polymech/zeroclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ccbff49cb6
zeroclaw/src/lib.rs
Will Sarg 02b5997d1d
feat(verifiable_intent): add native verifiable intent lifecycle module (#2938) 
* feat(verifiable_intent): add native verifiable intent lifecycle module

Implements a Rust-native Verifiable Intent (VI) subsystem for ZeroClaw,
providing full credential lifecycle support for commerce agent authorization
using SD-JWT layered credentials.

New module: src/verifiable_intent/
- error.rs: ViError/ViErrorKind (25+ variants), implements std::error::Error
- types.rs: JWK, Cnf, Entity, Constraint (8 variants), Immediate/Autonomous
  mandate structs, Fulfillment, Layer1/Layer2/CredentialChain
- crypto.rs: base64url helpers, SD hash, JWS sign/verify, EC P-256 key
  generation/loading, disclosure creation, SD-JWT serialize/parse
- verification.rs: StrictnessMode, ChainVerificationResult,
  ConstraintCheckResult, verify_timestamps, verify_sd_hash_binding,
  verify_l3_cross_reference, verify_checkout_hash_binding, check_constraints
- issuance.rs: create_layer2_immediate, create_layer2_autonomous,
  create_layer3_payment, create_layer3_checkout

New tool: src/tools/verifiable_intent.rs
- VerifiableIntentTool implementing Tool trait (name: vi_verify)
- Operations: verify_binding, evaluate_constraints, verify_timestamps
- Gated behind verifiable_intent.enabled config flag

Wiring:
- src/lib.rs: pub mod verifiable_intent
- src/main.rs: mod verifiable_intent (binary re-declaration)
- src/config/schema.rs: VerifiableIntentConfig struct, field on Config
- src/config/mod.rs: re-exports VerifiableIntentConfig
- src/onboard/wizard.rs: default field in Config literals
- src/tools/mod.rs: conditional tool registration

Uses only existing deps: ring (ECDSA P-256), sha2, base64, serde_json,
chrono, anyhow. No new dependencies added.

Validation: cargo fmt clean, cargo clippy -D warnings clean,
cargo test --lib -- verifiable_intent passes (44 tests)

* chore(verifiable_intent): add Apache 2.0 attribution for VI spec reference

The src/verifiable_intent/ module is a Rust-native reimplementation based
on the Verifiable Intent open specification and reference implementation by
genereda (https://github.com/genereda/verifiable-intent), Apache 2.0.

- Add attribution section to src/verifiable_intent/mod.rs doc comment
- Add third-party attribution entry to NOTICE per Apache 2.0 section 4(d)

* fix(verifiable_intent): correct VI attribution URL and author

Replace hallucinated github.com/genereda/verifiable-intent with the
actual remote: github.com/agent-intent/verifiable-intent

* fix(verifiable_intent): remove unused pub re-exports to fix clippy

Remove unused re-exports of ViError, ViErrorKind, types::*,
ChainVerificationResult, and ConstraintCheckResult from the module
root. Only StrictnessMode is used externally.

---------

Co-authored-by: argenis de la rosa <theonlyhennygod@gmail.com>
2026-03-24 15:30:40 +03:00

563 lines
18 KiB
Rust
Raw Blame History

#![warn(clippy::all, clippy::pedantic)]
#![allow(
clippy::assigning_clones,
clippy::bool_to_int_with_if,
clippy::case_sensitive_file_extension_comparisons,
clippy::cast_possible_wrap,
clippy::doc_markdown,
clippy::field_reassign_with_default,
clippy::float_cmp,
clippy::implicit_clone,
clippy::items_after_statements,
clippy::map_unwrap_or,
clippy::manual_let_else,
clippy::missing_errors_doc,
clippy::missing_panics_doc,
clippy::module_name_repetitions,
clippy::must_use_candidate,
clippy::new_without_default,
clippy::needless_pass_by_value,
clippy::needless_raw_string_hashes,
clippy::redundant_closure_for_method_calls,
clippy::return_self_not_must_use,
clippy::similar_names,
clippy::single_match_else,
clippy::struct_field_names,
clippy::too_many_lines,
clippy::uninlined_format_args,
clippy::unnecessary_cast,
clippy::unnecessary_lazy_evaluations,
clippy::unnecessary_literal_bound,
clippy::unnecessary_map_or,
clippy::unused_self,
clippy::cast_precision_loss,
clippy::unnecessary_wraps,
dead_code
)]
use clap::Subcommand;
use serde::{Deserialize, Serialize};
pub mod agent;
pub(crate) mod approval;
pub(crate) mod auth;
pub mod channels;
pub mod commands;
pub mod config;
pub(crate) mod cost;
pub(crate) mod cron;
pub(crate) mod daemon;
pub(crate) mod doctor;
pub mod gateway;
pub mod hands;
pub(crate) mod hardware;
pub(crate) mod health;
pub(crate) mod heartbeat;
pub mod hooks;
pub mod i18n;
pub(crate) mod identity;
pub(crate) mod integrations;
pub mod memory;
pub(crate) mod migration;
pub(crate) mod multimodal;
pub mod nodes;
pub mod observability;
pub(crate) mod onboard;
pub mod peripherals;
pub mod providers;
pub mod rag;
pub mod runtime;
pub(crate) mod security;
pub(crate) mod service;
pub(crate) mod skills;
pub mod tools;
pub(crate) mod tunnel;
pub(crate) mod util;
pub mod verifiable_intent;
#[cfg(feature = "plugins-wasm")]
pub mod plugins;
pub use config::Config;
/// Gateway management subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum GatewayCommands {
/// Start the gateway server (default if no subcommand specified)
#[command(long_about = "\
Start the gateway server (webhooks, websockets).
Runs the HTTP/WebSocket gateway that accepts incoming webhook events \
and WebSocket connections. Bind address defaults to the values in \
your config file (gateway.host / gateway.port).
Examples:
zeroclaw gateway start # use config defaults
zeroclaw gateway start -p 8080 # listen on port 8080
zeroclaw gateway start --host 0.0.0.0 # requires [gateway].allow_public_bind=true or a tunnel
zeroclaw gateway start -p 0 # random available port")]
Start {
/// Port to listen on (use 0 for random available port); defaults to config gateway.port
#[arg(short, long)]
port: Option<u16>,
/// Host to bind to; defaults to config gateway.host
/// Note: Binding to 0.0.0.0 requires `gateway.allow_public_bind = true` in config
#[arg(long)]
host: Option<String>,
},
/// Restart the gateway server
#[command(long_about = "\
Restart the gateway server.
Stops the running gateway if present, then starts a new instance \
with the current configuration.
Examples:
zeroclaw gateway restart # restart with config defaults
zeroclaw gateway restart -p 8080 # restart on port 8080")]
Restart {
/// Port to listen on (use 0 for random available port); defaults to config gateway.port
#[arg(short, long)]
port: Option<u16>,
/// Host to bind to; defaults to config gateway.host
/// Note: Binding to 0.0.0.0 requires `gateway.allow_public_bind = true` in config
#[arg(long)]
host: Option<String>,
},
/// Show or generate the pairing code without restarting
#[command(long_about = "\
Show or generate the gateway pairing code.
Displays the pairing code for connecting new clients without \
restarting the gateway. Requires the gateway to be running.
With --new, generates a fresh pairing code even if the gateway \
was previously paired (useful for adding additional clients).
Examples:
zeroclaw gateway get-paircode # show current pairing code
zeroclaw gateway get-paircode --new # generate a new pairing code")]
GetPaircode {
/// Generate a new pairing code (even if already paired)
#[arg(long)]
new: bool,
},
}
/// Service management subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum ServiceCommands {
/// Install daemon service unit for auto-start and restart
Install,
/// Start daemon service
Start,
/// Stop daemon service
Stop,
/// Restart daemon service to apply latest config
Restart,
/// Check daemon service status
Status,
/// Uninstall daemon service unit
Uninstall,
}
/// Channel management subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum ChannelCommands {
/// List all configured channels
List,
/// Start all configured channels (handled in main.rs for async)
Start,
/// Run health checks for configured channels (handled in main.rs for async)
Doctor,
/// Add a new channel configuration
#[command(long_about = "\
Add a new channel configuration.
Provide the channel type and a JSON object with the required \
configuration keys for that channel type.
Supported types: telegram, discord, slack, whatsapp, matrix, imessage, email.
Examples:
zeroclaw channel add telegram '{\"bot_token\":\"...\",\"name\":\"my-bot\"}'
zeroclaw channel add discord '{\"bot_token\":\"...\",\"name\":\"my-discord\"}'")]
Add {
/// Channel type (telegram, discord, slack, whatsapp, matrix, imessage, email)
channel_type: String,
/// Optional configuration as JSON
config: String,
},
/// Remove a channel configuration
Remove {
/// Channel name to remove
name: String,
},
/// Bind a Telegram identity (username or numeric user ID) into allowlist
#[command(long_about = "\
Bind a Telegram identity into the allowlist.
Adds a Telegram username (without the '@' prefix) or numeric user \
ID to the channel allowlist so the agent will respond to messages \
from that identity.
Examples:
zeroclaw channel bind-telegram zeroclaw_user
zeroclaw channel bind-telegram 123456789")]
BindTelegram {
/// Telegram identity to allow (username without '@' or numeric user ID)
identity: String,
},
/// Send a message to a configured channel
#[command(long_about = "\
Send a one-off message to a configured channel.
Sends a text message through the specified channel without starting \
the full agent loop. Useful for scripted notifications, hardware \
sensor alerts, and automation pipelines.
The --channel-id selects the channel by its config section name \
(e.g. 'telegram', 'discord', 'slack'). The --recipient is the \
platform-specific destination (e.g. a Telegram chat ID).
Examples:
zeroclaw channel send 'Someone is near your device.' --channel-id telegram --recipient 123456789
zeroclaw channel send 'Build succeeded!' --channel-id discord --recipient 987654321")]
Send {
/// Message text to send
message: String,
/// Channel config name (e.g. telegram, discord, slack)
#[arg(long)]
channel_id: String,
/// Recipient identifier (platform-specific, e.g. Telegram chat ID)
#[arg(long)]
recipient: String,
},
}
/// Skills management subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum SkillCommands {
/// List all installed skills
List,
/// Audit a skill source directory or installed skill name
Audit {
/// Skill path or installed skill name
source: String,
},
/// Install a new skill from a URL or local path
Install {
/// Source URL or local path
source: String,
},
/// Remove an installed skill
Remove {
/// Skill name to remove
name: String,
},
}
/// Migration subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum MigrateCommands {
/// Import memory from an `OpenClaw` workspace into this `ZeroClaw` workspace
Openclaw {
/// Optional path to `OpenClaw` workspace (defaults to ~/.openclaw/workspace)
#[arg(long)]
source: Option<std::path::PathBuf>,
/// Validate and preview migration without writing any data
#[arg(long)]
dry_run: bool,
},
}
/// Cron subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum CronCommands {
/// List all scheduled tasks
List,
/// Add a new scheduled task
#[command(long_about = "\
Add a new recurring scheduled task.
Uses standard 5-field cron syntax: 'min hour day month weekday'. \
Times are evaluated in UTC by default; use --tz with an IANA \
timezone name to override.
Examples:
zeroclaw cron add '0 9 * * 1-5' 'Good morning' --tz America/New_York --agent
zeroclaw cron add '*/30 * * * *' 'Check system health' --agent
zeroclaw cron add '*/5 * * * *' 'echo ok'")]
Add {
/// Cron expression
expression: String,
/// Optional IANA timezone (e.g. America/Los_Angeles)
#[arg(long)]
tz: Option<String>,
/// Treat the argument as an agent prompt instead of a shell command
#[arg(long)]
agent: bool,
/// Restrict agent cron jobs to the specified tool names (repeatable, agent-only)
#[arg(long = "allowed-tool")]
allowed_tools: Vec<String>,
/// Command (shell) or prompt (agent) to run
command: String,
},
/// Add a one-shot scheduled task at an RFC3339 timestamp
#[command(long_about = "\
Add a one-shot task that fires at a specific UTC timestamp.
The timestamp must be in RFC 3339 format (e.g. 2025-01-15T14:00:00Z).
Examples:
zeroclaw cron add-at 2025-01-15T14:00:00Z 'Send reminder'
zeroclaw cron add-at 2025-12-31T23:59:00Z 'Happy New Year!'")]
AddAt {
/// One-shot timestamp in RFC3339 format
at: String,
/// Treat the argument as an agent prompt instead of a shell command
#[arg(long)]
agent: bool,
/// Restrict agent cron jobs to the specified tool names (repeatable, agent-only)
#[arg(long = "allowed-tool")]
allowed_tools: Vec<String>,
/// Command (shell) or prompt (agent) to run
command: String,
},
/// Add a fixed-interval scheduled task
#[command(long_about = "\
Add a task that repeats at a fixed interval.
Interval is specified in milliseconds. For example, 60000 = 1 minute.
Examples:
zeroclaw cron add-every 60000 'Ping heartbeat' # every minute
zeroclaw cron add-every 3600000 'Hourly report' # every hour")]
AddEvery {
/// Interval in milliseconds
every_ms: u64,
/// Treat the argument as an agent prompt instead of a shell command
#[arg(long)]
agent: bool,
/// Restrict agent cron jobs to the specified tool names (repeatable, agent-only)
#[arg(long = "allowed-tool")]
allowed_tools: Vec<String>,
/// Command (shell) or prompt (agent) to run
command: String,
},
/// Add a one-shot delayed task (e.g. "30m", "2h", "1d")
#[command(long_about = "\
Add a one-shot task that fires after a delay from now.
Accepts human-readable durations: s (seconds), m (minutes), \
h (hours), d (days).
Examples:
zeroclaw cron once 30m 'Run backup in 30 minutes'
zeroclaw cron once 2h 'Follow up on deployment'
zeroclaw cron once 1d 'Daily check'")]
Once {
/// Delay duration
delay: String,
/// Treat the argument as an agent prompt instead of a shell command
#[arg(long)]
agent: bool,
/// Restrict agent cron jobs to the specified tool names (repeatable, agent-only)
#[arg(long = "allowed-tool")]
allowed_tools: Vec<String>,
/// Command (shell) or prompt (agent) to run
command: String,
},
/// Remove a scheduled task
Remove {
/// Task ID
id: String,
},
/// Update a scheduled task
#[command(long_about = "\
Update one or more fields of an existing scheduled task.
Only the fields you specify are changed; others remain unchanged.
Examples:
zeroclaw cron update <task-id> --expression '0 8 * * *'
zeroclaw cron update <task-id> --tz Europe/London --name 'Morning check'
zeroclaw cron update <task-id> --command 'Updated message'")]
Update {
/// Task ID
id: String,
/// New cron expression
#[arg(long)]
expression: Option<String>,
/// New IANA timezone
#[arg(long)]
tz: Option<String>,
/// New command to run
#[arg(long)]
command: Option<String>,
/// New job name
#[arg(long)]
name: Option<String>,
/// Replace the agent job allowlist with the specified tool names (repeatable)
#[arg(long = "allowed-tool")]
allowed_tools: Vec<String>,
},
/// Pause a scheduled task
Pause {
/// Task ID
id: String,
},
/// Resume a paused task
Resume {
/// Task ID
id: String,
},
}
/// Memory management subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum MemoryCommands {
/// List memory entries with optional filters
List {
/// Filter by category (core, daily, conversation, or custom name)
#[arg(long)]
category: Option<String>,
/// Filter by session ID
#[arg(long)]
session: Option<String>,
/// Maximum number of entries to display
#[arg(long, default_value = "50")]
limit: usize,
/// Number of entries to skip (for pagination)
#[arg(long, default_value = "0")]
offset: usize,
},
/// Get a specific memory entry by key
Get {
/// Memory key to look up
key: String,
},
/// Show memory backend statistics and health
Stats,
/// Clear memories by category, by key, or clear all
Clear {
/// Delete a single entry by key (supports prefix match)
#[arg(long)]
key: Option<String>,
/// Only clear entries in this category
#[arg(long)]
category: Option<String>,
/// Skip confirmation prompt
#[arg(long)]
yes: bool,
},
}
/// Integration subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum IntegrationCommands {
/// Show details about a specific integration
Info {
/// Integration name
name: String,
},
}
/// Hardware discovery subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum HardwareCommands {
/// Enumerate USB devices (VID/PID) and show known boards
#[command(long_about = "\
Enumerate USB devices and show known boards.
Scans connected USB devices by VID/PID and matches them against \
known development boards (STM32 Nucleo, Arduino, ESP32).
Examples:
zeroclaw hardware discover")]
Discover,
/// Introspect a device by path (e.g. /dev/ttyACM0)
#[command(long_about = "\
Introspect a device by its serial or device path.
Opens the specified device path and queries for board information, \
firmware version, and supported capabilities.
Examples:
zeroclaw hardware introspect /dev/ttyACM0
zeroclaw hardware introspect COM3")]
Introspect {
/// Serial or device path
path: String,
},
/// Get chip info via USB (probe-rs over ST-Link). No firmware needed on target.
#[command(long_about = "\
Get chip info via USB using probe-rs over ST-Link.
Queries the target MCU directly through the debug probe without \
requiring any firmware on the target board.
Examples:
zeroclaw hardware info
zeroclaw hardware info --chip STM32F401RETx")]
Info {
/// Chip name (e.g. STM32F401RETx). Default: STM32F401RETx for Nucleo-F401RE
#[arg(long, default_value = "STM32F401RETx")]
chip: String,
},
}
/// Peripheral (hardware) management subcommands
#[derive(Subcommand, Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub enum PeripheralCommands {
/// List configured peripherals
List,
/// Add a peripheral (board path, e.g. nucleo-f401re /dev/ttyACM0)
#[command(long_about = "\
Add a peripheral by board type and transport path.
Registers a hardware board so the agent can use its tools (GPIO, \
sensors, actuators). Use 'native' as path for local GPIO on \
single-board computers like Raspberry Pi.
Supported boards: nucleo-f401re, rpi-gpio, esp32, arduino-uno.
Examples:
zeroclaw peripheral add nucleo-f401re /dev/ttyACM0
zeroclaw peripheral add rpi-gpio native
zeroclaw peripheral add esp32 /dev/ttyUSB0")]
Add {
/// Board type (nucleo-f401re, rpi-gpio, esp32)
board: String,
/// Path for serial transport (/dev/ttyACM0) or "native" for local GPIO
path: String,
},
/// Flash ZeroClaw firmware to Arduino (creates .ino, installs arduino-cli if needed, uploads)
#[command(long_about = "\
Flash ZeroClaw firmware to an Arduino board.
Generates the .ino sketch, installs arduino-cli if it is not \
already available, compiles, and uploads the firmware.
Examples:
zeroclaw peripheral flash
zeroclaw peripheral flash --port /dev/cu.usbmodem12345
zeroclaw peripheral flash -p COM3")]
Flash {
/// Serial port (e.g. /dev/cu.usbmodem12345). If omitted, uses first arduino-uno from config.
#[arg(short, long)]
port: Option<String>,
},
/// Setup Arduino Uno Q Bridge app (deploy GPIO bridge for agent control)
SetupUnoQ {
/// Uno Q IP (e.g. 192.168.0.48). If omitted, assumes running ON the Uno Q.
#[arg(long)]
host: Option<String>,
},
/// Flash ZeroClaw firmware to Nucleo-F401RE (builds + probe-rs run)
FlashNucleo,
}
Reference in New Issue View Git Blame Copy Permalink