ling/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-02 08:47:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
5f26d608601d9d4634db71c3838d76905c24ae2f
hermes-agent/tests
History
Dusk1e 5f26d60860 fix(tools): prevent command argument injection and path traversal in checkpoint manager 
This commit addresses a security vulnerability where unsanitized user inputs for commit_hash and file_path were passed directly to git commands in CheckpointManager.restore() and diff(). It validates commit hashes to be strictly hexadecimal characters without leading dashes (preventing flag injection like '--patch') and enforces file paths to stay within the working directory via root resolution. Regression tests test_restore_rejects_argument_injection, test_restore_rejects_invalid_hex_chars, and test_restore_rejects_path_traversal were added.
2026-04-11 14:25:13 -07:00
..
acp
fix(acp): declare session load and resume capabilities in initialize response (#6985)
2026-04-10 03:45:36 -07:00
agent
fix(vision): auto-resize oversized images, increase default timeout, fix vision capability detection
2026-04-11 11:12:50 -07:00
cli
fix(gateway): make manual compression feedback truthful
2026-04-10 21:16:53 -07:00
cron
feat(cron): support Discord thread_id in deliver targets
2026-04-10 03:20:05 -07:00
e2e
refactor: extract shared helpers to deduplicate repeated code patterns (#7917)
2026-04-11 13:59:52 -07:00
environments/benchmarks
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944)
2026-04-07 17:28:37 -07:00
fakes
fix: streaming tool call parsing, error handling, and fake HA state mutation
2026-03-14 14:27:20 +03:00
gateway
fix: mock aiohttp server in startup guard tests to avoid port binding
2026-04-11 14:05:38 -07:00
hermes_cli
fix: propagate model through credential pool path + add tests
2026-04-11 14:09:40 -07:00
honcho_plugin
feat(honcho): add opt-in initOnSessionStart for tools mode and respect explicit peerName (#6995)
2026-04-11 00:43:27 -07:00
integration
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
plugins
feat(hindsight): feature parity, setup wizard, and config improvements
2026-04-08 23:54:15 -07:00
run_agent
fix: scope tool interrupt signal per-thread to prevent cross-session leaks (#7930)
2026-04-11 14:02:58 -07:00
skills
fix: update tests for gws migration
2026-04-09 14:28:35 -07:00
tools
fix(tools): prevent command argument injection and path traversal in checkpoint manager
2026-04-11 14:25:13 -07:00
__init__.py
A bit of restructuring for simplicity and organization
2025-10-01 23:29:25 +00:00
conftest.py
fix(tests): fix several failing/flaky tests on main (#6777)
2026-04-09 13:17:06 -07:00
run_interrupt_test.py
fix: thread safety for concurrent subagent delegation (#1672)
2026-03-17 02:53:33 -07:00
test_batch_runner_checkpoint.py
fix: sanitize chat payloads and provider precedence
2026-03-13 23:59:12 -07:00
test_cli_file_drop.py
fix(gateway): reject file paths in get_command() + file-drop tests (#7356)
2026-04-10 13:06:02 -07:00
test_cli_skin_integration.py
fix: CLI/UX batch — ChatConsole errors, curses scroll, skin-aware banner, git state banner (#5974)
2026-04-07 17:59:42 -07:00
test_ctx_halving_fix.py
fix(compaction): don't halve context_length on output-cap-too-large errors
2026-04-09 11:27:41 -07:00
test_evidence_store.py
feat: add OSS Security Forensics skill (Skills Hub) (#1482)
2026-03-15 21:59:53 -07:00
test_hermes_constants.py
fix: profile paths broken in Docker — profiles go to /root/.hermes instead of mounted volume (#7170)
2026-04-10 05:53:10 -07:00
test_hermes_logging.py
feat(nix): shared-state permission model for interactive CLI users (#6796)
2026-04-10 03:48:42 +05:30
test_hermes_state.py
fix(state): orphan children instead of cascade-deleting in prune/delete (#6513)
2026-04-09 02:41:56 -07:00
test_honcho_client_config.py
feat(memory): pluggable memory provider interface with profile isolation, review fixes, and honcho CLI restoration (#4623)
2026-04-02 15:33:51 -07:00
test_mcp_serve.py
feat: add MCP server mode — hermes mcp serve (#3795)
2026-03-29 15:47:19 -07:00
test_minisweagent_path.py
chore: remove all remaining mini-swe-agent references
2026-03-24 08:19:23 -07:00
test_model_picker_scroll.py
fix: CLI/UX batch — ChatConsole errors, curses scroll, skin-aware banner, git state banner (#5974)
2026-04-07 17:59:42 -07:00
test_model_tools_async_bridge.py
fix: use per-thread persistent event loops in worker threads
2026-03-20 15:41:06 -04:00
test_model_tools.py
Add request-scoped plugin lifecycle hooks
2026-04-05 23:31:29 -07:00
test_ollama_num_ctx.py
fix: provider/model resolution — salvage 4 PRs + MiniMax aux URL fix (#5983)
2026-04-07 22:23:28 -07:00
test_packaging_metadata.py
chore: prepare Hermes for Homebrew packaging (#4099)
2026-03-30 17:34:43 -07:00
test_project_metadata.py
refactor(matrix): swap matrix-nio for mautrix-python dependency
2026-04-10 21:15:59 -07:00
test_retry_utils.py
feat(agent): add jittered retry backoff
2026-04-08 00:41:36 -07:00
test_sql_injection.py
fix(security): eliminate SQL string formatting in execute() calls
2026-03-19 15:16:35 +01:00
test_subprocess_home_isolation.py
fix: per-profile subprocess HOME isolation (#4426) (#7357)
2026-04-10 13:37:45 -07:00
test_timezone.py
fix: remove 115 verified dead code symbols across 46 production files
2026-04-10 03:44:43 -07:00
test_toolset_distributions.py
test: add unit tests for 8 modules (batch 2)
2026-02-26 13:54:20 +03:00
test_toolsets.py
fix: add missing Platform.SIGNAL to toolset mappings, update test + config docs
2026-03-09 23:27:19 -07:00
test_trajectory_compressor_async.py
fix: create AsyncOpenAI lazily in trajectory_compressor to avoid closed event loop (#4013)
2026-03-30 13:16:16 -07:00
test_trajectory_compressor.py
fix: URL-based auth for third-party Anthropic endpoints + CI test fixes (#4148)
2026-03-30 20:36:56 -07:00
test_utils_truthy_values.py
Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway.
2026-03-30 13:28:10 +09:00