Test/v0.7.0 migration#21
Open
mionemedia wants to merge 1370 commits intoopenagen:masterfrom
Open
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…-coderabbit chore: remove unused .coderabbit.yaml
- zeroclaw-labs/templates → zeroclaw-labs/dokploy-templates - zeroclaw-labs/templates-1 → zeroclaw-labs/easypanel-templates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…-marketplace-repos chore: update marketplace workflow for renamed fork repos
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…-dokploy-repo chore: rename dokploy-templates → dokploy
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…-easypanel-repo chore: rename easypanel-templates → easypanel
Unreferenced Aardvark hardware templates — docs/hardware/ is the canonical location for hardware documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…-examples chore: remove orphaned examples/ directory
Add environment declarations to release workflows so deployments show in the repo sidebar. Environments: github-releases, crates-io, docker. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…deployment-environments feat(ci): add GitHub deployment environments
Full-featured TUI onboarding wizard with complete feature parity to the CLI wizard, using ratatui + crossterm for terminal rendering. - 32-screen state machine: welcome, security warning, setup mode, provider tier/selection (44 providers across 6 categories), auth method, API key input, model selection, channel status/select, web search, skills install, hooks, gateway service, health check, optional apps, control UI with pairing code, workspace backup, final security, and complete summary - Icy blue theme with ZeroClaw branding and ASCII banner - Real pairing code fetched from running gateway (supports local, Docker, and remote deployments) - Config persistence: writes provider, model, API key, and web search settings to config.toml on completion - Docker integration: pushes config to running containers and generates pairing codes via docker exec - Scrollable lists with keyboard navigation (arrows/j/k), Esc back-navigation on all screens, scroll indicators - Reusable widget library: InfoPanel, SelectableList, StepIndicator, Banner, ConfirmedLine, InputPrompt - Activated via `zeroclaw onboard --tui` flag - Auto-launched from install.sh when running in interactive terminal - Includes dev/test-tui-onboarding.sh for manual QA
- Bump version 0.6.5 → 0.6.6 - Fix gateway webhook tests: use run_gateway_chat_simple() which correctly uses the mocked provider from AppState - Fix security policy test: strip redirect operators from executable token before basename extraction (cat</dev/null → cat) - Fix seatbelt test: remove literal IP from comment that triggered false positive in contains() assertion - Run cargo fmt on TUI module
* chore: bump to v0.6.7 + add automatic version sync - Bump Cargo.toml to 0.6.7 - Sync all 38 files (READMEs, Tauri, marketplace, workflows) - Add scripts/release/bump-version.sh for single-command version sync - Add .github/workflows/version-sync.yml to auto-sync on Cargo.toml changes - Update cut_release_tag.sh to run bump script before tagging * chore: regenerate Cargo.lock for v0.6.7
…#5128) * fix: resolve all clippy errors blocking release builds - Add missing `use std::path::Path` in whatsapp_web.rs (fixes E0433/E0425) - Fix unnested or-patterns in onboarding TUI - Fix collapsible if, unnecessary negations, identical match arms - Elide explicit lifetimes in widgets.rs and wrappers.rs - Fix usize-to-u16 truncation with try_from - Add clippy::large_futures allows for TUI onboarding futures - Extract PathExtractor type alias for complex type - Remove unused binding in multimodal.rs - Prefix unused is_group variable in whatsapp_web.rs * style: rustfmt formatting fixes
Initialize messages from localStorage synchronously in useState to prevent blank flash on remount. Add toolCall field to PersistedChatBubble so tool call cards survive tab switches too. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Store log entries in sessionStorage and hydrate synchronously on mount, same pattern as the agent chat persistence fix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Creates a shared broadcast channel in the daemon and passes it to both the gateway and cron scheduler. Cron job outputs are now published as `cron_result` events over the broadcast bus. The WebSocket handler subscribes to this bus and forwards events to connected dashboard clients. The AgentChat frontend renders cron results as chat messages. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Verify cron_result events are broadcast on job success and failure - Confirm no panic when EventBroadcast is None or has no subscribers - Pass &None in pre-existing health-component tests
- Wrap deadman alert delivery in 30s tokio::time::timeout - Log warnings on delivery failure or timeout instead of blocking - Add `task_timeout_secs` config field (default 600s) for agent invocation timeouts Prevents the heartbeat loop from stalling indefinitely when a channel delivery hangs.
- Wire up "Dev: Full Stack" compound launch in VS Code - Vite dev server proxies API/WebSocket traffic to Rust gateway - New kill-port.py script clears stale processes before restart - Drop dev opt-level from 1 to 0 for quicker compile cycles
- Add ZEROCLAW_REQUIRE_PAIRING=false to "Debug: Gateway" launch config - Add the same env var to "Dev: Gateway (cargo-watch)" task - Avoids getting stuck on pairing code entry during local dev
- Change .max(5) to .max(1) in daemon worker and heartbeat engine
- Enable browser tools and wildcard domain access by default - Include browser tools in auto-approve list for zero-config usage - Fix heartbeat doc comment to match actual interval constraints This lowers the barrier to browser tool usage for fresh installs while preserving override capability via config.
- Default HeartbeatConfig.enabled to true - Sync rpi-config.toml and test expectations Ensures agents stay responsive by default rather than requiring manual heartbeat activation.
- Server: in-memory ring buffer stores last 500 SSE events - Server: new /api/events/history endpoint serves buffer snapshot - Client: Logs page fetches history before connecting to SSE - Client: deduplicates historical entries against live stream Logs now persist across tab switches without requiring the SSE connection to have been open the entire time.
zeroclaw-labs#5702) Block inline-eval and fetch-and-execute argument patterns for python/python3, node, pip/pip3, npm, and cargo in is_args_safe(). Broad -m block is intentional policy; npm aliases (ci, i, add) and node --eval=/--print= assignment form covered. - a2b5b05 fix(security): block dangerous interpreter arguments in command policy (zeroclaw-labs#5698) - 9cdee68 fix(security): close npm alias and node --eval= bypass gaps - b2e7532 docs(security): document broad -m block as intentional policy decision
…ding preservation (zeroclaw-labs#5166) Wire mention_only filtering end-to-end in MatrixChannel with DM bypass, mention stripping, and media pass-through. Add password and recovery_key config fields for E2EE. Preserve existing Matrix config through TUI/wizard re-runs. Document matrix_sdk log suppression in E2EE guide. - f978965 feat(matrix): mention_only, dedup, E2EE, session encoding, onboarding - fd880e0 fix: add missing mention_only and password fields to MatrixConfig - d93dbc2 feat(matrix): wire mention_only filtering, enhance media handling, fix TUI preservation - f6a3dd1 docs(matrix): document matrix_sdk log suppression and RUST_LOG override - 61c8981 fix(matrix): allow media messages through mention_only gate in group rooms
…eroclaw-labs#5167) Fix multiple session corruption vectors: orphaned tool messages after history trimming cause API 400 errors, empty provider responses poison session history, history pruning breaks tool_use/tool_result pairing, and MultiMessage streaming truncates leading characters. Replace DraftEvent with append-only StreamDelta. Add two-pass orphan removal, atomic tool group pruning with keep_recent protection, and history_pruner module with 19 tests. - 5b76bc7 fix(session): session integrity, streaming refactor, history pruning - 3456119 fix: add missing mention_only parameter to WhatsAppWebChannel::new call sites - d0be8de fix(session): address PR review — restore scope_thread_id, hydration bounds, stall timeout - 34de9a0 fix(session): address PR review — restore scope_thread_id, hydration bounds, stall timeout - 0012f74 chore: gitignore tauri generated schemas - 3e7a67d revert: remove unrelated .gitignore change from PR scope - afdc114 fix: complete test import migration for workspace split - cb99574 fix: remove tauri schema from diff, log orphaned tool message healing - 7e94472 fix: remove auto-generated Tauri schema, restore .gitignore - 84727a4 fix: move parser-internal tests to parser crate, restore private visibility - d874f7e fix: delete dead ResponseStream (unused, zero imports) - c2db864 fix(pruner): respect keep_recent protection in Phase 2 budget enforcement
…ead of deprecated `props`
…hema-versioning feat(config): forward-only schema versioning with V1→V2 migration
…s#5746) In turn_streamed, StreamEvent::ToolCall was sending a TurnEvent::ToolCall immediately during stream processing, and then the same event was sent again in the post-parse loop before tool execution. This caused every tool_call SSE event to be emitted twice to clients. Fix: remove the send from the StreamEvent::ToolCall match arm and let the unified post-parse loop (which covers both streaming and non-streaming paths) be the single place where ToolCall events are emitted. Co-authored-by: chuanzhi <ichuan.me@gmail.com>
…labs#5729) Forward supports_native_tools() and supports_vision() to the underlying provider.
…review-prompt docs: add pr-review-prompt to contributing
…tls-webpki and rumqttc (zeroclaw-labs#5786) - rumqttc 0.24 → 0.25.1: removes rustls 0.22.4 and tokio-rustls 0.25.0 from the dependency tree - rustls-webpki 0.103.10 → 0.103.12: resolves RUSTSEC-2026-0098 and RUSTSEC-2026-0099 for the 0.103.x chain - audit.toml: ignore RUSTSEC-2026-0098 and RUSTSEC-2026-0099 for the 0.102.x chain (rumqttc 0.25.1 still pins rustls-webpki ^0.102; no upstream release with fix available)
…s#5780) - fb2f065 feat(skills): add github-issue-triage skill - c72df60 fix(skills): harden issue-triage against inattentive operator and false-positive triggers - 25ad31e fix(skills): second adversarial pass — close authority table contradictions - 0ab2226 fix(skills): third adversarial pass — stale timing bug, label escalation - 6479012 fix(skills): resolve docs quality gate failures — duplicate headings - 3a59abc fix(skills): fix MD022 markdownlint errors in triage-protocol.md - 574bc08 Merge remote-tracking branch 'upstream/master' into feat/github-issue-triage-skill
…ment support (zeroclaw-labs#5727) - be85980 fix(matrix): use SDK media API for encrypted room media downloads - 14a7210 fix(matrix): move EncryptedFile import to test scope - b5a75b7 feat(matrix): outbound media attachment support - 023b58c fix(matrix): surface attachment upload errors and fix media download errors - 0925593 Merge remote-tracking branch 'upstream/master' into fix/matrix-encrypted-media-download
… upstream merges (zeroclaw-labs#5782) - 9c2170a feat(skills): add squash-merge skill for preserving commit history on… - 4fd14f1 fix(skills): address adversarial review findings in squash-merge skill - cad5014 fix(skills): address second-pass review findings in squash-merge skill - 0e780fd fix(skills): never delete remote branches after squash merge - b915828 fix(skills): eliminate remaining placeholders and simplify squash-mer… - 43736d9 fix(skills): fix markdownlint errors in squash-merge skill - f19a1db Merge remote-tracking branch 'upstream/master' into feat/squash-merge…
…w-labs#5717) Implements `stream_chat`, `supports_streaming`, and `supports_streaming_tool_events` on `OpenRouterProvider` using the shared `sse_bytes_to_events` helper (now `pub(crate)`). Adds `stream: Option<bool>` to `NativeChatRequest` and covers the new paths with unit tests.
Fixes four independent bugs in Dockerfile.debian that prevented any user from building the Debian Docker image locally: 1. Added missing workspace members to the COPY stage (robot-kit, aardvark-sys, zeroclaw-macros, apps/tauri) 2. Created dummy apps/tauri/src/main.rs to satisfy cargo 3. Changed default cargo features from channel-lark,whatsapp-web (fails on Linux) to rag-pdf 4. Touch src/lib.rs alongside src/main.rs in stage 2 No Rust source, Cargo.toml, other Dockerfiles, or CI workflows were changed. Closes zeroclaw-labs#5541 PR: zeroclaw-labs#5545 Author: @theonlyhennygod
Workspace feature observability-prometheus only forwarded to zeroclaw-runtime, leaving zeroclaw-gateway compiled without its Prometheus handler. /metrics served the prometheus_disabled_hint() fallback even when backend = "prometheus" was configured. Fix: also forward zeroclaw-gateway/observability-prometheus from the workspace feature so the gateway compiles its real metrics handler. Closes zeroclaw-labs#5755 PR: zeroclaw-labs#5758 Author: @nayrosk
…aw-labs#5802) 182bec1 moved CliChannel behind a OnceLock factory but only wired the registration in Commands::Daemon, not Commands::Agent. Running `zeroclaw agent` (interactive, no -m) panicked at startup.
… checks (zeroclaw-labs#5799) has_supervised_channels() and has_launchable_channels() both called channels_except_webhook(), causing webhook-only configs to never start the channel supervisor and never show the launch prompt in the wizard. Change both callsites to channels(), which includes webhook with the same is_some() check used by every other channel. Fixes zeroclaw-labs#5798
…ool_calling=false (zeroclaw-labs#5762) - 99e0751 fix: remove orphaned tool messages before provider calls (zeroclaw-labs#5743) - c93247f fix: strip native tool messages for non-native-tool providers (zeroclaw-labs#5743) - ca083f2 test: add explicit tool_calls stripping assertion per code review - c987229 fix: strip native tool - 2d9f7f3 chore: flatten - 4bd0040 Merge branch 'master' into copilot/fix-issue-5743 - 6eef809 Merge branch 'master' into copilot/fix-issue-5743 - 16135e5 Merge branch 'master' into copilot/fix-issue-5743 - bda18b0 fix: effective message - 5213367 fix: use to_vec - 4d0e44b fix: strip native tool - 9641ebf Merge branch 'master' into copilot/fix-issue-5743 - 45fda3d chore: additional tests - 7a725a1 Merge branch 'master' into copilot/fix-issue-5743
Squashed commits from fix/cron-run-missing-delivery: * fix: cron_run tool now delivers output to configured channels
…labs#5805) * fix(web): auto-fill pairing code in Docker environments (zeroclaw-labs#5568) When the /pair/code endpoint returns the code (initial setup, before first pairing), auto-fill it into the input field so the user just clicks "Pair" instead of manually copying from docker logs. Also updates the subtitle to clarify the next step. Follows up on zeroclaw-labs#4786 which added the public /pair/code endpoint. * fix(integrations): mark Hugging Face and LM Studio as Available Both providers are fully implemented in providers/mod.rs (huggingface uses HF Inference API, lmstudio uses OpenAI-compatible local server) but were still marked ComingSoon in the integration registry. Update their status_fn to show Available/Active like all other providers, including alias support (hf, lm-studio). * chore: bump version to 0.7.0 with comprehensive changelog Add detailed CHANGELOG.md attributing all 73 contributors across the 0.6.x series. Sync version references across README badges, Tauri config, marketplace templates, and workflow descriptions. * fix(integrations): use correct config field for HuggingFace and LM Studio status The Hugging Face and LM Studio integration entries referenced c.default_provider which does not exist on Config. Use c.providers.fallback (matching the pattern of all other entries) to fix the compilation error. * fix(ci): use RELEASE_TOKEN instead of missing PAT secret in pre-release validation The pre-release validation workflow referenced secrets.PAT which does not exist in repo settings. All other release workflows use RELEASE_TOKEN for the same purpose. Align this workflow to match. * fix(ci): check website access with WEBSITE_REPO_PAT in pre-release validation The release workflows use WEBSITE_REPO_PAT (not RELEASE_TOKEN) for website redeployment. Align the pre-release validation to check each downstream repo with the correct token. * fix(ci): move crates.io publish gate to Cargo.toml `publish = false` Address review feedback from @singlerider: instead of gating publish via CI workflow YAML (`if: false && ...` + `publish_crates_io` input), set `publish = false` on the root `zeroclawlabs` crate. This is simpler, consistent with the 14 sub-crates, and puts the policy where Cargo expects it. Reverts both workflow file changes. Refs: zeroclaw-labs#5811, RFC zeroclaw-labs#5579 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: remove CHANGELOG.md in favor of GitHub Release notes The changelog content belongs in the GitHub Release body, not as a tracked file that causes merge conflicts and goes stale. Release notes for v0.7.0 are prepared in release-notes-0.7.0.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore(release): add CHANGELOG-next.md and wire release workflows to use it - Add CHANGELOG-next.md with human-written release notes for v0.7.0, covering the workspace split, config V2 migration, OpenRouter streaming, LINE channel, Matrix improvements, and all fixes since v0.6.9. Contributors resolved via GitHub GraphQL API (authors + co-authors). - Update release-beta-on-push.yml and release-stable-manual.yml: if CHANGELOG-next.md exists at release time, use it verbatim as the GitHub release body instead of the auto-generated feat-only notes. - After a stable release, the workflow removes and commits the deletion of CHANGELOG-next.md automatically so it does not carry over into the next release cycle. --------- Co-authored-by: jordanthejet <morepencils@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: WareWolf MoonWall <chris.hengge@gmail.com>
- Migration script with dry-run and backup - Test docker-compose on port 42618 (non-conflicting) - Comprehensive migration guide - Preserves production v0.4.3 setup
- Document required schedule object format with 'kind' field - Add 5 complete examples (daily, weekly, monthly, one-time, interval) - Include cron expression field guide and common patterns - Specify timezone handling (UTC default, tz parameter) - List all cron management tools Fixes issue where bot was passing invalid schedule parameters causing instant cron_add failures (0ms duration, success=false in logs).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Describe this PR in 2-5 bullets:
masterfor all contributions):Label Snapshot (required)
risk: low|medium|high):size: XS|S|M|L|XL, auto-managed/read-only):core|agent|channel|config|cron|daemon|doctor|gateway|health|heartbeat|integration|memory|observability|onboard|provider|runtime|security|service|skillforge|skills|tool|tunnel|docs|dependencies|ci|tests|scripts|dev, comma-separated):<module>: <component>, for examplechannel: telegram,provider: kimi,tool: shell):trusted contributor|experienced contributor|principal contributor|distinguished contributor, auto-managed/read-only; author merged PRs >=5/10/20/50):Change Metadata
bug|feature|refactor|docs|security|chore):runtime|provider|channel|memory|security|ci|docs|multi):Linked Issue
Supersede Attribution (required when
Supersedes #is used)#<pr> by @<author>, one per line):Co-authored-bytrailers added for materially incorporated contributors? (Yes/No)No, explain why (for example: inspiration-only, no direct code/design carry-over):\n): (Pass/Fail)Validation Evidence (required)
Commands and result summary:
cargo fmt --all -- --check cargo clippy --all-targets -- -D warnings cargo testSecurity Impact (required)
Yes/No)Yes/No)Yes/No)Yes/No)Yes, describe risk and mitigation:Privacy and Data Hygiene (required)
pass|needs-follow-up):Compatibility / Migration
Yes/No)Yes/No)Yes/No)i18n Follow-Through (required when docs or user-facing wording changes)
Yes/No)Yes, locale navigation parity updated inREADME*,docs/README*, anddocs/SUMMARY.mdfor supported locales (en,zh-CN,ja,ru,fr,vi)? (Yes/No)Yes, localized runtime-contract docs updated where equivalents exist (minimum forfr/vi:commands-reference,config-reference,troubleshooting)? (Yes/No/N.A.)Yes, Vietnamese canonical docs underdocs/i18n/vi/**synced and compatibility shims underdocs/*.vi.mdvalidated? (Yes/No/N.A.)No/N.A., link follow-up issue/PR and explain scope decision:Human Verification (required)
What was personally validated beyond CI:
Side Effects / Blast Radius (required)
Agent Collaboration Notes (recommended)
AGENTS.md+CONTRIBUTING.md):Rollback Plan (required)
Risks and Mitigations
List real risks in this PR (or write
None).