ling/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-01 00:11:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ef6455238a6a383c3004e3703193e9796e38da85
hermes-agent/tools
History
0xbyt4 ef6455238a fix(mcp-oauth): port mismatch, path traversal, and shared state in OAuth flow 
Three bugs in the new MCP OAuth 2.1 PKCE implementation:

1. CRITICAL: OAuth redirect port mismatch — build_oauth_auth() calls
   _find_free_port() to register the redirect_uri, but _wait_for_callback()
   calls _find_free_port() again getting a DIFFERENT port. Browser redirects
   to port A, server listens on port B — callback never arrives, 120s timeout.
   Fix: share the port via module-level _oauth_port variable.

2. MEDIUM: Path traversal via unsanitized server_name — HermesTokenStorage
   uses server_name directly in filenames. A name like "../../.ssh/config"
   writes token files outside ~/.hermes/mcp-tokens/.
   Fix: sanitize server_name with the same regex pattern used elsewhere.

3. MEDIUM: Class-level auth_code/state on _CallbackHandler causes data
   races if concurrent OAuth flows run. Second callback overwrites first.
   Fix: factory function _make_callback_handler() returns a handler class
   with a closure-scoped result dict, isolating each flow.
2026-03-22 15:01:56 -07:00
..
browser_providers
feat(browser): multi-provider cloud browser support + Browser Use integration
2026-03-17 00:16:34 -07:00
environments
fix(daytona): migrate sandbox lookup from find_one to get/list
2026-03-19 17:54:46 +01:00
neutts_samples
refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow
2026-03-17 02:33:12 -07:00
__init__.py
feat: compress cron management into one tool
2026-03-14 12:21:50 -07:00
approval.py
fix(security): harden terminal safety and sandbox file writes (#1653)
2026-03-17 02:22:12 -07:00
browser_tool.py
chore: remove unused imports, dead code, and stale comments
2026-03-22 08:33:34 -07:00
checkpoint_manager.py
feat: major /rollback improvements — enabled by default, diff preview, file-level restore, conversation undo, terminal checkpoints
2026-03-16 04:43:37 -07:00
clarify_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
code_execution_tool.py
fix(tools): fix resource leak and double socket close in code_execution_tool (#2381)
2026-03-21 15:55:25 -07:00
cronjob_tools.py
fix(cron): support Telegram topic delivery via platform:chat_id:thread_id format (#2455)
2026-03-22 04:18:28 -07:00
debug_helpers.py
refactor: consolidate debug logging across tools with shared DebugSession class
2026-02-21 03:53:24 -08:00
delegate_tool.py
fix: 6 bugs in model metadata, reasoning detection, and delegate tool
2026-03-20 08:52:37 -07:00
file_operations.py
fix: make _is_write_denied robust to Path objects (#1678)
2026-03-17 02:57:02 -07:00
file_tools.py
fix(file_tools): strip ANSI escape codes from write_file and patch content (#2532)
2026-03-22 11:17:06 -07:00
fuzzy_match.py
fix(tools): browser handler safety + fuzzy_match docstring accuracy
2026-03-17 04:32:39 -07:00
homeassistant_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
honcho_tools.py
fix(honcho): isolate session routing for multi-user gateway (#1500)
2026-03-16 00:23:47 -07:00
image_generation_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
interrupt.py
feat: enhance interrupt handling and container resource configuration
2026-02-23 02:11:33 -08:00
mcp_oauth.py
fix(mcp-oauth): port mismatch, path traversal, and shared state in OAuth flow
2026-03-22 15:01:56 -07:00
mcp_tool.py
feat(cli): MCP server management CLI + OAuth 2.1 PKCE auth
2026-03-22 04:52:52 -07:00
memory_tool.py
fix(memory): file-lock read-modify-write to prevent concurrent data loss
2026-03-17 04:19:11 -07:00
mixture_of_agents_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
neutts_synth.py
fix(tts): document NeuTTS provider and align install guidance (#1903)
2026-03-18 02:55:30 -07:00
openrouter_client.py
refactor: route ad-hoc LLM consumers through centralized provider router
2026-03-11 20:02:36 -07:00
patch_parser.py
fix(patch): use regex to detect line-number prefix to avoid corrupting pipe chars
2026-03-14 03:47:13 -07:00
process_registry.py
fix(gateway): persist watcher metadata in checkpoint for crash recovery (#1706)
2026-03-17 03:52:15 -07:00
registry.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
rl_training_tool.py
fix: replace production print() calls with logger in rl_training_tool (salvage #1981) (#2462)
2026-03-22 04:35:23 -07:00
send_message_tool.py
fix: add missing platforms to cron/send_message delivery maps and tool schema
2026-03-20 08:52:21 -07:00
session_search_tool.py
fix(session_search): exclude current session lineage
2026-03-20 21:07:48 -07:00
skill_manager_tool.py
fix(skills_guard): agent-created dangerous skills ask instead of block
2026-03-22 03:56:02 -07:00
skills_guard.py
fix(skills_guard): agent-created dangerous skills ask instead of block
2026-03-22 03:56:02 -07:00
skills_hub.py
fix: skills hub inspect/resolve — 4 bugs
2026-03-22 04:03:28 -07:00
skills_sync.py
fix: make skills manifest writes atomic
2026-03-08 23:53:57 -07:00
skills_tool.py
fix: disabled skills respected across banner, system prompt, slash commands, and skill_view (#1897)
2026-03-18 03:17:37 -07:00
terminal_tool.py
chore: remove unused imports, dead code, and stale comments
2026-03-22 08:33:34 -07:00
tirith_security.py
fix: send_animation metadata, MarkdownV2 inline code splitting, tirith cosign-free install (#1626)
2026-03-16 23:39:41 -07:00
todo_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
transcription_tools.py
fix(stt): respect explicit provider config instead of env-var fallback (#1775)
2026-03-17 10:30:58 -07:00
tts_tool.py
feat(tools): add base_url support to OpenAI TTS provider
2026-03-19 23:55:13 +08:00
vision_tools.py
fix: make vision_analyze timeout configurable via config.yaml (#2480)
2026-03-22 05:28:24 -07:00
voice_mode.py
fix: improve error message when PortAudio system library is missing
2026-03-22 04:38:17 -07:00
web_tools.py
chore: remove unused imports, dead code, and stale comments
2026-03-22 08:33:34 -07:00
website_policy.py
fix: harden website blocklist — default off, TTL cache, fail-open, guarded imports
2026-03-17 03:11:26 -07:00