ling/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-03 17:27:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0159f25fd024c76a5a1f66fdbca39a828e4e2a61
hermes-agent/gateway
History
UgwujaGeorge b7ad3f478f fix(yuanbao): enforce owner identity check on group slash commands 
The bot-owner identity check inside OwnerCommandMiddleware was commented
out and replaced with a hardcoded `is_owner = True`, so any group member
could trigger allowlisted privileged commands (/approve, /deny, /stop,
/reset, /retry, /undo, /new, /background, /bg, /btw, /queue, /q) by
sending the slash command without @-mentioning the bot. The most severe
case is /approve: a non-owner could approve a dangerous tool call the
bot was waiting on the owner to confirm.

Re-enable the documented identity check (push.from_account ==
push.bot_owner_id) so only the configured owner can issue these
commands.
2026-04-30 23:57:55 -07:00
..
builtin_hooks
remove: BOOT.md built-in hook (#17093)
2026-04-28 09:50:27 -07:00
platforms
fix(yuanbao): enforce owner identity check on group slash commands
2026-04-30 23:57:55 -07:00
__init__.py
Enhance CLI with multi-platform messaging integration and configuration management
2026-02-02 19:01:51 -08:00
channel_directory.py
feat: complete plugin platform parity — all 12 integration points
2026-04-29 21:56:51 -07:00
config.py
fix(gateway): coerce StreamingConfig booleans and malformed numerics safely
2026-04-30 20:37:49 -07:00
delivery.py
refactor: remove dead code — 1,784 lines across 77 files (#9180)
2026-04-13 16:32:04 -07:00
display_config.py
fix(gateway): default Slack tool_progress to off
2026-04-26 18:33:35 -07:00
hooks.py
fix(plugins): register dynamically-loaded modules in sys.modules before exec
2026-04-29 23:34:35 -07:00
mirror.py
fix(gateway): avoid cross-user mirror writes in per-user group sessions
2026-04-26 18:31:24 -07:00
pairing.py
refactor: consolidate symlink-safe atomic replace into shared helper
2026-04-28 04:58:22 -07:00
platform_registry.py
feat(irc): add interactive setup
2026-04-29 21:56:51 -07:00
restart.py
fix(gateway): address restart review feedback
2026-04-10 21:18:34 -07:00
run.py
fix(gateway): honor MATRIX_HOME_ROOM in onboarding
2026-04-30 23:13:34 -07:00
runtime_footer.py
feat(gateway): opt-in runtime-metadata footer on final replies (#17026)
2026-04-28 06:50:04 -07:00
session_context.py
fix(cron): run due jobs in parallel to prevent serial tick starvation (#13021)
2026-04-20 11:53:07 -07:00
session.py
fix(gateway): re-inject topic-bound skill after /new or /reset
2026-04-30 20:29:19 -07:00
status.py
fix(gateway): write restart markers atomically and fix Windows lock collisions
2026-04-30 19:58:16 -07:00
sticker_cache.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
stream_consumer.py
chore(salvage): strip duplicated/merge-corrupted blocks from PR #17664
2026-04-29 21:56:51 -07:00
whatsapp_identity.py
fix(whatsapp_identity): pin identifier regex to ASCII, clarify it's defense-in-depth
2026-04-26 20:48:31 -07:00