Documentation Index
Fetch the complete documentation index at: https://docs.openpawz.ai/llms.txt
Use this file to discover all available pages before exploring further.
Quality & Testing
OpenPawz maintains enterprise-grade quality gates. Every commit is validated by a 3-job CI pipeline and must pass all checks before merging.
CI Pipeline
| Job | Steps | Timeout |
|---|
| Rust | cargo check → cargo test → cargo clippy -D warnings | 15 min |
| TypeScript | tsc --noEmit → eslint → vitest run → prettier --check | 10 min |
| Security | cargo audit → npm audit | 5 min |
Test Suite
| Layer | Count | What’s covered |
|---|
| Rust unit tests | 124 | Cryptography, injection detection, DeFi primitives, access control, routing, retry logic |
| Rust integration tests | 40 | Session lifecycle, memory roundtrip, tool classification, config persistence |
| TypeScript tests | 366 | Risk classifier, injection patterns, command parsing, view modules, error handling |
| Total | 530 | |
Rust Test Modules
| Module | Description |
|---|
security.rs | AES-256-GCM encryption, key derivation, nonce generation |
injection.rs | 30+ prompt injection patterns, severity classification |
access_control.rs | Agent policy enforcement, tool allowlist/denylist |
http.rs | Exponential backoff, circuit breaker, jitter, TLS pinning, request signing |
providers/ | Provider routing, fallback chains, streaming |
channels/ | Bridge lifecycle, message routing, user sessions |
trading/ | Honeypot detection, swap primitives, wallet signing |
memory/ | BM25 search, vector similarity, temporal decay |
Running Tests
# All TypeScript tests
npx vitest run
# All Rust tests
cd src-tauri && cargo test
# Single Rust test module
cd src-tauri && cargo test --lib security
# With output
cd src-tauri && cargo test -- --nocapture
Linting
# TypeScript
npx tsc --noEmit # Type check
npx eslint . # Lint
npx prettier --check . # Format check
# Rust
cd src-tauri && cargo clippy -- -D warnings
cd src-tauri && cargo fmt --check
Enterprise Hardening
| Area | Implementation |
|---|
| Encryption | AES-256-GCM with 12-byte random nonce per field. Key stored in OS keychain. |
| Error handling | 12-variant EngineError enum via thiserror — no Result<T, String> in the engine. |
| Retry logic | Exponential backoff with jitter (1s base, 30s max, 3 retries). Circuit breaker after 5 failures. |
| Logging | Daily rotation, 7-day pruning, structured format, in-app log viewer. |
| Keychain | Hard-fail on missing OS keychain — no silent plaintext fallback. |
| TLS pinning | Custom rustls::ClientConfig with Mozilla root CAs only. OS trust store excluded. Singleton reqwest::Client shared across all providers. |
| Request signing | SHA-256 hash of every outbound AI request logged to 500-entry ring buffer for tamper detection and compliance auditing. |
| Memory zeroing | Provider API keys wrapped in Zeroizing<String> — zeroed from RAM on drop via core::ptr::write_volatile. |
| Warnings | cargo clippy -- -D warnings enforced in CI on every commit. |
