Closes #4868 feat: add allowed_private_hosts config for http_request tool#4924
Closed
ArchBirdie wants to merge 153 commits into
Closed
Closes #4868 feat: add allowed_private_hosts config for http_request tool#4924ArchBirdie wants to merge 153 commits into
ArchBirdie wants to merge 153 commits into
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moves 30 README.<lang>.md files from the repo root into docs/i18n/<lang>/PROJECT-README.md and updates all language picker links. Root goes from 37 markdown files to 7. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
CodeRabbit is not active on this repo. Removing the orphaned config file. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…-coderabbit-config chore: remove unused .coderabbit.yaml config
…aw-labs#4332) * feat(agent): add thinking/reasoning level control per message Add ThinkingLevel enum (Off, Minimal, Low, Medium, High, Max) that controls how deeply the model reasons per message, trading speed for depth. - New `src/agent/thinking.rs` module with: - ThinkingLevel enum with serde/JsonSchema support - ThinkingConfig with configurable default_level - parse_thinking_directive() to parse `/think:<level>` from messages - apply_thinking_level() returning temperature/token/prompt adjustments - resolve_thinking_level() with priority hierarchy: inline directive > session override > agent config > global default - Comprehensive tests for parsing, application, and resolution - Wired into all three agent paths in loop_.rs: - Single-shot CLI path (run with message) - Interactive REPL path (with per-turn system prompt restoration) - Channel/daemon path (process_message) - Added ThinkingConfig to AgentConfig in schema.rs (`[agent.thinking]`) - Added /think:<level> to interactive /help output Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: correct base_system_prompt variable name in thinking-level restore The rebase conflict resolution doubled the `base_` prefix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: rareba <rareba@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…eroclaw-labs#3855) Bumps distroless/cc-debian13 from `84fcd3c` to `9c4fe23`. --- updated-dependencies: - dependency-name: distroless/cc-debian13 dependency-version: nonroot dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ling (zeroclaw-labs#3810) file_write, file_edit, and pdf_read tools now use resolve_tool_path() instead of workspace_dir.join() to properly handle both absolute and relative paths consistently with file_read. Fixes zeroclaw-labs#3774 Co-authored-by: OpenClaw Assistant <assistant@openclaw.ai>
Signed-off-by: rentianyue-jk <rentianyue-jk@qifu.com> Co-authored-by: rentianyue-jk <rentianyue-jk@qifu.com>
…ateway Error (zeroclaw-labs#4635) The Mattermost channel was using build_channel_proxy_client() without timeouts, while the OpenAI provider uses build_runtime_proxy_client_with_timeouts(). When custom OpenAI providers (like sub2api) respond slowly or hang, the lack of timeout in Mattermost's HTTP client causes connection pool exhaustion, resulting in 502 Gateway Errors for all subsequent requests (Web UI, API, etc.). This fix adds a 30-second request timeout and 10-second connect timeout to the Mattermost HTTP client, matching the pattern used by other providers. Fixes zeroclaw-labs#4299
zeroclaw-labs#4554) The heartbeat decision prompt asked the LLM to decide whether tasks are "time-sensitive" and should run "right now" without providing the actual current date, time, or day of week. This caused incorrect scheduling decisions (e.g., referring to "Sunday afternoon" when it was Monday). Inject `Current time: YYYY-MM-DD HH:MM:SS UTC (DayOfWeek)` into the prompt so the LLM has proper temporal context. Closes zeroclaw-labs#4447 Co-authored-by: rareba <rareba@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…as (zeroclaw-labs#4317) * fix(provider): use no_responses_fallback for Z.AI and add Bailian alias - Switch Z.AI provider from new() to new_no_responses_fallback() since Z.AI only supports /chat/completions (not the responses API) - Add "bailian" as a Qwen CN alias with BAILIAN_API_KEY env var fallback - Update display name and credential resolution for Qwen/Bailian Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * style: cargo fmt * fix(provider): remove stale 'bailian' from qwen CN aliases The Bailian alias was added as a separate provider with its own is_bailian_alias function, but 'bailian' was not removed from is_qwen_cn_alias. Since is_qwen_alias is checked before is_bailian_alias in canonical_china_provider_name, 'bailian' resolved to 'qwen' instead of 'bailian', failing the test. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bumps [libloading](https://github.com/nagisa/rust_libloading) from 0.8.9 to 0.9.0. - [Commits](nagisa/rust_libloading@0.8.9...0.9.0) --- updated-dependencies: - dependency-name: libloading dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…claw-labs#4805) * fix(matrix): preserve thread context on first follow-up message Always root a thread at the incoming message event ID instead of leaving thread_ts as None for non-threaded messages. This prevents a session key mismatch where the first exchange is stored under a room-level key but follow-up messages use a thread-scoped key, causing the bot to lose context from the initial question and response. The bot now explicitly threads its response back to the user's original message rather than relying on Matrix implicit threading. Thread root is the user's question, not the bot's answer. Documents threading behavior in the E2EE guide. In encrypted rooms, the SDK decrypts events transparently before thread context is evaluated, so threading works identically. Closes zeroclaw-labs#4804 * fix(lint): apply cargo fmt to context_compressor.rs
…abs#4632) The fetch_paircode function was constructing URLs without considering the gateway.path_prefix configuration option. This caused the CLI command "zeroclaw gateway get-paircode" to fail when path_prefix was configured (e.g., for reverse proxy deployments). Changes: - Add path_prefix parameter to fetch_paircode function - Include path_prefix in admin API URLs (/admin/paircode and /admin/paircode/new) - Extract path_prefix from config in GetPaircode command handler Fixes zeroclaw-labs#4456
… paths on macOS (zeroclaw-labs#4529) Co-authored-by: wangyingtao.10 <wangyingtao.10@jd.com>
…users (zeroclaw-labs#4438) * fix(gateway): improve web dashboard unavailable message for Homebrew users (zeroclaw-labs#3655) The error shown when the web dashboard is not bundled now includes context-specific guidance for Homebrew users (brew reinstall zeroclaw), manual build-from-source instructions, and a Docker alternative. Also harden the pub-homebrew-core workflow's Node.js dependency injection so it falls back gracefully when the 'rust' depends_on line is absent, ensuring node is always declared as a build dependency in the formula. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(wati): add missing attachments field to ChannelMessage initializer Pre-existing build error from feat(channels): add automatic media understanding pipeline (zeroclaw-labs#4402). --------- Co-authored-by: SpaceLobster <spacelobster@SpaceLobsters-Mac-mini.local> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…w-labs#4341) Add /usr/local, /bin, and /sbin as read-only bind mounts in the bubblewrap sandbox configuration. This fixes a regression where Python and other system tools installed in these directories were not accessible within the sandbox. Fixes zeroclaw-labs#4338
…ix (zeroclaw-labs#4552) The executable basename was lowercased by the caller, but the allowlist entry was compared in its original case. This caused mixed-case entries like "icalBuddy" to fail matching on Unix, while working on Windows (which had its own lowercase fallback). Lowercase the allowlist entry before comparison so "icalBuddy" in config matches the "icalbuddy" executable. Closes zeroclaw-labs#4446 Co-authored-by: rareba <rareba@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…roclaw-labs#4378) Enable cron jobs to deliver messages to Feishu/Lark channels using the same pattern as existing channel implementations. Changes: - Add "lark" and "feishu" to validated delivery channels in cron/mod.rs - Add delivery logic in cron/scheduler.rs with channel-lark feature gating - Update agent loop default injection to support lark/feishu - Update tool schemas and help text for lark/feishu Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
zeroclaw-labs#4448) Remove the separate channel message notifications for tool calls since they are already displayed via the draft updater progress messages. This fixes the issue where agent chat was sending multiple messages instead of a single consolidated response. The tool call progress (🔧 tool name, ⏳/✅ status) is already sent through the on_delta channel and displayed in the draft message. Sending additional separate channel messages was causing spammy/duplicate output. Fixes zeroclaw-labs#3513
…roclaw-labs#4322) * feat(config): add provider_env for injecting API keys from config New [provider_env] section allows storing provider API keys directly in config.toml instead of relying on shell environment. Keys are injected as process env vars at startup (only if not already set). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(onboard): add missing provider_env field to wizard Config constructors Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…law-labs#4436) * fix(agent): consolidate multiple messages into single response (zeroclaw-labs#3513) Suppress intermediate tool_call and tool_result WebSocket events from being rendered as separate chat message bubbles in AgentChat. Internal tool invocations are processing steps — only the final 'done' event with full_response should appear as an agent message. Also removes dead i18n keys (agent.tool_call_prefix, agent.tool_result_prefix) that were only used by the removed handlers. Fixes zeroclaw-labs#3513 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(wati): add missing attachments field to ChannelMessage initializer Pre-existing build error from feat(channels): add automatic media understanding pipeline (zeroclaw-labs#4402). The attachments field was added to ChannelMessage but not all initializers were updated. --------- Co-authored-by: SpaceLobster <spacelobster@SpaceLobsters-Mac-mini.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…eroclaw-labs#4883) * fix(tests): serialize Bedrock env-var tests to prevent parallel race Closes zeroclaw-labs#4809 * style: fix pre-existing fmt and clippy warnings - cargo fmt: wrap long assert! macros in uf2.rs and uno_q_bridge.rs - clippy: use underscored hex literal 0x0200_0000 in schema.rs - clippy: gate unix-only TempDir import behind #[cfg(unix)] --------- Co-authored-by: rareba <rareba@users.noreply.github.com>
- Dockerfile: add `debian` target alongside existing `dev` and `release` targets, replacing the separate Dockerfile.debian - Dockerfile.ci: use VARIANT build-arg (distroless|debian) to replace the separate Dockerfile.debian.ci - Update release workflows to use `build-args: VARIANT=debian` - Update docker-compose.yml to use `target: debian` - Remove Dockerfile.debian and Dockerfile.debian.ci Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…zeroclaw-labs#4213) * feat(debug): add --log-llm flag to dump LLM provider message payloads Adds a global --log-llm flag that logs the exact messages sent to the LLM provider on each turn: full system prompt + history on turn one, growing history on subsequent turns. Usage: zeroclaw agent --log-llm zeroclaw agent --log-llm -m "hello" zeroclaw daemon --log-llm Implementation: - Global `--log-llm` flag on `Cli` (available to all subcommands) - When set, adds a `zeroclaw::providers::reliable=trace` directive to the tracing subscriber filter so only LLM message traces surface, without flooding other TRACE-level noise - `ReliableProvider::chat()` emits one TRACE log per message (role, char count, full content) on the first attempt of each call; retries and failover attempts are not re-logged - Gated on `tracing::enabled!(TRACE)` so the iteration over messages is a no-op at runtime when the flag is not set Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: apply rustfmt to --log-llm subscriber setup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(debug): pretty-print LLM messages as JSON array under --log-llm Replaces the per-message trace loop with a single serde_json::to_string_pretty of the full messages slice, producing a clean JSON array that mirrors the actual wire payload sent to the provider. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…idate-dockerfiles refactor: consolidate Dockerfiles from 4 to 2
* fix(channels): skip tools summary for native tools * test(channels): adapt native-tools prompt respin to autonomy arg
…atible providers (zeroclaw-labs#4333) Custom OpenAI-compatible providers (configured via "custom:<url>") were incorrectly falling back to the /v1/responses API when chat completions returned 404. This caused errors because most custom providers only support the standard /v1/chat/completions endpoint. Changes: - Add new constructor new_with_vision_no_responses_fallback() to OpenAiCompatibleProvider - Update custom provider factory to use the new constructor Fixes zeroclaw-labs#4296
…_CTX (zeroclaw-labs#3518) * Ignore JetBrains .idea folder * fix(ollama): support stringified JSON tool call arguments * providers: allow ZEROCLAW_PROVIDER_URL env var to override Ollama base URL Supports container deployments where Ollama runs on a Docker network host (e.g. http://ollama:11434) without requiring config.toml changes. Includes regression test ensuring the environment override works. * fix(clippy): replace Default::default() with ProviderRuntimeOptions::default() * feat(ollama): allow configurable context size via ZEROCLAW_OLLAMA_NUM_CTX --------- Co-authored-by: Argenis <theonlyhennygod@gmail.com>
…eroclaw-labs#4911) Z.AI and GLM APIs require HMAC-SHA256 JWT authentication instead of plain Bearer tokens. Add ZhipuJwt AuthStyle variant that generates short-lived JWTs (3.5 min expiry) from id.secret credentials, and refactor auth application into a shared helper for spawned tasks. Co-authored-by: khhjoe <joe264326832008@hotmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…t exceeded (zeroclaw-labs#4912) Replace the TooManyImages hard error with graceful degradation: when cumulative image count in conversation history exceeds max_images, strip [IMAGE:...] markers from the oldest messages first, preserving text content. This prevents conversations from becoming permanently stuck once the threshold is crossed — previously even plain text messages would fail after enough images accumulated. Co-authored-by: myclaw <myclaw@myclaws-MacBook-Air.local> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…eroclaw-labs#4913) Enables email attachment handling: download attachments from received emails and send emails with file attachments via multipart MIME encoding. - Add attachment_download() method to parse and extract MIME parts - Implement multipart message encoding for outbound attachments - Support common MIME types (images, PDFs, documents) - Add 8 integration tests for attachment workflows Size: M (380 lines) Co-authored-by: Test <test@test.com>
…ing (zeroclaw-labs#4915) When `mention_only = true` in WhatsApp Web config, the bot only responds to group messages that @-mention its phone number. Direct messages are always processed regardless of this setting. Detection uses dual approach: - Structured: checks `mentioned_jid` from protobuf context_info (unwraps ephemeral/view-once/edited wrappers via get_base_message) - Text fallback: word-boundary-aware match for @<phone_digits> with full scan (prevents prefix false-matches, rejects embedded @) Bot identity is resolved in two stages: 1. Seeded from `pair_phone` config at construction time 2. Updated from device store on Event::Connected (supports QR-paired sessions) The @mention is stripped from message content before forwarding to the LLM. Files changed: - src/config/schema.rs: add mention_only field to WhatsAppConfig - src/channels/whatsapp_web.rs: core implementation with 13 tests - src/channels/mod.rs: pass mention_only to WhatsApp Web constructor - src/onboard/wizard.rs: include mention_only in config literals - docs/reference/api: document mention_only in both reference files Co-authored-by: sourabh sharma <sour4bh@pm.me>
Recent merges introduced compilation failures that broke the install script (cargo build --locked on stale Cargo.lock) and the build itself. This commit fixes all errors, regenerates Cargo.lock, and bumps the version across all surfaces to trigger a clean release. Fixes: - gateway/api.rs: add missing handle_api_session_history body, remove duplicate history code from handle_api_session_state - providers/mod.rs: remove duplicate kimi-code match arm - providers/router.rs: fix stream::BoxStream → BoxStream, remove duplicate supports_streaming/stream_chat_with_history methods - service/mod.rs: remove 3 duplicate warn_if_linger_disabled definitions - channels/discord_history.rs: replace scopeguard (edition 2024 compat) with manual drop guard for pending resolution cleanup - channels/line.rs, slack.rs, voice_call.rs, wechat.rs: add missing observe_group and attachments fields to ChannelMessage initializers - channels/mod.rs: fix LruCache API (remove→pop, insert→put) - config/schema.rs: wrap set_var in unsafe block, add stall_timeout_secs to DiscordConfig - onboard/wizard.rs: add missing provider_env, mention_only, and interrupt_on_new_message fields to config initializers - security/policy.rs: bind vec literal to `let mut cmds` Version bumped to 0.6.6 in: Cargo.toml, tauri.conf.json, Dokploy docker-compose + meta, EasyPanel meta, all README badges (31 locales). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add allowed_private_hosts field for granular private host allowlist - Add blocked_domains field for explicit SSRF denylist - Remove deprecated allow_private_hosts boolean - Update SSRF validation to check blocked → allowed private → allowed domains - Add comprehensive test cases for all SSRF scenarios
ArchBirdie
requested review from
JordanTheJet,
SimianAstronaut7 and
theonlyhennygod
as code owners
github-actions
Bot
added
docs
Fix missing closing brace in getSessionHistory, duplicate fields in WsMessage interface, unused imports, missing ReactMarkdown/remarkGfm imports, and add limit parameter to getSessionMessages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolve merge conflicts in src/config/schema.rs, src/tools/http_request.rs, and src/tools/mod.rs. Keep both the PR's granular allowed_private_hosts allowlist and master's allow_private_hosts boolean toggle plus auth_secret support. Update new_with_config constructor and test helpers to include blocked_domains and allowed_private_hosts parameters from the PR. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Mar 29, 2026
singlerider
added
enhancement
Collaborator
|
@ArchBirdie , could you please resolve merge conflicts prior to review? |
Author
|
There have been so many changes since this was written a month ago... I will take a look at rewriting it to merge conflicts soon. Thanks for prompting me on this. I wasn't sure what the best path forward was... to do this as a new branch, or try to update this PR with the new code. I am not that experienced, but will look into this. I am open to reading materials on the topic of merging stale PR's into updated codebase. |
Collaborator
|
@ArchBirdie no problem at all, and sorry this sat for so long before we got back to it. There has been a lot of repo movement, so it is completely understandable that the best path is unclear. We are getting back up to speed on the older PR queue now. For this one, either updating this PR or opening a clean replacement branch is fine. Given how stale the branch is and how much unrelated churn is currently in the diff, the cleanest path may be:
The main thing reviewers will need is a narrow diff that is clearly about the |
Collaborator
|
Thanks again for the original work here. I’m going to close this PR because the linked issue #4868 is already closed and was later noted as fixed by PR #4590, while this branch has become stale and now carries a large amount of unrelated churn. The narrower |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #4868
Changes
Summary
Describe this PR in 2-5 bullets:
Label Snapshot
Change Metadata
Linked Issue
Validation Evidence
Commands and result summary:
cargo check -p zeroclawlabs
Security Impact
Privacy and Data Hygiene
Compatibility / Migration
i18n Follow-Through
Human Verification
Side Effects / Blast Radius
Rollback Plan
Risks and Mitigations