Expand description
Axum-based HTTP gateway with proper HTTP/1.1 compliance, body limits, and timeouts.
This module replaces the raw TCP implementation with axum for:
- Proper HTTP/1.1 parsing and compliance
- Content-Length validation (handled by hyper)
- Request body size limits (64KB max)
- Request timeouts (30s) to prevent slow-loris attacks
- Header sanitization (handled by axum/hyper)
Modules§
- acp
- ACP-over-WebSocket gateway endpoint.
- api
- REST API handlers for the web dashboard.
- api_
browse - HTTP adapter over
zeroclaw_runtime::browse::list_directory. - api_
config - Per-property CRUD endpoints for
/api/config/*. - api_
logs GET /api/logs— paginated query over the persisted JSONL log.- api_
pairing - Device management and pairing API handlers.
- api_
personality - Read/write endpoints for per-agent personality markdown files
(
SOUL.md,IDENTITY.md,USER.md,AGENTS.md,TOOLS.md,HEARTBEAT.md,BOOTSTRAP.md,MEMORY.md). - api_
quickstart - HTTP routes for the Quickstart flow.
- api_
sections - Curated config-section endpoints. Used by the
/configpage in the web dashboard to navigate the schema by curated section rather than raw prop paths. OpenAPI is authoritative for the exact route set. - api_
skills - HTTP adapter over
zeroclaw_runtime::skills::SkillsService. - auth_
rate_ limit - Sliding-window rate limiter for authentication attempts.
- canvas
- Live Canvas gateway routes — REST + WebSocket for real-time canvas updates.
- hardware_
context - Hardware context management endpoints.
- node_
tool - Wraps a node capability as a zeroclaw
Toolso it can be dispatched through the existing tool registry and agent loop. - nodes
- WebSocket endpoint for dynamic node discovery and capability advertisement.
- openapi
- Runtime-generated OpenAPI 3.1 document for the new
/api/config/*surface. - session_
queue - Re-export from zeroclaw-infra so existing gateway imports keep working.
- sse
- Server-Sent Events (SSE) stream for real-time event delivery.
- static_
files - Static file serving for the web dashboard.
- tls
- TLS and mutual TLS (mTLS) support for the gateway server.
- ws
- WebSocket agent chat handler.
- ws_
approval - WebSocket-backed
Channelimplementation that surfaces tool approval prompts to the gateway client and waits for the operator’s decision.
Structs§
- Admin
Paircode Query - Query parameters for
POST /admin/paircode/new. - AppState
- Shared state for all axum handlers
- Gateway
Rate Limiter - Idempotency
Store - Wati
Verify Query - Webhook
Body - Webhook request body
- Webhook
Query - Webhook query parameters
- Whats
AppVerify Query WhatsAppverification query params
Constants§
- IDEMPOTENCY_
MAX_ KEYS_ DEFAULT - Fallback max distinct idempotency keys retained in gateway memory.
- LONG_
RUNNING_ REQUEST_ TIMEOUT_ SECS - Default request timeout for
POST /api/cron/{id}/run(10 minutes). - MAX_
BODY_ SIZE - Maximum request body size (64KB) — prevents memory exhaustion
- RATE_
LIMIT_ MAX_ KEYS_ DEFAULT - Fallback max distinct client keys tracked in gateway rate limiter.
- RATE_
LIMIT_ WINDOW_ SECS - Sliding window used by gateway rate limiting.
- REQUEST_
TIMEOUT_ SECS - Default request timeout (30s) — prevents slow-loris attacks.
Functions§
- gateway_
long_ running_ request_ timeout_ secs - Manual cron-trigger request timeout (seconds), exempt from the
gateway-wide
gateway_request_timeout_secslimit so synchronous agent jobs can run to completion. Reads from typed config. - gateway_
request_ timeout_ secs - Gateway request timeout (seconds) for routes other than the long-running cron-trigger endpoint. Reads from typed config.
- run_
gateway - Run the HTTP gateway using axum with proper HTTP/1.1 compliance.
- verify_
whatsapp_ signature - Verify
WhatsAppwebhook signature (X-Hub-Signature-256). Returns true if the signature is valid, false otherwise. See: https://developers.facebook.com/docs/graph-api/webhooks/getting-started#verification-requests