())\
  without asserting on the error message string.

### Fragile error message assertions → structural checks (2 files)
- \src/tools/git_operations.rs\: Replaced fragile OR-branch string match
  (\contains("git repository") || contains("Git command failed")\) with
  structural assertions: checks \!result.success\, error is non-empty,
  and error does NOT mention autonomy/read-only (verifying the failure
  is git-related, not permission-related).
- \src/cron/scheduler.rs\: Replaced \contains("agent job failed:")\ with
  \!success\ and \!output.is_empty()\ checks that verify failure behavior
  without coupling to exact log format.

## What Was NOT Changed (and why)
- \src/agent/loop_.rs\ parser tests: Exact string assertions are the
  contract for XML tool call parsing — the exact output IS the spec.
- \src/providers/reliable.rs\: Error message assertions test the error
  format contract (provider/model attribution in failure messages).
- \src/service/mod.rs\: Already platform-gated with \#[cfg]\; XML escape
  test is a formatting contract where exact match is appropriate.
- \src/config/schema.rs\: TOML test strings use /tmp as data values for
  deserialization tests, not filesystem access; HOME tests already use
  \std::env::temp_dir()\.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 14:17:58 +08:00
fettpl
4f9c87ff74 fix(policy): standardize side-effect tool autonomy gates 2026-02-18 12:42:56 +08:00
Edvard
c04f2855e4 feat(tools): expose custom memory categories in memory_store tool 
The MemoryCategory::Custom variant already exists in the memory backend
but the memory_store tool only accepted core/daily/conversation. Now any
string is accepted as a category, passing through to Custom(name) for
non-builtin values.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 12:05:37 +08:00
Alex Gorevski
fbc26be7af fix(policy): treat git branch listing as read-only operation 
Remove 'branch' from requires_write_access() to resolve the
contradiction where branch listing was classified as both read-only
and write-requiring. Branch listing only enumerates local refs and
has no side effects, so it should remain available under ReadOnly
autonomy mode.

Add regression tests:
- branch_is_not_write_gated: verifies classification consistency
- allows_branch_listing_in_readonly_mode: verifies end-to-end
  execution under ReadOnly autonomy
- is_read_only_detection: now explicitly asserts branch is read-only

Resolves zeroclaw-labs/zeroclaw#612

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 09:15:28 +08:00
Will Sarg
42f1d40f1f
fix(ci): unblock dependabot dependency PR checks (#658) 2026-02-17 15:51:07 -05:00
Alex Gorevski
bbe5530c1a
fix(security): disable automatic redirects in http_request tool (#624) 
Closes #607

The http_request tool validated the initial URL against the domain
allowlist and private-host rules, but reqwest's default redirect policy
followed redirects automatically without revalidating each hop. This
allowed SSRF via redirect chains from allowed domains to internal hosts.

Set redirect policy to Policy::none() so 3xx responses are returned
as-is. Callers that need to follow redirects must issue a new request,
which goes through validate_url again.

Severity: High — SSRF/allowlist bypass via redirect chains.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-17 15:15:48 -05:00
Alex Gorevski
290d971d5e
fix(security): reject shell-unsafe chars in screenshot filename (#625) 
Closes #601

The Linux screenshot path uses sh -c with single-quote interpolation.
A filename containing quote characters could break quoting and inject
shell tokens. Add a check that rejects filenames with any shell-breaking
characters (quotes, backticks, dollar signs, semicolons, pipes, etc.)
before passing to the shell command.

Severity: High — command injection in tool execution path.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-17 15:13:17 -05:00