* ci(homebrew): prefer HOMEBREW_UPSTREAM_PR_TOKEN with fallback
* ci(homebrew): handle existing upstream remote and main base
* feat(tools): Use system default browser instead of hard-coded Brave Browser
---------
Co-authored-by: Will Sarg <12886992+willsarg@users.noreply.github.com>
Adds a `/new` runtime chat command for Telegram and Discord that clears
the sender's conversation history without changing provider or model.
Useful for starting a fresh session when stale context causes issues.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- Register Novita AI in provider factory with NOVITA_API_KEY env var
- Add to integrations registry with active/available status detection
- Configure onboarding wizard with default model and API endpoint
- Add to PR labeler provider keyword hints
- Update providers reference documentation
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Update ci-build-fast.yml to use MIR-precise mode, which reads actual
compiler MIR to build a ground-truth call graph. This stubs 1,060 mono
items (vs 799 with syn-based analysis), reducing fresh build wall time
by 27.2% on a 48-core server (vs 9.1% with syn alone).
Update docs with new benchmark table showing both modes.
Add ci-build-fast.yml that runs a cargo-slicer-optimized release build
alongside the existing Build (Smoke) job. cargo-slicer stubs 2,059
unreachable library functions at the MIR level, skipping their LLVM
codegen. Benchmarks show -11.7% wall time on a 48-core server and
-28.6% on a Raspberry Pi 4; 2-vCPU CI runners should see ~25-30%.
The new job is non-blocking — it does not gate merges.
Add documentation for cargo-slicer, a RUSTC_WRAPPER that stubs
unreachable functions at the MIR level. Benchmarks show 11.7% faster
clean builds on a 48-core server and 28.6% faster on a Raspberry Pi 4.
* fix(gateway): switch default port to 42617 across runtime and docs
* docs(changelog): record 42617 default port migration
* chore(release): bump crate version to 0.1.1
* fix(build): sync Cargo.lock with v0.1.1 manifest
Add Osaurus (https://github.com/dinoki-ai/osaurus) as a named provider,
following the established LM Studio / vLLM pattern with
OpenAiCompatibleProvider and Bearer auth.
Osaurus is a unified AI edge runtime for macOS (Apple Silicon) that goes
beyond traditional local inference servers:
- Local MLX inference (Llama, Qwen, Gemma, GLM, Phi, Nemotron, etc.)
- Cloud provider proxying through a single endpoint
- Multi-API: OpenAI, Anthropic, Ollama, and Open Responses simultaneously
- Built-in MCP (Model Context Protocol) support for tool/context servers
Provider wiring:
- Provider ID: "osaurus", default endpoint: http://localhost:1337/v1
- API key defaults to "osaurus" but is fully optional (keyless access)
- Credential env var: OSAURUS_API_KEY
- Registered as local provider in list_providers()
Onboard wizard:
- Added to all 10 wizard functions (auth, models, endpoints, env vars)
- Curated model list: qwen3-30b-a3b, gemma-3n-e4b, phi-4-mini-reasoning
- Tier 4 local provider with interactive endpoint/key prompts
Tests:
- factory_osaurus, factory_osaurus_uses_default_key_when_none
- factory_osaurus_custom_url, resolve_provider_credential_osaurus_env
- resilient_fallback_includes_osaurus
- Added to factory_all_providers_create_successfully array
Documentation:
- providers-reference.md: table row + Osaurus Server Notes section
- README.md: Osaurus Server Endpoint section
Adds a full NostrChannel implementation enabling ZeroClaw to send and
receive private messages over the Nostr protocol via user-configured
relay WebSocket connections.
Key design decisions:
- Implements the Channel trait in src/channels/nostr.rs; registered via
the existing factory in channels/mod.rs
- Supports both NIP-04 (legacy encrypted DMs) and NIP-17 (gift-wrapped
private messages); replies automatically mirror the sender's protocol
- Deny-by-default allowlist (allowed_pubkeys = [] denies all)
- Private key encrypted at rest via SecretStore (ChaCha20-Poly1305 AEAD)
when secrets.encrypt = true (the default)
- nostr-sdk added with default-features = false and only nip04 + nip59
features to minimise binary size impact
- health_check() returns true if any relay reports is_connected()
Wiring:
- New NostrConfig struct and optional field in ChannelsConfig
- has_supervised_channels() in daemon updated to include nostr
- Onboarding wizard extended with a dedicated Nostr step (key
validation, relay selection, allowlist configuration)
Docs compliance:
- channels-reference.md: channel matrix, delivery modes table, allowlist
field names, numbered config section (4.12), log keyword table (7.2),
and log filter command all updated
- config-reference.md: [channels_config.nostr] sub-section with key
table and security notes added
- network-deployment.md and README.md updated
- .github/pull_request_template.md: resolved stale conflict markers from
chore/labeler-spacing-trusted-tier
Add native vLLM provider support to ZeroClaw
- First-class `vllm` provider with local endpoint defaults (`http://localhost:8000/v1`)
- Optional `VLLM_API_KEY` support
- Onboarding wizard integration (tier menu, endpoint prompt, model discovery, keyless local usage)
- Updated provider/docs references and command documentation
Linq channel code was fully integrated but missing from documentation
surfaces. Add Linq to architecture tables, channels reference, and
config reference so users can discover and configure the channel.
Gemini thinking models (e.g. gemini-3-pro-preview) return response parts
with `thought: true` for internal reasoning and `thoughtSignature` for
opaque signatures. The previous extraction logic blindly took the first
part, which was the thinking part, returning reasoning text instead of the
actual answer.
- Add `thought` field to `ResponsePart` to detect reasoning parts
- Add `effective_text()` on `CandidateContent` to skip thinking/signature
parts and extract only the real answer (falls back to thinking text if
no non-thinking content is available)
- Make `Candidate.content` optional to guard against candidates with no
content (e.g. safety-filtered responses)
- Add 7 focused tests covering thinking, non-thinking, fallback, empty,
multi-part, signature-only, and internal API responses
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Tiếng Việt entries to language selectors in zh-CN, ja, ru root
READMEs and docs hubs; update SUMMARY.md language entry section and
docs-inventory.md classification table.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Convert all Title Case Vietnamese headings to sentence case
(Vietnamese doesn't use Title Case)
- Replace calque translations with natural Vietnamese phrasing:
"Bảo Mật Agnostic" → "Bảo mật không phụ thuộc nền tảng",
"Bảo Mật Không Ma Sát" → "Bảo mật không gây cản trở",
"tư thế bảo mật" → "tình trạng bảo mật",
"kiềm chế ở cấp độ OS" → "cách ly cấp hệ điều hành"
- Standardize terminology: "rõ ràng" → "tường minh" for "explicit"
- Shorten verbose phrasing across navigation docs and references
- Make prose more direct and developer-friendly throughout
21 files touched, 168 lines changed (wording only, no structural changes)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix 3 critical broken links: wrong path depth for README.vi.md and
CONTRIBUTING.md references
- Fix category READMEs (reference/, operations/, security/, hardware/)
linking to English docs instead of Vietnamese siblings
- Fix 6 security proposal files pointing to English config/runbook/
troubleshooting instead of local siblings
- Fix content cross-links in channels-reference, network-deployment,
hardware-peripherals-design, matrix-e2ee-guide, proxy-agent-playbook
- Fix pr-workflow, reviewer-playbook, zai-glm-setup pointing to English
docs hub instead of Vietnamese README.md
- Standardize date format to ISO 8601 (2026-02-20) across all files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full Vietnamese translation of all documentation using directory-per-locale
structure (docs/vi/) instead of flat suffixes. Covers 41 docs across all
categories: getting-started, reference, operations, security, hardware,
datasheets, contributing, and project. Also includes python/README.vi.md.
Translation conventions: natural idiomatic Vietnamese for prose; technical
terms, CLI commands, config keys, and code blocks kept in English.
Supersedes flat-suffix approach from #1092.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add automatic runtime-state migration to /etc/zeroclaw with secure ownership/permissions. Implement env-based config resolution for service startup, eliminating the need for manual --service-init flags in the happy path.
- Add global --config-dir CLI flag that sets ZEROCLAW_CONFIG_DIR env
- Add ZEROCLAW_CONFIG_DIR override in config resolution (takes precedence)
- Update OpenRC script to use --config-dir and set env vars for config/workspace
- Prefer /usr/local/bin/zeroclaw for OpenRC executable
- Create /etc/zeroclaw/workspace directory with correct ownership on install
- Update docs to reflect --service-init flag order (service-level before subcommand)
- Add chown_to_zeroclaw() helper to change directory ownership
- Log directory /var/log/zeroclaw now owned by zeroclaw:zeroclaw
- Fix docs: config file should be owned by zeroclaw:zeroclaw
(service runs as zeroclaw user, needs read access)
Fixes permission denied error when service tries to write logs.
- Add InitSystem enum with auto-detection (systemd/OpenRC)
- Add --service-init CLI flag to override init system detection
- Generate OpenRC init script with security hardening:
- Runs as zeroclaw:zeroclaw user
- umask 027 for file permissions
- Logs to /var/log/zeroclaw/
- Depends on net and firewall
- Require root for OpenRC install with clear error message
- Warn if binary is in home directory
- Add OpenRC auto-restart support in channels module
- Document OpenRC setup in README and network-deployment.md
Non-goals:
- No changes to systemd behavior
- No user-level OpenRC services
- No other init systems (SysV, runit, s6)
Security: OpenRC install requires root, validates user, creates
directories with proper permissions
Adds onboarding decision tree to getting-started/README.md so users can
quickly identify the right setup command for their situation.
Adds hardware vision overview to hardware/README.md explaining the
Peripheral trait and supported board types.
Expands project/README.md with scope explanation describing the purpose
of project snapshots and how they relate to documentation maintenance.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace the non-functional OpenAI-compatible stub with a purpose-built
Bedrock provider that implements AWS SigV4 signing from first principles
using hmac/sha2/hex crates — no AWS SDK dependency.
Key capabilities:
- SigV4 authentication (AKSK + optional session token)
- Converse API with native tool calling support
- Prompt caching via cachePoint heuristics
- Proper URI encoding for model IDs containing colons
- Resilient response parsing with unknown block type fallback
Also updates:
- Factory wiring and credential resolution bypass for AKSK auth
- Onboard wizard with Bedrock-specific model selection and guidance
- Provider reference docs with auth, region, and model ID details
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
