ling/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-10 04:08:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ling:refactor/concurrent-gate-fixture-scope
Branches Tags
ling:main ling:fix/parallel-runner-exit4-retry ling:hermes/hermes-eaa6fd9c ling:hermes/hermes-2d0a2eb3 ling:feat/opentui-native-engine ling:bb/desktop-terminal-bottom-main ling:dependabot/npm_and_yarn/multi-280c263cef ling:bb/desktop-slash-commands ling:fix/terminal-env-sync-test ling:refactor/concurrent-gate-fixture-scope ling:feat/debug-share-nous-s3 ling:feat/gateway-relay-adapter ling:feat/tui-plugins-hub ling:fix/plugins-slash-command-discovery ling:fix/require-token-gated-cookie ling:bb/desktop-terminal-bottom ling:feat/plugin-subdir-install ling:bb/done-chime ling:fix/photon-test-package-init ling:ethie/nix-faster ling:feat/suggested-cron-jobs ling:hermes/hermes-691528b9 ling:feat/desktop-remote-update-skew ling:dependabot/github_actions/actions-minor-patch-f47b767401 ling:feat/apify-plugin ling:feat/dynamic-workflow-skill ling:hermes/hermes-8d223d48 ling:hermes/hermes-b9598731 ling:worktree-desktop-surface-slash-commands ling:migrate/platforms-to-plugins ling:hermes/hermes-87ac0a8e ling:salvage/pr-39244 ling:salvage/pr-41166 ling:salvage/pr-41076 ling:salvage/pr-39749 ling:salvage/pr-41151 ling:salvage/pr-41063 ling:salvage/pr-41048 ling:salvage/pr-38049 ling:salvage/pr-38063 ling:salvage/pr-38184 ling:salvage/pr-39198 ling:salvage/pr-39608 ling:salvage/pr-39624 ling:salvage/pr-41091 ling:salvage/pr-41113 ling:salvage/pr-41131 ling:salvage/pr-41024 ling:hermes/hermes-e2178603 ling:feat/recipes-skill-automations ling:feat/proactive-monitor ling:bb/cron-history-timeout ling:hermes/hermes-b1109a1a ling:fix/windows-update-gateway-respawn-breakaway ling:bb/desktop-install-update-ui ling:bb/vite-worktree-fs-allow ling:salvage/40531-mermaid-preview ling:salvage/40534-tool-exit-not-error ling:salvage/40242-oauth-header-test ling:salvage/40430-cron-cli-tests ling:salvage/40363-desktop-cwd-default ling:salvage/40264-clarify-mention-strip ling:salvage/40273-banner-width ling:salvage/40346-plugins-list-entrypoints ling:salvage/40303-timestamp-format ling:salvage/40431-hook-thread-chattype ling:salvage/40413-40299-macos-launchd-reliability ling:salvage/40490-lazydeps-tui-prompt ling:emo/preseve-shallow ling:bb/desktop-remote-image-upload ling:bb/desktop-update-slash ling:bb/version-slash-command ling:bb/docs-remote-backend-update-skew ling:bb/backend-contract-bump-profile-routing ling:bb/docs-desktop-macos-gatekeeper ling:bb/update-reexec-after-pull ling:dependabot/npm_and_yarn/website/postcss-8.5.15 ling:fix/onboarding-skip-on-stale-env-var ling:ethie/windows-installer-fixes ling:feat/desktop-worktree-sessions ling:bb/desktop-send-to-all ling:ethie/ts-6 ling:salvage/pr-9190 ling:ethie/slash-prompt-start-only ling:opencode-port/respect-disabled-compaction-on-overflow ling:fix/node-fhs-root-hardening ling:hermes/hermes-f28d58c5 ling:fix/node-symlink-fhs-root-install ling:feat/dashboard-auth-self-hosted-oidc ling:bb/coding-agent-harness-analysis ling:feat/dashboard-register ling:fix/docker-tty-zero-dim-pty ling:hermes/hermes-040df651 ling:gemini-cli-port/config-corruption-backup ling:plugin-sdk-auth ling:hermes/hermes-6c420680 ling:hermes/hermes-aba10f53 ling:hermes/hermes-de0d15b6 ling:dependabot/github_actions/docker/setup-buildx-action-4.1.0 ling:feat/payments-skills ling:ethie/desktop-uninstall ling:fix/slash-keyboard-selection ling:dashboard-internal-ws-credential ling:dependabot/github_actions/marocchino/sticky-pull-request-comment-3.0.4 ling:pr-37665 ling:pr-37660 ling:ethie/uv-salvage ling:bb/installer-trusted-uv-resolution ling:hermes/hermes-780defc4 ling:ethie/oh-god ling:hermes/hermes-d1511484 ling:bb/desktop-install-path-clarity ling:feat/gateway-lazy-platform-import ling:hermes/hermes-a963c25d ling:kilocode-port/read-document-extraction ling:feat/blank-slate-setup ling:hermes/curator-usage-cli ling:ethie/win-exe-only ling:nanoclaw-port/upload-trace-v2 ling:openclaw-port/gemini-self-prefix-strip ling:ironclaw-port/search-budget-soft-truncation ling:bb/tui-ansi-height-desync ling:bb/clarify-prompt-timeout-stuck ling:revert-34333-feat/nvidia-skills-tap ling:fix/tui-mouse-x10-prompt-leak ling:hermes/hermes-d44c5398 ling:hermes/hermes-368c2379 ling:bb/gui-mainmerge-tmp ling:hermes/gateway-replace-fix ling:hermes/hermes-21eb0ce1 ling:fix/dev-dep-setuptools ling:fix/packaging-test-setuptools-dep ling:hermes/hermes-2747755a ling:docs/video-gen-nous-gateway ling:ethie/fix-nix-develop ling:v2026.5.29.1 ling:docs/execute-code-hermes-env-passthrough ling:hermes/hermes-135cadfb ling:feat/iron-proxy ling:hermes/sec-tier1-32130 ling:hermes/hermes-2b79b6da ling:extend-hook-registry-for-plugins ling:opencode-port/responses-failed-error-detail ling:hermes-events-bus ling:perf/fts-optimize ling:release/v0.15.0-strip-gui ling:salvage/31518-env-mode-preserve ling:fix/nix-gateway-install-env ling:hermes/hermes-737ba78e ling:cline-port/plugin-install-browser-urls ling:ethie/docker-simplify-tagging ling:dependabot/github_actions/actions/deploy-pages-5.0.0 ling:feat/15268-pricing-nous-xai ling:dependabot/github_actions/actions/create-github-app-token-3.2.0 ling:hermes/fix-copilot-auth-test ling:fix/update-detects-parent-shim-as-running ling:docker_s6 ling:dependabot/npm_and_yarn/scripts/whatsapp-bridge/multi-f792d6d6d9 ling:hermes/hermes-5fdb1cc4 ling:bb/tui-ctrlj-newline ling:sid/tool-gateway-implement ling:hermes/hermes-aa200214 ling:feat/whatsapp-cloud-api ling:feat/dashboard-typography-and-contrast ling:dependabot/npm_and_yarn/website/multi-f792d6d6d9 ling:ethie/faster-tests-fake-main ling:fix/vision-dimension-cap ling:hermes/hermes-09fb88ef ling:ziliang-review-fork-inherit-toolsets ling:salvage-8306-webhook-secret ling:dependabot/npm_and_yarn/website/picomatch-2.3.2 ling:hermes/hermes-5db05717 ling:hermes/hermes-a5904da7 ling:refactor/stop-writing-gateway-jsonl-transcripts ling:refactor/stop-writing-session-json-snapshots ling:hermes/hermes-72b329fd ling:hermes/hermes-008bccbc ling:hermes/firecrawl-integration-tag-telemetry-gated ling:dependabot/npm_and_yarn/website/brace-expansion-1.1.14 ling:dependabot/npm_and_yarn/website/path-to-regexp-3.3.0 ling:hermes/hermes-63babeb7 ling:hermes/hermes-5e533958 ling:hermes/hermes-8d7d912f ling:brooklyn/gui-installer-prereqs ling:hermes/hermes-429c1355 ling:bb/tui-mouse-burst-swallow ling:feat/session_search_modes ling:hermes/hermes-5ac74b48 ling:bb/cli-resize-duplication ling:salvage/pr-23780 ling:lsp-plugin ling:austin/fix/minimax-oauth ling:bb/lsp-lint ling:dependabot/uv/urllib3-2.7.0 ling:hermes/hermes-4fa48a27 ling:salvage/pr-22685 ling:feat/session-handoff ling:feat/codex-mcp-preset ling:feat/codex-cli-provider ling:hermes/hermes-3b90958e ling:perf/honcho-shutdown ling:hermes/hermes-b2e6c99b ling:austin/feat/google-oauth-provider ling:bb/gui-gateway-attach-wiring ling:bb/tui-gateway-attach-core ling:hermes/hermes-e239855c ling:fix/windows-uv-python-install-stderr ling:bb/windows-cli-tui-native-main ling:feat/trust-engine ling:feat/watchers ling:bb/widget-grid-slots ling:hermes/hermes-1c84a997 ling:feat/browser-coordinate-click ling:cline-port/openrouter-qwen-cache-control ling:fix/ty-1 ling:hermes/hermes-fee7225c ling:hermes/hermes-9ddf5187 ling:codex-port/hook-output-spill ling:fix/terminal-safety-filter-false-positives ling:fix/gateway-remove-stale-code-self-restart ling:kilocode-port/compact-strip-media ling:fix/stale-cwd-recovery ling:feat/hermes-send ling:kanban_hermes_home ling:hermes/hermes-fabc46fe ling:feat/tinyfish-browser-provider ling:hermes/hermes-96962c19 ling:claude-code-inspired/session-recap ling:fix/lazy-session-creation ling:hermes/hermes-3c2988b0 ling:opencode-port/invalid-mcp-url ling:opencode-port/moonshot-ref-siblings ling:bb/docker-tui-prebuilt ling:fix/aux-anthropic-url-regression-test ling:vbrunet/2026_04_15-terminal-title-updates ling:bb/theme ling:cline-port/gateway-memory-monitor ling:gemini-cli-port/exit-delete-session ling:bb/tui-copy-on-select ling:feat/comfyui-skill-v3 ling:hermes/hermes-dd91e6b2 ling:feat/provider-modules ling:hermes/hermes-dab6fbf1 ling:feat/comfyui-skill-v2 ling:vbrunet/2026_04_29-terminal-titles ling:feat/kanban-standing ling:bb/tui-reload-env ling:bb/learning-ledger ling:bb/tui-status-ticker-width ling:fix/plugin-loader-sys-modules-registration ling:fix/deprecate-extrapackages-nix ling:hermes/hermes-c8604b32 ling:fix/chat-tab-persistence ling:feat/langfuse-plugin ling:kilocode-port/subagent-cost-rollup ling:fix/analytics-include-cache-tokens ling:hermes/hermes-8fedd55b ling:bb/fix-tui-input-selection ling:bb/p2-mru-resume-order ling:hermes/hermes-2c880154 ling:hermes/hermes-8b414b52 ling:nanoclaw-port/signal-groupv2 ling:hermes/hermes-d7874f79 ling:hermes/curator-infra ling:bb/tui-perf-fix ling:feature/tui-showroom ling:bb/base-gui ling:investigate/fix-tui-container-ink-bundle ling:fix/flush-memories-context-overflow ling:design/compression-eval-harness ling:fix/stop-interrupt-retry-loop ling:fix/model-switch-custom-endpoint ling:fix/web-env-validation ling:fix/hindsight-blank-nuke ling:fix/setup-vision-blank ling:sid/discord-context-injection ling:sid/discord-tool-split ling:sid/fix-tools-config-save ling:sid/fix-platform-tool-loading ling:hermes/hermes-6c37b3dd ling:hermes/hermes-9d07c44f ling:alice/nous-portal-recommended-models ling:onboarding ling:sid/restructure-pr1-acp ling:bb/tui-web-chat ling:opencode-port/configurable-tool-output-limits ling:hermes/hermes-34b3f52d ling:sid/types-and-lints ling:sid/foundational-restructure ling:feat/dashboard-chat ling:gemini-cli-port/ssl-retry-patterns ling:cline-port/anthropic-cache-tokens-top-level ling:nemo-gym-changes ling:fix/schema-reconciliation ling:fix/upgrade-agent-browser-0.26 ling:feat/ssrf-allow-private-urls ling:feat/volcengine-byteplus ling:refactor/unify-transport-dispatch ling:feat/require-mention-channels ling:remove-nous-free-allowlist ling:codex-port/ignore-user-config-flags ling:bb/tui-mouse-toggle ling:feat/td-skill-update ling:feat/bedrock-transport ling:feat/chat-completions-transport ling:hermes/hermes-bb7c1b2e ling:kilocode-port/filter-non-tool-openrouter-models ling:fix/kimi-drop-temperature ling:bb/tui-elapsed-lastmsg-8541 ling:feat/transport-types ling:refactor/extract-codex-adapter ling:ironclaw-port/url-and-form-redaction ling:openclaw-port/display-tool-call-tags-strip ling:openclaw-port/anthropic-max-tokens-guard ling:openclaw-port/compaction-credential-redaction ling:sid/workspace-salvage ling:chore/ci-path-filters ling:chore/remove-stale-docs ling:feat/native-gemini-provider ling:salvage/helix4u-zai-setup ling:hermes/hermes-150d8cf8 ling:hermes/browser-dialog ling:fix/minimax-glm-token-compression ling:salvage/nvidia-nim-max-tokens ling:fix/nix-web-dashboard ling:feat/comfyui-skill ling:hermes/hermes-9c0eed69 ling:fix/mcp-oauth-bidirectional-generator-bridge ling:claude-code-inspired/dangerous-cmd-hardening ling:fix/test-backoff-timers ling:ci/matrix-split-v2 ling:fix/test-reduction-batch-2 ling:feat/searxng-backend ling:opencode-port/sessions-export-sanitize ling:dashboard-show-remote-gateway-url ling:hermes/gemini-oauth-30b2099d ling:feat/gemini-tts-salvage ling:feat/ungate-tool-gateway ling:xai-media-tools ling:fix/ci-test-failures ling:hermes/hermes-9d38280f ling:gemini-cli-port/strategic-reevaluation ling:fix/client-cache-fd-exhaustion ling:salvage/watch-notification-routing ling:hermes/hermes-5d6c3d3e ling:fix/dashboard-analytics-accuracy ling:hermes/hermes-9a00cfa2 ling:hermes/hermes-050c727e ling:hermes/hermes-4a9b24c3 ling:codex-port/mcp-parallel-tool-calls ling:gateway-plugin-loading ling:max_paperclips/gateway-plugin-loading ling:feat/remote-gateway-health-probe ling:compaction-secrets-preservation ling:fix/dashboard-routing ling:update-issue-templates-debug-share ling:sid/tb2-evals ling:feat/deep-research-skill ling:hermes/hermes-1b2e5f73 ling:hermes/hermes-9e793b91 ling:fix/feishu-identity-model ling:fix/web-cron-page-schedule-object ling:ironclaw-port/telegram-utf16-splitting ling:nanoclaw-port/session-artifact-cleanup ling:openclaw-port/reject-weak-gateway-creds ling:openclaw-port/matrix-mentions-user-ids ling:fix/gateway-no-systemctl ling:skill/github-code-review-mcp-tools ling:chore/remove-sha-docker-tag ling:feat/gateway-mcp-config-watcher ling:hermes/hermes-1f7bfa9e ling:feat/file-sync-back ling:fix/modal-ssh-upload-bugs ling:hermes/salvage-7558 ling:hermes/hermes-72401910 ling:hermes/hermes-925eff6a ling:hermes/hermes-c965583d ling:hermes/hermes-9c0ad5d9 ling:hermes/hermes-905d6262 ling:hermes/hermes-070e5a43 ling:hermes/hermes-c382c827 ling:hermes/hermes-7052b79e ling:hermes/hermes-e08f4d67 ling:hermes/hermes-566f8c6d ling:hermes/hermes-4fdb3d23 ling:hermes/hermes-67b0d759 ling:hermes/hermes-b5e135be ling:hermes/hermes-2d3cc746 ling:hermes/hermes-80a283e0 ling:hermes/hermes-83dfcdfa ling:hermes/hermes-efa38736 ling:hermes/hermes-c78b9811 ling:hermes/hermes-ffc6cfa8 ling:hermes/hermes-a50b945e ling:twilio-auth-fix ling:fix/claw-migrate-warn-running-gateway ling:hermes/hermes-f6cda1f0 ling:hermes/hermes-524779d7 ling:hermes/hermes-da2f08b5 ling:hermes/hermes-672624fb ling:hermes/hermes-28292000 ling:hermes/hermes-ec496c80 ling:hermes/hermes-f43decdf ling:hermes/hermes-5bef3224 ling:hermes/hermes-17ae0c29 ling:fix/claw-migrate-improve-warnings ling:fix/claw-migrate-json-env-keys ling:fix/claw-migrate-workspace-main-paths ling:fix/claw-migrate-schema-drift ling:fix/matrix-memorycryptostore-args ling:fix/claw-migrate-tts-microsoft ling:fix/claw-migrate-nested-channel-tokens ling:hermes/hermes-ea68d311 ling:hermes/hermes-38060157 ling:hermes/hermes-0224a8b2 ling:hermes/hermes-b092dccf ling:hermes/hermes-03da22bc ling:hermes/bucket3 ling:hermes/hermes-2e0dc4f3 ling:salvage/bucket-st ling:hermes/hermes-ebb65d1b ling:hermes/hermes-d0d52697 ling:hermes/hermes-b17bdb8e ling:hermes/hermes-bc33645d ling:salvage/bucket-p ling:hermes/hermes-4a5220fe ling:hermes/hermes-7f8c199a ling:hermes/hermes-fefa061a ling:feat/mautrix-migration ling:hermes/hermes-7e4c9931 ling:hermes/hermes-dc4200fd ling:salvage/bucket-o ling:feat/container-aware-cli ling:fix/daytona-bulk-upload-config-bridge-7362 ling:claude-code-inspired/context-breakdown ling:hermes/hermes-1bd9e323 ling:hermes/hermes-17b93f0b ling:hermes/hermes-9d5d8704 ling:salvage/bucket-n ling:api-server-enforce-key ling:hermes/hermes-f8dcb6dd ling:hermes/hermes-c7787b3d ling:salvage/bucket-m ling:hermes/hermes-30126ac0 ling:terminate-zombie-processes ling:hermes/hermes-ead3c84e ling:hermes/hermes-f1c0a201 ling:salvage/bucket-i ling:hermes/hermes-11e9b74a ling:hermes/hermes-90f54154 ling:hermes/hermes-2376d00b ling:hermes/hermes-8f5f6063 ling:salvage/bucket-l ling:hermes/hermes-84ed614f ling:hermes/hermes-0f8490c2 ling:hermes/hermes-2a3d0461 ling:salvage/bucket-k ling:hermes/hermes-62b22a1e ling:hermes/hermes-26f90bd3 ling:security/bucket-j ling:hermes/hermes-7ef33568 ling:hermes/hermes-3ffcbfb5 ling:hermes/hermes-6584b1e4 ling:hermes/hermes-d9d67691 ling:hermes/hermes-cde3c240 ling:hermes/hermes-27e1fc16 ling:hermes/hermes-5f2c8429 ling:hermes/hermes-8dbb2cec ling:hermes/hermes-bbf55c16 ling:hermes/hermes-a21aa249 ling:hermes/hermes-eafa085a ling:hermes/hermes-4b558854 ling:hermes/hermes-0687c6d6 ling:hermes/hermes-33e13b6f ling:hermes/hermes-1fd9f435 ling:hermes/hermes-1bb7ea55 ling:hermes/hermes-57ea0a16 ling:hermes/hermes-5bbf4839 ling:hermes/hermes-617689ff ling:hermes/hermes-5cfcdf33 ling:hermes/hermes-05b0c02e ling:hermes/hermes-115318ed ling:hermes/hermes-f454d397 ling:hermes/hermes-43ae98f3 ling:hermes/hermes-87f37874 ling:hermes/hermes-bbe6a8b7 ling:hermes/hermes-2556be1e ling:hermes/hermes-8494816d ling:hermes/hermes-0d0bfa89 ling:hermes/hermes-c711558a ling:hermes/hermes-7aad138d ling:hermes/hermes-4b6801c7 ling:hermes/hermes-374f99bc ling:hermes/hermes-605d722e ling:hermes/hermes-c546e7a1 ling:hermes/hermes-62b6865d ling:hermes/hermes-f8a6248b ling:hermes/hermes-fe654944 ling:hermes/hermes-d4ece6c2 ling:fix/stream-think-tag-false-positive ling:hermes/hermes-d0607f0a ling:hermes/hermes-1c7df171 ling:fix/oauth-issue2-nous-pool-refresh-sync-authstore ling:hermes/hermes-95b15f6e ling:hermes/hermes-e201f931 ling:opencode-port/alibaba-rate-limit-retry ling:fix/oauth-issue1-nous-entry-needs-refresh ling:fix/oauth-issue5-is-expiring-none-handling ling:fix/oauth-issue4-anthropic-proactive-sync-hermes-pkce ling:fix/oauth-issue3-codex-proactive-sync-before-refresh ling:sid/dead-code-remove ling:hermes/hermes-8c64f471 ling:hermes/hermes-ff5ba265 ling:hermes/hermes-71aea4c5 ling:hermes/hermes-1b5bb607 ling:hermes/hermes-25b83dfd ling:fix/nix-shared-state-perms ling:hermes/hermes-30ac05a4 ling:hermes/hermes-731d3033 ling:hermes/hermes-41d14a2c ling:hermes/hermes-3f221b1b ling:hermes/hermes-e873511f ling:hermes/hermes-41cd011b ling:hermes/hermes-f409204f ling:hermes/hermes-bcf93c03 ling:hermes/hermes-2f44469d ling:hermes/hermes-3466ee98 ling:hermes/hermes-398baa59 ling:hermes/hermes-1ff40dac ling:hermes/hermes-0429963a ling:hermes/hermes-ff89d9af ling:hermes/hermes-de843a22 ling:hermes/hermes-037596df ling:hermes/hermes-e77cdbbf ling:hermes/hermes-135e8d93 ling:hermes/hermes-f2a81adb ling:hermes/hermes-2447adad ling:hermes/hermes-005912a8 ling:hermes/hermes-1845cad9 ling:hermes/hermes-d5c0fd3b ling:hermes/hermes-b5d8eff0 ling:hermes/hermes-5df3920d ling:hermes/hermes-b0a4b31e ling:hermes/hermes-063b6e1d ling:hermes/hermes-98aa7b3a ling:hermes/hermes-1fa6ad8f ling:hermes/hermes-485d498c ling:hermes/hermes-e77429d5 ling:hermes/hermes-1d8a5754 ling:sid/unified-file-sync ling:hermes/hermes-38cb19c4 ling:hermes/hermes-54fe23ca ling:fix/nix-add-to-system-packages-complete ling:hermes/hermes-947c24f7 ling:sid/unified-terminal-envs ling:hermes/hermes-9085f0bb ling:hermes/hermes-6b365d9a ling:hermes/hermes-4923821d ling:hermes/hermes-4e231d00 ling:hermes/hermes-554a02fe ling:hermes/hermes-016048ea ling:feat/worldsim-skill ling:hermes/hermes-6b456629 ling:hermes/hermes-f845dfbe ling:hermes/hermes-83d3c1db ling:hermes/hermes-8452ab09 ling:hermes/hermes-9f84a11f ling:hermes/hermes-53abd2ba ling:hermes/hermes-ef18f2ae ling:hermes/hermes-7d888e8c ling:hermes/hermes-7bf50ef1 ling:hermes/hermes-f400edfe ling:hermes/hermes-27761e13 ling:hermes/hermes-d07e864e ling:hermes/hermes-e3aca6ef ling:hermes/hermes-c7eda492 ling:sid/tool-result-fixes ling:hermes/hermes-87470f33 ling:hermes/hermes-ef25015a ling:hermes/hermes-fb3680fc ling:hermes/hermes-476720eb ling:hermes/hermes-7d70fb12 ling:hermes/hermes-2f2a1403 ling:hermes/hermes-c81d4c5a ling:hermes/hermes-3ff117b3 ling:hermes/hermes-5e970516 ling:hermes/hermes-cabfdb4f ling:sid/restructure-tests ling:hermes/hermes-701b2186 ling:rm/add-portal-link ling:hermes/hermes-81f85bb4 ling:hermes/hermes-822a0590 ling:hermes/hermes-d623dc00 ling:hermes/hermes-37b5ec52 ling:hermes/hermes-fef87f31 ling:hermes/hermes-f1e32b74 ling:hermes/hermes-756f7e33 ling:salvage/5752-nous-free-tier-gating ling:feat/nous-free-tier-model-gating ling:switch-managed-browser-to-browser-use ling:hermes/hermes-7697425c ling:hermes/hermes-53b01c86 ling:hermes/hermes-81d3384e ling:hermes/hermes-86122627 ling:hermes/hermes-03d7aa21 ling:hermes/hermes-b34c1567 ling:hermes/hermes-694ff34e ling:hermes/hermes-b93afb56 ling:hermes/hermes-c1ef09e3 ling:fix/portal-env-var-ignored-during-login ling:hermes/hermes-479681ef ling:hermes/hermes-cd5ac32c ling:hermes/hermes-71aaf6c8 ling:hermes/hermes-f177c8f0 ling:hermes/hermes-db0c54fb ling:sid/unified-execution ling:hermes/hermes-35bfb4c2 ling:hermes/hermes-47b24166 ling:hermes/hermes-e5557d16 ling:hermes/hermes-b809b68d ling:sid/nix-fixes-nits ling:taubench_eval ling:feat/firecrawl-browser-provider ling:hermes/hermes-7a93e2c7 ling:hermes/hermes-8cc55056 ling:hermes/hermes-838c5b76 ling:workdir-quote-escape ling:hermes/hermes-c4a8b829 ling:rm/browser-use-tool-gateway ling:hermes/hermes-ac0ac8da ling:hermes/hermes-ba679ba8 ling:hermes/hermes-b692993b ling:hermes/hermes-ce719117 ling:hermes/hermes-0bc806a5 ling:hermes/hermes-00399121 ling:hermes/hermes-5a282295 ling:fix/various-qa ling:hermes/hermes-3ef4d555 ling:hermes/hermes-ef6f7818 ling:hermes/hermes-be07ee70 ling:hermes/hermes-c0614333 ling:hermes/hermes-3c9f4a9e ling:hermes/hermes-39d533b8 ling:hermes/hermes-d6f63ade ling:hermes/hermes-f47156c2 ling:hermes/hermes-533d3bd8 ling:hermes/hermes-2e42b3a2 ling:fix/research-paper-writing-gaps ling:hermes/hermes-7c95bd3c ling:hermes/hermes-626ac686 ling:hermes/hermes-0d7c99a6 ling:fix/nous-portal-env-override ling:hermes/hermes-80f0ff01 ling:hermes/hermes-8bb0c65b ling:feat/model-pricing-display ling:hermes/hermes-03bdbe18 ling:hermes/hermes-84dbce0e ling:hermes/hermes-c6eacd11 ling:hermes/hermes-25bce159 ling:hermes/hermes-1e6ea4d6 ling:hermes/hermes-bae00f49 ling:hermes/hermes-40531417 ling:hermes/hermes-f9d9e542 ling:hermes/hermes-8e46c8ba ling:hermes/hermes-3d0a599a ling:hermes/hermes-c0119f86 ling:hermes/hermes-7fbab92d ling:hermes/hermes-32facb3d ling:hermes/hermes-d0aa7802 ling:hermes/hermes-4ff7e90f ling:hermes/hermes-3667f42f ling:feat/model-provider-overhaul ling:hermes/hermes-1a69af68 ling:hermes/hermes-c035e060 ling:hermes/hermes-466467d8 ling:hermes/hermes-95f1173a ling:hermes/hermes-208cc6d6 ling:hermes/hermes-1e826e60 ling:hermes/hermes-f2f17778 ling:hermes/hermes-a7ac7c42 ling:hermes/hermes-db023341 ling:hermes/hermes-8c57ca22 ling:hermes/hermes-511b79a5 ling:hermes/hermes-931dc358 ling:feat/fix-plugin-cache-prefix ling:hermes/hermes-3329bd98 ling:salvage/hindsight-5044 ling:hermes/hermes-0971565e ling:hermes/hermes-eba4b946 ling:hermes/hermes-ff50f5ae ling:hermes/hermes-feb2ec9d ling:hermes/hermes-a82207c8 ling:hermes/hermes-1e1d81f5 ling:hermes/hermes-766150bd ling:hermes/hermes-cc1cea2c ling:hermes/hermes-5cbeeeb5 ling:hermes/hermes-3eaaba2c ling:hermes/hermes-d307e4ae ling:claude-code-inspired/session-branch ling:hermes/hermes-70885193 ling:hermes/hermes-8eea7e1a ling:hermes/hermes-36a59267 ling:hermes/hermes-31074029 ling:hermes/hermes-10baf9e9 ling:hermes/hermes-4d7efb1e ling:hermes/hermes-3b5d0490 ling:hermes/hermes-97fe1e3c ling:hermes/hermes-b19afd39 ling:hermes/hermes-669f5444 ling:feat/docker-env-vars ling:hermes/hermes-5deaba3e ling:hermes/hermes-368f91f8 ling:hermes/hermes-b9588524 ling:feat/acp-mcp-server-registration ling:opencode-port/language-aware-compression ling:hermes/hermes-50668d84 ling:hermes/hermes-376c741f ling:hermes/hermes-7cbc527e ling:hermes/hermes-7ab21fac ling:hermes/hermes-623833b1 ling:hermes/hermes-7de32281 ling:hermes/hermes-921b394b ling:hermes/hermes-dc0f1ff6 ling:hermes/hermes-9a801eb5 ling:hermes/hermes-ad6e6820 ling:hermes/hermes-8b18afb8 ling:rewbs/tool-use-charge-to-subscription ling:gemini-cli-port/stale-browser-snapshot-superseding ling:hermes/hermes-91844716 ling:hermes/hermes-f55316e0 ling:hermes/hermes-76f7e5cd ling:hermes/hermes-cc622e18 ling:hermes/hermes-79b25268 ling:hermes/hermes-f4786c9c ling:hermes/hermes-41d468a2 ling:hermes/hermes-701ad555 ling:hermes/hermes-35337734 ling:hermes/hermes-e10e6bf0 ling:hermes/hermes-8a2494d5 ling:hermes/hermes-385d033c ling:hermes/hermes-2c786d88 ling:hermes/hermes-24c5a56c ling:hermes/hermes-a8a19433 ling:hermes/hermes-dadddde3 ling:hermes/hermes-99d28812 ling:hermes/hermes-98ff0c21 ling:hermes/hermes-abdd86e5 ling:hermes/hermes-3090d6ac ling:hermes/hermes-eaa694be ling:sid/pwn-bench ling:hermes/hermes-578d1b94 ling:hermes/hermes-da1d3af1 ling:hermes/hermes-88866ac7 ling:hermes/hermes-5c3ebbce ling:hermes/hermes-b6eff376 ling:hermes-d0598e72 ling:hermes/hermes-940f3eca ling:hermes/hermes-e87583c1 ling:hermes/hermes-bf538de7 ling:hermes/hermes-f75b7c8e ling:sid/pwn-bench-dojo-id-fix ling:hermes/hermes-b2abefdf ling:hermes/hermes-f0221ac3 ling:hermes/hermes-a866ff99 ling:hermes/hermes-f091e3b8 ling:hermes/hermes-cd7257f9 ling:hermes/hermes-9b1dadd7 ling:hermes/hermes-b7b6ec54 ling:hermes/hermes-4ce879fa ling:hermes/hermes-c815228d ling:hermes/hermes-3bd17b7b ling:fix/minimax-aux-model-pricing ling:fix/npm-ci-update ling:fix/uv-lock-exa-py ling:feat/secrets-phase1 ling:ascii-video/text-readability-and-layout-oracle ling:hermes/hermes-76df6a95 ling:hermes/hermes-ac2495d7 ling:hermes/hermes-bf2cd279 ling:hermes/hermes-8e764fde ling:hermes/hermes-b6f1eb21 ling:hermes/hermes-3d9ccfec ling:hermes/hermes-deb3d2ef ling:endless_terminals_integration ling:hermes/hermes-4b23f322 ling:feat/web-ui ling:hermes/hermes-6835494f ling:fix/anthropic-whatsapp ling:feat/rate-limiter ling:hermes/hermes-b8e0ec91 ling:hermes/hermes-af1b4b23 ling:hermes/hermes-164a52cc ling:feat/ci-improvements ling:feat/agent-resilience ling:feat/cron-script-gate ling:hermes/hermes-0d76d7cd ling:hermes/hermes-e6f1d362 ling:hermes/hermes-b8464e26 ling:hermes/hermes-ea354159 ling:hermes/hermes-ab59de22 ling:hermes/hermes-ec5223e1 ling:hermes/hermes-b351df6b ling:docker ling:feat/keystore-wallet ling:hermes/hermes-f4f0292e ling:hermes/hermes-97c48e70 ling:fix/uv-lock-version ling:fix/unify-permissions ling:hermes/hermes-51f7b6b6 ling:hermes/hermes-135af169 ling:hermes/hermes-a403a780 ling:hermes/hermes-5e6ebebb ling:hermes/hermes-f5a4cd91 ling:hermes/hermes-03f7719f ling:hermes/hermes-8a2f15b3 ling:hermes/hermes-5a68ad9d ling:hermes/hermes-a2b72b01 ling:feat/gpt-tool-steering ling:hermes/hermes-37947bdb ling:hermes/hermes-9420d6a3 ling:hermes/hermes-6c7a1441 ling:hermes/hermes-86f614ec ling:hermes/hermes-4f6a1f8e ling:hermes/hermes-caea5692 ling:hermes/hermes-f8f80cce ling:hermes/hermes-5ef8201d ling:hermes/hermes-140430f8 ling:feat/suffix-path-apt-provision ling:hermes/hermes-64c3ceb2 ling:hermes/hermes-cd318db6 ling:hermes/hermes-dd753a5f ling:hermes/hermes-dfd0d467 ling:hermes/hermes-7e1dfbda ling:fix/api-server-toolset ling:hermes/hermes-93060758 ling:hermes/hermes-ad9511d6 ling:hermes/hermes-6dfb41ea ling:hermes/hermes-52a54135 ling:hermes/hermes-203498f3 ling:hermes/hermes-998d1c81 ling:hermes/hermes-7d7ac769 ling:hermes/hermes-d877fbc1 ling:hermes/hermes-9f3f51e2 ling:hermes/hermes-0b98b356 ling:chore/remove-pkce-oauth ling:hermes/hermes-2cdc8d39 ling:hermes/hermes-c75e42c8 ling:hermes/hermes-e483085e ling:sid/remove-drift-check ling:sid/nix-flake ling:hermes/hermes-ac86d935 ling:hermes/hermes-4e5b94c3 ling:hermes/hermes-84f0446e ling:docs/hooks-page-update ling:hermes/hermes-aff6c48a ling:hermes/hermes-ae6184d3 ling:hermes/hermes-afb547e5 ling:hermes/hermes-0f4e765c ling:hermes/hermes-baa39faf ling:hermes/hermes-gateway-context ling:hermes/hermes-3c0e357d ling:hermes/hermes-ab0f07ce ling:hermes/hermes-e6c9dba2 ling:hermes/hermes-1817ce8d ling:hermes/hermes-764f7842 ling:hermes/hermes-e26fa01d ling:hermes/hermes-e8325591 ling:hermes/hermes-46839e2f ling:hermes/hermes-28b19313 ling:hermes/hermes-11fd857d ling:hermes/hermes-1b7b3ffb ling:hermes/hermes-1e53b883 ling:hermes/hermes-c6c58b20 ling:fix/toolset-deselection ling:fix/media-paths-spaces ling:fix/media-spaces-2 ling:fix/approval-yaml-off ling:hermes/hermes-a2fa4544 ling:hermes/hermes-d58d97b5 ling:hermes/hermes-f9506ecc ling:hermes/hermes-dc116992 ling:hermes/hermes-81afb1bb ling:hermes/hermes-31d7db3b ling:hermes/hermes-5d6932ba ling:hermes/hermes-40b195db ling:hermes/hermes-0fa141a3 ling:feat/streaming-default ling:feat/context-file-priority ling:hermes/hermes-3369cdb1 ling:streaming-plus-reasoning ling:fix/event-loop-closed-delegate ling:hermes/hermes-7ea545bf ling:hermes/hermes-3d7c23c9 ling:hermes/hermes-4a7e401e ling:hermes/hermes-b313983a ling:hermes/hermes-6757a563 ling:hermes/hermes-e83093f0 ling:hermes/hermes-14b05543 ling:hermes/hermes-54c1fc70 ling:hermes/hermes-f1230adf ling:hermes/hermes-9c2a5d00 ling:fix/custom-endpoint-context-length ling:hermes/hermes-51eb4292 ling:hermes/hermes-9dc2e46c ling:fix/anthropic-compatible-api-mode ling:hermes/hermes-6193ae92 ling:hermes/hermes-b29f73b2 ling:hermes/hermes-ba3c8fa1 ling:hermes/hermes-562a3784 ling:fix/whatsapp-reply-prefix-bridging ling:hermes/hermes-eab76047 ling:feat/whatsapp-reply-prefix ling:feat/unauthorized-dm-behavior ling:fix/cron-oneshot-grace ling:hermes/hermes-8112c8c8 ling:fix/browser-command-registry ling:feat/cron-silent-suppression ling:fix/agent-created-skill-policy ling:hermes/hermes-e2084cc7 ling:hermes/hermes-c954a38b ling:hermes/hermes-8058968e ling:hermes/hermes-0d5a11f5 ling:hermes/hermes-09305421 ling:hermes/hermes-0ed29ee7 ling:hermes/hermes-4c573e36 ling:hermes/hermes-044b5de9 ling:hermes/hermes-48646def ling:fix/gateway-platform-hardening ling:fix/tool-handler-safety ling:hermes/hermes-31dc9875 ling:fix/defensive-hardening ling:hermes/hermes-3fc35e7b ling:hermes/hermes-c91521bf ling:hermes/hermes-835076ca ling:fix/cron-timezone-naive-iso ling:hermes/hermes-5a9e8a78 ling:fix/memory-tool-file-locking ling:fix/model-metadata-fuzzy-match ling:fix/compression-attempts-persist ling:fix/run-agent-role-violations ling:fix/browser-session-race ling:fix/compressor-consecutive-role-violation ling:fix/messaging-toolset-missing ling:fix/length-continue-retries-reset ling:fix/cron-double-load-jobs ling:fix/anthropic-tool-choice-none ling:fix/auxiliary-is-nous-reset ling:fix/matrix-mattermost-mark-connected ling:fix/dingtalk-requirements-check ling:fix/hermes-state-thread-locks ling:fix/anthropic-adapter-merge-content-loss ling:fix/gateway-yaml-pii-redaction ling:fix/redacting-formatter-import ling:fix/nous-model-fetch-kwargs ling:fix/gateway-skill-command-nameref ling:hermes/hermes-ee292dec ling:hermes/hermes-ac005632 ling:feat/mattermost-matrix-adapters ling:hermes/hermes-923bc090 ling:hermes/hermes-f685e964 ling:hermes/hermes-3218df83 ling:hermes/hermes-6bb9911e ling:hermes/hermes-1eba1f1d ling:fix/discord-thread-persistence ling:hermes/hermes-a86162db ling:hermes/hermes-6891ac11 ling:hermes/hermes-c3e4cd9f ling:hermes/hermes-8f33e910 ling:hermes/hermes-93b81725 ling:hermes/hermes-733cf6a3 ling:shloms/ascii-video-v3 ling:fix/anthropic-oauth-compat ling:hermes/hermes-a098c323 ling:hermes/hermes-6360cdf9 ling:hermes/hermes-84930008 ling:fix/smart-model-routing ling:hermes/hermes-81c07511 ling:hermes/hermes-865f6958 ling:fix/1445-docker-cwd-optin ling:hermes/hermes-adbf9508 ling:fix/814-group-session-isolation ling:fix/1033-telegram-voice-fallback ling:fix/setup-curses ling:fix/ssh-preflight-check ling:fix/openrouter-reasoning-gate ling:fix/custom-endpoint-verification ling:fix/telegram-chunk-mdv2 ling:fix/status-token-counts ling:fix/honcho-seed-identity ling:fix/mcp-auto-reload ling:rewbs/feat-vercel-log-analysis-loop-skill ling:fix/tirith-startup-noise ling:fix/docker-explicit-forward-env ling:sid/persistent-backend ling:fix/1071-dict-tool-args ling:hermes/hermes-60456cd2 ling:fix/1219-cron-thread-context ling:fix/1244-env-override ling:fix/1336-discord-voice-reliability ling:fix/1414-gateway-shutdown-restart ling:fix/1412-session-delete-prefix ling:fix/1409-photo-burst-interrupts ling:fix/1247-preserve-mcp-toolsets ling:fix/1264-env-secret-blocklist ling:fix/1056-dm-session-isolation ling:hermes/gws-hybrid ling:hermes/hermes-daa73839 ling:hermes/slack-thread-docs ling:hermes/hermes-45b79a59-clawhub-search ling:hermes/hermes-8bb24bf8 ling:hermes/hermes-7ef7cb6a ling:hermes/hermes-eca4a640 ling:hermes/hermes-629f8bde ling:hermes/hermes-aa701810 ling:hermes/hermes-0fadff1b ling:hermes/hermes-45b79a59-pr1087 ling:hermes/hermes-45b79a59 ling:hermes/plan-workspace-storage ling:fix/retry-history-replacement ling:hermes/hermes-51c02bb3 ling:hermes/hermes-39158886-docs ling:hermes/hermes-781f9235-docs ling:hermes/hermes-39158886-scope-prompts ling:hermes/hermes-781f9235 ling:hermes/hermes-39158886 ling:feat/aux-delegation-direct-endpoints ling:hermes/hermes-cf8340fc ling:hermes/hermes-f1104def ling:fix/cron-same-target-send-suppression ling:hermes/hermes-ec1096a3 ling:hermes/hermes-1fc28d17 ling:hermes/hermes-048e6599 ling:hermes/hermes-771dc4f8 ling:salvage/pr-977-mcp-stdio ling:hermes/hermes-3702edad ling:hermes/hermes-f48b210a ling:hermes/hermes-cc060dd9 ling:hermes/hermes-24af4d63 ling:hermes/hermes-8ea7cef0 ling:hermes/hermes-720acdad ling:hermes/hermes-645b95a6 ling:fix/worktree-terminal-requirements ling:fix/file-tool-log-noise ling:hermes/hermes-07d947aa ling:feat/cache-aware-context-compaction ling:hermes/hermes-50716de4 ling:hermes/hermes-7c22e5c1 ling:hermes/hermes-31d07af4 ling:fix/honcho-cache-stability ling:hermes/hermes-e0e71a89 ling:hermes/hermes-6299a8b2 ling:hermes/hermes-294208e8 ling:hermes/hermes-447d1ebd ling:hermes/hermes-4cde5efa ling:hermes/hermes-80175760 ling:hermes/hermes-1ba70e80 ling:fix/hygiene-threshold ling:fix/compression-session-sync ling:hermes/hermes-6ec3b1a9 ling:fix/packaging-bugs ling:hermes/hermes-42bc21fb ling:hermes/hermes-d28bf447 ling:hermes/hermes-f47f71c0 ling:hermes/hermes-e31afb4d ling:hermes/hermes-7ade10b5 ling:hermes/hermes-c877bdeb ling:hermes/hermes-3ea433e3 ling:sid/xitter-skill ling:hermes/hermes-465f3702 ling:hermes/hermes-4b9773d6 ling:feat/optional-rl-training ling:hermes/hermes-3a9bd319 ling:hermes/hermes-5da06378 ling:hermes/hermes-37fb78aa ling:hermes/hermes-cf9f7d54 ling:voice/default-soul ling:fix/landing-page ling:feat/devex-tooling ling:feat/phone-call-tool ling:hermes/hermes-74edaf38 ling:hermes/hermes-b86fddbe ling:hermes/hermes-106e92b2 ling:hermes/hermes-20ea56c0 ling:fix/smart-vision-setup ling:fix/cron-naive-timestamps ling:hermes/hermes-7ac629f4 ling:hermes/hermes-ece5a45c ling:feat/streaming ling:feat/custom-compaction-prompt-config ling:fix/multimodal-compress-content ling:feat/codex-handoff-prefix ling:feat/codex-compaction-prompt ling:hermes/hermes-98b7f9b9 ling:hermes/hermes-ecb374ec ling:hermes/hermes-90ec9b1f ling:hermes/hermes-5f68598a ling:hermes/hermes-b0162f8d ling:feat/show-full-dangerous-command ling:hermes/hermes-21d8bacc ling:hermes/hermes-281ff8aa ling:hermes/hermes-3d744afd ling:hermes/hermes-1a683351 ling:feat/checkpoint-rollback ling:hermes/hermes-5ab2a29e ling:add-upstream-atropos-tool-use-changes ling:hermes/hermes-b611b2fe ling:hermes/hermes-0cbb57e2 ling:fix/vision-test-flake ling:feat/parallelize-tests ling:feat/devex-help ling:feat/streaming-tui ling:hermes/hermes-d2f5523a ling:feat/telegram-send-document ling:optional-builtin ling:feat/budget-pressure-via-tool-result ling:hermes/hermes-e56c0f70 ling:feat/discord-allow-bots ling:feat/file-permissions-hardening ling:feat/configurable-compaction-protection ling:feat/head-tail-truncation-execute-code ling:hermes/hermes-c53b7cba ling:hermes/hermes-abbf790e ling:hermes/hermes-f8d56335 ling:hermes/hermes-3cd7c62d ling:hermes/hermes-2cb83eed ling:feat/bell-on-complete ling:hermes/hermes-cfe83dd1 ling:pass-session-id ling:fuck-it-ship-it ling:feat/session-naming ling:revert-659-feat/skill-prerequisites ling:custom_auxiliary_models ling:rewbs/nous-key-remint-attempt-on-401 ling:feat/modular-setup-wizard ling:feat/insights ling:feat/modal ling:feature/obliteratus-skill ling:endless-terminal-new ling:fix-widescreen-prompt-box ling:fix/none-content-pattern ling:rewbs/fix-nous-refresh-token-rotation-on-key-mint-failure ling:rewbs/nous-portal-integration ling:nomad-backend-fanout-pr3 ling:terminal-backend-fanout-pr2 ling:atropos-integrations-pr ling:atropos-integrations ling:endless-terminals ling:atropos-hermes-agent ling:modal-integration ling:rl-capabilities ling:macbook-tests ling:architecture-planning ling:add-prokletor ling:asyncio ling:thought-sig ling:profiling ling:simplify-terminal ling:cluster-fail ling:tc-logging ling:update-snapshot-id ling:test ling:fix-leakage ling:fix-terminal ling:UI ling:add-morph-snapshot ling:terminal
ling:v2026.6.5 ling:v2026.5.29.2 ling:clean-before-remerge ling:v2026.5.29 ling:merge-commit-backup ling:premerge-oh-god ling:v2026.5.28 ling:v2026.5.16 ling:desktop-pr20059-installers ling:v2026.5.7 ling:v2026.4.30 ling:v2026.4.23 ling:v2026.4.16 ling:v2026.4.13 ling:v2026.4.8 ling:v2026.4.3 ling:v2026.3.30 ling:v2026.3.28 ling:v2026.3.23 ling:v2026.3.17 ling:v2026.3.12
...
compare: ling:fix/require-token-gated-cookie
Branches Tags
ling:main ling:fix/parallel-runner-exit4-retry ling:hermes/hermes-eaa6fd9c ling:hermes/hermes-2d0a2eb3 ling:feat/opentui-native-engine ling:bb/desktop-terminal-bottom-main ling:dependabot/npm_and_yarn/multi-280c263cef ling:bb/desktop-slash-commands ling:fix/terminal-env-sync-test ling:refactor/concurrent-gate-fixture-scope ling:feat/debug-share-nous-s3 ling:feat/gateway-relay-adapter ling:feat/tui-plugins-hub ling:fix/plugins-slash-command-discovery ling:fix/require-token-gated-cookie ling:bb/desktop-terminal-bottom ling:feat/plugin-subdir-install ling:bb/done-chime ling:fix/photon-test-package-init ling:ethie/nix-faster ling:feat/suggested-cron-jobs ling:hermes/hermes-691528b9 ling:feat/desktop-remote-update-skew ling:dependabot/github_actions/actions-minor-patch-f47b767401 ling:feat/apify-plugin ling:feat/dynamic-workflow-skill ling:hermes/hermes-8d223d48 ling:hermes/hermes-b9598731 ling:worktree-desktop-surface-slash-commands ling:migrate/platforms-to-plugins ling:hermes/hermes-87ac0a8e ling:salvage/pr-39244 ling:salvage/pr-41166 ling:salvage/pr-41076 ling:salvage/pr-39749 ling:salvage/pr-41151 ling:salvage/pr-41063 ling:salvage/pr-41048 ling:salvage/pr-38049 ling:salvage/pr-38063 ling:salvage/pr-38184 ling:salvage/pr-39198 ling:salvage/pr-39608 ling:salvage/pr-39624 ling:salvage/pr-41091 ling:salvage/pr-41113 ling:salvage/pr-41131 ling:salvage/pr-41024 ling:hermes/hermes-e2178603 ling:feat/recipes-skill-automations ling:feat/proactive-monitor ling:bb/cron-history-timeout ling:hermes/hermes-b1109a1a ling:fix/windows-update-gateway-respawn-breakaway ling:bb/desktop-install-update-ui ling:bb/vite-worktree-fs-allow ling:salvage/40531-mermaid-preview ling:salvage/40534-tool-exit-not-error ling:salvage/40242-oauth-header-test ling:salvage/40430-cron-cli-tests ling:salvage/40363-desktop-cwd-default ling:salvage/40264-clarify-mention-strip ling:salvage/40273-banner-width ling:salvage/40346-plugins-list-entrypoints ling:salvage/40303-timestamp-format ling:salvage/40431-hook-thread-chattype ling:salvage/40413-40299-macos-launchd-reliability ling:salvage/40490-lazydeps-tui-prompt ling:emo/preseve-shallow ling:bb/desktop-remote-image-upload ling:bb/desktop-update-slash ling:bb/version-slash-command ling:bb/docs-remote-backend-update-skew ling:bb/backend-contract-bump-profile-routing ling:bb/docs-desktop-macos-gatekeeper ling:bb/update-reexec-after-pull ling:dependabot/npm_and_yarn/website/postcss-8.5.15 ling:fix/onboarding-skip-on-stale-env-var ling:ethie/windows-installer-fixes ling:feat/desktop-worktree-sessions ling:bb/desktop-send-to-all ling:ethie/ts-6 ling:salvage/pr-9190 ling:ethie/slash-prompt-start-only ling:opencode-port/respect-disabled-compaction-on-overflow ling:fix/node-fhs-root-hardening ling:hermes/hermes-f28d58c5 ling:fix/node-symlink-fhs-root-install ling:feat/dashboard-auth-self-hosted-oidc ling:bb/coding-agent-harness-analysis ling:feat/dashboard-register ling:fix/docker-tty-zero-dim-pty ling:hermes/hermes-040df651 ling:gemini-cli-port/config-corruption-backup ling:plugin-sdk-auth ling:hermes/hermes-6c420680 ling:hermes/hermes-aba10f53 ling:hermes/hermes-de0d15b6 ling:dependabot/github_actions/docker/setup-buildx-action-4.1.0 ling:feat/payments-skills ling:ethie/desktop-uninstall ling:fix/slash-keyboard-selection ling:dashboard-internal-ws-credential ling:dependabot/github_actions/marocchino/sticky-pull-request-comment-3.0.4 ling:pr-37665 ling:pr-37660 ling:ethie/uv-salvage ling:bb/installer-trusted-uv-resolution ling:hermes/hermes-780defc4 ling:ethie/oh-god ling:hermes/hermes-d1511484 ling:bb/desktop-install-path-clarity ling:feat/gateway-lazy-platform-import ling:hermes/hermes-a963c25d ling:kilocode-port/read-document-extraction ling:feat/blank-slate-setup ling:hermes/curator-usage-cli ling:ethie/win-exe-only ling:nanoclaw-port/upload-trace-v2 ling:openclaw-port/gemini-self-prefix-strip ling:ironclaw-port/search-budget-soft-truncation ling:bb/tui-ansi-height-desync ling:bb/clarify-prompt-timeout-stuck ling:revert-34333-feat/nvidia-skills-tap ling:fix/tui-mouse-x10-prompt-leak ling:hermes/hermes-d44c5398 ling:hermes/hermes-368c2379 ling:bb/gui-mainmerge-tmp ling:hermes/gateway-replace-fix ling:hermes/hermes-21eb0ce1 ling:fix/dev-dep-setuptools ling:fix/packaging-test-setuptools-dep ling:hermes/hermes-2747755a ling:docs/video-gen-nous-gateway ling:ethie/fix-nix-develop ling:v2026.5.29.1 ling:docs/execute-code-hermes-env-passthrough ling:hermes/hermes-135cadfb ling:feat/iron-proxy ling:hermes/sec-tier1-32130 ling:hermes/hermes-2b79b6da ling:extend-hook-registry-for-plugins ling:opencode-port/responses-failed-error-detail ling:hermes-events-bus ling:perf/fts-optimize ling:release/v0.15.0-strip-gui ling:salvage/31518-env-mode-preserve ling:fix/nix-gateway-install-env ling:hermes/hermes-737ba78e ling:cline-port/plugin-install-browser-urls ling:ethie/docker-simplify-tagging ling:dependabot/github_actions/actions/deploy-pages-5.0.0 ling:feat/15268-pricing-nous-xai ling:dependabot/github_actions/actions/create-github-app-token-3.2.0 ling:hermes/fix-copilot-auth-test ling:fix/update-detects-parent-shim-as-running ling:docker_s6 ling:dependabot/npm_and_yarn/scripts/whatsapp-bridge/multi-f792d6d6d9 ling:hermes/hermes-5fdb1cc4 ling:bb/tui-ctrlj-newline ling:sid/tool-gateway-implement ling:hermes/hermes-aa200214 ling:feat/whatsapp-cloud-api ling:feat/dashboard-typography-and-contrast ling:dependabot/npm_and_yarn/website/multi-f792d6d6d9 ling:ethie/faster-tests-fake-main ling:fix/vision-dimension-cap ling:hermes/hermes-09fb88ef ling:ziliang-review-fork-inherit-toolsets ling:salvage-8306-webhook-secret ling:dependabot/npm_and_yarn/website/picomatch-2.3.2 ling:hermes/hermes-5db05717 ling:hermes/hermes-a5904da7 ling:refactor/stop-writing-gateway-jsonl-transcripts ling:refactor/stop-writing-session-json-snapshots ling:hermes/hermes-72b329fd ling:hermes/hermes-008bccbc ling:hermes/firecrawl-integration-tag-telemetry-gated ling:dependabot/npm_and_yarn/website/brace-expansion-1.1.14 ling:dependabot/npm_and_yarn/website/path-to-regexp-3.3.0 ling:hermes/hermes-63babeb7 ling:hermes/hermes-5e533958 ling:hermes/hermes-8d7d912f ling:brooklyn/gui-installer-prereqs ling:hermes/hermes-429c1355 ling:bb/tui-mouse-burst-swallow ling:feat/session_search_modes ling:hermes/hermes-5ac74b48 ling:bb/cli-resize-duplication ling:salvage/pr-23780 ling:lsp-plugin ling:austin/fix/minimax-oauth ling:bb/lsp-lint ling:dependabot/uv/urllib3-2.7.0 ling:hermes/hermes-4fa48a27 ling:salvage/pr-22685 ling:feat/session-handoff ling:feat/codex-mcp-preset ling:feat/codex-cli-provider ling:hermes/hermes-3b90958e ling:perf/honcho-shutdown ling:hermes/hermes-b2e6c99b ling:austin/feat/google-oauth-provider ling:bb/gui-gateway-attach-wiring ling:bb/tui-gateway-attach-core ling:hermes/hermes-e239855c ling:fix/windows-uv-python-install-stderr ling:bb/windows-cli-tui-native-main ling:feat/trust-engine ling:feat/watchers ling:bb/widget-grid-slots ling:hermes/hermes-1c84a997 ling:feat/browser-coordinate-click ling:cline-port/openrouter-qwen-cache-control ling:fix/ty-1 ling:hermes/hermes-fee7225c ling:hermes/hermes-9ddf5187 ling:codex-port/hook-output-spill ling:fix/terminal-safety-filter-false-positives ling:fix/gateway-remove-stale-code-self-restart ling:kilocode-port/compact-strip-media ling:fix/stale-cwd-recovery ling:feat/hermes-send ling:kanban_hermes_home ling:hermes/hermes-fabc46fe ling:feat/tinyfish-browser-provider ling:hermes/hermes-96962c19 ling:claude-code-inspired/session-recap ling:fix/lazy-session-creation ling:hermes/hermes-3c2988b0 ling:opencode-port/invalid-mcp-url ling:opencode-port/moonshot-ref-siblings ling:bb/docker-tui-prebuilt ling:fix/aux-anthropic-url-regression-test ling:vbrunet/2026_04_15-terminal-title-updates ling:bb/theme ling:cline-port/gateway-memory-monitor ling:gemini-cli-port/exit-delete-session ling:bb/tui-copy-on-select ling:feat/comfyui-skill-v3 ling:hermes/hermes-dd91e6b2 ling:feat/provider-modules ling:hermes/hermes-dab6fbf1 ling:feat/comfyui-skill-v2 ling:vbrunet/2026_04_29-terminal-titles ling:feat/kanban-standing ling:bb/tui-reload-env ling:bb/learning-ledger ling:bb/tui-status-ticker-width ling:fix/plugin-loader-sys-modules-registration ling:fix/deprecate-extrapackages-nix ling:hermes/hermes-c8604b32 ling:fix/chat-tab-persistence ling:feat/langfuse-plugin ling:kilocode-port/subagent-cost-rollup ling:fix/analytics-include-cache-tokens ling:hermes/hermes-8fedd55b ling:bb/fix-tui-input-selection ling:bb/p2-mru-resume-order ling:hermes/hermes-2c880154 ling:hermes/hermes-8b414b52 ling:nanoclaw-port/signal-groupv2 ling:hermes/hermes-d7874f79 ling:hermes/curator-infra ling:bb/tui-perf-fix ling:feature/tui-showroom ling:bb/base-gui ling:investigate/fix-tui-container-ink-bundle ling:fix/flush-memories-context-overflow ling:design/compression-eval-harness ling:fix/stop-interrupt-retry-loop ling:fix/model-switch-custom-endpoint ling:fix/web-env-validation ling:fix/hindsight-blank-nuke ling:fix/setup-vision-blank ling:sid/discord-context-injection ling:sid/discord-tool-split ling:sid/fix-tools-config-save ling:sid/fix-platform-tool-loading ling:hermes/hermes-6c37b3dd ling:hermes/hermes-9d07c44f ling:alice/nous-portal-recommended-models ling:onboarding ling:sid/restructure-pr1-acp ling:bb/tui-web-chat ling:opencode-port/configurable-tool-output-limits ling:hermes/hermes-34b3f52d ling:sid/types-and-lints ling:sid/foundational-restructure ling:feat/dashboard-chat ling:gemini-cli-port/ssl-retry-patterns ling:cline-port/anthropic-cache-tokens-top-level ling:nemo-gym-changes ling:fix/schema-reconciliation ling:fix/upgrade-agent-browser-0.26 ling:feat/ssrf-allow-private-urls ling:feat/volcengine-byteplus ling:refactor/unify-transport-dispatch ling:feat/require-mention-channels ling:remove-nous-free-allowlist ling:codex-port/ignore-user-config-flags ling:bb/tui-mouse-toggle ling:feat/td-skill-update ling:feat/bedrock-transport ling:feat/chat-completions-transport ling:hermes/hermes-bb7c1b2e ling:kilocode-port/filter-non-tool-openrouter-models ling:fix/kimi-drop-temperature ling:bb/tui-elapsed-lastmsg-8541 ling:feat/transport-types ling:refactor/extract-codex-adapter ling:ironclaw-port/url-and-form-redaction ling:openclaw-port/display-tool-call-tags-strip ling:openclaw-port/anthropic-max-tokens-guard ling:openclaw-port/compaction-credential-redaction ling:sid/workspace-salvage ling:chore/ci-path-filters ling:chore/remove-stale-docs ling:feat/native-gemini-provider ling:salvage/helix4u-zai-setup ling:hermes/hermes-150d8cf8 ling:hermes/browser-dialog ling:fix/minimax-glm-token-compression ling:salvage/nvidia-nim-max-tokens ling:fix/nix-web-dashboard ling:feat/comfyui-skill ling:hermes/hermes-9c0eed69 ling:fix/mcp-oauth-bidirectional-generator-bridge ling:claude-code-inspired/dangerous-cmd-hardening ling:fix/test-backoff-timers ling:ci/matrix-split-v2 ling:fix/test-reduction-batch-2 ling:feat/searxng-backend ling:opencode-port/sessions-export-sanitize ling:dashboard-show-remote-gateway-url ling:hermes/gemini-oauth-30b2099d ling:feat/gemini-tts-salvage ling:feat/ungate-tool-gateway ling:xai-media-tools ling:fix/ci-test-failures ling:hermes/hermes-9d38280f ling:gemini-cli-port/strategic-reevaluation ling:fix/client-cache-fd-exhaustion ling:salvage/watch-notification-routing ling:hermes/hermes-5d6c3d3e ling:fix/dashboard-analytics-accuracy ling:hermes/hermes-9a00cfa2 ling:hermes/hermes-050c727e ling:hermes/hermes-4a9b24c3 ling:codex-port/mcp-parallel-tool-calls ling:gateway-plugin-loading ling:max_paperclips/gateway-plugin-loading ling:feat/remote-gateway-health-probe ling:compaction-secrets-preservation ling:fix/dashboard-routing ling:update-issue-templates-debug-share ling:sid/tb2-evals ling:feat/deep-research-skill ling:hermes/hermes-1b2e5f73 ling:hermes/hermes-9e793b91 ling:fix/feishu-identity-model ling:fix/web-cron-page-schedule-object ling:ironclaw-port/telegram-utf16-splitting ling:nanoclaw-port/session-artifact-cleanup ling:openclaw-port/reject-weak-gateway-creds ling:openclaw-port/matrix-mentions-user-ids ling:fix/gateway-no-systemctl ling:skill/github-code-review-mcp-tools ling:chore/remove-sha-docker-tag ling:feat/gateway-mcp-config-watcher ling:hermes/hermes-1f7bfa9e ling:feat/file-sync-back ling:fix/modal-ssh-upload-bugs ling:hermes/salvage-7558 ling:hermes/hermes-72401910 ling:hermes/hermes-925eff6a ling:hermes/hermes-c965583d ling:hermes/hermes-9c0ad5d9 ling:hermes/hermes-905d6262 ling:hermes/hermes-070e5a43 ling:hermes/hermes-c382c827 ling:hermes/hermes-7052b79e ling:hermes/hermes-e08f4d67 ling:hermes/hermes-566f8c6d ling:hermes/hermes-4fdb3d23 ling:hermes/hermes-67b0d759 ling:hermes/hermes-b5e135be ling:hermes/hermes-2d3cc746 ling:hermes/hermes-80a283e0 ling:hermes/hermes-83dfcdfa ling:hermes/hermes-efa38736 ling:hermes/hermes-c78b9811 ling:hermes/hermes-ffc6cfa8 ling:hermes/hermes-a50b945e ling:twilio-auth-fix ling:fix/claw-migrate-warn-running-gateway ling:hermes/hermes-f6cda1f0 ling:hermes/hermes-524779d7 ling:hermes/hermes-da2f08b5 ling:hermes/hermes-672624fb ling:hermes/hermes-28292000 ling:hermes/hermes-ec496c80 ling:hermes/hermes-f43decdf ling:hermes/hermes-5bef3224 ling:hermes/hermes-17ae0c29 ling:fix/claw-migrate-improve-warnings ling:fix/claw-migrate-json-env-keys ling:fix/claw-migrate-workspace-main-paths ling:fix/claw-migrate-schema-drift ling:fix/matrix-memorycryptostore-args ling:fix/claw-migrate-tts-microsoft ling:fix/claw-migrate-nested-channel-tokens ling:hermes/hermes-ea68d311 ling:hermes/hermes-38060157 ling:hermes/hermes-0224a8b2 ling:hermes/hermes-b092dccf ling:hermes/hermes-03da22bc ling:hermes/bucket3 ling:hermes/hermes-2e0dc4f3 ling:salvage/bucket-st ling:hermes/hermes-ebb65d1b ling:hermes/hermes-d0d52697 ling:hermes/hermes-b17bdb8e ling:hermes/hermes-bc33645d ling:salvage/bucket-p ling:hermes/hermes-4a5220fe ling:hermes/hermes-7f8c199a ling:hermes/hermes-fefa061a ling:feat/mautrix-migration ling:hermes/hermes-7e4c9931 ling:hermes/hermes-dc4200fd ling:salvage/bucket-o ling:feat/container-aware-cli ling:fix/daytona-bulk-upload-config-bridge-7362 ling:claude-code-inspired/context-breakdown ling:hermes/hermes-1bd9e323 ling:hermes/hermes-17b93f0b ling:hermes/hermes-9d5d8704 ling:salvage/bucket-n ling:api-server-enforce-key ling:hermes/hermes-f8dcb6dd ling:hermes/hermes-c7787b3d ling:salvage/bucket-m ling:hermes/hermes-30126ac0 ling:terminate-zombie-processes ling:hermes/hermes-ead3c84e ling:hermes/hermes-f1c0a201 ling:salvage/bucket-i ling:hermes/hermes-11e9b74a ling:hermes/hermes-90f54154 ling:hermes/hermes-2376d00b ling:hermes/hermes-8f5f6063 ling:salvage/bucket-l ling:hermes/hermes-84ed614f ling:hermes/hermes-0f8490c2 ling:hermes/hermes-2a3d0461 ling:salvage/bucket-k ling:hermes/hermes-62b22a1e ling:hermes/hermes-26f90bd3 ling:security/bucket-j ling:hermes/hermes-7ef33568 ling:hermes/hermes-3ffcbfb5 ling:hermes/hermes-6584b1e4 ling:hermes/hermes-d9d67691 ling:hermes/hermes-cde3c240 ling:hermes/hermes-27e1fc16 ling:hermes/hermes-5f2c8429 ling:hermes/hermes-8dbb2cec ling:hermes/hermes-bbf55c16 ling:hermes/hermes-a21aa249 ling:hermes/hermes-eafa085a ling:hermes/hermes-4b558854 ling:hermes/hermes-0687c6d6 ling:hermes/hermes-33e13b6f ling:hermes/hermes-1fd9f435 ling:hermes/hermes-1bb7ea55 ling:hermes/hermes-57ea0a16 ling:hermes/hermes-5bbf4839 ling:hermes/hermes-617689ff ling:hermes/hermes-5cfcdf33 ling:hermes/hermes-05b0c02e ling:hermes/hermes-115318ed ling:hermes/hermes-f454d397 ling:hermes/hermes-43ae98f3 ling:hermes/hermes-87f37874 ling:hermes/hermes-bbe6a8b7 ling:hermes/hermes-2556be1e ling:hermes/hermes-8494816d ling:hermes/hermes-0d0bfa89 ling:hermes/hermes-c711558a ling:hermes/hermes-7aad138d ling:hermes/hermes-4b6801c7 ling:hermes/hermes-374f99bc ling:hermes/hermes-605d722e ling:hermes/hermes-c546e7a1 ling:hermes/hermes-62b6865d ling:hermes/hermes-f8a6248b ling:hermes/hermes-fe654944 ling:hermes/hermes-d4ece6c2 ling:fix/stream-think-tag-false-positive ling:hermes/hermes-d0607f0a ling:hermes/hermes-1c7df171 ling:fix/oauth-issue2-nous-pool-refresh-sync-authstore ling:hermes/hermes-95b15f6e ling:hermes/hermes-e201f931 ling:opencode-port/alibaba-rate-limit-retry ling:fix/oauth-issue1-nous-entry-needs-refresh ling:fix/oauth-issue5-is-expiring-none-handling ling:fix/oauth-issue4-anthropic-proactive-sync-hermes-pkce ling:fix/oauth-issue3-codex-proactive-sync-before-refresh ling:sid/dead-code-remove ling:hermes/hermes-8c64f471 ling:hermes/hermes-ff5ba265 ling:hermes/hermes-71aea4c5 ling:hermes/hermes-1b5bb607 ling:hermes/hermes-25b83dfd ling:fix/nix-shared-state-perms ling:hermes/hermes-30ac05a4 ling:hermes/hermes-731d3033 ling:hermes/hermes-41d14a2c ling:hermes/hermes-3f221b1b ling:hermes/hermes-e873511f ling:hermes/hermes-41cd011b ling:hermes/hermes-f409204f ling:hermes/hermes-bcf93c03 ling:hermes/hermes-2f44469d ling:hermes/hermes-3466ee98 ling:hermes/hermes-398baa59 ling:hermes/hermes-1ff40dac ling:hermes/hermes-0429963a ling:hermes/hermes-ff89d9af ling:hermes/hermes-de843a22 ling:hermes/hermes-037596df ling:hermes/hermes-e77cdbbf ling:hermes/hermes-135e8d93 ling:hermes/hermes-f2a81adb ling:hermes/hermes-2447adad ling:hermes/hermes-005912a8 ling:hermes/hermes-1845cad9 ling:hermes/hermes-d5c0fd3b ling:hermes/hermes-b5d8eff0 ling:hermes/hermes-5df3920d ling:hermes/hermes-b0a4b31e ling:hermes/hermes-063b6e1d ling:hermes/hermes-98aa7b3a ling:hermes/hermes-1fa6ad8f ling:hermes/hermes-485d498c ling:hermes/hermes-e77429d5 ling:hermes/hermes-1d8a5754 ling:sid/unified-file-sync ling:hermes/hermes-38cb19c4 ling:hermes/hermes-54fe23ca ling:fix/nix-add-to-system-packages-complete ling:hermes/hermes-947c24f7 ling:sid/unified-terminal-envs ling:hermes/hermes-9085f0bb ling:hermes/hermes-6b365d9a ling:hermes/hermes-4923821d ling:hermes/hermes-4e231d00 ling:hermes/hermes-554a02fe ling:hermes/hermes-016048ea ling:feat/worldsim-skill ling:hermes/hermes-6b456629 ling:hermes/hermes-f845dfbe ling:hermes/hermes-83d3c1db ling:hermes/hermes-8452ab09 ling:hermes/hermes-9f84a11f ling:hermes/hermes-53abd2ba ling:hermes/hermes-ef18f2ae ling:hermes/hermes-7d888e8c ling:hermes/hermes-7bf50ef1 ling:hermes/hermes-f400edfe ling:hermes/hermes-27761e13 ling:hermes/hermes-d07e864e ling:hermes/hermes-e3aca6ef ling:hermes/hermes-c7eda492 ling:sid/tool-result-fixes ling:hermes/hermes-87470f33 ling:hermes/hermes-ef25015a ling:hermes/hermes-fb3680fc ling:hermes/hermes-476720eb ling:hermes/hermes-7d70fb12 ling:hermes/hermes-2f2a1403 ling:hermes/hermes-c81d4c5a ling:hermes/hermes-3ff117b3 ling:hermes/hermes-5e970516 ling:hermes/hermes-cabfdb4f ling:sid/restructure-tests ling:hermes/hermes-701b2186 ling:rm/add-portal-link ling:hermes/hermes-81f85bb4 ling:hermes/hermes-822a0590 ling:hermes/hermes-d623dc00 ling:hermes/hermes-37b5ec52 ling:hermes/hermes-fef87f31 ling:hermes/hermes-f1e32b74 ling:hermes/hermes-756f7e33 ling:salvage/5752-nous-free-tier-gating ling:feat/nous-free-tier-model-gating ling:switch-managed-browser-to-browser-use ling:hermes/hermes-7697425c ling:hermes/hermes-53b01c86 ling:hermes/hermes-81d3384e ling:hermes/hermes-86122627 ling:hermes/hermes-03d7aa21 ling:hermes/hermes-b34c1567 ling:hermes/hermes-694ff34e ling:hermes/hermes-b93afb56 ling:hermes/hermes-c1ef09e3 ling:fix/portal-env-var-ignored-during-login ling:hermes/hermes-479681ef ling:hermes/hermes-cd5ac32c ling:hermes/hermes-71aaf6c8 ling:hermes/hermes-f177c8f0 ling:hermes/hermes-db0c54fb ling:sid/unified-execution ling:hermes/hermes-35bfb4c2 ling:hermes/hermes-47b24166 ling:hermes/hermes-e5557d16 ling:hermes/hermes-b809b68d ling:sid/nix-fixes-nits ling:taubench_eval ling:feat/firecrawl-browser-provider ling:hermes/hermes-7a93e2c7 ling:hermes/hermes-8cc55056 ling:hermes/hermes-838c5b76 ling:workdir-quote-escape ling:hermes/hermes-c4a8b829 ling:rm/browser-use-tool-gateway ling:hermes/hermes-ac0ac8da ling:hermes/hermes-ba679ba8 ling:hermes/hermes-b692993b ling:hermes/hermes-ce719117 ling:hermes/hermes-0bc806a5 ling:hermes/hermes-00399121 ling:hermes/hermes-5a282295 ling:fix/various-qa ling:hermes/hermes-3ef4d555 ling:hermes/hermes-ef6f7818 ling:hermes/hermes-be07ee70 ling:hermes/hermes-c0614333 ling:hermes/hermes-3c9f4a9e ling:hermes/hermes-39d533b8 ling:hermes/hermes-d6f63ade ling:hermes/hermes-f47156c2 ling:hermes/hermes-533d3bd8 ling:hermes/hermes-2e42b3a2 ling:fix/research-paper-writing-gaps ling:hermes/hermes-7c95bd3c ling:hermes/hermes-626ac686 ling:hermes/hermes-0d7c99a6 ling:fix/nous-portal-env-override ling:hermes/hermes-80f0ff01 ling:hermes/hermes-8bb0c65b ling:feat/model-pricing-display ling:hermes/hermes-03bdbe18 ling:hermes/hermes-84dbce0e ling:hermes/hermes-c6eacd11 ling:hermes/hermes-25bce159 ling:hermes/hermes-1e6ea4d6 ling:hermes/hermes-bae00f49 ling:hermes/hermes-40531417 ling:hermes/hermes-f9d9e542 ling:hermes/hermes-8e46c8ba ling:hermes/hermes-3d0a599a ling:hermes/hermes-c0119f86 ling:hermes/hermes-7fbab92d ling:hermes/hermes-32facb3d ling:hermes/hermes-d0aa7802 ling:hermes/hermes-4ff7e90f ling:hermes/hermes-3667f42f ling:feat/model-provider-overhaul ling:hermes/hermes-1a69af68 ling:hermes/hermes-c035e060 ling:hermes/hermes-466467d8 ling:hermes/hermes-95f1173a ling:hermes/hermes-208cc6d6 ling:hermes/hermes-1e826e60 ling:hermes/hermes-f2f17778 ling:hermes/hermes-a7ac7c42 ling:hermes/hermes-db023341 ling:hermes/hermes-8c57ca22 ling:hermes/hermes-511b79a5 ling:hermes/hermes-931dc358 ling:feat/fix-plugin-cache-prefix ling:hermes/hermes-3329bd98 ling:salvage/hindsight-5044 ling:hermes/hermes-0971565e ling:hermes/hermes-eba4b946 ling:hermes/hermes-ff50f5ae ling:hermes/hermes-feb2ec9d ling:hermes/hermes-a82207c8 ling:hermes/hermes-1e1d81f5 ling:hermes/hermes-766150bd ling:hermes/hermes-cc1cea2c ling:hermes/hermes-5cbeeeb5 ling:hermes/hermes-3eaaba2c ling:hermes/hermes-d307e4ae ling:claude-code-inspired/session-branch ling:hermes/hermes-70885193 ling:hermes/hermes-8eea7e1a ling:hermes/hermes-36a59267 ling:hermes/hermes-31074029 ling:hermes/hermes-10baf9e9 ling:hermes/hermes-4d7efb1e ling:hermes/hermes-3b5d0490 ling:hermes/hermes-97fe1e3c ling:hermes/hermes-b19afd39 ling:hermes/hermes-669f5444 ling:feat/docker-env-vars ling:hermes/hermes-5deaba3e ling:hermes/hermes-368f91f8 ling:hermes/hermes-b9588524 ling:feat/acp-mcp-server-registration ling:opencode-port/language-aware-compression ling:hermes/hermes-50668d84 ling:hermes/hermes-376c741f ling:hermes/hermes-7cbc527e ling:hermes/hermes-7ab21fac ling:hermes/hermes-623833b1 ling:hermes/hermes-7de32281 ling:hermes/hermes-921b394b ling:hermes/hermes-dc0f1ff6 ling:hermes/hermes-9a801eb5 ling:hermes/hermes-ad6e6820 ling:hermes/hermes-8b18afb8 ling:rewbs/tool-use-charge-to-subscription ling:gemini-cli-port/stale-browser-snapshot-superseding ling:hermes/hermes-91844716 ling:hermes/hermes-f55316e0 ling:hermes/hermes-76f7e5cd ling:hermes/hermes-cc622e18 ling:hermes/hermes-79b25268 ling:hermes/hermes-f4786c9c ling:hermes/hermes-41d468a2 ling:hermes/hermes-701ad555 ling:hermes/hermes-35337734 ling:hermes/hermes-e10e6bf0 ling:hermes/hermes-8a2494d5 ling:hermes/hermes-385d033c ling:hermes/hermes-2c786d88 ling:hermes/hermes-24c5a56c ling:hermes/hermes-a8a19433 ling:hermes/hermes-dadddde3 ling:hermes/hermes-99d28812 ling:hermes/hermes-98ff0c21 ling:hermes/hermes-abdd86e5 ling:hermes/hermes-3090d6ac ling:hermes/hermes-eaa694be ling:sid/pwn-bench ling:hermes/hermes-578d1b94 ling:hermes/hermes-da1d3af1 ling:hermes/hermes-88866ac7 ling:hermes/hermes-5c3ebbce ling:hermes/hermes-b6eff376 ling:hermes-d0598e72 ling:hermes/hermes-940f3eca ling:hermes/hermes-e87583c1 ling:hermes/hermes-bf538de7 ling:hermes/hermes-f75b7c8e ling:sid/pwn-bench-dojo-id-fix ling:hermes/hermes-b2abefdf ling:hermes/hermes-f0221ac3 ling:hermes/hermes-a866ff99 ling:hermes/hermes-f091e3b8 ling:hermes/hermes-cd7257f9 ling:hermes/hermes-9b1dadd7 ling:hermes/hermes-b7b6ec54 ling:hermes/hermes-4ce879fa ling:hermes/hermes-c815228d ling:hermes/hermes-3bd17b7b ling:fix/minimax-aux-model-pricing ling:fix/npm-ci-update ling:fix/uv-lock-exa-py ling:feat/secrets-phase1 ling:ascii-video/text-readability-and-layout-oracle ling:hermes/hermes-76df6a95 ling:hermes/hermes-ac2495d7 ling:hermes/hermes-bf2cd279 ling:hermes/hermes-8e764fde ling:hermes/hermes-b6f1eb21 ling:hermes/hermes-3d9ccfec ling:hermes/hermes-deb3d2ef ling:endless_terminals_integration ling:hermes/hermes-4b23f322 ling:feat/web-ui ling:hermes/hermes-6835494f ling:fix/anthropic-whatsapp ling:feat/rate-limiter ling:hermes/hermes-b8e0ec91 ling:hermes/hermes-af1b4b23 ling:hermes/hermes-164a52cc ling:feat/ci-improvements ling:feat/agent-resilience ling:feat/cron-script-gate ling:hermes/hermes-0d76d7cd ling:hermes/hermes-e6f1d362 ling:hermes/hermes-b8464e26 ling:hermes/hermes-ea354159 ling:hermes/hermes-ab59de22 ling:hermes/hermes-ec5223e1 ling:hermes/hermes-b351df6b ling:docker ling:feat/keystore-wallet ling:hermes/hermes-f4f0292e ling:hermes/hermes-97c48e70 ling:fix/uv-lock-version ling:fix/unify-permissions ling:hermes/hermes-51f7b6b6 ling:hermes/hermes-135af169 ling:hermes/hermes-a403a780 ling:hermes/hermes-5e6ebebb ling:hermes/hermes-f5a4cd91 ling:hermes/hermes-03f7719f ling:hermes/hermes-8a2f15b3 ling:hermes/hermes-5a68ad9d ling:hermes/hermes-a2b72b01 ling:feat/gpt-tool-steering ling:hermes/hermes-37947bdb ling:hermes/hermes-9420d6a3 ling:hermes/hermes-6c7a1441 ling:hermes/hermes-86f614ec ling:hermes/hermes-4f6a1f8e ling:hermes/hermes-caea5692 ling:hermes/hermes-f8f80cce ling:hermes/hermes-5ef8201d ling:hermes/hermes-140430f8 ling:feat/suffix-path-apt-provision ling:hermes/hermes-64c3ceb2 ling:hermes/hermes-cd318db6 ling:hermes/hermes-dd753a5f ling:hermes/hermes-dfd0d467 ling:hermes/hermes-7e1dfbda ling:fix/api-server-toolset ling:hermes/hermes-93060758 ling:hermes/hermes-ad9511d6 ling:hermes/hermes-6dfb41ea ling:hermes/hermes-52a54135 ling:hermes/hermes-203498f3 ling:hermes/hermes-998d1c81 ling:hermes/hermes-7d7ac769 ling:hermes/hermes-d877fbc1 ling:hermes/hermes-9f3f51e2 ling:hermes/hermes-0b98b356 ling:chore/remove-pkce-oauth ling:hermes/hermes-2cdc8d39 ling:hermes/hermes-c75e42c8 ling:hermes/hermes-e483085e ling:sid/remove-drift-check ling:sid/nix-flake ling:hermes/hermes-ac86d935 ling:hermes/hermes-4e5b94c3 ling:hermes/hermes-84f0446e ling:docs/hooks-page-update ling:hermes/hermes-aff6c48a ling:hermes/hermes-ae6184d3 ling:hermes/hermes-afb547e5 ling:hermes/hermes-0f4e765c ling:hermes/hermes-baa39faf ling:hermes/hermes-gateway-context ling:hermes/hermes-3c0e357d ling:hermes/hermes-ab0f07ce ling:hermes/hermes-e6c9dba2 ling:hermes/hermes-1817ce8d ling:hermes/hermes-764f7842 ling:hermes/hermes-e26fa01d ling:hermes/hermes-e8325591 ling:hermes/hermes-46839e2f ling:hermes/hermes-28b19313 ling:hermes/hermes-11fd857d ling:hermes/hermes-1b7b3ffb ling:hermes/hermes-1e53b883 ling:hermes/hermes-c6c58b20 ling:fix/toolset-deselection ling:fix/media-paths-spaces ling:fix/media-spaces-2 ling:fix/approval-yaml-off ling:hermes/hermes-a2fa4544 ling:hermes/hermes-d58d97b5 ling:hermes/hermes-f9506ecc ling:hermes/hermes-dc116992 ling:hermes/hermes-81afb1bb ling:hermes/hermes-31d7db3b ling:hermes/hermes-5d6932ba ling:hermes/hermes-40b195db ling:hermes/hermes-0fa141a3 ling:feat/streaming-default ling:feat/context-file-priority ling:hermes/hermes-3369cdb1 ling:streaming-plus-reasoning ling:fix/event-loop-closed-delegate ling:hermes/hermes-7ea545bf ling:hermes/hermes-3d7c23c9 ling:hermes/hermes-4a7e401e ling:hermes/hermes-b313983a ling:hermes/hermes-6757a563 ling:hermes/hermes-e83093f0 ling:hermes/hermes-14b05543 ling:hermes/hermes-54c1fc70 ling:hermes/hermes-f1230adf ling:hermes/hermes-9c2a5d00 ling:fix/custom-endpoint-context-length ling:hermes/hermes-51eb4292 ling:hermes/hermes-9dc2e46c ling:fix/anthropic-compatible-api-mode ling:hermes/hermes-6193ae92 ling:hermes/hermes-b29f73b2 ling:hermes/hermes-ba3c8fa1 ling:hermes/hermes-562a3784 ling:fix/whatsapp-reply-prefix-bridging ling:hermes/hermes-eab76047 ling:feat/whatsapp-reply-prefix ling:feat/unauthorized-dm-behavior ling:fix/cron-oneshot-grace ling:hermes/hermes-8112c8c8 ling:fix/browser-command-registry ling:feat/cron-silent-suppression ling:fix/agent-created-skill-policy ling:hermes/hermes-e2084cc7 ling:hermes/hermes-c954a38b ling:hermes/hermes-8058968e ling:hermes/hermes-0d5a11f5 ling:hermes/hermes-09305421 ling:hermes/hermes-0ed29ee7 ling:hermes/hermes-4c573e36 ling:hermes/hermes-044b5de9 ling:hermes/hermes-48646def ling:fix/gateway-platform-hardening ling:fix/tool-handler-safety ling:hermes/hermes-31dc9875 ling:fix/defensive-hardening ling:hermes/hermes-3fc35e7b ling:hermes/hermes-c91521bf ling:hermes/hermes-835076ca ling:fix/cron-timezone-naive-iso ling:hermes/hermes-5a9e8a78 ling:fix/memory-tool-file-locking ling:fix/model-metadata-fuzzy-match ling:fix/compression-attempts-persist ling:fix/run-agent-role-violations ling:fix/browser-session-race ling:fix/compressor-consecutive-role-violation ling:fix/messaging-toolset-missing ling:fix/length-continue-retries-reset ling:fix/cron-double-load-jobs ling:fix/anthropic-tool-choice-none ling:fix/auxiliary-is-nous-reset ling:fix/matrix-mattermost-mark-connected ling:fix/dingtalk-requirements-check ling:fix/hermes-state-thread-locks ling:fix/anthropic-adapter-merge-content-loss ling:fix/gateway-yaml-pii-redaction ling:fix/redacting-formatter-import ling:fix/nous-model-fetch-kwargs ling:fix/gateway-skill-command-nameref ling:hermes/hermes-ee292dec ling:hermes/hermes-ac005632 ling:feat/mattermost-matrix-adapters ling:hermes/hermes-923bc090 ling:hermes/hermes-f685e964 ling:hermes/hermes-3218df83 ling:hermes/hermes-6bb9911e ling:hermes/hermes-1eba1f1d ling:fix/discord-thread-persistence ling:hermes/hermes-a86162db ling:hermes/hermes-6891ac11 ling:hermes/hermes-c3e4cd9f ling:hermes/hermes-8f33e910 ling:hermes/hermes-93b81725 ling:hermes/hermes-733cf6a3 ling:shloms/ascii-video-v3 ling:fix/anthropic-oauth-compat ling:hermes/hermes-a098c323 ling:hermes/hermes-6360cdf9 ling:hermes/hermes-84930008 ling:fix/smart-model-routing ling:hermes/hermes-81c07511 ling:hermes/hermes-865f6958 ling:fix/1445-docker-cwd-optin ling:hermes/hermes-adbf9508 ling:fix/814-group-session-isolation ling:fix/1033-telegram-voice-fallback ling:fix/setup-curses ling:fix/ssh-preflight-check ling:fix/openrouter-reasoning-gate ling:fix/custom-endpoint-verification ling:fix/telegram-chunk-mdv2 ling:fix/status-token-counts ling:fix/honcho-seed-identity ling:fix/mcp-auto-reload ling:rewbs/feat-vercel-log-analysis-loop-skill ling:fix/tirith-startup-noise ling:fix/docker-explicit-forward-env ling:sid/persistent-backend ling:fix/1071-dict-tool-args ling:hermes/hermes-60456cd2 ling:fix/1219-cron-thread-context ling:fix/1244-env-override ling:fix/1336-discord-voice-reliability ling:fix/1414-gateway-shutdown-restart ling:fix/1412-session-delete-prefix ling:fix/1409-photo-burst-interrupts ling:fix/1247-preserve-mcp-toolsets ling:fix/1264-env-secret-blocklist ling:fix/1056-dm-session-isolation ling:hermes/gws-hybrid ling:hermes/hermes-daa73839 ling:hermes/slack-thread-docs ling:hermes/hermes-45b79a59-clawhub-search ling:hermes/hermes-8bb24bf8 ling:hermes/hermes-7ef7cb6a ling:hermes/hermes-eca4a640 ling:hermes/hermes-629f8bde ling:hermes/hermes-aa701810 ling:hermes/hermes-0fadff1b ling:hermes/hermes-45b79a59-pr1087 ling:hermes/hermes-45b79a59 ling:hermes/plan-workspace-storage ling:fix/retry-history-replacement ling:hermes/hermes-51c02bb3 ling:hermes/hermes-39158886-docs ling:hermes/hermes-781f9235-docs ling:hermes/hermes-39158886-scope-prompts ling:hermes/hermes-781f9235 ling:hermes/hermes-39158886 ling:feat/aux-delegation-direct-endpoints ling:hermes/hermes-cf8340fc ling:hermes/hermes-f1104def ling:fix/cron-same-target-send-suppression ling:hermes/hermes-ec1096a3 ling:hermes/hermes-1fc28d17 ling:hermes/hermes-048e6599 ling:hermes/hermes-771dc4f8 ling:salvage/pr-977-mcp-stdio ling:hermes/hermes-3702edad ling:hermes/hermes-f48b210a ling:hermes/hermes-cc060dd9 ling:hermes/hermes-24af4d63 ling:hermes/hermes-8ea7cef0 ling:hermes/hermes-720acdad ling:hermes/hermes-645b95a6 ling:fix/worktree-terminal-requirements ling:fix/file-tool-log-noise ling:hermes/hermes-07d947aa ling:feat/cache-aware-context-compaction ling:hermes/hermes-50716de4 ling:hermes/hermes-7c22e5c1 ling:hermes/hermes-31d07af4 ling:fix/honcho-cache-stability ling:hermes/hermes-e0e71a89 ling:hermes/hermes-6299a8b2 ling:hermes/hermes-294208e8 ling:hermes/hermes-447d1ebd ling:hermes/hermes-4cde5efa ling:hermes/hermes-80175760 ling:hermes/hermes-1ba70e80 ling:fix/hygiene-threshold ling:fix/compression-session-sync ling:hermes/hermes-6ec3b1a9 ling:fix/packaging-bugs ling:hermes/hermes-42bc21fb ling:hermes/hermes-d28bf447 ling:hermes/hermes-f47f71c0 ling:hermes/hermes-e31afb4d ling:hermes/hermes-7ade10b5 ling:hermes/hermes-c877bdeb ling:hermes/hermes-3ea433e3 ling:sid/xitter-skill ling:hermes/hermes-465f3702 ling:hermes/hermes-4b9773d6 ling:feat/optional-rl-training ling:hermes/hermes-3a9bd319 ling:hermes/hermes-5da06378 ling:hermes/hermes-37fb78aa ling:hermes/hermes-cf9f7d54 ling:voice/default-soul ling:fix/landing-page ling:feat/devex-tooling ling:feat/phone-call-tool ling:hermes/hermes-74edaf38 ling:hermes/hermes-b86fddbe ling:hermes/hermes-106e92b2 ling:hermes/hermes-20ea56c0 ling:fix/smart-vision-setup ling:fix/cron-naive-timestamps ling:hermes/hermes-7ac629f4 ling:hermes/hermes-ece5a45c ling:feat/streaming ling:feat/custom-compaction-prompt-config ling:fix/multimodal-compress-content ling:feat/codex-handoff-prefix ling:feat/codex-compaction-prompt ling:hermes/hermes-98b7f9b9 ling:hermes/hermes-ecb374ec ling:hermes/hermes-90ec9b1f ling:hermes/hermes-5f68598a ling:hermes/hermes-b0162f8d ling:feat/show-full-dangerous-command ling:hermes/hermes-21d8bacc ling:hermes/hermes-281ff8aa ling:hermes/hermes-3d744afd ling:hermes/hermes-1a683351 ling:feat/checkpoint-rollback ling:hermes/hermes-5ab2a29e ling:add-upstream-atropos-tool-use-changes ling:hermes/hermes-b611b2fe ling:hermes/hermes-0cbb57e2 ling:fix/vision-test-flake ling:feat/parallelize-tests ling:feat/devex-help ling:feat/streaming-tui ling:hermes/hermes-d2f5523a ling:feat/telegram-send-document ling:optional-builtin ling:feat/budget-pressure-via-tool-result ling:hermes/hermes-e56c0f70 ling:feat/discord-allow-bots ling:feat/file-permissions-hardening ling:feat/configurable-compaction-protection ling:feat/head-tail-truncation-execute-code ling:hermes/hermes-c53b7cba ling:hermes/hermes-abbf790e ling:hermes/hermes-f8d56335 ling:hermes/hermes-3cd7c62d ling:hermes/hermes-2cb83eed ling:feat/bell-on-complete ling:hermes/hermes-cfe83dd1 ling:pass-session-id ling:fuck-it-ship-it ling:feat/session-naming ling:revert-659-feat/skill-prerequisites ling:custom_auxiliary_models ling:rewbs/nous-key-remint-attempt-on-401 ling:feat/modular-setup-wizard ling:feat/insights ling:feat/modal ling:feature/obliteratus-skill ling:endless-terminal-new ling:fix-widescreen-prompt-box ling:fix/none-content-pattern ling:rewbs/fix-nous-refresh-token-rotation-on-key-mint-failure ling:rewbs/nous-portal-integration ling:nomad-backend-fanout-pr3 ling:terminal-backend-fanout-pr2 ling:atropos-integrations-pr ling:atropos-integrations ling:endless-terminals ling:atropos-hermes-agent ling:modal-integration ling:rl-capabilities ling:macbook-tests ling:architecture-planning ling:add-prokletor ling:asyncio ling:thought-sig ling:profiling ling:simplify-terminal ling:cluster-fail ling:tc-logging ling:update-snapshot-id ling:test ling:fix-leakage ling:fix-terminal ling:UI ling:add-morph-snapshot ling:terminal
ling:v2026.6.5 ling:v2026.5.29.2 ling:clean-before-remerge ling:v2026.5.29 ling:merge-commit-backup ling:premerge-oh-god ling:v2026.5.28 ling:v2026.5.16 ling:desktop-pr20059-installers ling:v2026.5.7 ling:v2026.4.30 ling:v2026.4.23 ling:v2026.4.16 ling:v2026.4.13 ling:v2026.4.8 ling:v2026.4.3 ling:v2026.3.30 ling:v2026.3.28 ling:v2026.3.23 ling:v2026.3.17 ling:v2026.3.12

2 Commits
refactor/c ... fix/requir

Author SHA1 Message Date
Ben
ffce3fc63d test(dashboard): cover the whole _require_token route class under the gate 
The install popup was one symptom of a class-wide bug: all 14 endpoints that
call _require_token directly (API-key reveal, provider validation, the
OAuth-provider connect/disconnect flow, and plugin enable/disable/update/
delete/visibility/providers) 401'd cookie-authenticated requests in gated mode.

Add a parametrized test hitting a representative spread (plugins/hub, env/reveal,
providers/validate, an oauth provider route, agent-plugin enable) asserting a
logged-in caller is never 401'd — proving the fix covers the class, not just
agent-plugins/install.
 2026-06-09 13:46:39 +10:00
Ben
a10b9b9b54 fix(dashboard): let _require_token endpoints work behind the OAuth gate 
In gated/OAuth mode (non-loopback bind without --insecure) the dashboard
authenticates the SPA via a session cookie and deliberately does NOT inject
the legacy ephemeral _SESSION_TOKEN into index.html. gated_auth_middleware
verifies the cookie and attaches request.state.session before any non-public
/api/ route runs; the legacy auth_middleware short-circuits in this mode too.

But several handlers call _require_token() directly, which only validated the
(absent) _SESSION_TOKEN header. So every cookie-authenticated request to those
endpoints 401'd — making plugin install/enable/disable, /api/dashboard/plugins/hub,
and the other _require_token routes permanently unreachable behind the gate.
In the UI this surfaced as a 401: {"detail":"Unauthorized"} popup on plugin
install for any publicly-bound (e.g. Fly-hosted NAS) dashboard.

Fix: _require_token now defers to the active gate. When auth_required is True it
accepts the request iff the gate attached a verified session (and 401s otherwise);
loopback/--insecure behavior is unchanged (still validates the session token).

Adds two regression tests driving the full in-process stub OAuth round trip:
the install endpoint must NOT 401 a logged-in request, and must still 401 with
no cookie. Verified the accept-test fails on the pre-fix code.
 2026-06-09 13:35:52 +10:00
2 changed files with 130 additions and 1 deletions
Expand all files Collapse all files

26
hermes_cli/web_server.py
View File

@@ -246,7 +246,31 @@ def _has_valid_session_token(request: Request) -> bool:
def _require_token(request: Request) -> None:
"""Validate the ephemeral session token. Raises 401 on mismatch."""
"""Authorize a sensitive endpoint, raising 401 if the caller isn't allowed.
Two auth schemes protect the dashboard, exactly one active per bind:
* **Loopback / ``--insecure`` mode** (``auth_required`` False): the
ephemeral ``_SESSION_TOKEN`` is injected into the SPA HTML and echoed
back via ``X-Hermes-Session-Token`` (or the legacy ``Bearer`` header).
Validate it here.
* **Gated / OAuth mode** (``auth_required`` True): ``_SESSION_TOKEN`` is
NOT injected (the SPA authenticates with a session cookie), so there is
no token to check. The ``gated_auth_middleware`` has already verified the
cookie before the request reached this handler — any non-public ``/api/``
route it lets through carries a verified ``request.state.session``. The
legacy ``auth_middleware`` likewise short-circuits in this mode. Requiring
the (absent) token here would 401 every cookie-authenticated request,
making plugin install/enable/disable and the other ``_require_token``
endpoints permanently unreachable behind the gate. Defer to the gate.
"""
if getattr(request.app.state, "auth_required", False):
# Gate is authoritative. It attaches ``request.state.session`` on
# success and 401s otherwise, so a request that reached us is already
# authenticated. Belt-and-braces: confirm the session is present.
if getattr(request.state, "session", None) is not None:
return
raise HTTPException(status_code=401, detail="Unauthorized")
if not _has_valid_session_token(request):
raise HTTPException(status_code=401, detail="Unauthorized")

105
tests/hermes_cli/test_dashboard_auth_middleware.py
View File

@@ -191,6 +191,111 @@ def test_full_login_round_trip_unlocks_gated_api(gated_app):
)
def _complete_stub_login(client) -> None:
"""Walk the stub OAuth round trip so ``client`` carries a valid session.
TestClient persists Set-Cookie across calls, so after this returns the
client's cookie jar holds ``hermes_session_at`` / ``hermes_session_rt``
and subsequent gated requests authenticate.
"""
r1 = client.get("/auth/login?provider=stub", follow_redirects=False)
assert r1.status_code == 302
state = r1.headers["location"].split("state=")[1]
r2 = client.get(
f"/auth/callback?code=stub_code&state={state}",
follow_redirects=False,
)
assert r2.status_code == 302
def test_gated_require_token_endpoint_accepts_cookie_session(gated_app):
"""Regression: ``_require_token`` endpoints must work under the OAuth gate.
In gated mode the legacy ``_SESSION_TOKEN`` is NOT injected into the SPA
(it authenticates with the session cookie). Endpoints that call
``_require_token`` directly — plugin install/enable/disable,
``/api/dashboard/plugins/hub``, and others — used to re-check the absent
token and 401 every cookie-authenticated request, making them permanently
unreachable behind the gate (the dashboard surfaced a
``401: {"detail":"Unauthorized"}`` popup on plugin install). The fix makes
``_require_token`` defer to the gate, which has already verified the cookie
and attached ``request.state.session`` before the handler runs.
We POST a deliberately invalid plugin identifier: a passing auth layer
lets the request reach the handler, which rejects the identifier with a
400. The assertion is simply "not 401" — proving auth succeeded without
coupling to the validation message.
"""
_complete_stub_login(gated_app)
r = gated_app.post(
"/api/dashboard/agent-plugins/install",
json={"identifier": "definitely not a valid identifier",
"force": False, "enable": False},
)
assert r.status_code != 401, (
"A _require_token endpoint 401'd a cookie-authenticated request under "
f"the OAuth gate (the install-popup bug). Body: {r.text}"
)
# And specifically: it reached the handler's own validation.
assert r.status_code == 400, (
f"Expected the install handler's 400 (bad identifier), got "
f"{r.status_code}: {r.text}"
)
def test_gated_require_token_endpoint_still_rejects_no_cookie(gated_app):
"""The gate must still 401 a ``_require_token`` endpoint with no session.
The fix defers to the gate — it does not make these endpoints public. A
request with no cookie is rejected by ``gated_auth_middleware`` before the
handler runs, so the install endpoint stays protected.
"""
r = gated_app.post(
"/api/dashboard/agent-plugins/install",
json={"identifier": "owner/repo", "force": False, "enable": False},
)
assert r.status_code == 401, (
f"Expected 401 for an unauthenticated install POST under the gate, "
f"got {r.status_code}: {r.text}"
)
# A representative spread of the OTHER ``_require_token`` endpoints (there are
# 14 in total). The install popup was just the reported symptom; the same bug
# made API-key reveal, provider validation, the OAuth-provider connect flow,
# and the rest of plugin management unreachable behind the gate. Each entry is
# (method, path, json_body); we assert only that a logged-in request is NOT
# 401'd — i.e. it cleared the auth layer and reached the handler. The
# handler's own status (400/404/429/etc.) is route-specific and not asserted.
_GATED_REQUIRE_TOKEN_ROUTES = [
("get", "/api/dashboard/plugins/hub", None),
("post", "/api/env/reveal", {"key": "NONEXISTENT_ENV_VAR_FOR_TEST"}),
("post", "/api/providers/validate", {"key": "OPENAI_API_KEY", "value": ""}),
("delete", "/api/providers/oauth/__not_a_real_provider__", None),
("post", "/api/dashboard/agent-plugins/__nope__/enable", None),
]
@pytest.mark.parametrize("method,path,body", _GATED_REQUIRE_TOKEN_ROUTES)
def test_gated_require_token_routes_accept_cookie_session(
gated_app, method, path, body
):
"""Every ``_require_token`` route must clear auth for a logged-in caller.
Same root cause and fix as
``test_gated_require_token_endpoint_accepts_cookie_session`` — this just
proves the fix covers the whole class, not only ``agent-plugins/install``.
"""
_complete_stub_login(gated_app)
kwargs = {"json": body} if body is not None else {}
r = gated_app.request(method.upper(), path, **kwargs)
assert r.status_code != 401, (
f"{method.upper()} {path} 401'd a cookie-authenticated request under "
f"the OAuth gate — _require_token still rejecting a valid session. "
f"Body: {r.text}"
)
def test_login_unknown_provider_returns_404(gated_app):
r = gated_app.get("/auth/login?provider=nonexistent", follow_redirects=False)
assert r.status_code == 404