Breaking changes:
- Quick setup now requires --provider flag (no default)
- TUI wizard requires provider selection (no pre-selection)
- Docker compose requires PROVIDER env var
- .env.example no longer defaults to openrouter
Changes:
- wizard.rs: Remove hardcoded "openrouter" defaults, require explicit provider
- tui.rs: Add provider placeholder, require selection before proceeding
- .env.example: Use provider-neutral placeholders
- docker-compose.yml: Require PROVIDER to be explicitly set
- docs: Update examples to be provider-agnostic
This makes ZeroClaw truly provider-agnostic - users must choose
their preferred LLM provider rather than being pushed toward OpenRouter.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use entry().or_insert() for Cache-Control so SSE no-cache is preserved
- Add security_headers_are_set_on_error_responses test
- Addresses CodeRabbit review feedback on #2476
Initialize channel runtime providers through routed provider construction so model_routes, hint defaults, and route-scoped credentials are honored.
Add a regression test that verifies start_channels succeeds when global provider credentials are absent but route-level config is present.
Refs #2537
Wait for either SIGINT or SIGTERM on Unix so daemon mode behaves correctly under container and process-manager termination flows.
Record signal-specific shutdown reasons and add unit tests for shutdown signal labeling.
Refs #2529
On Windows, file paths use backslashes (\) but the test expected forward
slashes (/). The render_skill_location function now normalizes all path
separators to forward slashes for consistent XML output across platforms.
This fixes the failing test:
prompt_skills_compact_mode_omits_instructions_and_tools
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The test `run_tool_call_loop_uses_non_cli_session_grant_without_waiting_for_prompt`
was expecting session grant to bypass interactive approval for shell tool, but
session grant only bypasses non-interactive approvals by design.
Fix: add shell to auto_approve list in test config so echo hi doesn't require
interactive approval, allowing session grant to work as intended.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Previously, the one-time `non_cli_allow_all_once` token only bypassed
non-interactive approvals due to a condition that required
`!requires_interactive_approval`. This caused tools like `shell`
(which require interactive approval in supervised mode) to be blocked
even when the one-time bypass token was consumed.
Fix: Separate the bypass logic:
- One-time bypass token: bypass ALL approvals (including interactive)
- Session grant: bypass only non-interactive approvals (unchanged)
This fixes the failing test
`run_tool_call_loop_consumes_one_time_non_cli_allow_all_token`.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
