feat: timezone tool support and webhook trigger endpoint

[zmanian]

Summary

Addresses two open issues (rebased from original 6-issue PR; #657/#648/#663/#666 are now in separate PRs):

• Fix time tool to support timezone conversion using session context #662 - Time tool gains timezone support: convert, format operations, IANA timezone parsing via chrono-tz
• Add channel credential validation during setup and expose routine webhook trigger endpoint #651 - Add POST /api/webhooks/{path} endpoint for routine webhook triggers with constant-time secret validation

Test plan

• cargo clippy --all --all-features passes with zero warnings
• cargo test --lib passes (2557 tests)
• 11 new time tool tests covering all timezone operations
• 2 new webhook handler tests (constant-time comparison, path matching)

Removed from this PR (now in separate PRs)

• thread 'tokio-runtime-worker' (7276) panicked at library\std\src\time.rs:446:33: overflow when subtracting duration from instant #657 (Instant panic) -- already merged to main
• Clean up dead code: unused evaluation APIs, chunk_by_paragraphs, bundled channel installer, reasoning safety field #648 (Dead code cleanup) -- PR chore: remove dead code (#648) #703
• Standardize libSQL timestamp storage to RFC 3339 with UTC offset #663 (libSQL timestamps) -- PR fix(libsql): standardize timestamp storage to RFC 3339 with UTC offset #705
• Setup wizard: OpenAI-compatible model config doesn't save API key #666 (Setup wizard secrets) -- PR fix(setup): initialize secrets crypto for env-var security option #706

Closes #662, closes #651

Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a set of targeted improvements and essential maintenance, addressing several critical issues and streamlining the codebase. It resolves a Windows-specific panic related to time calculations, enhances the setup wizard's handling of API keys for better security and persistence, and significantly upgrades the time tool with robust timezone capabilities. Furthermore, a substantial dead code cleanup effort has been undertaken, removing obsolete components and simplifying core logic across numerous files.

Highlights

• Windows Instant Panic Fix: Implemented checked_sub for Instant arithmetic to prevent panics on Windows systems where uptime is less than the subtracted duration.
• Setup Wizard API Key Handling: Enhanced the setup wizard to automatically initialize secrets_crypto and save the generated master key to ~/.ironclaw/.env when using the environment variable security option.
• Time Tool Enhancements: Added comprehensive timezone support to the time tool, including convert and format operations, and improved IANA timezone parsing via the chrono-tz crate.
• Dead Code Cleanup: Removed unused components such as LlmEvaluator, chunk_by_paragraphs, install_bundled_channel_from_artifacts, and the safety field from Reasoning and related structures, significantly reducing code complexity and dependencies.

Changelog

• Cargo.lock
  • Added chrono-tz and phf 0.12.1 packages and their dependencies.
• Cargo.toml
  • Added chrono-tz dependency.
• src/agent/agent_loop.rs
  • Removed the safety parameter from Reasoning::new call.
• src/agent/commands.rs
  • Removed the safety parameter from HeartbeatRunner::new and Reasoning::new calls.
• src/agent/compaction.rs
  • Removed SafetyLayer import and the safety field from ContextCompactor.
  • Updated ContextCompactor::new and Reasoning::new to no longer accept a safety parameter.
  • Removed SafetyConfig and SafetyLayer imports from tests.
• src/agent/cost_guard.rs
  • Modified check_allowed and actions_this_hour to use Instant::checked_sub to prevent panics.
  • Added a regression test for checked_sub to verify panic prevention.
• src/agent/dispatcher.rs
  • Removed the safety parameter from Reasoning::new calls in both main logic and tests.
  • Removed SafetyConfig and SafetyLayer imports from tests.
• src/agent/heartbeat.rs
  • Removed SafetyLayer import and the safety field from HeartbeatRunner.
  • Updated HeartbeatRunner::new and spawn_heartbeat to no longer accept a safety parameter.
  • Removed the safety parameter from Reasoning::new calls.
• src/agent/thread_ops.rs
  • Removed the safety parameter from ContextCompactor::new calls.
• src/agent/worker.rs
  • Removed the safety parameter from Reasoning::new call.
• src/app.rs
  • Removed the safety parameter from the tools.register_builder_tool call.
• src/channels/web/server.rs
  • Modified created_at calculations in tests to use Instant::checked_sub for robustness.
• src/evaluation/success.rs
  • Removed LlmProvider import.
  • Added #[cfg(test)] attributes to RuleBasedEvaluator struct and its implementations.
  • Removed LlmEvaluator struct and its SuccessEvaluator implementation.
• src/extensions/manager.rs
  • Removed the install_bundled_channel_from_artifacts function.
• src/llm/reasoning.rs
  • Removed SafetyLayer import and the safety field from Reasoning.
  • Updated Reasoning::new to no longer accept a safety parameter.
  • Removed SafetyConfig and SafetyLayer imports from tests.
• src/setup/wizard.rs
  • Modified the environment variable master key setup to initialize secrets_crypto and save the key to ~/.ironclaw/.env.
• src/tools/builder/core.rs
  • Removed SafetyLayer import and the safety field from LlmSoftwareBuilder.
  • Updated LlmSoftwareBuilder::new and Reasoning::new to no longer accept a safety parameter.
• src/tools/builtin/time.rs
  • Added chrono-tz import and FixedOffset to chrono imports.
  • Introduced parse_timezone and parse_input_timestamp helper functions.
  • Expanded TimeTool description and parameters_schema to include convert, format, timezone, to_timezone, and format_string options.
  • Implemented convert and format operations, and enhanced now, parse, and diff operations with timezone awareness.
  • Added extensive unit tests for new and updated time tool functionalities, including timezone conversions and formatting.
• src/tools/mcp/session.rs
  • Modified last_activity calculations in tests to use Instant::checked_sub for robustness.
• src/tools/registry.rs
  • Removed SafetyLayer import.
  • Removed the safety parameter from register_builder_tool call.
• src/worker/runtime.rs
  • Removed the safety parameter from Reasoning::new call.
• src/workspace/chunker.rs
  • Removed the chunk_by_paragraphs function and its associated tests.
• tests/e2e_routine_heartbeat.rs
  • Removed SafetyConfig and SafetyLayer imports, and updated HeartbeatRunner initialization.
• tests/heartbeat_integration.rs
  • Removed SafetyLayer import and updated HeartbeatRunner initialization.

Activity

• No specific activity (comments, reviews, progress updates) was provided for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a good set of fixes and improvements. The panic on Windows related to Instant subtraction is correctly addressed using checked_sub, and the new regression test is a great addition. The setup wizard enhancement for API keys and the major improvements to the time tool with timezone support are both excellent. The dead code cleanup also significantly improves maintainability. I've added a few comments regarding the test suite, where using a fallback for time calculations could lead to tests silently passing under incorrect conditions. Explicitly failing the test in these setup scenarios would make them more robust, aligning with the guideline to prefer expect() for test setups dependent on environmental factors.

_{Note: Security Review did not run due to the size of the PR.}

[gemini-code-assist]

The use of unwrap_or_else(std::time::Instant::now) could cause this test to silently check the wrong logic. If checked_sub returns None (e.g., on a system with low uptime), created_at will be set to Instant::now(). This would make the session not expired, and the test would proceed to validate the logic for a non-expired session, contrary to the test's intent.

To make the test more robust, it's better to explicitly fail with a clear message if the required test state (a past timestamp) cannot be created.

Suggested change

	created_at: std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(600))
	.unwrap_or_else(std::time::Instant::now),
	created_at: std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(600))
	.expect("System uptime must be > 10 minutes for this test to be valid"),

References

1. In tests, when setting up a state that depends on environmental factors (e.g., system uptime for time calculations), prefer expect() to explicitly fail the test with a clear message if the setup is not possible. Avoid fallbacks like unwrap_or() that could cause the test to silently check the wrong logic.

[gemini-code-assist]

Similar to the previous comment, using unwrap_or_else here could lead to the test silently passing with the wrong logic if checked_sub underflows. The test is intended to check behavior for an expired session, but the fallback would create a non-expired one.

To ensure the test is reliable, it should panic with a descriptive message if the test setup cannot be achieved.

Suggested change

	created_at: std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(600))
	.unwrap_or_else(std::time::Instant::now),
	created_at: std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(600))
	.expect("System uptime must be > 10 minutes for this test to be valid"),

References

1. In tests, when setting up a state that depends on environmental factors (e.g., system uptime for time calculations), prefer expect() to explicitly fail the test with a clear message if the setup is not possible. Avoid fallbacks like unwrap_or() that could cause the test to silently check the wrong logic.

[gemini-code-assist]

This test simulates a stale session by setting last_activity to a time in the past. The unwrap_or_else fallback could cause last_activity to be set to Instant::now() if the subtraction underflows, which would make the session appear fresh. The test would then check the wrong condition and might pass incorrectly.

It's better to make the test fail explicitly if the required past timestamp cannot be created.

Suggested change

	session.last_activity = std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(10))
	.unwrap_or_else(std::time::Instant::now);
	session.last_activity = std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(10))
	.expect("System uptime must be > 10 seconds for this test to be valid");

References

1. In tests, when setting up a state that depends on environmental factors (e.g., system uptime for time calculations), prefer expect() to explicitly fail the test with a clear message if the setup is not possible. Avoid fallbacks like unwrap_or() that could cause the test to silently check the wrong logic.

[gemini-code-assist]

The fallback unwrap_or_else(std::time::Instant::now) could cause this test to check the wrong logic. The test intends to push last_activity into the past to observe the change after touch(). If the subtraction underflows, last_activity will be Instant::now(), and the test's assertion might not be testing what's intended.

To make the test more robust, it should fail explicitly if the setup condition cannot be met.

Suggested change

	session.last_activity = std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(60))
	.unwrap_or_else(std::time::Instant::now);
	session.last_activity = std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(60))
	.expect("System uptime must be > 60 seconds for this test to be valid");

References

1. In tests, when setting up a state that depends on environmental factors (e.g., system uptime for time calculations), prefer expect() to explicitly fail the test with a clear message if the setup is not possible. Avoid fallbacks like unwrap_or() that could cause the test to silently check the wrong logic.

[gemini-code-assist]

This test sets up stale sessions by creating a timestamp in the past. If checked_sub underflows, the fallback to Instant::now() would create non-stale sessions, causing the test to check the wrong logic and potentially pass when it shouldn't.

To ensure the test's correctness, it's better to explicitly fail if the past timestamp cannot be created.

Suggested change

	let past = std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(60))
	.unwrap_or_else(std::time::Instant::now);
	let past = std::time::Instant::now()
	.checked_sub(std::time::Duration::from_secs(60))
	.expect("System uptime must be > 60 seconds for this test to be valid");

References

1. In tests, when setting up a state that depends on environmental factors (e.g., system uptime for time calculations), prefer expect() to explicitly fail the test with a clear message if the setup is not possible. Avoid fallbacks like unwrap_or() that could cause the test to silently check the wrong logic.