ling/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-28 06:51:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
67dcace412342ff11dff635c3f5002ed205ebabb
hermes-agent/tools
History
Teknium d09ab8ff13 fix(mcp-oauth): preserve server_url path for protected-resource validation (#16031) 
Stop pre-stripping the path from the configured MCP server URL before
constructing OAuthClientProvider. The MCP SDK strips the path itself via
OAuthContext.get_authorization_base_url() for authorization-server
discovery, but uses the full server_url through
resource_url_from_server_url() + check_resource_allowed() to validate
against the server's RFC 9728 Protected Resource Metadata.

For servers whose PRM advertises a path-scoped resource (e.g. Notion's
https://mcp.notion.com/mcp), our _parse_base_url() collapsed the URL to
the origin, so check_resource_allowed() saw requested='/' vs
configured='/mcp/' and refused the token. Fixes OAuth against Notion MCP
(and any other path-scoped resource).

Closes #16015.
2026-04-26 05:43:54 -07:00
..
browser_providers
feat: ungate Tool Gateway — subscription-based access with per-tool opt-in
2026-04-16 12:36:49 -07:00
environments
fix(env): safely quote ~/ subpaths in wrapped cd commands
2026-04-24 15:25:12 -07:00
neutts_samples
refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow
2026-03-17 02:33:12 -07:00
__init__.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
ansi_strip.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
approval.py
feat(approval): hardline blocklist for unrecoverable commands (#15878)
2026-04-25 22:07:12 -07:00
binary_extensions.py
fix(tools): address PR review — remove _extract_raw_output, BudgetConfig everywhere, read_file hardening
2026-04-08 02:24:32 -07:00
browser_camofox_state.py
feat(browser): add persistent Camofox sessions and VNC URL discovery (salvage #4400) (#4419)
2026-04-01 04:18:50 -07:00
browser_camofox.py
refactor: remove remaining redundant local imports (comprehensive sweep)
2026-04-21 00:50:58 -07:00
browser_cdp_tool.py
fix: sanitize tool schemas for llama.cpp backends; restore MCP in TUI (#15032)
2026-04-24 02:44:46 -07:00
browser_dialog_tool.py
feat(browser): CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540)
2026-04-23 22:23:37 -07:00
browser_supervisor.py
feat(browser): CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540)
2026-04-23 22:23:37 -07:00
browser_tool.py
feat(browser): CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540)
2026-04-23 22:23:37 -07:00
budget_config.py
fix: preserve existing thresholds, remove pre-read byte guard
2026-04-08 02:24:32 -07:00
checkpoint_manager.py
refactor: remove redundant local imports already available at module level
2026-04-21 00:50:58 -07:00
clarify_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
code_execution_tool.py
fix(tools): restrict RPC socket permissions to owner-only
2026-04-22 17:27:18 -07:00
credential_files.py
refactor: extract shared helpers to deduplicate repeated code patterns (#7917)
2026-04-11 13:59:52 -07:00
cronjob_tools.py
fix(cron): wire context_from through the update action
2026-04-25 04:49:28 -07:00
debug_helpers.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00
delegate_tool.py
fix(delegate): resolve subagent approval prompts without deadlocking parent TUI (#15491)
2026-04-24 22:37:22 -07:00
discord_tool.py
feat(discord): split discord_server into discord + discord_admin tools
2026-04-25 04:50:14 -07:00
env_passthrough.py
fix(env_passthrough): reject Hermes provider credentials from skill passthrough (#13523)
2026-04-21 06:14:25 -07:00
feishu_doc_tool.py
fix(feishu-comment): use get_hermes_home(); drop dead asyncio wrapper; AUTHOR_MAP
2026-04-17 19:04:11 -07:00
feishu_drive_tool.py
fix(feishu-comment): use get_hermes_home(); drop dead asyncio wrapper; AUTHOR_MAP
2026-04-17 19:04:11 -07:00
file_operations.py
feat(skills): add design-md skill for Google's DESIGN.md spec (#14876)
2026-04-23 21:51:19 -07:00
file_state.py
feat(delegate): cross-agent file state coordination for concurrent subagents (#13718)
2026-04-21 16:41:26 -07:00
file_tools.py
fix(file_tools): resolve bookkeeping paths against live terminal cwd
2026-04-23 15:11:52 -07:00
fuzzy_match.py
fix(patch): gate 'did you mean?' to no-match + extend to v4a/skill_manage
2026-04-21 02:03:46 -07:00
homeassistant_tool.py
fix: clean up description escaping, add string-data tests
2026-04-13 04:45:07 -07:00
image_generation_tool.py
fix(image-gen): force-refresh plugin providers in long-lived sessions
2026-04-23 03:01:18 -07:00
interrupt.py
fix(interrupt): propagate to concurrent-tool workers + opt-in debug trace (#11907)
2026-04-17 20:39:25 -07:00
managed_tool_gateway.py
fix(tools): add debug logging for token refresh and tighten domain check
2026-04-02 12:40:03 +11:00
mcp_oauth_manager.py
fix(mcp-oauth): preserve server_url path for protected-resource validation (#16031)
2026-04-26 05:43:54 -07:00
mcp_oauth.py
fix(mcp-oauth): preserve server_url path for protected-resource validation (#16031)
2026-04-26 05:43:54 -07:00
mcp_tool.py
fix(mcp): auto-reconnect + retry once when the transport session expires (#13383)
2026-04-24 05:28:45 -07:00
memory_tool.py
fix: nest msvcrt import inside fcntl except block
2026-04-14 10:18:05 -07:00
mixture_of_agents_tool.py
Fix (mixture_of_agents): replace deprecated Gemini model and forward max_tokens to OpenRouter (#6621)
2026-04-23 15:14:11 -07:00
neutts_synth.py
fix(tts): document NeuTTS provider and align install guidance (#1903)
2026-03-18 02:55:30 -07:00
openrouter_client.py
refactor: route ad-hoc LLM consumers through centralized provider router
2026-03-11 20:02:36 -07:00
osv_check.py
feat: OSV malware check for MCP extension packages (#5305)
2026-04-05 12:46:07 -07:00
patch_parser.py
fix(patch): gate 'did you mean?' to no-match + extend to v4a/skill_manage
2026-04-21 02:03:46 -07:00
path_security.py
refactor: extract shared helpers to deduplicate repeated code patterns (#7917)
2026-04-11 13:59:52 -07:00
process_registry.py
fix(terminal): three-layer defense against watch_patterns notification spam (#15642)
2026-04-25 06:41:58 -07:00
registry.py
fix: tighten AST check to module-level only
2026-04-14 21:12:29 -07:00
rl_training_tool.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00
schema_sanitizer.py
fix: sanitize tool schemas for llama.cpp backends; restore MCP in TUI (#15032)
2026-04-24 02:44:46 -07:00
send_message_tool.py
refactor: remove remaining redundant local imports (comprehensive sweep)
2026-04-21 00:50:58 -07:00
session_search_tool.py
fix(aux): add session_search extra_body and concurrency controls
2026-04-20 00:47:39 -07:00
skill_manager_tool.py
feat(skills-guard): gate agent-created scanner on config.skills.guard_agent_created (default off)
2026-04-23 06:20:47 -07:00
skills_guard.py
feat(skills-guard): gate agent-created scanner on config.skills.guard_agent_created (default off)
2026-04-23 06:20:47 -07:00
skills_hub.py
feat(skills): add MiniMax-AI/cli as default skill tap
2026-04-23 02:35:13 -07:00
skills_sync.py
feat(skills_sync): surface collision with reset-hint
2026-04-23 05:09:08 -07:00
skills_tool.py
fix(skills): drop raw_content to avoid doubling skill payload
2026-04-24 15:15:07 -07:00
terminal_tool.py
fix(terminal): three-layer defense against watch_patterns notification spam (#15642)
2026-04-25 06:41:58 -07:00
tirith_security.py
fix: guard against None tirith path in security scanner
2026-04-23 03:08:53 -07:00
todo_tool.py
fix(tools): enforce ID uniqueness in TODO store during replace operations
2026-04-11 16:22:50 -07:00
tool_backend_helpers.py
fix(fal): extend whitespace-only FAL_KEY handling to all call sites
2026-04-21 02:04:21 -07:00
tool_output_limits.py
feat(skills): add design-md skill for Google's DESIGN.md spec (#14876)
2026-04-23 21:51:19 -07:00
tool_result_storage.py
fix(tools): neutralize shell injection in _write_to_sandbox via path quoting (#7940)
2026-04-11 14:26:11 -07:00
transcription_tools.py
fix(transcription): fall back to CPU when CUDA runtime libs are missing
2026-04-24 02:50:14 -07:00
tts_tool.py
fix(tts): use per-provider input-character caps instead of global 4000 (#13743)
2026-04-21 17:49:39 -07:00
url_safety.py
feat(security): add global toggle to allow private/internal URL resolution
2026-04-22 14:38:59 -07:00
vision_tools.py
fix: vision tool respects auxiliary.vision.temperature from config (#4661)
2026-04-20 00:32:09 -07:00
voice_mode.py
fix: point optional-dep install hints at the venv's python (#11938)
2026-04-17 21:16:33 -07:00
web_tools.py
feat(web): support TAVILY_BASE_URL env var for custom proxy endpoints
2026-04-22 17:36:33 -07:00
website_policy.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00
xai_http.py
feat(xai): upgrade to Responses API, add TTS provider
2026-04-16 02:24:08 -07:00