From e2a490560610ff5edd343913ccce06d0ba383d10 Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 17:41:10 -0400 Subject: [PATCH 001/133] feat(dashboard): add Plugins page with enable/disable, auth status, install/remove - New PluginsPage.tsx: full plugin management UI (list, enable/disable, install from git, remove, git pull updates, provider picker) - Backend: dashboard_set_agent_plugin_enabled now also toggles the plugin's toolset in platform_toolsets so enabling actually makes tools visible in agent sessions - Backend: /api/dashboard/plugins/hub returns auth_required + auth_command per plugin (checks tool registry check_fn) - Frontend: auth_required shown as Badge + CommandBlock with copy-able auth command - Fix: Select overflow in providers card (min-w-0 grid cells, removed truncate/overflow-hidden that clipped dropdown) - Refactor: _install_plugin_core extracted for non-interactive reuse, PluginOperationError for structured error handling - i18n: en/zh/types updated with all new plugin page strings --- hermes_cli/plugins_cmd.py | 491 ++++++++++++++++++++++------- hermes_cli/web_server.py | 217 +++++++++++++ ui-tui/package-lock.json | 41 +-- web/src/App.tsx | 169 +++++++--- web/src/i18n/en.ts | 41 +++ web/src/i18n/types.ts | 40 +++ web/src/i18n/zh.ts | 40 +++ web/src/lib/api.ts | 98 ++++++ web/src/pages/PluginsPage.tsx | 569 ++++++++++++++++++++++++++++++++++ web/src/plugins/slots.ts | 4 + 10 files changed, 1521 insertions(+), 189 deletions(-) create mode 100644 web/src/pages/PluginsPage.tsx diff --git a/hermes_cli/plugins_cmd.py b/hermes_cli/plugins_cmd.py index 352dadd194b..a13e1b212c6 100644 --- a/hermes_cli/plugins_cmd.py +++ b/hermes_cli/plugins_cmd.py @@ -15,13 +15,18 @@ import shutil import subprocess import sys from pathlib import Path -from typing import Optional +from typing import Any, Optional from hermes_constants import get_hermes_home from hermes_cli.config import cfg_get logger = logging.getLogger(__name__) + +class PluginOperationError(Exception): + """Recoverable plugin install/update failure (CLI exits; HTTP maps to 4xx).""" + + # Minimum manifest version this installer understands. # Plugins may declare ``manifest_version: 1`` in plugin.yaml; # future breaking changes to the manifest schema bump this. @@ -150,6 +155,24 @@ def _copy_example_files(plugin_dir: Path, console) -> None: ) +def _missing_requires_env_names(manifest: dict) -> list[str]: + """Return declared ``requires_env`` names that are unset in ``~/.hermes/.env``.""" + requires_env = manifest.get("requires_env") or [] + if not requires_env: + return [] + + from hermes_cli.config import get_env_value + + env_specs: list[dict] = [] + for entry in requires_env: + if isinstance(entry, str): + env_specs.append({"name": entry}) + elif isinstance(entry, dict) and entry.get("name"): + env_specs.append(entry) + + return [s["name"] for s in env_specs if s.get("name") and not get_env_value(s["name"])] + + def _prompt_plugin_env_vars(manifest: dict, console) -> None: """Prompt for required environment variables declared in plugin.yaml. @@ -283,6 +306,95 @@ def _require_installed_plugin(name: str, plugins_dir: Path, console) -> Path: # --------------------------------------------------------------------------- +def _install_plugin_core(identifier: str, *, force: bool) -> tuple[Path, dict, str]: + """Clone Git plugin into ``~/.hermes/plugins``. + + Returns ``(target_dir, installed_manifest, canonical_name)``. + Raises ``PluginOperationError`` on failure. + """ + import tempfile + + try: + git_url = _resolve_git_url(identifier) + except ValueError as e: + raise PluginOperationError(str(e)) from e + + plugins_dir = _plugins_dir() + + with tempfile.TemporaryDirectory() as tmp: + tmp_target = Path(tmp) / "plugin" + + try: + result = subprocess.run( + ["git", "clone", "--depth", "1", git_url, str(tmp_target)], + capture_output=True, + text=True, + timeout=60, + ) + except FileNotFoundError as e: + raise PluginOperationError( + "git is not installed or not in PATH.", + ) from e + except subprocess.TimeoutExpired as e: + raise PluginOperationError( + "Git clone timed out after 60 seconds.", + ) from e + + if result.returncode != 0: + err = (result.stderr or result.stdout or "").strip() + raise PluginOperationError(f"Git clone failed:\n{err}") + + manifest = _read_manifest(tmp_target) + plugin_name = manifest.get("name") or _repo_name_from_url(git_url) + + try: + target = _sanitize_plugin_name(plugin_name, plugins_dir) + except ValueError as e: + raise PluginOperationError(str(e)) from e + + mv = manifest.get("manifest_version") + if mv is not None: + try: + mv_int = int(mv) + except (ValueError, TypeError): + raise PluginOperationError( + f"Plugin '{plugin_name}' has invalid manifest_version " + f"'{mv}' (expected an integer).", + ) from None + if mv_int > _SUPPORTED_MANIFEST_VERSION: + from hermes_cli.config import recommended_update_command + + raise PluginOperationError( + f"Plugin '{plugin_name}' requires manifest_version {mv}, " + f"but this installer only supports up to {_SUPPORTED_MANIFEST_VERSION}. " + f"Run {recommended_update_command()} to update Hermes.", + ) from None + + if target.exists(): + if not force: + raise PluginOperationError( + f"Plugin '{plugin_name}' already exists. Use force reinstall " + f"or run `hermes plugins update {plugin_name}`.", + ) + shutil.rmtree(target) + + shutil.move(str(tmp_target), str(target)) + + has_yaml = (target / "plugin.yaml").exists() or (target / "plugin.yml").exists() + if not has_yaml and not (target / "__init__.py").exists(): + logger.warning( + "%s has no plugin.yaml / __init__.py; may not be a valid plugin", + plugin_name, + ) + + from rich.console import Console + + _copy_example_files(target, Console()) + installed_manifest = _read_manifest(target) + installed_name = installed_manifest.get("name") or target.name + return target, installed_manifest, installed_name + + def cmd_install( identifier: str, force: bool = False, @@ -293,7 +405,6 @@ def cmd_install( After install, prompt "Enable now? [y/N]" unless *enable* is provided (True = auto-enable without prompting, False = install disabled). """ - import tempfile from rich.console import Console console = Console() @@ -304,114 +415,41 @@ def cmd_install( console.print(f"[red]Error:[/red] {e}") sys.exit(1) - # Warn about insecure / local URL schemes if git_url.startswith(("http://", "file://")): console.print( "[yellow]Warning:[/yellow] Using insecure/local URL scheme. " - "Consider using https:// or git@ for production installs." + "Consider using https:// or git@ for production installs.", ) - plugins_dir = _plugins_dir() + console.print(f"[dim]Cloning {git_url}...[/dim]") - # Clone into a temp directory first so we can read plugin.yaml for the name - with tempfile.TemporaryDirectory() as tmp: - tmp_target = Path(tmp) / "plugin" - console.print(f"[dim]Cloning {git_url}...[/dim]") + try: + target, installed_manifest, installed_name = _install_plugin_core( + identifier, + force=force, + ) + except PluginOperationError as e: + console.print(f"[red]Error:[/red] {e}") + sys.exit(1) - try: - result = subprocess.run( - ["git", "clone", "--depth", "1", git_url, str(tmp_target)], - capture_output=True, - text=True, - timeout=60, - ) - except FileNotFoundError: - console.print("[red]Error:[/red] git is not installed or not in PATH.") - sys.exit(1) - except subprocess.TimeoutExpired: - console.print("[red]Error:[/red] Git clone timed out after 60 seconds.") - sys.exit(1) - - if result.returncode != 0: - console.print( - f"[red]Error:[/red] Git clone failed:\n{result.stderr.strip()}" - ) - sys.exit(1) - - # Read manifest - manifest = _read_manifest(tmp_target) - plugin_name = manifest.get("name") or _repo_name_from_url(git_url) - - # Sanitize plugin name against path traversal - try: - target = _sanitize_plugin_name(plugin_name, plugins_dir) - except ValueError as e: - console.print(f"[red]Error:[/red] {e}") - sys.exit(1) - - # Check manifest_version compatibility - mv = manifest.get("manifest_version") - if mv is not None: - try: - mv_int = int(mv) - except (ValueError, TypeError): - console.print( - f"[red]Error:[/red] Plugin '{plugin_name}' has invalid " - f"manifest_version '{mv}' (expected an integer)." - ) - sys.exit(1) - if mv_int > _SUPPORTED_MANIFEST_VERSION: - from hermes_cli.config import recommended_update_command - console.print( - f"[red]Error:[/red] Plugin '{plugin_name}' requires manifest_version " - f"{mv}, but this installer only supports up to {_SUPPORTED_MANIFEST_VERSION}.\n" - f"Run [bold]{recommended_update_command()}[/bold] to get a newer installer." - ) - sys.exit(1) - - if target.exists(): - if not force: - console.print( - f"[red]Error:[/red] Plugin '{plugin_name}' already exists at {target}.\n" - f"Use [bold]--force[/bold] to remove and reinstall, or " - f"[bold]hermes plugins update {plugin_name}[/bold] to pull latest." - ) - sys.exit(1) - console.print(f"[dim] Removing existing {plugin_name}...[/dim]") - shutil.rmtree(target) - - # Move from temp to final location - shutil.move(str(tmp_target), str(target)) - - # Validate it looks like a plugin - if not (target / "plugin.yaml").exists() and not (target / "__init__.py").exists(): + if not (target / "plugin.yaml").exists() and not (target / "plugin.yml").exists() and not ( + target / "__init__.py" + ).exists(): console.print( - f"[yellow]Warning:[/yellow] {plugin_name} doesn't contain plugin.yaml " - f"or __init__.py. It may not be a valid Hermes plugin." + f"[yellow]Warning:[/yellow] {installed_name} doesn't contain plugin.yaml " + f"or __init__.py. It may not be a valid Hermes plugin.", ) - # Copy .example files to their real names (e.g. config.yaml.example → config.yaml) - _copy_example_files(target, console) - - # Re-read manifest from installed location (for env var prompting) - installed_manifest = _read_manifest(target) - - # Prompt for required environment variables before showing after-install docs _prompt_plugin_env_vars(installed_manifest, console) _display_after_install(target, identifier) - # Determine the canonical plugin name for enable-list bookkeeping. - installed_name = installed_manifest.get("name") or target.name - - # Decide whether to enable: explicit flag > interactive prompt > default off should_enable = enable if should_enable is None: - # Interactive prompt unless stdin isn't a TTY (scripted install). if sys.stdin.isatty() and sys.stdout.isatty(): try: answer = input( - f" Enable '{installed_name}' now? [y/N]: " + f" Enable '{installed_name}' now? [y/N]: ", ).strip().lower() should_enable = answer in ("y", "yes") except (EOFError, KeyboardInterrupt): @@ -427,12 +465,12 @@ def cmd_install( _save_enabled_set(enabled) _save_disabled_set(disabled) console.print( - f"[green]✓[/green] Plugin [bold]{installed_name}[/bold] enabled." + f"[green]✓[/green] Plugin [bold]{installed_name}[/bold] enabled.", ) else: console.print( f"[dim]Plugin installed but not enabled. " - f"Run `hermes plugins enable {installed_name}` to activate.[/dim]" + f"Run `hermes plugins enable {installed_name}` to activate.[/dim]", ) console.print("[dim]Restart the gateway for the plugin to take effect:[/dim]") @@ -462,36 +500,22 @@ def cmd_update(name: str) -> None: console.print(f"[dim]Updating {name}...[/dim]") - try: - result = subprocess.run( - ["git", "pull", "--ff-only"], - capture_output=True, - text=True, - timeout=60, - cwd=str(target), - ) - except FileNotFoundError: - console.print("[red]Error:[/red] git is not installed or not in PATH.") - sys.exit(1) - except subprocess.TimeoutExpired: - console.print("[red]Error:[/red] Git pull timed out after 60 seconds.") - sys.exit(1) - - if result.returncode != 0: - console.print(f"[red]Error:[/red] Git pull failed:\n{result.stderr.strip()}") + ok, output = _git_pull_plugin_dir(target) + if not ok: + console.print(f"[red]Error:[/red] {output}") sys.exit(1) # Copy any new .example files _copy_example_files(target, console) - output = result.stdout.strip() - if "Already up to date" in output: + out = output.strip() + if "Already up to date" in out: console.print( f"[green]✓[/green] Plugin [bold]{name}[/bold] is already up to date." ) else: console.print(f"[green]✓[/green] Plugin [bold]{name}[/bold] updated.") - console.print(f"[dim]{output}[/dim]") + console.print(f"[dim]{out}[/dim]") def cmd_remove(name: str) -> None: @@ -1244,6 +1268,247 @@ def _run_composite_fallback(plugin_names, plugin_labels, plugin_selected, print() +def dashboard_install_plugin( + identifier: str, + *, + force: bool, + enable: bool, +) -> dict[str, Any]: + """Non-interactive install for the web dashboard. Returns a JSON-serializable dict.""" + warnings: list[str] = [] + try: + git_url = _resolve_git_url(identifier) + if git_url.startswith(("http://", "file://")): + warnings.append( + "Insecure URL scheme; prefer https:// or git@ for production installs.", + ) + except ValueError: + pass + + try: + target, installed_manifest, installed_name = _install_plugin_core( + identifier, + force=force, + ) + except PluginOperationError as exc: + return {"ok": False, "error": str(exc)} + + missing_env = _missing_requires_env_names(installed_manifest) + if enable: + en = _get_enabled_set() + dis = _get_disabled_set() + en.add(installed_name) + dis.discard(installed_name) + _save_enabled_set(en) + _save_disabled_set(dis) + + hint: str | None = None + ap = target / "after-install.md" + if ap.exists(): + hint = str(ap) + + return { + "ok": True, + "plugin_name": installed_name, + "warnings": warnings, + "missing_env": missing_env, + "after_install_path": hint, + "enabled": enable, + } + + +def _get_plugin_toolset_key(name: str) -> Optional[str]: + """Return the toolset key a plugin registers its tools under, or None. + + Queries the live tool registry — the plugin must already be loaded. + Falls back to reading ``provides_tools`` from plugin.yaml and looking + up the toolset from the registry for the first tool name found. + """ + try: + from tools.registry import registry + except Exception: + return None + + # Check the plugin manager for tools this plugin registered + try: + from hermes_cli.plugins import discover_plugins, get_plugin_manager + discover_plugins() # idempotent — ensures plugins are loaded + manager = get_plugin_manager() + for _key, loaded in manager._plugins.items(): + if loaded.manifest.name == name or _key == name: + for tool_name in loaded.tools_registered: + entry = registry.get_entry(tool_name) + if entry and entry.toolset: + return entry.toolset + break + except Exception: + pass + + # Fallback: read provides_tools from manifest on disk and query registry + try: + from hermes_cli.plugins import get_bundled_plugins_dir + for base in (get_bundled_plugins_dir(), _plugins_dir()): + if not base.is_dir(): + continue + candidate = base / name + if candidate.is_dir(): + manifest = _read_manifest(candidate) + for tool_name in manifest.get("provides_tools") or []: + entry = registry.get_entry(tool_name) + if entry and entry.toolset: + return entry.toolset + except Exception: + pass + + return None + + +def _toggle_plugin_toolset(name: str, *, enable: bool) -> None: + """Add or remove a plugin's toolset from platform_toolsets for all platforms. + + Only acts if the plugin actually provides tools (has a toolset key). + """ + toolset_key = _get_plugin_toolset_key(name) + if not toolset_key: + return + + from hermes_cli.config import load_config, save_config + + config = load_config() + platform_toolsets = config.get("platform_toolsets") + if not isinstance(platform_toolsets, dict): + platform_toolsets = {} + config["platform_toolsets"] = platform_toolsets + + changed = False + for platform, ts_list in platform_toolsets.items(): + if not isinstance(ts_list, list): + continue + if enable: + if toolset_key not in ts_list: + ts_list.append(toolset_key) + changed = True + else: + if toolset_key in ts_list: + ts_list.remove(toolset_key) + changed = True + + # If enabling and no platforms have toolset lists yet, add to "cli" at minimum + if enable and not changed and not platform_toolsets: + platform_toolsets["cli"] = [toolset_key] + changed = True + + if changed: + save_config(config) + + +def dashboard_set_agent_plugin_enabled(name: str, *, enabled: bool) -> dict[str, Any]: + """Enable or disable a plugin in ``config.yaml`` (runtime allow/deny lists). + + For plugins that provide tools (toolsets), also toggles the toolset in + ``platform_toolsets`` so the agent actually sees the tools in sessions. + """ + if not _plugin_exists(name): + return {"ok": False, "error": f"Plugin '{name}' is not installed or bundled."} + + en = _get_enabled_set() + dis = _get_disabled_set() + + if enabled: + if name in en and name not in dis: + return {"ok": True, "name": name, "unchanged": True} + en.add(name) + dis.discard(name) + _save_enabled_set(en) + _save_disabled_set(dis) + _toggle_plugin_toolset(name, enable=True) + return {"ok": True, "name": name, "unchanged": False} + + if name not in en and name in dis: + return {"ok": True, "name": name, "unchanged": True} + + en.discard(name) + dis.add(name) + _save_enabled_set(en) + _save_disabled_set(dis) + _toggle_plugin_toolset(name, enable=False) + return {"ok": True, "name": name, "unchanged": False} + + +def _user_installed_plugin_dir(name: str) -> Optional[Path]: + """Resolved path under ``~/.hermes/plugins/`` if it exists.""" + plugins_dir = _plugins_dir() + try: + target = _sanitize_plugin_name(name, plugins_dir) + except ValueError: + return None + return target if target.is_dir() else None + + +def dashboard_update_user_plugin(name: str) -> dict[str, Any]: + """``git pull`` inside ``~/.hermes/plugins/``.""" + target = _user_installed_plugin_dir(name) + if target is None: + return { + "ok": False, + "error": f"Plugin '{name}' was not found under {_plugins_dir()}.", + } + + if not (target / ".git").exists(): + return { + "ok": False, + "error": f"Plugin '{name}' is not a git checkout; cannot pull updates.", + } + + ok, msg = _git_pull_plugin_dir(target) + if not ok: + return {"ok": False, "error": msg} + + from rich.console import Console + + _copy_example_files(target, Console()) + unchanged = "Already up to date" in msg + return {"ok": True, "name": name, "output": msg, "unchanged": unchanged} + + +def _git_pull_plugin_dir(target: Path) -> tuple[bool, str]: + try: + result = subprocess.run( + ["git", "pull", "--ff-only"], + capture_output=True, + text=True, + timeout=60, + cwd=str(target), + ) + except FileNotFoundError: + return False, "git is not installed or not in PATH." + except subprocess.TimeoutExpired: + return False, "Git pull timed out after 60 seconds." + + if result.returncode != 0: + err = (result.stderr or "").strip() or result.stdout.strip() + return False, err or "git pull failed." + return True, result.stdout.strip() + + +def dashboard_remove_user_plugin(name: str) -> dict[str, Any]: + """Delete a plugin tree under ``~/.hermes/plugins/`` only.""" + plugins_dir = _plugins_dir() + for n, _ver, _d, src, _path in _discover_all_plugins(): + if n == name and src == "bundled": + return {"ok": False, "error": "Bundled plugins cannot be removed from the dashboard."} + + target = _user_installed_plugin_dir(name) + if target is None: + return { + "ok": False, + "error": f"Plugin '{name}' was not found under {plugins_dir}.", + } + + shutil.rmtree(target) + return {"ok": True, "name": name} + + def plugins_command(args) -> None: """Dispatch hermes plugins subcommands.""" action = getattr(args, "plugins_action", None) diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py index 570a0a7a882..300cfef4a56 100644 --- a/hermes_cli/web_server.py +++ b/hermes_cli/web_server.py @@ -3633,6 +3633,223 @@ async def rescan_dashboard_plugins(): return {"ok": True, "count": len(plugins)} +class _AgentPluginInstallBody(BaseModel): + identifier: str + force: bool = False + enable: bool = True + + +def _strip_dashboard_manifest(p: Dict[str, Any]) -> Dict[str, Any]: + return {k: v for k, v in p.items() if not k.startswith("_")} + + +def _merged_plugins_hub() -> Dict[str, Any]: + """Agent discovery + dashboard manifests + optional provider picker metadata.""" + from hermes_cli.plugins_cmd import ( + _discover_all_plugins, + _get_current_context_engine, + _get_current_memory_provider, + _discover_context_engines, + _discover_memory_providers, + _get_disabled_set, + _get_enabled_set, + _read_manifest as _read_plugin_manifest_at, + ) + + dashboard_list = _get_dashboard_plugins() + dash_by_name = {str(p["name"]): p for p in dashboard_list} + + disabled_set = _get_disabled_set() + enabled_set = _get_enabled_set() + + plugins_root_resolved = (get_hermes_home() / "plugins").resolve() + rows: List[Dict[str, Any]] = [] + + for name, version, description, source, dir_str in _discover_all_plugins(): + if name in disabled_set: + runtime_status = "disabled" + elif name in enabled_set: + runtime_status = "enabled" + else: + runtime_status = "inactive" + + dir_path = Path(dir_str) + dm = dash_by_name.get(name) + has_dash_manifest = dm is not None or (dir_path / "dashboard" / "manifest.json").exists() + + under_user_tree = False + try: + dir_path.resolve().relative_to(plugins_root_resolved) + under_user_tree = True + except ValueError: + pass + + can_remove_update = ( + source in ("user", "git") and under_user_tree and Path(dir_str).is_dir() + ) + + # Check if this plugin provides tools that require auth + auth_required = False + auth_command = "" + manifest_data = _read_plugin_manifest_at(dir_path) + provides_tools = manifest_data.get("provides_tools") or [] + if provides_tools: + try: + from tools.registry import registry + for tname in provides_tools: + entry = registry.get_entry(tname) + if entry and entry.check_fn and not entry.check_fn(): + auth_required = True + auth_command = f"hermes auth {name}" + break + except Exception: + pass + + rows.append({ + "name": name, + "version": version or "", + "description": description or "", + "source": source, + "runtime_status": runtime_status, + "has_dashboard_manifest": has_dash_manifest, + "dashboard_manifest": _strip_dashboard_manifest(dm) if dm else None, + "path": dir_str, + "can_remove": can_remove_update, + "can_update_git": can_remove_update and (Path(dir_str) / ".git").exists(), + "auth_required": auth_required, + "auth_command": auth_command, + }) + + agent_names = {r["name"] for r in rows} + orphan_dashboard = [ + _strip_dashboard_manifest(p) + for p in dashboard_list + if str(p["name"]) not in agent_names + ] + + memory_providers: List[Dict[str, str]] = [] + try: + for n, desc in _discover_memory_providers(): + memory_providers.append({"name": n, "description": desc}) + except Exception: + memory_providers = [] + + context_engines: List[Dict[str, str]] = [] + try: + for n, desc in _discover_context_engines(): + context_engines.append({"name": n, "description": desc}) + except Exception: + context_engines = [] + + return { + "plugins": rows, + "orphan_dashboard_plugins": orphan_dashboard, + "providers": { + "memory_provider": _get_current_memory_provider() or "", + "memory_options": memory_providers, + "context_engine": _get_current_context_engine(), + "context_options": context_engines, + }, + } + + +@app.get("/api/dashboard/plugins/hub") +async def get_plugins_hub(request: Request): + """Unified agent plugins + dashboard extension metadata (session protected).""" + _require_token(request) + try: + return _merged_plugins_hub() + except Exception as exc: + _log.warning("plugins/hub failed: %s", exc) + raise HTTPException(status_code=500, detail="Failed to build plugins hub.") from exc + + +@app.post("/api/dashboard/agent-plugins/install") +async def post_agent_plugin_install(request: Request, body: _AgentPluginInstallBody): + _require_token(request) + from hermes_cli.plugins_cmd import dashboard_install_plugin + + result = dashboard_install_plugin( + body.identifier.strip(), + force=body.force, + enable=body.enable, + ) + if not result.get("ok"): + raise HTTPException( + status_code=400, + detail=result.get("error") or "Install failed.", + ) + _get_dashboard_plugins(force_rescan=True) + return result + + +@app.post("/api/dashboard/agent-plugins/{name}/enable") +async def post_agent_plugin_enable(request: Request, name: str): + _require_token(request) + from hermes_cli.plugins_cmd import dashboard_set_agent_plugin_enabled + + result = dashboard_set_agent_plugin_enabled(name, enabled=True) + if not result.get("ok"): + raise HTTPException(status_code=400, detail=result.get("error") or "Enable failed.") + return result + + +@app.post("/api/dashboard/agent-plugins/{name}/disable") +async def post_agent_plugin_disable(request: Request, name: str): + _require_token(request) + from hermes_cli.plugins_cmd import dashboard_set_agent_plugin_enabled + + result = dashboard_set_agent_plugin_enabled(name, enabled=False) + if not result.get("ok"): + raise HTTPException(status_code=400, detail=result.get("error") or "Disable failed.") + return result + + +@app.post("/api/dashboard/agent-plugins/{name}/update") +async def post_agent_plugin_update(request: Request, name: str): + _require_token(request) + from hermes_cli.plugins_cmd import dashboard_update_user_plugin + + result = dashboard_update_user_plugin(name) + if not result.get("ok"): + raise HTTPException(status_code=400, detail=result.get("error") or "Update failed.") + _get_dashboard_plugins(force_rescan=True) + return result + + +@app.delete("/api/dashboard/agent-plugins/{name}") +async def delete_agent_plugin(request: Request, name: str): + _require_token(request) + from hermes_cli.plugins_cmd import dashboard_remove_user_plugin + + result = dashboard_remove_user_plugin(name) + if not result.get("ok"): + raise HTTPException(status_code=400, detail=result.get("error") or "Remove failed.") + _get_dashboard_plugins(force_rescan=True) + return result + + +class _PluginProvidersPutBody(BaseModel): + memory_provider: Optional[str] = None + context_engine: Optional[str] = None + + +@app.put("/api/dashboard/plugin-providers") +async def put_plugin_providers(request: Request, body: _PluginProvidersPutBody): + """Persist memory provider / context engine selection (writes config.yaml).""" + _require_token(request) + from hermes_cli.plugins_cmd import ( + _save_context_engine, + _save_memory_provider, + ) + + if body.memory_provider is not None: + _save_memory_provider(body.memory_provider) + if body.context_engine is not None: + _save_context_engine(body.context_engine) + return {"ok": True} + + @app.get("/dashboard-plugins/{plugin_name}/{file_path:path}") async def serve_plugin_asset(plugin_name: str, file_path: str): """Serve static assets from a dashboard plugin directory. diff --git a/ui-tui/package-lock.json b/ui-tui/package-lock.json index 017e9913bd9..2efd64fe406 100644 --- a/ui-tui/package-lock.json +++ b/ui-tui/package-lock.json @@ -124,6 +124,7 @@ "integrity": "sha512-CGOfOJqWjg2qW/Mb6zNsDm+u5vFQ8DxXfbM09z69p5Z6+mE1ikP2jUXw+j42Pf1XTYED2Rni5f95npYeuwMDQA==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@babel/code-frame": "^7.29.0", "@babel/generator": "^7.29.0", @@ -501,31 +502,6 @@ "node": ">=6.9.0" } }, - "node_modules/@emnapi/core": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.10.0.tgz", - "integrity": "sha512-yq6OkJ4p82CAfPl0u9mQebQHKPJkY7WrIuk205cTYnYe+k2Z8YBh11FrbRG/H6ihirqcacOgl2BIO8oyMQLeXw==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "@emnapi/wasi-threads": "1.2.1", - "tslib": "^2.4.0" - } - }, - "node_modules/@emnapi/runtime": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz", - "integrity": "sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "tslib": "^2.4.0" - } - }, "node_modules/@emnapi/wasi-threads": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.2.1.tgz", @@ -1700,6 +1676,7 @@ "integrity": "sha512-+qIYRKdNYJwY3vRCZMdJbPLJAtGjQBudzZzdzwQYkEPQd+PJGixUL5QfvCLDaULoLv+RhT3LDkwEfKaAkgSmNQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "undici-types": "~7.19.0" } @@ -1710,6 +1687,7 @@ "integrity": "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w==", "devOptional": true, "license": "MIT", + "peer": true, "dependencies": { "csstype": "^3.2.2" } @@ -1720,6 +1698,7 @@ "integrity": "sha512-eSkwoemjo76bdXl2MYqtxg51HNwUSkWfODUOQ3PaTLZGh9uIWWFZIjyjaJnex7wXDu+TRx+ATsnSxdN9YWfRTQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@eslint-community/regexpp": "^4.12.2", "@typescript-eslint/scope-manager": "8.58.1", @@ -1749,6 +1728,7 @@ "integrity": "sha512-gGkiNMPqerb2cJSVcruigx9eHBlLG14fSdPdqMoOcBfh+vvn4iCq2C8MzUB89PrxOXk0y3GZ1yIWb9aOzL93bw==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.58.1", "@typescript-eslint/types": "8.58.1", @@ -2066,6 +2046,7 @@ "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==", "dev": true, "license": "MIT", + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -2468,6 +2449,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "baseline-browser-mapping": "^2.10.12", "caniuse-lite": "^1.0.30001782", @@ -3203,6 +3185,7 @@ "integrity": "sha512-XoMjdBOwe/esVgEvLmNsD3IRHkm7fbKIUGvrleloJXUZgDHig2IPWNniv+GwjyJXzuNqVjlr5+4yVUZjycJwfQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", @@ -3334,6 +3317,7 @@ "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", "dev": true, "license": "MIT", + "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } @@ -4242,6 +4226,7 @@ "resolved": "https://registry.npmjs.org/ink-text-input/-/ink-text-input-6.0.0.tgz", "integrity": "sha512-Fw64n7Yha5deb1rHY137zHTAbSTNelUKuB5Kkk2HACXEtwIHBCf9OH2tP/LQ9fRYTl1F0dZgbW0zPnZk6FA9Lw==", "license": "MIT", + "peer": true, "dependencies": { "chalk": "^5.3.0", "type-fest": "^4.18.2" @@ -5678,6 +5663,7 @@ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -5787,6 +5773,7 @@ "resolved": "https://registry.npmjs.org/react/-/react-19.2.5.tgz", "integrity": "sha512-llUJLzz1zTUBrskt2pwZgLq59AemifIftw4aB7JxOqf1HY2FDaGDxgwpAPVzHU1kdWabH7FauP4i1oEeer2WCA==", "license": "MIT", + "peer": true, "engines": { "node": ">=0.10.0" } @@ -6611,6 +6598,7 @@ "integrity": "sha512-5C1sg4USs1lfG0GFb2RLXsdpXqBSEhAaA/0kPL01wxzpMqLILNxIxIOKiILz+cdg/pLnOUxFYOR5yhHU666wbw==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "esbuild": "~0.27.0", "get-tsconfig": "^4.7.5" @@ -6737,6 +6725,7 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -6846,6 +6835,7 @@ "integrity": "sha512-dbU7/iLVa8KZALJyLOBOQ88nOXtNG8vxKuOT4I2mD+Ya70KPceF4IAmDsmU0h1Qsn5bPrvsY9HJstCRh3hG6Uw==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "lightningcss": "^1.32.0", "picomatch": "^4.0.4", @@ -7261,6 +7251,7 @@ "integrity": "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg==", "dev": true, "license": "MIT", + "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } diff --git a/web/src/App.tsx b/web/src/App.tsx index b03beef8e04..813f48cc5fc 100644 --- a/web/src/App.tsx +++ b/web/src/App.tsx @@ -65,10 +65,12 @@ import ModelsPage from "@/pages/ModelsPage"; import CronPage from "@/pages/CronPage"; import ProfilesPage from "@/pages/ProfilesPage"; import SkillsPage from "@/pages/SkillsPage"; +import PluginsPage from "@/pages/PluginsPage"; import ChatPage from "@/pages/ChatPage"; import { LanguageSwitcher } from "@/components/LanguageSwitcher"; import { ThemeSwitcher } from "@/components/ThemeSwitcher"; import { useI18n } from "@/i18n"; +import type { Translations } from "@/i18n/types"; import { PluginPage, PluginSlot, usePlugins } from "@/plugins"; import type { PluginManifest } from "@/plugins"; import { useTheme } from "@/themes"; @@ -102,6 +104,7 @@ const BUILTIN_ROUTES_CORE: Record = { "/logs": LogsPage, "/cron": CronPage, "/skills": SkillsPage, + "/plugins": PluginsPage, "/profiles": ProfilesPage, "/config": ConfigPage, "/env": EnvPage, @@ -138,6 +141,7 @@ const BUILTIN_NAV_REST: NavItem[] = [ { path: "/logs", labelKey: "logs", label: "Logs", icon: FileText }, { path: "/cron", labelKey: "cron", label: "Cron", icon: Clock }, { path: "/skills", labelKey: "skills", label: "Skills", icon: Package }, + { path: "/plugins", labelKey: "plugins", label: "Plugins", icon: Puzzle }, { path: "/profiles", labelKey: "profiles", label: "Profiles", icon: Users }, { path: "/config", labelKey: "config", label: "Config", icon: Settings }, { path: "/env", labelKey: "keys", label: "Keys", icon: KeyRound }, @@ -213,6 +217,22 @@ function buildNavItems( return items; } +/** Split merged nav into built-in sidebar entries vs plugin tabs, preserving plugin order hints. */ +function partitionSidebarNav( + builtIn: NavItem[], + manifests: PluginManifest[], +): { coreItems: NavItem[]; pluginItems: NavItem[] } { + const merged = buildNavItems(builtIn, manifests); + const builtinPaths = new Set(builtIn.map((i) => i.path)); + const coreItems: NavItem[] = []; + const pluginItems: NavItem[] = []; + for (const item of merged) { + if (builtinPaths.has(item.path)) coreItems.push(item); + else pluginItems.push(item); + } + return { coreItems, pluginItems }; +} + function buildRoutes( builtinRoutes: Record, manifests: PluginManifest[], @@ -253,6 +273,7 @@ function buildRoutes( for (const m of addons) { if (m.tab.hidden) continue; + if (m.tab.path === "/plugins") continue; if (builtinRoutes[m.tab.path]) continue; routes.push({ key: `plugin:${m.name}`, @@ -263,6 +284,7 @@ function buildRoutes( for (const m of manifests) { if (!m.tab.hidden) continue; + if (m.tab.path === "/plugins") continue; if (builtinRoutes[m.tab.path] || m.tab.override) continue; routes.push({ key: `plugin:hidden:${m.name}`, @@ -322,8 +344,8 @@ export default function App() { [embeddedChat], ); - const navItems = useMemo( - () => buildNavItems(builtinNav, manifests), + const sidebarNav = useMemo( + () => partitionSidebarNav(builtinNav, manifests), [builtinNav, manifests], ); const routes = useMemo( @@ -476,56 +498,44 @@ export default function App() { aria-label={t.app.navigation} >
    - {navItems.map(({ path, label, labelKey, icon: Icon }) => { - const navLabel = labelKey - ? ((t.app.nav as Record)[labelKey] ?? label) - : label; - return ( -
  • - - cn( - "group relative flex items-center gap-3", - "px-5 py-2.5", - "font-mondwest text-[0.8rem] tracking-[0.12em]", - "whitespace-nowrap transition-colors cursor-pointer", - "focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-midground", - isActive - ? "text-midground" - : "opacity-60 hover:opacity-100", - ) - } - style={{ - clipPath: "var(--component-tab-clip-path)", - }} - > - {({ isActive }) => ( - <> - - {navLabel} - - - - {isActive && ( - - )} - - )} - -
    • - ); - })} + {sidebarNav.coreItems.map((item) => ( + + ))}
+ + {sidebarNav.pluginItems.length > 0 && ( +
+ + {t.app.pluginNavSection} + + +
    + {sidebarNav.pluginItems.map((item) => ( + + ))} +
+
+ )} @@ -615,6 +625,57 @@ export default function App() { ); } +function SidebarNavLink({ closeMobile, item, t }: SidebarNavLinkProps) { + const { path, label, labelKey, icon: Icon } = item; + + const navLabel = labelKey + ? ((t.app.nav as Record)[labelKey] ?? label) + : label; + + return ( +
  • + + cn( + "group relative flex items-center gap-3", + "px-5 py-2.5", + "font-mondwest text-[0.8rem] tracking-[0.12em]", + "whitespace-nowrap transition-colors cursor-pointer", + "focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-midground", + isActive ? "text-midground" : "opacity-60 hover:opacity-100", + ) + } + style={{ + clipPath: "var(--component-tab-clip-path)", + }} + > + {({ isActive }) => ( + <> + + {navLabel} + + + + {isActive && ( + + )} + + )} + +
    • + ); +} + function SidebarSystemActions({ onNavigate }: { onNavigate: () => void }) { const { t } = useI18n(); const navigate = useNavigate(); @@ -733,6 +794,12 @@ interface NavItem { path: string; } +interface SidebarNavLinkProps { + closeMobile: () => void; + item: NavItem; + t: Translations; +} + interface SystemActionItem { action: SystemAction; icon: ComponentType<{ className?: string }>; diff --git a/web/src/i18n/en.ts b/web/src/i18n/en.ts index 1aaabd0f633..9c0b92ca6d6 100644 --- a/web/src/i18n/en.ts +++ b/web/src/i18n/en.ts @@ -76,6 +76,7 @@ export const en: Translations = { logs: "Logs", models: "Models", profiles: "profiles : multi agents", + plugins: "Plugins", sessions: "Sessions", skills: "Skills", }, @@ -84,6 +85,7 @@ export const en: Translations = { navigation: "Navigation", openDocumentation: "Open documentation in a new tab", openNavigation: "Open navigation", + pluginNavSection: "Plugins", sessionsActiveCount: "{count} active", statusOverview: "Status overview", system: "System", @@ -256,6 +258,45 @@ export const en: Translations = { renamed: "Renamed", }, + pluginsPage: { + contextEngineLabel: "Context engine", + dashboardSlots: "Dashboard slots", + disableRuntime: "Disable", + enableAfterInstall: "Enable after install", + enableRuntime: "Enable", + forceReinstall: "Force reinstall (delete existing folder first)", + headline: + "Discover, install, enable, and update Hermes plugins (`hermes plugins` parity).", + identifierLabel: "Git URL or owner/repo", + inactive: "inactive", + installBtn: "Install from Git", + installHeading: "Install from GitHub / Git URL", + installHint: "Use owner/repo shorthand or a full https:// or git@ clone URL.", + memoryProviderLabel: "Memory provider", + missingEnvWarn: "Set these in Keys before the plugin can run:", + noDashboardTab: "No dashboard tab", + openTab: "Open", + orphanHeading: "Dashboard-only extensions (no agent plugin.yaml match)", + pluginListHeading: "Installed plugins", + providerDefaults: "built-in / default", + providersHeading: "Runtime provider plugins", + providersHint: + "Writes memory.provider (empty = built-in) and context.engine to config.yaml. Takes effect next session.", + refreshDashboard: "Rescan dashboard extensions", + removeConfirm: "Remove this plugin from ~/.hermes/plugins/?", + removeHint: "Only user-installed plugins under ~/.hermes/plugins can be removed.", + rescanHeading: "SPA plugin registry", + rescanHint: "Rescan after adding files on disk so the dashboard sidebar picks up new manifests.", + runtimeHeading: "Gateway runtime (YAML plugins)", + saveProviders: "Save provider settings", + savedProviders: "Provider settings saved.", + sourceBadge: "Source", + authRequired: "Auth required", + authRequiredHint: "Run this command to authenticate:", + updateGit: "Git pull", + versionBadge: "Version", + }, + skills: { title: "Skills", searchPlaceholder: "Search skills and toolsets...", diff --git a/web/src/i18n/types.ts b/web/src/i18n/types.ts index bb6266a2dda..4e67d7e9a4f 100644 --- a/web/src/i18n/types.ts +++ b/web/src/i18n/types.ts @@ -76,6 +76,7 @@ export interface Translations { logs: string; models: string; profiles: string; + plugins: string; sessions: string; skills: string; }; @@ -84,6 +85,7 @@ export interface Translations { navigation: string; openDocumentation: string; openNavigation: string; + pluginNavSection: string; sessionsActiveCount: string; statusOverview: string; system: string; @@ -228,6 +230,44 @@ export interface Translations { }; }; + // ── Plugins page ── + pluginsPage: { + contextEngineLabel: string; + dashboardSlots: string; + disableRuntime: string; + enableAfterInstall: string; + enableRuntime: string; + forceReinstall: string; + headline: string; + identifierLabel: string; + inactive: string; + installBtn: string; + installHeading: string; + installHint: string; + memoryProviderLabel: string; + missingEnvWarn: string; + noDashboardTab: string; + openTab: string; + orphanHeading: string; + pluginListHeading: string; + providerDefaults: string; + providersHeading: string; + providersHint: string; + refreshDashboard: string; + removeConfirm: string; + removeHint: string; + rescanHeading: string; + rescanHint: string; + runtimeHeading: string; + saveProviders: string; + savedProviders: string; + sourceBadge: string; + authRequired: string; + authRequiredHint: string; + updateGit: string; + versionBadge: string; + }; + // ── Profiles page ── profiles: { newProfile: string; diff --git a/web/src/i18n/zh.ts b/web/src/i18n/zh.ts index f7a7399af0d..6eb726d4839 100644 --- a/web/src/i18n/zh.ts +++ b/web/src/i18n/zh.ts @@ -75,6 +75,7 @@ export const zh: Translations = { logs: "日志", models: "模型", profiles: "多Agent配置", + plugins: "插件管理", sessions: "会话", skills: "技能", }, @@ -83,6 +84,7 @@ export const zh: Translations = { navigation: "导航", openDocumentation: "在新标签页中打开文档", openNavigation: "打开导航", + pluginNavSection: "插件", sessionsActiveCount: "{count} 个活跃", statusOverview: "状态概览", system: "系统", @@ -253,6 +255,44 @@ export const zh: Translations = { renamed: "已重命名", }, + pluginsPage: { + contextEngineLabel: "上下文引擎", + dashboardSlots: "面板插槽", + disableRuntime: "禁用", + enableAfterInstall: "安装后启用", + enableRuntime: "启用", + forceReinstall: "强制重装(先删除已有目录)", + headline: "发现、安装、启用和更新 Hermes 插件(对齐 `hermes plugins` CLI)。", + identifierLabel: "Git 地址或 owner/repo", + inactive: "未启用", + installBtn: "从 Git 安装", + installHeading: "从 GitHub / Git 地址安装", + installHint: "使用 owner/repo 简写或完整的 https:// / git@ 克隆地址。", + memoryProviderLabel: "记忆提供方", + missingEnvWarn: "在「密钥」页面设置以下变量后再运行插件:", + noDashboardTab: "无仪表盘标签", + openTab: "打开", + orphanHeading: "仅仪表盘扩展(无匹配的 agent plugin.yaml)", + pluginListHeading: "已安装插件", + providerDefaults: "内置 / 默认", + providersHeading: "运行时提供方插件", + providersHint: + "写入 config.yaml:memory.provider(留空为内置)、context.engine。下次会话生效。", + refreshDashboard: "重新扫描仪表盘扩展", + removeConfirm: "从 ~/.hermes/plugins/ 删除此插件?", + removeHint: "仅可移除用户安装在 ~/.hermes/plugins 下的插件。", + rescanHeading: "SPA 插件注册表", + rescanHint: "在磁盘新增文件后扫描,使侧边栏载入新 manifest。", + runtimeHeading: "网关运行时(YAML 插件)", + saveProviders: "保存提供方设置", + savedProviders: "提供方设置已保存。", + sourceBadge: "来源", + authRequired: "需要认证", + authRequiredHint: "运行此命令以完成认证:", + updateGit: "git pull", + versionBadge: "版本", + }, + skills: { title: "技能", searchPlaceholder: "搜索技能和工具集...", diff --git a/web/src/lib/api.ts b/web/src/lib/api.ts index 10ed9acf890..89cffea1971 100644 --- a/web/src/lib/api.ts +++ b/web/src/lib/api.ts @@ -259,6 +259,46 @@ export const api = { rescanPlugins: () => fetchJSON<{ ok: boolean; count: number }>("/api/dashboard/plugins/rescan"), + getPluginsHub: () => fetchJSON("/api/dashboard/plugins/hub"), + + installAgentPlugin: (body: AgentPluginInstallRequest) => + fetchJSON("/api/dashboard/agent-plugins/install", { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ ...body }), + }), + + enableAgentPlugin: (name: string) => + fetchJSON<{ ok: boolean; name: string; unchanged?: boolean }>( + `/api/dashboard/agent-plugins/${encodeURIComponent(name)}/enable`, + { method: "POST" }, + ), + + disableAgentPlugin: (name: string) => + fetchJSON<{ ok: boolean; name: string; unchanged?: boolean }>( + `/api/dashboard/agent-plugins/${encodeURIComponent(name)}/disable`, + { method: "POST" }, + ), + + updateAgentPlugin: (name: string) => + fetchJSON( + `/api/dashboard/agent-plugins/${encodeURIComponent(name)}/update`, + { method: "POST" }, + ), + + removeAgentPlugin: (name: string) => + fetchJSON<{ ok: boolean; name: string }>( + `/api/dashboard/agent-plugins/${encodeURIComponent(name)}`, + { method: "DELETE" }, + ), + + savePluginProviders: (body: PluginProvidersPutRequest) => + fetchJSON<{ ok: boolean }>("/api/dashboard/plugin-providers", { + method: "PUT", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify(body), + }), + // Dashboard themes getThemes: () => fetchJSON("/api/dashboard/themes"), @@ -668,8 +708,66 @@ export interface PluginManifestResponse { override?: string; hidden?: boolean; }; + slots?: string[]; entry: string; css?: string | null; has_api: boolean; source: string; } + +export interface HubAgentPluginRow { + name: string; + version: string; + description: string; + source: string; + runtime_status: "disabled" | "enabled" | "inactive"; + has_dashboard_manifest: boolean; + dashboard_manifest: PluginManifestResponse | null; + path: string; + can_remove: boolean; + can_update_git: boolean; + auth_required: boolean; + auth_command: string; +} + +export interface PluginsHubProviders { + memory_provider: string; + memory_options: Array<{ name: string; description: string }>; + context_engine: string; + context_options: Array<{ name: string; description: string }>; +} + +export interface PluginsHubResponse { + plugins: HubAgentPluginRow[]; + orphan_dashboard_plugins: PluginManifestResponse[]; + providers: PluginsHubProviders; +} + +export interface AgentPluginInstallRequest { + identifier: string; + force?: boolean; + enable?: boolean; +} + +export interface AgentPluginInstallResponse { + ok: boolean; + plugin_name?: string; + warnings?: string[]; + missing_env?: string[]; + after_install_path?: string | null; + enabled?: boolean; + error?: string; +} + +export interface AgentPluginUpdateResponse { + ok: boolean; + name?: string; + output?: string; + unchanged?: boolean; + error?: string; +} + +export interface PluginProvidersPutRequest { + memory_provider?: string; + context_engine?: string; +} diff --git a/web/src/pages/PluginsPage.tsx b/web/src/pages/PluginsPage.tsx new file mode 100644 index 00000000000..b961c702b7a --- /dev/null +++ b/web/src/pages/PluginsPage.tsx @@ -0,0 +1,569 @@ +import { useCallback, useEffect, useState } from "react"; +import { ExternalLink, RefreshCw, Puzzle, Trash2 } from "lucide-react"; +import type { Translations } from "@/i18n/types"; +import { Link } from "react-router-dom"; +import { api } from "@/lib/api"; +import type { HubAgentPluginRow, PluginsHubResponse } from "@/lib/api"; +import { Button } from "@nous-research/ui/ui/components/button"; +import { Badge } from "@nous-research/ui/ui/components/badge"; +import { Select, SelectOption } from "@nous-research/ui/ui/components/select"; +import { Switch } from "@nous-research/ui/ui/components/switch"; +import { Spinner } from "@nous-research/ui/ui/components/spinner"; +import { CommandBlock } from "@nous-research/ui/ui/components/command-block"; +import { H2 } from "@/components/NouiTypography"; +import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card"; +import { Input } from "@/components/ui/input"; +import { Label } from "@/components/ui/label"; +import { useToast } from "@/hooks/useToast"; +import { Toast } from "@/components/Toast"; +import { useI18n } from "@/i18n"; +import { PluginSlot } from "@/plugins"; +import { cn } from "@/lib/utils"; + +/** Select value for built-in memory (`config` uses empty string). Never use `""` — UI Select maps empty value to an empty label. */ +const MEMORY_PROVIDER_BUILTIN = "__hermes_memory_builtin__"; + +export default function PluginsPage() { + const [hub, setHub] = useState(null); + const [loading, setLoading] = useState(true); + const [installId, setInstallId] = useState(""); + const [installForce, setInstallForce] = useState(false); + const [installEnable, setInstallEnable] = useState(true); + const [installBusy, setInstallBusy] = useState(false); + const [rescanBusy, setRescanBusy] = useState(false); + const [memorySel, setMemorySel] = useState(MEMORY_PROVIDER_BUILTIN); + const [contextSel, setContextSel] = useState("compressor"); + const [providerBusy, setProviderBusy] = useState(false); + const [rowBusy, setRowBusy] = useState(null); + + const { toast, showToast } = useToast(); + const { t } = useI18n(); + + const loadHub = useCallback(() => { + return api + .getPluginsHub() + .then((h) => { + setHub(h); + const p = h.providers; + setMemorySel(p.memory_provider ? p.memory_provider : MEMORY_PROVIDER_BUILTIN); + setContextSel(p.context_engine || "compressor"); + }) + .catch(() => showToast(t.common.loading, "error")); + }, [showToast, t.common.loading]); + + useEffect(() => { + setLoading(true); + void loadHub().finally(() => setLoading(false)); + }, [loadHub]); + + const onInstall = async () => { + const id = installId.trim(); + if (!id) { + showToast(t.pluginsPage.installHint, "error"); + return; + } + setInstallBusy(true); + try { + const r = await api.installAgentPlugin({ + identifier: id, + force: installForce, + enable: installEnable, + }); + showToast(`${r.plugin_name ?? id} installed`, "success"); + if ((r.warnings?.length ?? 0) > 0) showToast(r.warnings!.join(" "), "error"); + if ((r.missing_env?.length ?? 0) > 0) + showToast(`${t.pluginsPage.missingEnvWarn} ${r.missing_env!.join(", ")}`, "error"); + setInstallId(""); + await loadHub(); + } catch (e) { + showToast(e instanceof Error ? e.message : "Install failed", "error"); + } finally { + setInstallBusy(false); + } + }; + + const onRescan = async () => { + setRescanBusy(true); + try { + const rc = await api.rescanPlugins(); + showToast( + `${t.pluginsPage.refreshDashboard} (${rc.count})`, + "success", + ); + await loadHub(); + } catch (e) { + showToast(e instanceof Error ? e.message : "Rescan failed", "error"); + } finally { + setRescanBusy(false); + } + }; + + const onSaveProviders = async () => { + setProviderBusy(true); + try { + await api.savePluginProviders({ + memory_provider: + memorySel === MEMORY_PROVIDER_BUILTIN ? "" : memorySel, + context_engine: contextSel, + }); + showToast(t.pluginsPage.savedProviders, "success"); + await loadHub(); + } catch (e) { + showToast(e instanceof Error ? e.message : "Save failed", "error"); + } finally { + setProviderBusy(false); + } + }; + + const setRuntimeLoading = async (name: string, fn: () => Promise) => { + setRowBusy(name); + try { + await fn(); + await loadHub(); + } catch (e) { + showToast(e instanceof Error ? e.message : "Failed", "error"); + } finally { + setRowBusy(null); + } + }; + + const rows = hub?.plugins ?? []; + const providers = hub?.providers; + + return ( +
    + + +
    + + +
    + +
    + + +

    {t.app.nav.plugins}

    + + +

    + {t.pluginsPage.headline} +

    +
    + + +
    + + {providers && ( + + + {t.pluginsPage.providersHeading} +

    + {t.pluginsPage.providersHint} +

    +     + + + +
    +
    + + + +
    + +
    + + + +
    +
    + + +     +     + )} + + + + {t.pluginsPage.installHeading} +

    + {t.pluginsPage.installHint} +

    +     + + + + +
    + + + + setInstallId(e.target.value)} + /> +
    + + +
    + +
    + + + + + {t.pluginsPage.forceReinstall} + +
    + +
    + + + + + {t.pluginsPage.enableAfterInstall} + +
    +
    + + + +

    + {t.pluginsPage.rescanHint} +

    + +

    + {t.pluginsPage.removeHint} +

    +     +     + +
    + +

    + {t.pluginsPage.pluginListHeading} +

    + + {loading ? ( + +
    + + + {t.common.loading} +
    + ) : rows.length === 0 ? ( + +

    {t.common.noResults}

    + ) : ( + +
      + + {rows.map((row: HubAgentPluginRow) => ( + +
    • + + + + +
      • + ))} +
    + )} +
    + + {(hub?.orphan_dashboard_plugins?.length ?? 0) > 0 ? ( + + +
    + +

    + {t.pluginsPage.orphanHeading} +

    + +
      + + {hub!.orphan_dashboard_plugins.map((m) => ( + +
    • + + + {m.label ?? m.name} — {m.description || m.tab?.path} + + + {!m.tab?.hidden ? ( + + + + + + + + {t.pluginsPage.openTab} + + ) : null} +
      • + ))} +
    +
    + ) : null} +
    + + + +
    + ); +} + +interface PluginRowCardProps { + + row: HubAgentPluginRow; + rowBusy: string | null; + setRuntimeLoading: ( + name: string, + fn: () => Promise, + ) => Promise; + + showToast: (msg: string, variant: "success" | "error") => void; + t: Translations; +} + +function PluginRowCard(props: PluginRowCardProps) { + const { + row, + rowBusy, + setRuntimeLoading, + showToast, + t, + } = props; + + const dm = row.dashboard_manifest; + + const tabPath = dm?.tab && !dm.tab.hidden ? dm.tab.override ?? dm.tab.path : null; + + const busy = rowBusy === row.name; + + const badgeTone = + row.runtime_status === "enabled" + ? "success" + : row.runtime_status === "disabled" + ? "destructive" + : "outline"; + + return ( + + + + + + + +
    + + +
    + +
    + + {row.name} + + + {t.pluginsPage.sourceBadge}: {row.source} + + + + v{row.version || "—"} + + {row.runtime_status} + + {row.auth_required ? ( + {t.pluginsPage.authRequired} + ) : null} +
    + + {row.description ? ( + +

    + {row.description} +

    + ) : null} +
    + +
    + + + + + + + + {tabPath ? ( + + + {t.pluginsPage.openTab} + + ) : null} + + {row.can_update_git ? ( + + + ) : null} + + {row.can_remove ? ( + + + + ) : null} +
    +
    + + {dm?.slots?.length ? ( + +

    + {t.pluginsPage.dashboardSlots}: {dm.slots.join(", ")} +

    + ) : null} + + {row.auth_required ? ( + + ) : null} + + {!row.has_dashboard_manifest && !dm ? ( + + +

    + {t.pluginsPage.noDashboardTab} +

    + ) : null} +     + +     + ); +} diff --git a/web/src/plugins/slots.ts b/web/src/plugins/slots.ts index eae6a816cbd..2d3a04277c8 100644 --- a/web/src/plugins/slots.ts +++ b/web/src/plugins/slots.ts @@ -46,6 +46,8 @@ import React, { Fragment, useEffect, useState } from "react"; * - `cron:bottom` — bottom of /cron page * - `skills:top` — top of /skills page * - `skills:bottom` — bottom of /skills page + * - `plugins:top` — top of /plugins page + * - `plugins:bottom` — bottom of /plugins page * - `config:top` — top of /config page * - `config:bottom` — bottom of /config page * - `env:top` — top of /env (Keys) page @@ -78,6 +80,8 @@ export const KNOWN_SLOT_NAMES = [ "cron:bottom", "skills:top", "skills:bottom", + "plugins:top", + "plugins:bottom", "config:top", "config:bottom", "env:top", From 6549b0f2b7feb6c0123a8eb9b550d6bac338f7f0 Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 18:50:28 -0400 Subject: [PATCH 002/133] fix(security): address CodeQL path-traversal and info-exposure findings - Add _validate_plugin_name() guard on all {name} path param endpoints (rejects /, \, .. before reaching plugin logic) - Strip after_install_path from install response (no internal paths to client) - Update nix/tui.nix lockfile hash to match committed package-lock.json --- hermes_cli/web_server.py | 13 +++++++++++++ nix/tui.nix | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py index 300cfef4a56..353fc8e6080 100644 --- a/hermes_cli/web_server.py +++ b/hermes_cli/web_server.py @@ -3780,12 +3780,22 @@ async def post_agent_plugin_install(request: Request, body: _AgentPluginInstallB detail=result.get("error") or "Install failed.", ) _get_dashboard_plugins(force_rescan=True) + # Strip internal paths from the response + result.pop("after_install_path", None) return result +def _validate_plugin_name(name: str) -> str: + """Reject path-traversal attempts in plugin name URL parameters.""" + if not name or "/" in name or "\\" in name or ".." in name: + raise HTTPException(status_code=400, detail="Invalid plugin name.") + return name + + @app.post("/api/dashboard/agent-plugins/{name}/enable") async def post_agent_plugin_enable(request: Request, name: str): _require_token(request) + name = _validate_plugin_name(name) from hermes_cli.plugins_cmd import dashboard_set_agent_plugin_enabled result = dashboard_set_agent_plugin_enabled(name, enabled=True) @@ -3797,6 +3807,7 @@ async def post_agent_plugin_enable(request: Request, name: str): @app.post("/api/dashboard/agent-plugins/{name}/disable") async def post_agent_plugin_disable(request: Request, name: str): _require_token(request) + name = _validate_plugin_name(name) from hermes_cli.plugins_cmd import dashboard_set_agent_plugin_enabled result = dashboard_set_agent_plugin_enabled(name, enabled=False) @@ -3808,6 +3819,7 @@ async def post_agent_plugin_disable(request: Request, name: str): @app.post("/api/dashboard/agent-plugins/{name}/update") async def post_agent_plugin_update(request: Request, name: str): _require_token(request) + name = _validate_plugin_name(name) from hermes_cli.plugins_cmd import dashboard_update_user_plugin result = dashboard_update_user_plugin(name) @@ -3820,6 +3832,7 @@ async def post_agent_plugin_update(request: Request, name: str): @app.delete("/api/dashboard/agent-plugins/{name}") async def delete_agent_plugin(request: Request, name: str): _require_token(request) + name = _validate_plugin_name(name) from hermes_cli.plugins_cmd import dashboard_remove_user_plugin result = dashboard_remove_user_plugin(name) diff --git a/nix/tui.nix b/nix/tui.nix index 7453fa2673d..4d27dde798e 100644 --- a/nix/tui.nix +++ b/nix/tui.nix @@ -4,7 +4,7 @@ let src = ../ui-tui; npmDeps = pkgs.fetchNpmDeps { inherit src; - hash = "sha256-Chz+NW9NXqboXHOa6PKwf5bhAkkcFtKNhvKWwg2XSPc="; + hash = "sha256-a/HGI9OgVcTnZrMXA7xFMGnFoVxyHe95fulVz+WNYB0="; }; npm = hermesNpmLib.mkNpmPassthru { folder = "ui-tui"; attr = "tui"; pname = "hermes-tui"; }; From 7dc85495e05d9a955aef74f1aa5da18ea4b1cf52 Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 19:39:51 -0400 Subject: [PATCH 003/133] style(plugins): make page full width --- web/src/pages/PluginsPage.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/pages/PluginsPage.tsx b/web/src/pages/PluginsPage.tsx index b961c702b7a..60e65be1498 100644 --- a/web/src/pages/PluginsPage.tsx +++ b/web/src/pages/PluginsPage.tsx @@ -134,7 +134,7 @@ export default function PluginsPage() {
    -
    +
    From 9550d0fd46d11db3fda2aef7b5de3576819f1843 Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 19:51:13 -0400 Subject: [PATCH 004/133] fix(plugins): show 'Plugins' in page header instead of 'Web UI' Add /plugins route to resolve-page-title BUILTIN map. --- web/src/lib/resolve-page-title.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/web/src/lib/resolve-page-title.ts b/web/src/lib/resolve-page-title.ts index 00d2d1e6e4b..afa5ed5cd35 100644 --- a/web/src/lib/resolve-page-title.ts +++ b/web/src/lib/resolve-page-title.ts @@ -7,6 +7,7 @@ const BUILTIN: Record = { "/logs": "logs", "/cron": "cron", "/skills": "skills", + "/plugins": "plugins", "/config": "config", "/env": "keys", "/docs": "documentation", From a52363231faacec860f19fd411ea1377202cd7ea Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 19:53:41 -0400 Subject: [PATCH 005/133] refactor(plugins): move rescan button to page header, remove redundant title Use usePageHeader().setEnd to place the rescan button in the shared header bar. Remove the inline H2 title (already shown by the header) and the wrapper div. --- web/src/pages/PluginsPage.tsx | 45 ++++++++++++++--------------------- 1 file changed, 18 insertions(+), 27 deletions(-) diff --git a/web/src/pages/PluginsPage.tsx b/web/src/pages/PluginsPage.tsx index 60e65be1498..c11fce2e51f 100644 --- a/web/src/pages/PluginsPage.tsx +++ b/web/src/pages/PluginsPage.tsx @@ -10,7 +10,6 @@ import { Select, SelectOption } from "@nous-research/ui/ui/components/select"; import { Switch } from "@nous-research/ui/ui/components/switch"; import { Spinner } from "@nous-research/ui/ui/components/spinner"; import { CommandBlock } from "@nous-research/ui/ui/components/command-block"; -import { H2 } from "@/components/NouiTypography"; import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card"; import { Input } from "@/components/ui/input"; import { Label } from "@/components/ui/label"; @@ -19,6 +18,7 @@ import { Toast } from "@/components/Toast"; import { useI18n } from "@/i18n"; import { PluginSlot } from "@/plugins"; import { cn } from "@/lib/utils"; +import { usePageHeader } from "@/contexts/usePageHeader"; /** Select value for built-in memory (`config` uses empty string). Never use `""` — UI Select maps empty value to an empty label. */ const MEMORY_PROVIDER_BUILTIN = "__hermes_memory_builtin__"; @@ -38,6 +38,7 @@ export default function PluginsPage() { const { toast, showToast } = useToast(); const { t } = useI18n(); + const { setEnd } = usePageHeader(); const loadHub = useCallback(() => { return api @@ -56,6 +57,22 @@ export default function PluginsPage() { void loadHub().finally(() => setLoading(false)); }, [loadHub]); + useEffect(() => { + setEnd( + , + ); + return () => setEnd(null); + }, [loading, rescanBusy, setEnd, t.pluginsPage.refreshDashboard]); + const onInstall = async () => { const id = installId.trim(); if (!id) { @@ -136,32 +153,6 @@ export default function PluginsPage() {
    - -
    - -
    - - -

    {t.app.nav.plugins}

    - - -

    - {t.pluginsPage.headline} -

    -
    - - -
    - {providers && ( From c73b799de70d6f655533e2aaf61a22332982f09f Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 20:02:15 -0400 Subject: [PATCH 006/133] feat(dashboard): add hide/show toggle for dashboard plugins in sidebar - New config key: dashboard.hidden_plugins (list of plugin names) - GET /api/dashboard/plugins now filters out hidden plugins from sidebar - POST /api/dashboard/plugins/{name}/visibility toggles visibility - Hub response includes user_hidden boolean per plugin row - Eye/EyeOff toggle on plugin cards with dashboard manifests - i18n: 'Show in sidebar' / 'Hide from sidebar' (en/zh) --- hermes_cli/web_server.py | 40 +++++++++++++++++++++++++++++++++-- web/src/i18n/en.ts | 2 ++ web/src/i18n/types.ts | 2 ++ web/src/i18n/zh.ts | 2 ++ web/src/lib/api.ts | 11 ++++++++++ web/src/pages/PluginsPage.tsx | 23 +++++++++++++++++++- 6 files changed, 77 insertions(+), 3 deletions(-) diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py index 353fc8e6080..0bb200430b4 100644 --- a/hermes_cli/web_server.py +++ b/hermes_cli/web_server.py @@ -3617,12 +3617,16 @@ def _get_dashboard_plugins(force_rescan: bool = False) -> list: @app.get("/api/dashboard/plugins") async def get_dashboard_plugins(): - """Return discovered dashboard plugins.""" + """Return discovered dashboard plugins (excludes user-hidden ones).""" plugins = _get_dashboard_plugins() - # Strip internal fields before sending to frontend. + # Read user's hidden plugins list from config. + config = load_config() + hidden: list = cfg_get(config, "dashboard", "hidden_plugins", default=[]) or [] + # Strip internal fields before sending to frontend and filter out hidden. return [ {k: v for k, v in p.items() if not k.startswith("_")} for p in plugins + if p["name"] not in hidden ] @@ -3662,6 +3666,10 @@ def _merged_plugins_hub() -> Dict[str, Any]: disabled_set = _get_disabled_set() enabled_set = _get_enabled_set() + # Read user-hidden plugins from config for the user_hidden field. + config = load_config() + hidden_plugins: list = cfg_get(config, "dashboard", "hidden_plugins", default=[]) or [] + plugins_root_resolved = (get_hermes_home() / "plugins").resolve() rows: List[Dict[str, Any]] = [] @@ -3718,6 +3726,7 @@ def _merged_plugins_hub() -> Dict[str, Any]: "can_update_git": can_remove_update and (Path(dir_str) / ".git").exists(), "auth_required": auth_required, "auth_command": auth_command, + "user_hidden": name in hidden_plugins, }) agent_names = {r["name"] for r in rows} @@ -3863,6 +3872,33 @@ async def put_plugin_providers(request: Request, body: _PluginProvidersPutBody): return {"ok": True} +class _PluginVisibilityBody(BaseModel): + hidden: bool + + +@app.post("/api/dashboard/plugins/{name}/visibility") +async def post_plugin_visibility(request: Request, name: str, body: _PluginVisibilityBody): + """Toggle a plugin's sidebar visibility (persists to config.yaml dashboard.hidden_plugins).""" + _require_token(request) + name = _validate_plugin_name(name) + + config = load_config() + if "dashboard" not in config or not isinstance(config.get("dashboard"), dict): + config["dashboard"] = {} + hidden_list: list = config["dashboard"].get("hidden_plugins") or [] + if not isinstance(hidden_list, list): + hidden_list = [] + + if body.hidden and name not in hidden_list: + hidden_list.append(name) + elif not body.hidden and name in hidden_list: + hidden_list.remove(name) + + config["dashboard"]["hidden_plugins"] = hidden_list + save_config(config) + return {"ok": True, "name": name, "hidden": body.hidden} + + @app.get("/dashboard-plugins/{plugin_name}/{file_path:path}") async def serve_plugin_asset(plugin_name: str, file_path: str): """Serve static assets from a dashboard plugin directory. diff --git a/web/src/i18n/en.ts b/web/src/i18n/en.ts index 9c0b92ca6d6..55e3267b1ba 100644 --- a/web/src/i18n/en.ts +++ b/web/src/i18n/en.ts @@ -295,6 +295,8 @@ export const en: Translations = { authRequiredHint: "Run this command to authenticate:", updateGit: "Git pull", versionBadge: "Version", + showInSidebar: "Show in sidebar", + hideFromSidebar: "Hide from sidebar", }, skills: { diff --git a/web/src/i18n/types.ts b/web/src/i18n/types.ts index 4e67d7e9a4f..d93260d26d7 100644 --- a/web/src/i18n/types.ts +++ b/web/src/i18n/types.ts @@ -266,6 +266,8 @@ export interface Translations { authRequiredHint: string; updateGit: string; versionBadge: string; + showInSidebar: string; + hideFromSidebar: string; }; // ── Profiles page ── diff --git a/web/src/i18n/zh.ts b/web/src/i18n/zh.ts index 6eb726d4839..b64de0661f3 100644 --- a/web/src/i18n/zh.ts +++ b/web/src/i18n/zh.ts @@ -291,6 +291,8 @@ export const zh: Translations = { authRequiredHint: "运行此命令以完成认证:", updateGit: "git pull", versionBadge: "版本", + showInSidebar: "在侧边栏显示", + hideFromSidebar: "从侧边栏隐藏", }, skills: { diff --git a/web/src/lib/api.ts b/web/src/lib/api.ts index 89cffea1971..8fed709765e 100644 --- a/web/src/lib/api.ts +++ b/web/src/lib/api.ts @@ -299,6 +299,16 @@ export const api = { body: JSON.stringify(body), }), + setPluginVisibility: (name: string, hidden: boolean) => + fetchJSON<{ ok: boolean; name: string; hidden: boolean }>( + `/api/dashboard/plugins/${encodeURIComponent(name)}/visibility`, + { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ hidden }), + }, + ), + // Dashboard themes getThemes: () => fetchJSON("/api/dashboard/themes"), @@ -728,6 +738,7 @@ export interface HubAgentPluginRow { can_update_git: boolean; auth_required: boolean; auth_command: string; + user_hidden: boolean; } export interface PluginsHubProviders { diff --git a/web/src/pages/PluginsPage.tsx b/web/src/pages/PluginsPage.tsx index c11fce2e51f..17123cd9e39 100644 --- a/web/src/pages/PluginsPage.tsx +++ b/web/src/pages/PluginsPage.tsx @@ -1,5 +1,5 @@ import { useCallback, useEffect, useState } from "react"; -import { ExternalLink, RefreshCw, Puzzle, Trash2 } from "lucide-react"; +import { ExternalLink, RefreshCw, Puzzle, Trash2, Eye, EyeOff } from "lucide-react"; import type { Translations } from "@/i18n/types"; import { Link } from "react-router-dom"; import { api } from "@/lib/api"; @@ -504,6 +504,27 @@ function PluginRowCard(props: PluginRowCardProps) { ) : null} + {row.has_dashboard_manifest ? ( + + ) : null} + {row.can_remove ? ( From e2e6b6ff1a56d13264ddcac31c5548e895e8e486 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 19:34:19 -0700 Subject: [PATCH 007/133] chore(models): move Vercel AI Gateway to bottom of provider picker (#18112) It was sitting at position 4 of the `hermes model` list, ahead of Anthropic, OpenAI, Xiaomi, and other first-class API providers. Move it to the end of CANONICAL_PROVIDERS and drop the "(200+ models, $5 free credit, no markup)" parenthetical so the entry just reads "Vercel AI Gateway". --- hermes_cli/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hermes_cli/models.py b/hermes_cli/models.py index 0f519920d9b..755bac72e3f 100644 --- a/hermes_cli/models.py +++ b/hermes_cli/models.py @@ -774,7 +774,6 @@ CANONICAL_PROVIDERS: list[ProviderEntry] = [ ProviderEntry("nous", "Nous Portal", "Nous Portal (Nous Research subscription)"), ProviderEntry("openrouter", "OpenRouter", "OpenRouter (100+ models, pay-per-use)"), ProviderEntry("lmstudio", "LM Studio", "LM Studio (local desktop app with built-in model server)"), - ProviderEntry("ai-gateway", "Vercel AI Gateway", "Vercel AI Gateway (200+ models, $5 free credit, no markup)"), ProviderEntry("anthropic", "Anthropic", "Anthropic (Claude models — API key or Claude Code)"), ProviderEntry("openai-codex", "OpenAI Codex", "OpenAI Codex"), ProviderEntry("xiaomi", "Xiaomi MiMo", "Xiaomi MiMo (MiMo-V2.5 and V2 models — pro, omni, flash)"), @@ -804,6 +803,7 @@ CANONICAL_PROVIDERS: list[ProviderEntry] = [ ProviderEntry("opencode-go", "OpenCode Go", "OpenCode Go (open models, $10/month subscription)"), ProviderEntry("bedrock", "AWS Bedrock", "AWS Bedrock (Claude, Nova, Llama, DeepSeek — IAM or API key)"), ProviderEntry("azure-foundry", "Azure Foundry", "Azure Foundry (OpenAI-style or Anthropic-style endpoint — your Azure AI deployment)"), + ProviderEntry("ai-gateway", "Vercel AI Gateway", "Vercel AI Gateway"), ] # Derived dicts — used throughout the codebase From f61695ee73fce5427a213258799844a48a66bc9c Mon Sep 17 00:00:00 2001 From: Chris Danis Date: Thu, 30 Apr 2026 22:13:42 -0400 Subject: [PATCH 008/133] fix(signal): skip contentless envelopes (profile key updates, empty messages) Signal-cli sends dataMessage wrappers for profile key updates and other metadata events that have no actual text content. These were reaching the gateway as msg='' and triggering full agent turns for nothing. Add early return in _handle_envelope() when both message field is empty/ missing/whitespace AND there are no attachments. Messages with media attachments but no text still flow through. - 12 lines added to gateway/platforms/signal.py - 5 new tests in TestSignalContentlessEnvelope class --- gateway/platforms/signal.py | 12 +++ tests/gateway/test_signal.py | 145 +++++++++++++++++++++++++++++++++++ 2 files changed, 157 insertions(+) diff --git a/gateway/platforms/signal.py b/gateway/platforms/signal.py index 0ad1ef751ce..225430600df 100644 --- a/gateway/platforms/signal.py +++ b/gateway/platforms/signal.py @@ -534,6 +534,18 @@ class SignalAdapter(BasePlatformAdapter): except Exception: logger.exception("Signal: failed to fetch attachment %s", att_id) + # Skip envelopes with no meaningful content (no text, no attachments). + # Catches profile key updates, empty messages, and other metadata-only + # envelopes that still carry a dataMessage wrapper but have nothing + # worth processing. See issue: signal-cli logs "Profile key update" + + # Hermes receives msg='' triggering a full agent turn for nothing. + if (not text or not text.strip()) and not media_urls: + logger.debug( + "Signal: skipping contentless envelope from %s (%d attachments)", + redact_phone(sender), len(media_urls) if media_urls else 0, + ) + return + # Build session source source = self.build_source( chat_id=chat_id, diff --git a/tests/gateway/test_signal.py b/tests/gateway/test_signal.py index 8aab559a192..af81f59e8cd 100644 --- a/tests/gateway/test_signal.py +++ b/tests/gateway/test_signal.py @@ -1649,3 +1649,148 @@ class TestSignalSendTimeout: # 32 attachments × 5s = 160s; ought to comfortably outlast a # serial upload of an attachment-heavy batch. assert _signal_send_timeout(32) == 160.0 + + +# --------------------------------------------------------------------------- +# Contentless Envelope Filtering (profile key updates, empty messages) +# --------------------------------------------------------------------------- + +class TestSignalContentlessEnvelope: + """Verify that profile key updates and empty Signal messages are skipped.""" + + @pytest.mark.asyncio + async def test_skips_profile_key_update_no_message_field(self, monkeypatch): + """Profile key updates may carry a dataMessage without 'message' field. + Must be skipped to avoid triggering agent turns for metadata.""" + adapter = _make_signal_adapter(monkeypatch) + captured = {} + + async def fake_handle(event): + captured["event"] = event + + adapter.handle_message = fake_handle + + # Profile key update: dataMessage exists but has no "message" field + await adapter._handle_envelope({ + "envelope": { + "sourceNumber": "+155****9999", + "sourceUuid": "05668cf3-8ffa-467e-9b24-f5eefa5cf475", + "sourceName": "Elliott McManis", + "timestamp": 1777600696077, + "dataMessage": { + # No "message" field — profile key update metadata only + "profileKey": "some-profile-key-data", + }, + } + }) + + assert "event" not in captured, "Profile key update should be skipped" + + @pytest.mark.asyncio + async def test_skips_empty_message(self, monkeypatch): + """Empty text messages (message='') should be skipped.""" + adapter = _make_signal_adapter(monkeypatch) + captured = {} + + async def fake_handle(event): + captured["event"] = event + + adapter.handle_message = fake_handle + + await adapter._handle_envelope({ + "envelope": { + "sourceNumber": "+155****9999", + "sourceUuid": "05668cf3-8ffa-467e-9b24-f5eefa5cf475", + "sourceName": "Elliott McManis", + "timestamp": 1777600696077, + "dataMessage": { + "message": "", + }, + } + }) + + assert "event" not in captured, "Empty message should be skipped" + + @pytest.mark.asyncio + async def test_skips_whitespace_only_message(self, monkeypatch): + """Whitespace-only messages (' ') should be skipped.""" + adapter = _make_signal_adapter(monkeypatch) + captured = {} + + async def fake_handle(event): + captured["event"] = event + + adapter.handle_message = fake_handle + + await adapter._handle_envelope({ + "envelope": { + "sourceNumber": "+155****9999", + "sourceUuid": "05668cf3-8ffa-467e-9b24-f5eefa5cf475", + "sourceName": "Elliott McManis", + "timestamp": 1777600696077, + "dataMessage": { + "message": " \n\t ", + }, + } + }) + + assert "event" not in captured, "Whitespace-only message should be skipped" + + @pytest.mark.asyncio + async def test_allows_message_with_attachment_no_text(self, monkeypatch): + """Messages with attachments but no text should still be processed.""" + adapter = _make_signal_adapter(monkeypatch) + captured = {} + + async def fake_handle(event): + captured["event"] = event + + adapter.handle_message = fake_handle + + # Mock attachment fetch to return a cached image + png_data = b"\x89PNG\r\n\x1a\n" + b"\x00" * 100 + b64_data = base64.b64encode(png_data).decode() + adapter._rpc, _ = _stub_rpc({"data": b64_data}) + + with patch("gateway.platforms.signal.cache_image_from_bytes", return_value="/tmp/img.png"): + await adapter._handle_envelope({ + "envelope": { + "sourceNumber": "+155****9999", + "sourceUuid": "05668cf3-8ffa-467e-9b24-f5eefa5cf475", + "sourceName": "Elliott McManis", + "timestamp": 1777600696077, + "dataMessage": { + "message": "", # No text + "attachments": [{"id": "att-123", "size": 200}], + }, + } + }) + + assert "event" in captured, "Message with attachment should NOT be skipped" + assert captured["event"].media_urls == ["/tmp/img.png"] + + @pytest.mark.asyncio + async def test_allows_normal_text_message(self, monkeypatch): + """Normal text messages should still flow through.""" + adapter = _make_signal_adapter(monkeypatch) + captured = {} + + async def fake_handle(event): + captured["event"] = event + + adapter.handle_message = fake_handle + + await adapter._handle_envelope({ + "envelope": { + "sourceNumber": "+155****9999", + "sourceUuid": "05668cf3-8ffa-467e-9b24-f5eefa5cf475", + "sourceName": "Elliott McManis", + "timestamp": 1777600696077, + "dataMessage": { + "message": "hello world", + }, + } + }) + + assert "event" in captured, "Normal message should NOT be skipped" + assert captured["event"].text == "hello world" From 97d6f25008d6091c490057a74f24aafa14c086a4 Mon Sep 17 00:00:00 2001 From: briandevans <252620095+briandevans@users.noreply.github.com> Date: Thu, 30 Apr 2026 16:16:06 -0700 Subject: [PATCH 009/133] test(toolsets): include kanban in expected post-#17805 toolset assertions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The kanban PR (#17805, c86842546) added the `kanban` toolset and `tools/kanban_tools.py`, but didn't update three pre-existing test assertions that bake the full toolset/tool inventory: * `tests/tools/test_registry.py::test_matches_previous_manual_builtin_tool_set` hard-codes the manual list of builtin tool modules. `tools.kanban_tools` was missing. * `tests/test_tui_gateway_server.py::test_load_enabled_toolsets_rejects_disabled_mcp_env` and `test_load_enabled_toolsets_falls_back_when_tui_env_invalid` both expect `["memory"]` from `_load_enabled_toolsets()`. With kanban now auto-recovered by `_get_platform_tools` (its tools live in hermes-cli's universe but are not in CONFIGURABLE_TOOLSETS), the resolver returns `["kanban", "memory"]`. * `tests/hermes_cli/test_tools_config.py::test_get_platform_tools_preserves_explicit_empty_selection` asserts `set()` for an explicit empty list. The recovery loop now also surfaces `kanban`. Reframed to assert the contract the test name describes — no CONFIGURABLE toolset gets re-enabled when the user explicitly saved an empty list — which stays correct as more non-configurable platform toolsets are added. Verified the failures reproduce on clean origin/main (180a7036b) with `.[all,dev]`-equivalent extras (fastapi, starlette, httpx, pytest-asyncio) and that all four pass with this commit applied. CI on main itself is currently red on these tests; this restores green for everyone's PRs. Co-Authored-By: Claude Opus 4.7 (1M context) --- tests/hermes_cli/test_tools_config.py | 11 ++++++++++- tests/test_tui_gateway_server.py | 7 +++++-- tests/tools/test_registry.py | 1 + 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tests/hermes_cli/test_tools_config.py b/tests/hermes_cli/test_tools_config.py index deab21fc2ef..d5b8aec3b78 100644 --- a/tests/hermes_cli/test_tools_config.py +++ b/tests/hermes_cli/test_tools_config.py @@ -120,7 +120,16 @@ def test_get_platform_tools_preserves_explicit_empty_selection(): enabled = _get_platform_tools(config, "cli") - assert enabled == set() + # An explicit empty list disables every CONFIGURABLE toolset (web, + # terminal, memory, …). Non-configurable platform toolsets that ride + # along on the platform's default composite (e.g. `kanban`, whose tools + # live in _HERMES_CORE_TOOLS but aren't user-toggleable) are still + # auto-recovered by _get_platform_tools so saving via `hermes tools` + # doesn't silently drop them. The contract this test guards is the + # configurable side: nothing the user could have checked in the TUI + # checklist should reappear here. + configurable = {ts_key for ts_key, _, _ in CONFIGURABLE_TOOLSETS} + assert enabled.isdisjoint(configurable) def test_apply_toolset_change_from_default_does_not_enable_default_off_toolsets(): diff --git a/tests/test_tui_gateway_server.py b/tests/test_tui_gateway_server.py index d57a6cd88c9..a652cb860ce 100644 --- a/tests/test_tui_gateway_server.py +++ b/tests/test_tui_gateway_server.py @@ -115,7 +115,10 @@ def test_load_enabled_toolsets_rejects_disabled_mcp_env(monkeypatch, capsys): ) monkeypatch.setattr(config_mod, "load_config", lambda: {"platform_toolsets": {"cli": ["memory"]}}) - assert server._load_enabled_toolsets() == ["memory"] + # Sorted: ["kanban", "memory"]. `kanban` is auto-recovered by + # _get_platform_tools because it's a non-configurable platform toolset + # whose tools live in hermes-cli's universe (see toolsets.py). + assert server._load_enabled_toolsets() == ["kanban", "memory"] err = capsys.readouterr().err assert "ignoring disabled MCP servers" in err assert "mcp-off" in err @@ -134,7 +137,7 @@ def test_load_enabled_toolsets_falls_back_when_tui_env_invalid(monkeypatch, caps monkeypatch.setattr(config_mod, "load_config", lambda: {"platform_toolsets": {"cli": ["memory"]}}) - assert server._load_enabled_toolsets() == ["memory"] + assert server._load_enabled_toolsets() == ["kanban", "memory"] assert "using configured CLI toolsets" in capsys.readouterr().err diff --git a/tests/tools/test_registry.py b/tests/tools/test_registry.py index 3c753f64f5e..b6e40da3547 100644 --- a/tests/tools/test_registry.py +++ b/tests/tools/test_registry.py @@ -304,6 +304,7 @@ class TestBuiltinDiscovery: "tools.file_tools", "tools.homeassistant_tool", "tools.image_generation_tool", + "tools.kanban_tools", "tools.memory_tool", "tools.mixture_of_agents_tool", "tools.process_registry", From 624057fce6e676df008e55f35f1219ad3b367474 Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:11:26 +0000 Subject: [PATCH 010/133] feat(teams): set User-Agent to Hermes via 2.0.0 client option microsoft-teams-apps 2.0.0 added the `client` option to AppOptions, accepting a ClientOptions instance. Use it to set the User-Agent header to "Hermes" on all outgoing HTTP requests. Co-Authored-By: Claude Sonnet 4.6 --- plugins/platforms/teams/adapter.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/platforms/teams/adapter.py b/plugins/platforms/teams/adapter.py index b1769cf52c4..945ffa07958 100644 --- a/plugins/platforms/teams/adapter.py +++ b/plugins/platforms/teams/adapter.py @@ -38,6 +38,7 @@ except ImportError: try: from microsoft_teams.apps import App, ActivityContext + from microsoft_teams.common.http.client import ClientOptions from microsoft_teams.api import MessageActivity, ConversationReference from microsoft_teams.api.activities.typing import TypingActivityInput from microsoft_teams.api.activities.invoke.adaptive_card import AdaptiveCardInvokeActivity @@ -57,6 +58,7 @@ try: TEAMS_SDK_AVAILABLE = True except ImportError: TEAMS_SDK_AVAILABLE = False + ClientOptions = None # type: ignore[assignment,misc] App = None # type: ignore[assignment,misc] ActivityContext = None # type: ignore[assignment,misc] MessageActivity = None # type: ignore[assignment,misc] @@ -208,6 +210,7 @@ class TeamsAdapter(BasePlatformAdapter): client_secret=self._client_secret, tenant_id=self._tenant_id, http_server_adapter=_AiohttpBridgeAdapter(aiohttp_app), + client=ClientOptions(headers={"User-Agent": "Hermes"}), ) # Register message handler before initialize() From 4a6fac36d8fcfae90ce9a3b228685984f92c3cb1 Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:16:57 +0000 Subject: [PATCH 011/133] =?UTF-8?q?docs(teams):=20fix=20group=20chat=20beh?= =?UTF-8?q?avior=20=E2=80=94=20@mention=20required?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Group chats require @mention just like channels, not respond-to-all. Co-Authored-By: Claude Sonnet 4.6 --- website/docs/user-guide/messaging/teams.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/docs/user-guide/messaging/teams.md b/website/docs/user-guide/messaging/teams.md index adc97ebff2b..1375cd8d27b 100644 --- a/website/docs/user-guide/messaging/teams.md +++ b/website/docs/user-guide/messaging/teams.md @@ -13,8 +13,10 @@ Connect Hermes Agent to Microsoft Teams as a bot. Unlike Slack's Socket Mode, Te | Context | Behavior | |---------|----------| | **Personal chat (DM)** | Bot responds to every message. No @mention needed. | -| **Group chat** | Bot responds to every message in the chat. | -| **Channel** | Bot only responds when @mentioned (Teams delivers @mentions as regular messages with `BotName` tags, which Hermes strips automatically). | +| **Group chat** | Bot only responds when @mentioned. | +| **Channel** | Bot only responds when @mentioned. | + +Teams delivers @mentions as regular messages with `BotName` tags, which Hermes strips automatically before processing. --- From c997830e1e5a2a03f941b271bdcd8081da034fc7 Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:24:35 +0000 Subject: [PATCH 012/133] docs(teams): fix port references and add TEAMS_ALLOW_ALL_USERS - Replace hardcoded 3978 with configurable TEAMS_PORT references - Fix incorrect docker-compose port mapping claim (uses network_mode: host) - Add missing TEAMS_ALLOW_ALL_USERS to config reference table Co-Authored-By: Claude Sonnet 4.6 --- website/docs/user-guide/messaging/teams.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/website/docs/user-guide/messaging/teams.md b/website/docs/user-guide/messaging/teams.md index 1375cd8d27b..ce725e275e4 100644 --- a/website/docs/user-guide/messaging/teams.md +++ b/website/docs/user-guide/messaging/teams.md @@ -37,9 +37,9 @@ teams status --verbose --- -## Step 2: Expose Port 3978 +## Step 2: Expose the Webhook Port -Teams cannot deliver messages to `localhost`. For local development, use any tunnel tool to get a public HTTPS URL: +Teams cannot deliver messages to `localhost`. For local development, use any tunnel tool to get a public HTTPS URL. The default port is `3978` — change it with `TEAMS_PORT` if needed. ```bash # devtunnel (Microsoft) @@ -95,7 +95,7 @@ TEAMS_ALLOWED_USERS= HERMES_UID=$(id -u) HERMES_GID=$(id -g) docker compose up -d gateway ``` -This starts the gateway and maps port 3978 on your host to the container. Check that it's running: +This starts the gateway. The default webhook port is `3978` (override with `TEAMS_PORT`). Check that it's running: ```bash curl http://localhost:3978/health # should return: ok @@ -129,6 +129,7 @@ The `teamsAppId` was printed by `teams app create` in Step 3. After installing, | `TEAMS_CLIENT_SECRET` | Azure AD client secret | | `TEAMS_TENANT_ID` | Azure AD tenant ID | | `TEAMS_ALLOWED_USERS` | Comma-separated AAD object IDs allowed to use the bot | +| `TEAMS_ALLOW_ALL_USERS` | Set `true` to skip the allowlist and allow anyone | | `TEAMS_HOME_CHANNEL` | Conversation ID for cron/proactive message delivery | | `TEAMS_HOME_CHANNEL_NAME` | Display name for the home channel | | `TEAMS_PORT` | Webhook port (default: `3978`) | @@ -181,7 +182,7 @@ If you've already created the bot and just need to update the endpoint: teams app update --id --endpoint "https://your-domain.com/api/messages" ``` -Make sure port 3978 (or your configured `TEAMS_PORT`) is reachable from the internet and that your TLS certificate is valid — Teams rejects self-signed certificates. +Make sure your configured port (`TEAMS_PORT`, default `3978`) is reachable from the internet and that your TLS certificate is valid — Teams rejects self-signed certificates. --- From f59693c075647faa99e33011e86b00e738be707f Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:39:46 +0000 Subject: [PATCH 013/133] fix(teams): pipe TEAMS_PORT through docker-compose properly Was hardcoded to 3978; use ${TEAMS_PORT:-3978} so a custom port set in .env is actually passed into the container. Co-Authored-By: Claude Sonnet 4.6 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index ecf59d40c3d..bac125c93fc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -40,7 +40,7 @@ services: # - TEAMS_CLIENT_SECRET=${TEAMS_CLIENT_SECRET} # - TEAMS_TENANT_ID=${TEAMS_TENANT_ID} # - TEAMS_ALLOWED_USERS=${TEAMS_ALLOWED_USERS} - # - TEAMS_PORT=3978 + # - TEAMS_PORT=${TEAMS_PORT:-3978} command: ["gateway", "run"] dashboard: From 09aba917661ff5da5ced53a234447c3a9108120a Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:41:15 +0000 Subject: [PATCH 014/133] docs(teams): note that tunnel port 3978 is the default, not fixed Co-Authored-By: Claude Sonnet 4.6 --- website/docs/user-guide/messaging/teams.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/docs/user-guide/messaging/teams.md b/website/docs/user-guide/messaging/teams.md index ce725e275e4..c77ac7d9167 100644 --- a/website/docs/user-guide/messaging/teams.md +++ b/website/docs/user-guide/messaging/teams.md @@ -44,14 +44,14 @@ Teams cannot deliver messages to `localhost`. For local development, use any tun ```bash # devtunnel (Microsoft) devtunnel create hermes-bot --allow-anonymous -devtunnel port create hermes-bot -p 3978 --protocol https +devtunnel port create hermes-bot -p 3978 --protocol https # replace 3978 with TEAMS_PORT if changed devtunnel host hermes-bot # ngrok -ngrok http 3978 +ngrok http 3978 # replace 3978 with TEAMS_PORT if changed # cloudflared -cloudflared tunnel --url http://localhost:3978 +cloudflared tunnel --url http://localhost:3978 # replace 3978 with TEAMS_PORT if changed ``` Copy the `https://` URL from the output — you'll use it in the next step. Leave the tunnel running while developing. From a5d60f42ee74e3be77f814ec97f8ab2b8e441708 Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:43:12 +0000 Subject: [PATCH 015/133] docs(teams): fix CLI install tag and Step 6 install flow - Keep @preview tag for teams CLI - Step 3: note client secret won't be shown again - Step 6: use the install link printed by teams app create instead of a separate CLI command Co-Authored-By: Claude Sonnet 4.6 --- website/docs/user-guide/messaging/teams.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/website/docs/user-guide/messaging/teams.md b/website/docs/user-guide/messaging/teams.md index c77ac7d9167..a409ef607d5 100644 --- a/website/docs/user-guide/messaging/teams.md +++ b/website/docs/user-guide/messaging/teams.md @@ -68,7 +68,7 @@ teams app create \ --endpoint "https:///api/messages" ``` -The CLI outputs your `CLIENT_ID`, `CLIENT_SECRET`, and `TENANT_ID`. Save them — you'll need all three. +The CLI outputs your `CLIENT_ID`, `CLIENT_SECRET`, and `TENANT_ID`, plus an install link for Step 6. Save the client secret — it won't be shown again. --- @@ -111,11 +111,13 @@ Look for: ## Step 6: Install the App in Teams -```bash -teams app install --id +Open the **Install in Teams** link printed by `teams app create` in Step 3: + +``` +https://teams.microsoft.com/l/app/?installAppPackage=true&appTenantId= ``` -The `teamsAppId` was printed by `teams app create` in Step 3. After installing, open Microsoft Teams and send a direct message to your bot — it's ready. +After installing, open Microsoft Teams and send a direct message to your bot — it's ready. --- From d5e72ae17fd2081d5dd30ef4673b6d4075d00777 Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:43:47 +0000 Subject: [PATCH 016/133] docs(teams): fix CLI install tag and Step 6 install flow - Keep @preview tag for teams CLI - Step 3: note client secret won't be shown again - Step 6: just open the Install in Teams link from teams app create output Co-Authored-By: Claude Sonnet 4.6 --- website/docs/user-guide/messaging/teams.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/website/docs/user-guide/messaging/teams.md b/website/docs/user-guide/messaging/teams.md index a409ef607d5..2b3cb7ed1a7 100644 --- a/website/docs/user-guide/messaging/teams.md +++ b/website/docs/user-guide/messaging/teams.md @@ -111,13 +111,7 @@ Look for: ## Step 6: Install the App in Teams -Open the **Install in Teams** link printed by `teams app create` in Step 3: - -``` -https://teams.microsoft.com/l/app/?installAppPackage=true&appTenantId= -``` - -After installing, open Microsoft Teams and send a direct message to your bot — it's ready. +Open the **Install in Teams** link printed by `teams app create` in Step 3. After installing, open Microsoft Teams and send a direct message to your bot — it's ready. --- From 67f1198ba93a274a3c4501bc7b9f3d9b2324a2a6 Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:44:17 +0000 Subject: [PATCH 017/133] docs(teams): fix CLI install tag and Step 6 install flow - Keep @preview tag for teams CLI - Step 3: note client secret won't be shown again - Step 6: use the Install in Teams link from teams app create output Co-Authored-By: Claude Sonnet 4.6 --- website/docs/user-guide/messaging/teams.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/user-guide/messaging/teams.md b/website/docs/user-guide/messaging/teams.md index 2b3cb7ed1a7..0d07f6965a5 100644 --- a/website/docs/user-guide/messaging/teams.md +++ b/website/docs/user-guide/messaging/teams.md @@ -111,7 +111,7 @@ Look for: ## Step 6: Install the App in Teams -Open the **Install in Teams** link printed by `teams app create` in Step 3. After installing, open Microsoft Teams and send a direct message to your bot — it's ready. +Open the **Install in Teams** link printed by `teams app create` in Step 3 — it opens directly in the Teams client. After installing, send a direct message to your bot — it's ready. --- From 1e5a23fa647e57f8899699778ea807303eaa68ab Mon Sep 17 00:00:00 2001 From: Aamir Jawaid Date: Fri, 1 May 2026 00:45:44 +0000 Subject: [PATCH 018/133] docs(teams): use teams app get --install-link for Step 6 Co-Authored-By: Claude Sonnet 4.6 --- website/docs/user-guide/messaging/teams.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/website/docs/user-guide/messaging/teams.md b/website/docs/user-guide/messaging/teams.md index 0d07f6965a5..c3dfa4f63de 100644 --- a/website/docs/user-guide/messaging/teams.md +++ b/website/docs/user-guide/messaging/teams.md @@ -111,7 +111,11 @@ Look for: ## Step 6: Install the App in Teams -Open the **Install in Teams** link printed by `teams app create` in Step 3 — it opens directly in the Teams client. After installing, send a direct message to your bot — it's ready. +```bash +teams app get --install-link +``` + +Open the printed link in your browser — it opens directly in the Teams client. After installing, send a direct message to your bot — it's ready. --- From 5ad8281885d8596ed41c1e136e0f354b14bdeb4a Mon Sep 17 00:00:00 2001 From: Mind-Dragon Date: Thu, 30 Apr 2026 15:31:57 +0200 Subject: [PATCH 019/133] fix(model_switch): correct user_providers override for private models The switch_model override logic incorrectly iterated over user_providers as if it were a list of dicts, but it's actually a dict mapping provider_slug -> config. This meant private models defined in a provider's `models:` section (e.g. nahcrof-dedicated with discover_models: false) were never accepted when the API /models list didn't include them. Fix: iterate over user_providers.items(), match by slug, and handle both dict and list forms of the models config. --- hermes_cli/model_switch.py | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/hermes_cli/model_switch.py b/hermes_cli/model_switch.py index 4f57f9cef54..07455eb6fa4 100644 --- a/hermes_cli/model_switch.py +++ b/hermes_cli/model_switch.py @@ -891,14 +891,19 @@ def switch_model( if not validation.get("accepted"): override = False if user_providers: - for up in user_providers: - if isinstance(up, dict) and up.get("provider") == target_provider: - cfg_models = up.get("models", []) - if new_model in cfg_models or any( - m.get("name") == new_model for m in cfg_models if isinstance(m, dict) - ): + # user_providers is a dict: {provider_slug: config_dict} + for slug, cfg in user_providers.items(): + if slug == target_provider: + cfg_models = cfg.get("models", {}) + # Direct membership works for dict (keys) and list (strings) + if new_model in cfg_models: override = True break + # Also accept if models is a list of dicts with 'name' field + if isinstance(cfg_models, list): + if any(m.get("name") == new_model for m in cfg_models if isinstance(m, dict)): + override = True + break if override: validation = {"accepted": True, "persist": True, "recognized": False, "message": validation.get("message", "")} else: @@ -1412,14 +1417,17 @@ def list_authenticated_providers( models_list = list(fb) # Prefer the endpoint's live /models list when credentials are - # available. This keeps OpenAI-compatible relays (for example CRS) - # in sync when the server catalog changes without requiring the - # user to mirror every model into config.yaml. + # available, unless the provider explicitly opts out via + # discover_models: false (e.g. dedicated endpoints that expose + # the entire aggregator catalog via /models). api_key = str(ep_cfg.get("api_key", "") or "").strip() if not api_key: key_env = str(ep_cfg.get("key_env", "") or "").strip() api_key = os.environ.get(key_env, "").strip() if key_env else "" - if api_url and api_key: + discover = ep_cfg.get("discover_models", True) + if isinstance(discover, str): + discover = discover.lower() not in ("false", "no", "0") + if api_url and api_key and discover: try: from hermes_cli.models import fetch_api_models live_models = fetch_api_models(api_key, api_url) From aab5bcc6aca7547f9b6176674b72399d8b89727a Mon Sep 17 00:00:00 2001 From: Mind-Dragon Date: Thu, 30 Apr 2026 21:17:35 +0200 Subject: [PATCH 020/133] test(model_switch): cover private user_providers override --- .../test_user_providers_model_switch.py | 145 ++++++++++++++++++ 1 file changed, 145 insertions(+) diff --git a/tests/hermes_cli/test_user_providers_model_switch.py b/tests/hermes_cli/test_user_providers_model_switch.py index 0a97509f7cc..ec694a39f94 100644 --- a/tests/hermes_cli/test_user_providers_model_switch.py +++ b/tests/hermes_cli/test_user_providers_model_switch.py @@ -839,3 +839,148 @@ def test_get_named_custom_provider_transport_resolves_via_display_name(monkeypat result = rp._get_named_custom_provider("Codex Provider") assert result is not None assert result["api_mode"] == "codex_responses" + + +# ============================================================================= +# Regression: user_providers override for private models not listed by /v1/models +# ============================================================================= + +_REJECTED_VALIDATION = { + "accepted": False, + "persist": False, + "recognized": False, + "message": "not found", +} + + +def _run_user_provider_override_case( + *, + slug, + name, + base_url, + models, + raw_input, +): + """Run ``switch_model`` with a private user provider and a rejected API check. + + The bug in PR #17964 was that ``user_providers`` was treated like a list, + so private models listed in ``models:`` never triggered the override path. + These tests keep the validation failure in place and prove the config list + still wins for both dict- and list-shaped ``models`` entries. + """ + from unittest.mock import patch + + user_providers = { + slug: { + "name": name, + "api": base_url, + "discover_models": False, + "models": models, + } + } + + with patch("hermes_cli.model_switch.resolve_alias", return_value=None), \ + patch("hermes_cli.model_switch.list_provider_models", return_value=[]), \ + patch("hermes_cli.model_switch.normalize_model_for_provider", side_effect=lambda model, provider: model), \ + patch("hermes_cli.models.validate_requested_model", return_value=_REJECTED_VALIDATION), \ + patch("hermes_cli.models.detect_provider_for_model", return_value=None), \ + patch("hermes_cli.model_switch.get_model_info", return_value=None), \ + patch("hermes_cli.model_switch.get_model_capabilities", return_value=None), \ + patch("hermes_cli.runtime_provider.resolve_runtime_provider", return_value={"api_key": "***", "base_url": base_url, "api_mode": "anthropic_messages"}): + return switch_model( + raw_input=raw_input, + current_provider=slug, + current_model="old-model", + current_base_url=base_url, + user_providers=user_providers, + custom_providers=[], + ) + + +@pytest.mark.parametrize( + ("slug", "name", "base_url", "models", "raw_input", "expected_model"), + [ + ( + "kimi-coding", + "Kimi Coding Plan", + "https://api.kimi.com/coding", + {"kimi-k2.6": {}}, + "kimi-k2.6", + "kimi-k2.6", + ), + ( + "kimi-dedicated", + "Kimi Dedicated", + "https://api.kimi.com/v1", + [{"name": "moonshotai/Kimi-K2.6-ACED"}], + "moonshotai/Kimi-K2.6-ACED", + "moonshotai/Kimi-K2.6-ACED", + ), + ], + ids=["kimi-coding-plan-dict", "kimi-k2-6-aced-list"], +) +def test_user_provider_override_accepts_listed_private_models( + slug, + name, + base_url, + models, + raw_input, + expected_model, +): + """Private models listed in providers: config should override /v1/models misses. + + Covers both config shapes the fix now accepts: + - dict models for the Kimi Coding Plan K2p6 case + - list-of-dicts models for the Kimi-K2.6-ACED dedicated case + """ + result = _run_user_provider_override_case( + slug=slug, + name=name, + base_url=base_url, + models=models, + raw_input=raw_input, + ) + + assert result.success is True + assert result.new_model == expected_model + assert result.error_message == "" + + +@pytest.mark.parametrize( + ("slug", "name", "base_url", "models", "raw_input"), + [ + ( + "kimi-coding", + "Kimi Coding Plan", + "https://api.kimi.com/coding", + {"kimi-k2.6": {}}, + "kimi-k2.6-mangled", + ), + ( + "kimi-dedicated", + "Kimi Dedicated", + "https://api.kimi.com/v1", + [{"name": "moonshotai/Kimi-K2.6-ACED"}], + "moonshotai/Kimi-K2.6-ACED!!!", + ), + ], + ids=["kimi-coding-plan-dict-mangled", "kimi-k2-6-aced-list-mangled"], +) +def test_user_provider_override_rejects_mangled_private_models( + slug, + name, + base_url, + models, + raw_input, +): + """Malformed model names should fail cleanly, not crash or auto-accept.""" + result = _run_user_provider_override_case( + slug=slug, + name=name, + base_url=base_url, + models=models, + raw_input=raw_input, + ) + + assert result.success is False + assert result.error_message == "not found" From 75483b6db1a1009ddb3776ccc46b1005dceeb672 Mon Sep 17 00:00:00 2001 From: Yukipukii1 Date: Thu, 30 Apr 2026 21:36:40 +0300 Subject: [PATCH 021/133] fix(curator): preserve last_report_path in state --- agent/curator.py | 1 + tests/agent/test_curator.py | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/agent/curator.py b/agent/curator.py index 7419f9ca0c3..36384b726f8 100644 --- a/agent/curator.py +++ b/agent/curator.py @@ -55,6 +55,7 @@ def _default_state() -> Dict[str, Any]: "last_run_at": None, "last_run_duration_seconds": None, "last_run_summary": None, + "last_report_path": None, "paused": False, "run_count": 0, } diff --git a/tests/agent/test_curator.py b/tests/agent/test_curator.py index 70040ec01d5..78971a74d2c 100644 --- a/tests/agent/test_curator.py +++ b/tests/agent/test_curator.py @@ -363,6 +363,19 @@ def test_state_atomic_write_no_tmp_leftovers(curator_env): assert not p.name.startswith(".curator_state_"), f"tmp leftover: {p.name}" +def test_state_preserves_last_report_path(curator_env): + c = curator_env["curator"] + c.save_state({ + "last_run_at": "2026-04-30T12:00:00+00:00", + "last_run_summary": "ok", + "last_report_path": "/tmp/curator-report", + "paused": False, + "run_count": 1, + }) + state = c.load_state() + assert state["last_report_path"] == "/tmp/curator-report" + + def test_curator_review_prompt_has_invariants(): """Core invariants must be in the review prompt text.""" from agent.curator import CURATOR_REVIEW_PROMPT From f4ba97ad9ad45c6fd2a4b876301d00f023424304 Mon Sep 17 00:00:00 2001 From: Feranmi10 <89228157+Feranmi10@users.noreply.github.com> Date: Thu, 30 Apr 2026 19:44:33 -0700 Subject: [PATCH 022/133] fix(status): add NVIDIA_API_KEY to hermes status API keys display MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes #16082 The `hermes status` command listed provider API keys under the ◆ API Keys section but NVIDIA_API_KEY was absent. Users configured with NVIDIA NIM had no way to verify their key was set from status output. Add it alongside the other inference provider keys. --- hermes_cli/status.py | 1 + 1 file changed, 1 insertion(+) diff --git a/hermes_cli/status.py b/hermes_cli/status.py index fb2d010a4e2..38b22a03eb7 100644 --- a/hermes_cli/status.py +++ b/hermes_cli/status.py @@ -125,6 +125,7 @@ def show_status(args): keys = { "OpenRouter": "OPENROUTER_API_KEY", "OpenAI": "OPENAI_API_KEY", + "NVIDIA": "NVIDIA_API_KEY", "Z.AI/GLM": "GLM_API_KEY", "Kimi": "KIMI_API_KEY", "StepFun Step Plan": "STEPFUN_API_KEY", From 5f3f45678400d877f13351fe359b771b9bb7f787 Mon Sep 17 00:00:00 2001 From: Yukipukii1 Date: Thu, 30 Apr 2026 20:47:37 +0300 Subject: [PATCH 023/133] fix(approval): wake blocked gateway approvals on session cleanup --- tests/gateway/test_approve_deny_commands.py | 17 +++++++++++ .../test_session_boundary_security_state.py | 28 +++++++++++++++++++ tools/approval.py | 11 ++++++-- 3 files changed, 53 insertions(+), 3 deletions(-) diff --git a/tests/gateway/test_approve_deny_commands.py b/tests/gateway/test_approve_deny_commands.py index b1c192f1ac6..ebe4d59172a 100644 --- a/tests/gateway/test_approve_deny_commands.py +++ b/tests/gateway/test_approve_deny_commands.py @@ -173,6 +173,23 @@ class TestBlockingGatewayApproval: assert e1.event.is_set() assert e2.event.is_set() + def test_clear_session_denies_and_signals_all_entries(self): + """clear_session must wake blocked entries during boundary cleanup.""" + from tools.approval import clear_session, _ApprovalEntry, _gateway_queues + + session_key = "test-boundary-cleanup" + e1 = _ApprovalEntry({"command": "cmd1"}) + e2 = _ApprovalEntry({"command": "cmd2"}) + _gateway_queues[session_key] = [e1, e2] + + clear_session(session_key) + + assert e1.event.is_set() + assert e2.event.is_set() + assert e1.result == "deny" + assert e2.result == "deny" + assert session_key not in _gateway_queues + # ------------------------------------------------------------------ # /approve command diff --git a/tests/gateway/test_session_boundary_security_state.py b/tests/gateway/test_session_boundary_security_state.py index f7f41249510..00c1568de18 100644 --- a/tests/gateway/test_session_boundary_security_state.py +++ b/tests/gateway/test_session_boundary_security_state.py @@ -10,6 +10,7 @@ from gateway.platforms.base import MessageEvent from gateway.session import SessionEntry, SessionSource, build_session_key from tools import approval as approval_mod from tools.approval import ( + _ApprovalEntry, approve_session, enable_session_yolo, is_approved, @@ -214,3 +215,30 @@ def test_clear_session_boundary_security_state_is_scoped(): runner._clear_session_boundary_security_state("") assert is_approved(other_key, "recursive delete") is True assert other_key in runner._update_prompt_pending + + +def test_clear_session_boundary_security_state_wakes_blocked_approvals(): + """Boundary cleanup must cancel blocked approval waiters immediately.""" + from gateway.run import GatewayRunner + + runner = object.__new__(GatewayRunner) + runner._pending_approvals = {} + runner._update_prompt_pending = {} + + source = _make_source() + session_key = build_session_key(source) + other_key = "agent:main:telegram:dm:other-chat" + + target_entry = _ApprovalEntry({"command": "rm -rf /tmp/demo"}) + other_entry = _ApprovalEntry({"command": "rm -rf /tmp/other"}) + approval_mod._gateway_queues[session_key] = [target_entry] + approval_mod._gateway_queues[other_key] = [other_entry] + + runner._clear_session_boundary_security_state(session_key) + + assert target_entry.event.is_set() + assert target_entry.result == "deny" + assert other_entry.event.is_set() is False + assert other_entry.result is None + assert session_key not in approval_mod._gateway_queues + assert other_key in approval_mod._gateway_queues diff --git a/tools/approval.py b/tools/approval.py index 78fb4817831..aa20a86aecc 100644 --- a/tools/approval.py +++ b/tools/approval.py @@ -400,8 +400,8 @@ def unregister_gateway_notify(session_key: str) -> None: with _lock: _gateway_notify_cbs.pop(session_key, None) entries = _gateway_queues.pop(session_key, []) - for entry in entries: - entry.event.set() + for entry in entries: + entry.event.set() def resolve_gateway_approval(session_key: str, choice: str, @@ -475,7 +475,12 @@ def clear_session(session_key: str) -> None: _session_approved.pop(session_key, None) _session_yolo.discard(session_key) _pending.pop(session_key, None) - _gateway_queues.pop(session_key, None) + entries = _gateway_queues.pop(session_key, []) + for entry in entries: + # Session-boundary cleanup should cancel any blocked approval waits + # immediately so the old run can unwind instead of idling until timeout. + entry.result = "deny" + entry.event.set() def is_session_yolo_enabled(session_key: str) -> bool: From 2110a3a0c435f142f010769d4ecd4455be5dab6b Mon Sep 17 00:00:00 2001 From: Yukipukii1 Date: Thu, 30 Apr 2026 21:12:09 +0300 Subject: [PATCH 024/133] fix(tui): return JSON-RPC errors for invalid request shapes --- tests/test_tui_gateway_server.py | 22 +++++++++++++++++++ tui_gateway/server.py | 37 ++++++++++++++++++++++++++++---- 2 files changed, 55 insertions(+), 4 deletions(-) diff --git a/tests/test_tui_gateway_server.py b/tests/test_tui_gateway_server.py index a652cb860ce..0c6263663ef 100644 --- a/tests/test_tui_gateway_server.py +++ b/tests/test_tui_gateway_server.py @@ -59,6 +59,28 @@ def test_write_json_returns_false_on_broken_pipe(monkeypatch): assert server.write_json({"ok": True}) is False +def test_dispatch_rejects_non_object_request(): + resp = server.dispatch([]) + + assert resp == { + "jsonrpc": "2.0", + "id": None, + "error": {"code": -32600, "message": "invalid request: expected an object"}, + } + + +def test_dispatch_rejects_non_object_params(): + resp = server.dispatch( + {"id": "1", "method": "session.create", "params": []} + ) + + assert resp == { + "jsonrpc": "2.0", + "id": "1", + "error": {"code": -32602, "message": "invalid params: expected an object"}, + } + + def test_load_enabled_toolsets_prefers_tui_env(monkeypatch): monkeypatch.setenv("HERMES_TUI_TOOLSETS", "web, terminal, ,memory") diff --git a/tui_gateway/server.py b/tui_gateway/server.py index 47f25e7e1e8..f503549511b 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -417,11 +417,35 @@ def method(name: str): return dec +def _normalize_request(req: Any) -> tuple[Any, str, dict] | dict: + """Validate a JSON-RPC request enough for safe local dispatch.""" + if not isinstance(req, dict): + return _err(None, -32600, "invalid request: expected an object") + + rid = req.get("id") + method = req.get("method") + if not isinstance(method, str) or not method: + return _err(rid, -32600, "invalid request: method must be a non-empty string") + + params = req.get("params", {}) + if params is None: + params = {} + elif not isinstance(params, dict): + return _err(rid, -32602, "invalid params: expected an object") + + return rid, method, params + + def handle_request(req: dict) -> dict | None: - fn = _methods.get(req.get("method", "")) + normalized = _normalize_request(req) + if isinstance(normalized, dict): + return normalized + + rid, method, params = normalized + fn = _methods.get(method) if not fn: - return _err(req.get("id"), -32601, f"unknown method: {req.get('method')}") - return fn(req.get("id"), req.get("params", {})) + return _err(rid, -32601, f"unknown method: {method}") + return fn(rid, params) def dispatch(req: dict, transport: Optional[Transport] = None) -> dict | None: @@ -439,7 +463,12 @@ def dispatch(req: dict, transport: Optional[Transport] = None) -> dict | None: t = transport or _stdio_transport token = bind_transport(t) try: - if req.get("method") not in _LONG_HANDLERS: + normalized = _normalize_request(req) + if isinstance(normalized, dict): + return normalized + + _rid, method, _params = normalized + if method not in _LONG_HANDLERS: return handle_request(req) # Snapshot the context so the pool worker sees the bound transport. From f7dfd4ae36649513f6cdcfd8266e4e8f45c1f9f6 Mon Sep 17 00:00:00 2001 From: adamludwin Date: Thu, 23 Apr 2026 15:49:16 -0700 Subject: [PATCH 025/133] feat(skills): add built-in here.now skill Add the here.now productivity skill with a bundled publish runtime so Hermes can publish files and folders to live URLs. Keep the skill thin and docs-first while fixing script path resolution and upload failure handling. Made-with: Cursor --- skills/productivity/here-now/SKILL.md | 190 +++++++++ .../productivity/here-now/scripts/publish.sh | 384 ++++++++++++++++++ 2 files changed, 574 insertions(+) create mode 100644 skills/productivity/here-now/SKILL.md create mode 100755 skills/productivity/here-now/scripts/publish.sh diff --git a/skills/productivity/here-now/SKILL.md b/skills/productivity/here-now/SKILL.md new file mode 100644 index 00000000000..11feb0e6e98 --- /dev/null +++ b/skills/productivity/here-now/SKILL.md @@ -0,0 +1,190 @@ +--- +name: here-now +description: > + Publish files and folders to the web instantly. Static hosting for HTML sites, + images, PDFs, and any file type. Sites can connect to external APIs (LLMs, + databases, email, payments) via proxy routes with server-side credential + injection. Use when asked to "publish this", "host this", "deploy this", + "share this on the web", "make a website", "put this online", "upload to + the web", "create a webpage", "share a link", "serve this site", "generate + a URL", or "build a chatbot". Outputs a live, shareable URL at {slug}.here.now. +version: 1.14.0 +author: here.now +license: MIT +prerequisites: + commands: [curl, file, jq] +platforms: [macos, linux] +metadata: + hermes: + tags: [here.now, herenow, publish, deploy, hosting, static-site, web, share, URL] + homepage: https://here.now + requires_toolsets: [terminal] +--- + +# here.now + +Create a live URL from any file or folder. Static hosting with optional proxy routes for calling external APIs server-side. + +## Current docs + +**Before answering questions about here.now capabilities, features, or workflows, read the current docs:** + +→ **https://here.now/docs** + +Read the docs: + +- at the first here.now-related interaction in a conversation +- any time the user asks how to do something +- any time the user asks what is possible, supported, or recommended +- before telling the user a feature is unsupported + +Topics that require current docs (do not rely on local skill text alone): + +- custom domains +- payments and payment gating +- forking +- proxy routes and service variables +- handles and links +- limits and quotas +- SPA routing +- error handling and remediation +- feature availability + +**If docs and live API behavior disagree, trust the live API behavior.** + +If the docs fetch fails or times out, continue with the local skill and live API/script output. Prefer live API behavior for active operations. + +## Requirements + +- Required binaries: `curl`, `file`, `jq` +- Optional environment variable: `$HERENOW_API_KEY` +- Optional credentials file: `~/.herenow/credentials` +- Skill script path: `${HERMES_SKILL_DIR}/scripts/publish.sh` + +## Create a site + +```bash +PUBLISH="${HERMES_SKILL_DIR}/scripts/publish.sh" +bash "$PUBLISH" {file-or-dir} --client hermes +``` + +Outputs the live URL (e.g. `https://bright-canvas-a7k2.here.now/`). + +Under the hood this is a three-step flow: create/update -> upload files -> finalize. A site is not live until finalize succeeds. + +Without an API key this creates an **anonymous site** that expires in 24 hours. +With a saved API key, the site is permanent. + +**File structure:** For HTML sites, place `index.html` at the root of the directory you publish, not inside a subdirectory. The directory's contents become the site root. For example, publish `my-site/` where `my-site/index.html` exists — don't publish a parent folder that contains `my-site/`. + +You can also publish raw files without any HTML. Single files get a rich auto-viewer (images, PDF, video, audio). Multiple files get an auto-generated directory listing with folder navigation and an image gallery. + +## Update an existing site + +```bash +PUBLISH="${HERMES_SKILL_DIR}/scripts/publish.sh" +bash "$PUBLISH" {file-or-dir} --slug {slug} --client hermes +``` + +The script auto-loads the `claimToken` from `.herenow/state.json` when updating anonymous sites. Pass `--claim-token {token}` to override. + +Authenticated updates require a saved API key. + +## API key storage + +The publish script reads the API key from these sources (first match wins): + +1. `--api-key {key}` flag (CI/scripting only — avoid in interactive use) +2. `$HERENOW_API_KEY` environment variable +3. `~/.herenow/credentials` file (recommended for agents) + +To store a key, write it to the credentials file: + +```bash +mkdir -p ~/.herenow && echo "{API_KEY}" > ~/.herenow/credentials && chmod 600 ~/.herenow/credentials +``` + +**IMPORTANT**: After receiving an API key, save it immediately — run the command above yourself. Do not ask the user to run it manually. Avoid passing the key via CLI flags (e.g. `--api-key`) in interactive sessions; the credentials file is the preferred storage method. + +Never commit credentials or local state files (`~/.herenow/credentials`, `.herenow/state.json`) to source control. + +## Getting an API key + +To upgrade from anonymous (24h) to permanent sites: + +1. Ask the user for their email address. +2. Request a one-time sign-in code: + +```bash +curl -sS https://here.now/api/auth/agent/request-code \ + -H "content-type: application/json" \ + -d '{"email": "user@example.com"}' +``` + +3. Tell the user: "Check your inbox for a sign-in code from here.now and paste it here." +4. Verify the code and get the API key: + +```bash +curl -sS https://here.now/api/auth/agent/verify-code \ + -H "content-type: application/json" \ + -d '{"email":"user@example.com","code":"ABCD-2345"}' +``` + +5. Save the returned `apiKey` yourself (do not ask the user to do this): + +```bash +mkdir -p ~/.herenow && echo "{API_KEY}" > ~/.herenow/credentials && chmod 600 ~/.herenow/credentials +``` + +## State file + +After every site create/update, the script writes to `.herenow/state.json` in the working directory: + +```json +{ + "publishes": { + "bright-canvas-a7k2": { + "siteUrl": "https://bright-canvas-a7k2.here.now/", + "claimToken": "abc123", + "claimUrl": "https://here.now/claim?slug=bright-canvas-a7k2&token=abc123", + "expiresAt": "2026-02-18T01:00:00.000Z" + } + } +} +``` + +Before creating or updating sites, you may check this file to find prior slugs. +Treat `.herenow/state.json` as internal cache only. +Never present this local file path as a URL, and never use it as source of truth for auth mode, expiry, or claim URL. + +## What to tell the user + +- Always share the `siteUrl` from the current script run. +- Read and follow `publish_result.*` lines from script stderr to determine auth mode. +- When `publish_result.auth_mode=authenticated`: tell the user the site is **permanent** and saved to their account. No claim URL is needed. +- When `publish_result.auth_mode=anonymous`: tell the user the site **expires in 24 hours**. Share the claim URL (if `publish_result.claim_url` is non-empty and starts with `https://`) so they can keep it permanently. Warn that claim tokens are only returned once and cannot be recovered. +- Never tell the user to inspect `.herenow/state.json` for claim URLs or auth status. + +## Script options + +| Flag | Description | +| ---------------------- | -------------------------------------------- | +| `--slug {slug}` | Update an existing site instead of creating | +| `--claim-token {token}`| Override claim token for anonymous updates | +| `--title {text}` | Viewer title (non-HTML sites) | +| `--description {text}` | Viewer description | +| `--ttl {seconds}` | Set expiry (authenticated only) | +| `--client {name}` | Agent name for attribution (e.g. `hermes`) | +| `--base-url {url}` | API base URL (default: `https://here.now`) | +| `--allow-nonherenow-base-url` | Allow sending auth to non-default `--base-url` | +| `--api-key {key}` | API key override (prefer credentials file) | +| `--spa` | Enable SPA routing (serve index.html for unknown paths) | +| `--forkable` | Allow others to fork this site | + +## Beyond the script + +For all other operations — delete, metadata, passwords, payments, domains, handles, links, variables, proxy routes, forking, duplication, and more — see the current docs: + +→ **https://here.now/docs** + +Full docs: https://here.now/docs diff --git a/skills/productivity/here-now/scripts/publish.sh b/skills/productivity/here-now/scripts/publish.sh new file mode 100755 index 00000000000..c52ce9dd035 --- /dev/null +++ b/skills/productivity/here-now/scripts/publish.sh @@ -0,0 +1,384 @@ +#!/usr/bin/env bash +set -euo pipefail + +BASE_URL="https://here.now" +CREDENTIALS_FILE="$HOME/.herenow/credentials" +API_KEY="${HERENOW_API_KEY:-}" +API_KEY_SOURCE="none" +if [[ -n "${HERENOW_API_KEY:-}" ]]; then + API_KEY_SOURCE="env" +fi +ALLOW_NON_HERENOW_BASE_URL=0 +SLUG="" +CLAIM_TOKEN="" +TITLE="" +DESCRIPTION="" +TTL="" +CLIENT="" +TARGET="" +FORKABLE="" +SPA_MODE="" + +usage() { + cat <<'USAGE' +Usage: publish.sh [options] + +Options: + --api-key API key (or set $HERENOW_API_KEY) + --slug Update existing publish + --claim-token Claim token for anonymous updates + --title Viewer title + --description Viewer description + --ttl Expiry (authenticated only) + --client Agent name for attribution (e.g. cursor, claude-code) + --forkable Allow others to fork this site + --spa Enable SPA routing + --base-url API base (default: https://here.now) + --allow-nonherenow-base-url + Allow auth requests to non-default API base URL +USAGE + exit 1 +} + +die() { echo "error: $1" >&2; exit 1; } + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +SKILL_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)" +BUNDLED_JQ="${SKILL_DIR}/bin/jq" + +if [[ -x "$BUNDLED_JQ" ]]; then + JQ_BIN="$BUNDLED_JQ" +elif command -v jq >/dev/null 2>&1; then + JQ_BIN="$(command -v jq)" +else + die "requires jq" +fi + +for cmd in curl file; do + command -v "$cmd" >/dev/null 2>&1 || die "requires $cmd" +done + +while [[ $# -gt 0 ]]; do + case "$1" in + --api-key) API_KEY="$2"; API_KEY_SOURCE="flag"; shift 2 ;; + --slug) SLUG="$2"; shift 2 ;; + --claim-token) CLAIM_TOKEN="$2"; shift 2 ;; + --title) TITLE="$2"; shift 2 ;; + --description) DESCRIPTION="$2"; shift 2 ;; + --ttl) TTL="$2"; shift 2 ;; + --client) CLIENT="$2"; shift 2 ;; + --base-url) BASE_URL="$2"; shift 2 ;; + --allow-nonherenow-base-url) ALLOW_NON_HERENOW_BASE_URL=1; shift ;; + --forkable) FORKABLE="true"; shift ;; + --spa) SPA_MODE="true"; shift ;; + --help|-h) usage ;; + -*) die "unknown option: $1" ;; + *) [[ -z "$TARGET" ]] && TARGET="$1" || die "unexpected argument: $1"; shift ;; + esac +done + +[[ -n "$TARGET" ]] || usage +[[ -e "$TARGET" ]] || die "path does not exist: $TARGET" + +# Load API key from credentials file if not provided via flag or env +if [[ -z "$API_KEY" && -f "$CREDENTIALS_FILE" ]]; then + API_KEY=$(cat "$CREDENTIALS_FILE" | tr -d '[:space:]') + [[ -n "$API_KEY" ]] && API_KEY_SOURCE="credentials" +fi + +BASE_URL="${BASE_URL%/}" +STATE_DIR=".herenow" +STATE_FILE="$STATE_DIR/state.json" + +# Safety guard: avoid accidentally sending bearer auth to arbitrary endpoints. +if [[ -n "$API_KEY" && "$BASE_URL" != "https://here.now" && "$ALLOW_NON_HERENOW_BASE_URL" -ne 1 ]]; then + die "refusing to send API key to non-default base URL; pass --allow-nonherenow-base-url to override" +fi + +# Auto-load claim token from state file for anonymous updates +if [[ -n "$SLUG" && -z "$CLAIM_TOKEN" && -z "$API_KEY" && -f "$STATE_FILE" ]]; then + CLAIM_TOKEN=$("$JQ_BIN" -r --arg s "$SLUG" '.publishes[$s].claimToken // empty' "$STATE_FILE" 2>/dev/null || true) +fi + +compute_sha256() { + local f="$1" + if command -v sha256sum >/dev/null 2>&1; then + sha256sum "$f" | cut -d' ' -f1 + else + shasum -a 256 "$f" | cut -d' ' -f1 + fi +} + +guess_content_type() { + local f="$1" + case "${f##*.}" in + html|htm) echo "text/html; charset=utf-8" ;; + css) echo "text/css; charset=utf-8" ;; + js|mjs) echo "text/javascript; charset=utf-8" ;; + json) echo "application/json; charset=utf-8" ;; + md|txt) echo "text/plain; charset=utf-8" ;; + svg) echo "image/svg+xml" ;; + png) echo "image/png" ;; + jpg|jpeg) echo "image/jpeg" ;; + gif) echo "image/gif" ;; + webp) echo "image/webp" ;; + pdf) echo "application/pdf" ;; + mp4) echo "video/mp4" ;; + mov) echo "video/quicktime" ;; + mp3) echo "audio/mpeg" ;; + wav) echo "audio/wav" ;; + xml) echo "application/xml" ;; + woff2) echo "font/woff2" ;; + woff) echo "font/woff" ;; + ttf) echo "font/ttf" ;; + ico) echo "image/x-icon" ;; + *) + local detected + detected=$(file --brief --mime-type "$f" 2>/dev/null || echo "application/octet-stream") + echo "$detected" + ;; + esac +} + +# Build file manifest as JSON array +FILES_JSON="[]" + +if [[ -f "$TARGET" ]]; then + sz=$(wc -c < "$TARGET" | tr -d ' ') + ct=$(guess_content_type "$TARGET") + bn=$(basename "$TARGET") + h=$(compute_sha256 "$TARGET") + FILES_JSON=$("$JQ_BIN" -n --arg p "$bn" --argjson s "$sz" --arg c "$ct" --arg h "$h" \ + '[{"path":$p,"size":$s,"contentType":$c,"hash":$h}]') + FILE_MAP=$("$JQ_BIN" -n --arg p "$bn" --arg a "$(cd "$(dirname "$TARGET")" && pwd)/$(basename "$TARGET")" \ + '{($p):$a}') +elif [[ -d "$TARGET" ]]; then + FILE_MAP="{}" + while IFS= read -r -d '' f; do + rel="${f#$TARGET/}" + [[ "$rel" == ".DS_Store" ]] && continue + [[ "$(basename "$rel")" == ".DS_Store" ]] && continue + [[ "$rel" == ".herenow/fork-meta.json" ]] && continue + sz=$(wc -c < "$f" | tr -d ' ') + ct=$(guess_content_type "$f") + h=$(compute_sha256 "$f") + abs=$(cd "$(dirname "$f")" && pwd)/$(basename "$f") + FILES_JSON=$(echo "$FILES_JSON" | "$JQ_BIN" --arg p "$rel" --argjson s "$sz" --arg c "$ct" --arg h "$h" \ + '. + [{"path":$p,"size":$s,"contentType":$c,"hash":$h}]') + FILE_MAP=$(echo "$FILE_MAP" | "$JQ_BIN" --arg p "$rel" --arg a "$abs" '. + {($p):$a}') + done < <(find "$TARGET" -type f -print0 | sort -z) +else + die "not a file or directory: $TARGET" +fi + +file_count=$(echo "$FILES_JSON" | "$JQ_BIN" 'length') +[[ "$file_count" -gt 0 ]] || die "no files found" + +# Read fork-meta.json defaults if present and no explicit flags given +FORK_META="" +if [[ -d "$TARGET" ]]; then + FORK_META_PATH="$TARGET/.herenow/fork-meta.json" + if [[ -f "$FORK_META_PATH" ]]; then + FORK_META=$(cat "$FORK_META_PATH") + if [[ -z "$FORKABLE" ]]; then + FORKABLE=$("$JQ_BIN" -r '.forkable // empty' <<< "$FORK_META" 2>/dev/null || true) + fi + fi +fi + +# Build request body +BODY=$(echo "$FILES_JSON" | "$JQ_BIN" '{files: .}') + +if [[ -n "$TTL" ]]; then + BODY=$(echo "$BODY" | "$JQ_BIN" --argjson t "$TTL" '.ttlSeconds = $t') +fi + +if [[ -n "$TITLE" || -n "$DESCRIPTION" ]]; then + viewer="{}" + [[ -n "$TITLE" ]] && viewer=$(echo "$viewer" | "$JQ_BIN" --arg t "$TITLE" '.title = $t') + [[ -n "$DESCRIPTION" ]] && viewer=$(echo "$viewer" | "$JQ_BIN" --arg d "$DESCRIPTION" '.description = $d') + BODY=$(echo "$BODY" | "$JQ_BIN" --argjson v "$viewer" '.viewer = $v') +fi + +if [[ -n "$CLAIM_TOKEN" && -n "$SLUG" && -z "$API_KEY" ]]; then + BODY=$(echo "$BODY" | "$JQ_BIN" --arg ct "$CLAIM_TOKEN" '.claimToken = $ct') +fi + +if [[ "$FORKABLE" == "true" ]]; then + BODY=$(echo "$BODY" | "$JQ_BIN" '.forkable = true') +fi + +if [[ "$SPA_MODE" == "true" ]]; then + BODY=$(echo "$BODY" | "$JQ_BIN" '.spaMode = true') +fi + +# Determine endpoint and method +if [[ -n "$SLUG" ]]; then + URL="$BASE_URL/api/v1/publish/$SLUG" + METHOD="PUT" +else + URL="$BASE_URL/api/v1/publish" + METHOD="POST" +fi + +# Build auth header +AUTH_ARGS=() +if [[ -n "$API_KEY" ]]; then + AUTH_ARGS=(-H "authorization: Bearer $API_KEY") +fi + +AUTH_MODE="anonymous" +if [[ -n "$API_KEY" ]]; then + AUTH_MODE="authenticated" +fi + +CLIENT_HEADER_VALUE="here-now-publish-sh" +if [[ -n "$CLIENT" ]]; then + normalized_client=$(echo "$CLIENT" | tr '[:upper:]' '[:lower:]' | tr -cs 'a-z0-9._-' '-') + normalized_client="${normalized_client#-}" + normalized_client="${normalized_client%-}" + if [[ -n "$normalized_client" ]]; then + CLIENT_HEADER_VALUE="${normalized_client}/publish-sh" + fi +fi +CLIENT_ARGS=(-H "x-herenow-client: $CLIENT_HEADER_VALUE") + +# Step 1: Create/update publish +echo "creating publish ($file_count files)..." >&2 +RESPONSE=$(curl -sS -X "$METHOD" "$URL" \ + "${AUTH_ARGS[@]+"${AUTH_ARGS[@]}"}" \ + "${CLIENT_ARGS[@]+"${CLIENT_ARGS[@]}"}" \ + -H "content-type: application/json" \ + -d "$BODY") + +# Check for errors +if echo "$RESPONSE" | "$JQ_BIN" -e '.error' >/dev/null 2>&1; then + err=$(echo "$RESPONSE" | "$JQ_BIN" -r '.error') + details=$(echo "$RESPONSE" | "$JQ_BIN" -r '.details // empty') + die "$err${details:+ ($details)}" +fi + +OUT_SLUG=$(echo "$RESPONSE" | "$JQ_BIN" -r '.slug') +VERSION_ID=$(echo "$RESPONSE" | "$JQ_BIN" -r '.upload.versionId') +FINALIZE_URL=$(echo "$RESPONSE" | "$JQ_BIN" -r '.upload.finalizeUrl') +SITE_URL=$(echo "$RESPONSE" | "$JQ_BIN" -r '.siteUrl') +UPLOAD_COUNT=$(echo "$RESPONSE" | "$JQ_BIN" '.upload.uploads | length') +SKIPPED_COUNT=$(echo "$RESPONSE" | "$JQ_BIN" '.upload.skipped // [] | length') + +[[ "$OUT_SLUG" != "null" ]] || die "unexpected response: $RESPONSE" + +# Step 2: Upload files (skipped files are unchanged from previous version) +if [[ "$SKIPPED_COUNT" -gt 0 ]]; then + echo "uploading $UPLOAD_COUNT files ($SKIPPED_COUNT unchanged, skipped)..." >&2 +else + echo "uploading $UPLOAD_COUNT files..." >&2 +fi +upload_errors=0 + +for i in $(seq 0 $((UPLOAD_COUNT - 1))); do + upload_path=$(echo "$RESPONSE" | "$JQ_BIN" -r ".upload.uploads[$i].path") + upload_url=$(echo "$RESPONSE" | "$JQ_BIN" -r ".upload.uploads[$i].url") + upload_ct=$(echo "$RESPONSE" | "$JQ_BIN" -r ".upload.uploads[$i].headers[\"Content-Type\"] // empty") + + if [[ -f "$TARGET" && ! -d "$TARGET" ]]; then + local_file="$TARGET" + else + local_file=$(echo "$FILE_MAP" | "$JQ_BIN" -r --arg p "$upload_path" '.[$p]') + fi + + if [[ ! -f "$local_file" ]]; then + echo "warning: missing local file for $upload_path" >&2 + upload_errors=$((upload_errors + 1)) + continue + fi + + ct_args=() + [[ -n "$upload_ct" ]] && ct_args=(-H "Content-Type: $upload_ct") + + http_code=$(curl -sS -o /dev/null -w "%{http_code}" -X PUT "$upload_url" \ + "${ct_args[@]+"${ct_args[@]}"}" \ + --data-binary "@$local_file") + + if [[ "$http_code" -lt 200 || "$http_code" -ge 300 ]]; then + echo "warning: upload failed for $upload_path (HTTP $http_code)" >&2 + upload_errors=$((upload_errors + 1)) + fi +done + +[[ "$upload_errors" -eq 0 ]] || die "$upload_errors file(s) failed to upload" + +# Step 3: Finalize +echo "finalizing..." >&2 +FIN_RESPONSE=$(curl -sS -X POST "$FINALIZE_URL" \ + "${AUTH_ARGS[@]+"${AUTH_ARGS[@]}"}" \ + "${CLIENT_ARGS[@]+"${CLIENT_ARGS[@]}"}" \ + -H "content-type: application/json" \ + -d "{\"versionId\":\"$VERSION_ID\"}") + +if echo "$FIN_RESPONSE" | "$JQ_BIN" -e '.error' >/dev/null 2>&1; then + err=$(echo "$FIN_RESPONSE" | "$JQ_BIN" -r '.error') + die "finalize failed: $err" +fi + +# Save state +mkdir -p "$STATE_DIR" +if [[ -f "$STATE_FILE" ]]; then + STATE=$(cat "$STATE_FILE") +else + STATE='{"publishes":{}}' +fi + +entry=$("$JQ_BIN" -n --arg s "$SITE_URL" '{siteUrl: $s}') + +RESPONSE_CLAIM_TOKEN=$(echo "$RESPONSE" | "$JQ_BIN" -r '.claimToken // empty') +RESPONSE_CLAIM_URL=$(echo "$RESPONSE" | "$JQ_BIN" -r '.claimUrl // empty') +RESPONSE_EXPIRES=$(echo "$RESPONSE" | "$JQ_BIN" -r '.expiresAt // empty') + +[[ -n "$RESPONSE_CLAIM_TOKEN" ]] && entry=$(echo "$entry" | "$JQ_BIN" --arg v "$RESPONSE_CLAIM_TOKEN" '.claimToken = $v') +[[ -n "$RESPONSE_CLAIM_URL" ]] && entry=$(echo "$entry" | "$JQ_BIN" --arg v "$RESPONSE_CLAIM_URL" '.claimUrl = $v') +[[ -n "$RESPONSE_EXPIRES" ]] && entry=$(echo "$entry" | "$JQ_BIN" --arg v "$RESPONSE_EXPIRES" '.expiresAt = $v') + +STATE=$(echo "$STATE" | "$JQ_BIN" --arg slug "$OUT_SLUG" --argjson e "$entry" '.publishes[$slug] = $e') +echo "$STATE" | "$JQ_BIN" '.' > "$STATE_FILE" + +# Output +echo "$SITE_URL" + +PERSISTENCE="permanent" +if [[ "$AUTH_MODE" == "anonymous" ]]; then + PERSISTENCE="expires_24h" +elif [[ -n "$RESPONSE_EXPIRES" ]]; then + PERSISTENCE="expires_at" +fi + +SAFE_CLAIM_URL="" +if [[ -n "$RESPONSE_CLAIM_URL" && "$RESPONSE_CLAIM_URL" == https://* ]]; then + SAFE_CLAIM_URL="$RESPONSE_CLAIM_URL" +fi + +ACTION="create" +if [[ -n "$SLUG" ]]; then + ACTION="update" +fi + +echo "" >&2 +echo "publish_result.site_url=$SITE_URL" >&2 +echo "publish_result.slug=$OUT_SLUG" >&2 +echo "publish_result.action=$ACTION" >&2 +echo "publish_result.auth_mode=$AUTH_MODE" >&2 +echo "publish_result.api_key_source=$API_KEY_SOURCE" >&2 +echo "publish_result.persistence=$PERSISTENCE" >&2 +echo "publish_result.expires_at=$RESPONSE_EXPIRES" >&2 +echo "publish_result.claim_url=$SAFE_CLAIM_URL" >&2 + +if [[ "$AUTH_MODE" == "authenticated" ]]; then + echo "authenticated publish (permanent, saved to your account)" >&2 +else + echo "anonymous publish (expires in 24h)" >&2 + if [[ -n "$SAFE_CLAIM_URL" ]]; then + echo "claim URL: $SAFE_CLAIM_URL" >&2 + fi + if [[ -n "$RESPONSE_CLAIM_TOKEN" ]]; then + echo "claim token saved to $STATE_FILE" >&2 + fi +fi From 21cc9c8d329f44ae61a3b2845d1fc2c484d852cc Mon Sep 17 00:00:00 2001 From: adamludwin Date: Tue, 28 Apr 2026 22:07:21 -0700 Subject: [PATCH 026/133] Update here.now skill bundle Made-with: Cursor --- skills/productivity/here-now/SKILL.md | 67 ++- skills/productivity/here-now/scripts/drive.sh | 406 ++++++++++++++++++ .../productivity/here-now/scripts/publish.sh | 65 ++- 3 files changed, 521 insertions(+), 17 deletions(-) create mode 100755 skills/productivity/here-now/scripts/drive.sh diff --git a/skills/productivity/here-now/SKILL.md b/skills/productivity/here-now/SKILL.md index 11feb0e6e98..f1491df3fa0 100644 --- a/skills/productivity/here-now/SKILL.md +++ b/skills/productivity/here-now/SKILL.md @@ -1,14 +1,17 @@ --- -name: here-now +name: here.now description: > - Publish files and folders to the web instantly. Static hosting for HTML sites, - images, PDFs, and any file type. Sites can connect to external APIs (LLMs, - databases, email, payments) via proxy routes with server-side credential - injection. Use when asked to "publish this", "host this", "deploy this", - "share this on the web", "make a website", "put this online", "upload to - the web", "create a webpage", "share a link", "serve this site", "generate - a URL", or "build a chatbot". Outputs a live, shareable URL at {slug}.here.now. -version: 1.14.0 + here.now lets agents publish websites and store private files in cloud + Drives. Use Sites to publish HTML, documents, images, PDFs, videos, and + static files to live URLs at {slug}.here.now or custom domains. Use Drives as private cloud + folders where agents can store files (documents, context, memory, plans, + assets, media, research, code, etc), share them with other agents, and + continue across sessions and tools. Use when asked to "publish this", "host + this", "deploy this", "share this on the web", "make a website", "put this + online", "create a webpage", "generate a URL", "build a chatbot", "save this + to my Drive", "store this for later", "write this to cloud storage", "share a + folder with another agent", or "use my here.now Drive". +version: 1.15.3 author: here.now license: MIT prerequisites: @@ -16,14 +19,19 @@ prerequisites: platforms: [macos, linux] metadata: hermes: - tags: [here.now, herenow, publish, deploy, hosting, static-site, web, share, URL] + tags: [here.now, herenow, publish, deploy, hosting, static-site, web, share, URL, drive, storage] homepage: https://here.now requires_toolsets: [terminal] --- # here.now -Create a live URL from any file or folder. Static hosting with optional proxy routes for calling external APIs server-side. +here.now lets agents publish websites and store private files in cloud Drives. + +Use here.now for two jobs: + +- **Sites**: publish websites and files at `{slug}.here.now`. +- **Drives**: store private agent files in cloud folders. ## Current docs @@ -40,6 +48,7 @@ Read the docs: Topics that require current docs (do not rely on local skill text alone): +- Drives and Drive sharing - custom domains - payments and payment gating - forking @@ -58,8 +67,11 @@ If the docs fetch fails or times out, continue with the local skill and live API - Required binaries: `curl`, `file`, `jq` - Optional environment variable: `$HERENOW_API_KEY` +- Optional Drive token variable: `$HERENOW_DRIVE_TOKEN` - Optional credentials file: `~/.herenow/credentials` -- Skill script path: `${HERMES_SKILL_DIR}/scripts/publish.sh` +- Skill helper paths: + - `${HERMES_SKILL_DIR}/scripts/publish.sh` for publishing sites + - `${HERMES_SKILL_DIR}/scripts/drive.sh` for private Drive storage ## Create a site @@ -90,6 +102,23 @@ The script auto-loads the `claimToken` from `.herenow/state.json` when updating Authenticated updates require a saved API key. +## Use a Drive + +Use a Drive when the user wants private cloud storage for agent files: documents, context, memory, plans, assets, media, research, code, and anything else that should persist without being published as a website. + +Every signed-in account has a default Drive named `My Drive`. + +```bash +DRIVE="${HERMES_SKILL_DIR}/scripts/drive.sh" +bash "$DRIVE" default +bash "$DRIVE" ls "My Drive" +bash "$DRIVE" put "My Drive" notes/today.md --from ./notes/today.md +bash "$DRIVE" cat "My Drive" notes/today.md +bash "$DRIVE" share "My Drive" --perms write --prefix notes/ --ttl 7d +``` + +Use scoped Drive tokens for agent-to-agent handoff. If you receive a `herenow_drive` share block, use its `token` as `Authorization: Bearer ` against `api_base`, respect `pathPrefix` when present, and preserve ETags on writes. A `pathPrefix` of `null` means full-Drive access. If the skill is available, prefer `drive.sh`; otherwise call the listed API operations directly. + ## API key storage The publish script reads the API key from these sources (first match wins): @@ -159,13 +188,21 @@ Never present this local file path as a URL, and never use it as source of truth ## What to tell the user +For published sites: + - Always share the `siteUrl` from the current script run. - Read and follow `publish_result.*` lines from script stderr to determine auth mode. - When `publish_result.auth_mode=authenticated`: tell the user the site is **permanent** and saved to their account. No claim URL is needed. - When `publish_result.auth_mode=anonymous`: tell the user the site **expires in 24 hours**. Share the claim URL (if `publish_result.claim_url` is non-empty and starts with `https://`) so they can keep it permanently. Warn that claim tokens are only returned once and cannot be recovered. - Never tell the user to inspect `.herenow/state.json` for claim URLs or auth status. -## Script options +For Drives: + +- Do not describe Drive files as public URLs. +- Tell the user Drive contents are private unless shared with a scoped token. +- When sharing access with another agent, prefer a scoped token with a narrow `pathPrefix` and short TTL. + +## publish.sh options | Flag | Description | | ---------------------- | -------------------------------------------- | @@ -181,9 +218,9 @@ Never present this local file path as a URL, and never use it as source of truth | `--spa` | Enable SPA routing (serve index.html for unknown paths) | | `--forkable` | Allow others to fork this site | -## Beyond the script +## Beyond publish.sh -For all other operations — delete, metadata, passwords, payments, domains, handles, links, variables, proxy routes, forking, duplication, and more — see the current docs: +For Drive operations, use `drive.sh` or the Drive API. For broader account and site management — delete, metadata, passwords, payments, domains, handles, links, variables, proxy routes, forking, duplication, and more — see the current docs: → **https://here.now/docs** diff --git a/skills/productivity/here-now/scripts/drive.sh b/skills/productivity/here-now/scripts/drive.sh new file mode 100755 index 00000000000..872a3d20978 --- /dev/null +++ b/skills/productivity/here-now/scripts/drive.sh @@ -0,0 +1,406 @@ +#!/usr/bin/env bash +set -euo pipefail + +BASE_URL="https://here.now" +CREDENTIALS_FILE="$HOME/.herenow/credentials" +API_KEY="${HERENOW_API_KEY:-}" +DRIVE_TOKEN="${HERENOW_DRIVE_TOKEN:-}" +ALLOW_NON_HERENOW_BASE_URL=0 +MAX_FILE_BYTES=$((500 * 1024 * 1024)) + +usage() { + cat <<'USAGE' +Usage: drive.sh [global options] [args] + +Global options: + --api-key Account API key (or $HERENOW_API_KEY / ~/.herenow/credentials) + --token Drive token (or $HERENOW_DRIVE_TOKEN) + --base-url API base (default: https://here.now) + --allow-nonherenow-base-url + +Commands: + create [name] [--default] + default + ls + ls [prefix] + cat + put --from + import --from [--dry-run] + export --to [--dry-run] + rm [--recursive --confirm ] + share --perms read|write [--prefix notes/] [--ttl 30d] [--label text] [--manage-tokens] + tokens + revoke + delete --confirm "" +USAGE + exit 1 +} + +die() { echo "error: $1" >&2; exit 1; } + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +SKILL_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)" +BUNDLED_JQ="${SKILL_DIR}/bin/jq" + +if [[ -x "$BUNDLED_JQ" ]]; then + JQ_BIN="$BUNDLED_JQ" +elif command -v jq >/dev/null 2>&1; then + JQ_BIN="$(command -v jq)" +else + die "requires jq" +fi + +for cmd in curl file; do + command -v "$cmd" >/dev/null 2>&1 || die "requires $cmd" +done + +while [[ $# -gt 0 ]]; do + case "$1" in + --api-key) API_KEY="$2"; shift 2 ;; + --token) DRIVE_TOKEN="$2"; shift 2 ;; + --base-url) BASE_URL="$2"; shift 2 ;; + --allow-nonherenow-base-url) ALLOW_NON_HERENOW_BASE_URL=1; shift ;; + --help|-h) usage ;; + --*) die "unknown global option: $1" ;; + *) break ;; + esac +done + +CMD="${1:-}" +[[ -n "$CMD" ]] || usage +shift || true + +if [[ -z "$API_KEY" && -z "$DRIVE_TOKEN" && -f "$CREDENTIALS_FILE" ]]; then + API_KEY=$(tr -d '[:space:]' < "$CREDENTIALS_FILE") +fi + +BASE_URL="${BASE_URL%/}" +if [[ "$BASE_URL" != "https://here.now" && "$ALLOW_NON_HERENOW_BASE_URL" -ne 1 ]]; then + if [[ -n "$API_KEY" || -n "$DRIVE_TOKEN" ]]; then + die "refusing to send credentials to non-default base URL; pass --allow-nonherenow-base-url to override" + fi +fi + +auth_header=() +if [[ -n "$DRIVE_TOKEN" ]]; then + auth_header=(-H "authorization: Bearer $DRIVE_TOKEN") +elif [[ -n "$API_KEY" ]]; then + auth_header=(-H "authorization: Bearer $API_KEY") +else + die "missing credentials; set HERENOW_API_KEY, HERENOW_DRIVE_TOKEN, or ~/.herenow/credentials" +fi + +compute_sha256() { + local f="$1" + if command -v sha256sum >/dev/null 2>&1; then + sha256sum "$f" | cut -d' ' -f1 + else + shasum -a 256 "$f" | cut -d' ' -f1 + fi +} + +guess_content_type() { + local f="$1" + case "${f##*.}" in + html|htm) echo "text/html; charset=utf-8" ;; + css) echo "text/css; charset=utf-8" ;; + js|mjs) echo "text/javascript; charset=utf-8" ;; + json) echo "application/json; charset=utf-8" ;; + md|txt) echo "text/plain; charset=utf-8" ;; + svg) echo "image/svg+xml" ;; + png) echo "image/png" ;; + jpg|jpeg) echo "image/jpeg" ;; + gif) echo "image/gif" ;; + webp) echo "image/webp" ;; + pdf) echo "application/pdf" ;; + *) file --brief --mime-type "$f" 2>/dev/null || echo "application/octet-stream" ;; + esac +} + +api_json() { + local method="$1"; shift + local url="$1"; shift + local body="${1:-}" + local tmp + tmp=$(mktemp) + local code + if [[ -n "$body" ]]; then + code=$(curl -sS -o "$tmp" -w "%{http_code}" -X "$method" "$url" "${auth_header[@]}" -H "content-type: application/json" -d "$body") + else + code=$(curl -sS -o "$tmp" -w "%{http_code}" -X "$method" "$url" "${auth_header[@]}") + fi + if [[ "$code" -lt 200 || "$code" -ge 300 ]]; then + local err + err=$("$JQ_BIN" -r '.error // empty' "$tmp" 2>/dev/null || true) + [[ -n "$err" ]] || err="$(cat "$tmp")" + rm -f "$tmp" + die "HTTP $code: $err" + fi + cat "$tmp" + rm -f "$tmp" +} + +urlenc() { + "$JQ_BIN" -nr --arg v "$1" '$v|@uri' +} + +urlenc_path() { + local path="$1" + local out="" + local part + IFS='/' read -r -a parts <<< "$path" + for part in "${parts[@]}"; do + [[ -n "$out" ]] && out="$out/" + out="$out$(urlenc "$part")" + done + echo "$out" +} + +resolve_drive() { + local name="$1" + if [[ "$name" == drv_* ]]; then + echo "$name" + return + fi + if [[ -n "$DRIVE_TOKEN" ]]; then + die "drive tokens must reference drives by drv_ id; use account credentials to resolve drive names" + fi + if [[ "$name" == "default" || "$name" == "my-drive" || "$name" == "My Drive" ]]; then + api_json GET "$BASE_URL/api/v1/drives/default" | "$JQ_BIN" -r '.drive.id' + return + fi + local rows count + rows=$(api_json GET "$BASE_URL/api/v1/drives" | "$JQ_BIN" --arg n "$name" '[.drives[] | select(.name == $n)]') + count=$(echo "$rows" | "$JQ_BIN" 'length') + [[ "$count" -eq 1 ]] || die "drive name '$name' matched $count drives; use a drv_ id" + echo "$rows" | "$JQ_BIN" -r '.[0].id' +} + +drive_head() { + local id="$1" + api_json GET "$BASE_URL/api/v1/drives/$id" | "$JQ_BIN" -r '.drive.headVersionId // .headVersionId // empty' +} + +file_meta() { + local id="$1" + local path="$2" + local prefix + prefix=$(urlenc "$path") + api_json GET "$BASE_URL/api/v1/drives/$id/files?prefix=$prefix&limit=200" | "$JQ_BIN" -c --arg p "$path" '.files[]? | select(.path == $p)' | head -n 1 +} + +put_file() { + local drive="$1"; shift + local path="$1"; shift + local local_file="" + while [[ $# -gt 0 ]]; do + case "$1" in + --from) local_file="$2"; shift 2 ;; + *) die "unexpected put argument: $1" ;; + esac + done + [[ -f "$local_file" ]] || die "--from must be a file" + local id sz ct sha meta body upload upload_url upload_id http_code + id=$(resolve_drive "$drive") + sz=$(wc -c < "$local_file" | tr -d ' ') + [[ "$sz" -le "$MAX_FILE_BYTES" ]] || die "$path exceeds the $MAX_FILE_BYTES byte Drive file limit" + ct=$(guess_content_type "$local_file") + sha=$(compute_sha256 "$local_file") + meta=$(file_meta "$id" "$path" || true) + body=$("$JQ_BIN" -n --arg p "$path" --argjson s "$sz" --arg c "$ct" --arg sha "$sha" \ + '{path:$p,size:$s,contentType:$c,sha256:$sha}') + if [[ -n "$meta" ]]; then + etag=$(echo "$meta" | "$JQ_BIN" -r '.etag') + body=$(echo "$body" | "$JQ_BIN" --arg e "$etag" '.ifMatch = $e') + else + body=$(echo "$body" | "$JQ_BIN" '.ifNoneMatch = "*"') + fi + upload=$(api_json POST "$BASE_URL/api/v1/drives/$id/files/uploads" "$body") + upload_url=$(echo "$upload" | "$JQ_BIN" -r '.uploadUrl') + upload_id=$(echo "$upload" | "$JQ_BIN" -r '.uploadId') + http_code=$(curl -sS -o /dev/null -w "%{http_code}" -X PUT "$upload_url" -H "Content-Type: $ct" --data-binary "@$local_file") + [[ "$http_code" -ge 200 && "$http_code" -lt 300 ]] || die "upload failed for $path (HTTP $http_code)" + api_json POST "$BASE_URL/api/v1/drives/$id/files/finalize" "$("$JQ_BIN" -n --arg u "$upload_id" '{uploadId:$u}')" | "$JQ_BIN" . +} + +case "$CMD" in + create) + name="" + is_default="false" + while [[ $# -gt 0 ]]; do + case "$1" in + --default) is_default="true"; shift ;; + *) [[ -z "$name" ]] && name="$1" || die "unexpected argument: $1"; shift ;; + esac + done + body=$("$JQ_BIN" -n --arg n "$name" --argjson d "$is_default" '{isDefault:$d} + (if $n == "" then {} else {name:$n} end)') + api_json POST "$BASE_URL/api/v1/drives" "$body" | "$JQ_BIN" . + ;; + default) + api_json GET "$BASE_URL/api/v1/drives/default" | "$JQ_BIN" . + ;; + ls) + if [[ $# -eq 0 ]]; then + [[ -z "$DRIVE_TOKEN" ]] || die "drive tokens cannot list drives; pass a drv_ id" + api_json GET "$BASE_URL/api/v1/drives" | "$JQ_BIN" . + else + id=$(resolve_drive "$1") + prefix="${2:-}" + api_json GET "$BASE_URL/api/v1/drives/$id/files?prefix=$(urlenc "$prefix")" | "$JQ_BIN" . + fi + ;; + cat) + [[ $# -eq 2 ]] || die "usage: drive.sh cat " + id=$(resolve_drive "$1") + curl -fsS "$BASE_URL/api/v1/drives/$id/files/$(urlenc_path "$2")" "${auth_header[@]}" + ;; + put) + [[ $# -ge 2 ]] || die "usage: drive.sh put --from " + put_file "$@" + ;; + import) + [[ $# -ge 2 ]] || die "usage: drive.sh import --from [--dry-run]" + drive="$1"; prefix="${2%/}"; shift 2 + from=""; dry=0 + while [[ $# -gt 0 ]]; do + case "$1" in + --from) from="$2"; shift 2 ;; + --dry-run) dry=1; shift ;; + *) die "unexpected import argument: $1" ;; + esac + done + [[ -d "$from" ]] || die "--from must be a folder" + uploaded=0 + skipped=0 + failed=0 + planned=0 + while IFS= read -r -d '' f; do + rel="${f#$from/}" + [[ "$rel" == .git/* || "$rel" == node_modules/* || "$rel" == ".DS_Store" || "$rel" == */.DS_Store ]] && continue + planned=$((planned + 1)) + sz=$(wc -c < "$f" | tr -d ' ') + if [[ "$sz" -gt "$MAX_FILE_BYTES" ]]; then + echo "skip oversized $f ($sz bytes > $MAX_FILE_BYTES)" >&2 + skipped=$((skipped + 1)) + continue + fi + dest="$rel" + [[ -n "$prefix" ]] && dest="$prefix/$rel" + if [[ "$dry" -eq 1 ]]; then + echo "upload $f -> $dest" + skipped=$((skipped + 1)) + else + if (put_file "$drive" "$dest" --from "$f" >/dev/null); then + uploaded=$((uploaded + 1)) + else + failed=$((failed + 1)) + fi + fi + done < <(find "$from" -type f -print0 | sort -z) + echo "planned=$planned uploaded=$uploaded skipped=$skipped failed=$failed" + [[ "$failed" -eq 0 ]] || exit 1 + ;; + export) + [[ $# -ge 2 ]] || die "usage: drive.sh export --to [--dry-run]" + id=$(resolve_drive "$1"); prefix="${2%/}"; shift 2 + to=""; dry=0 + while [[ $# -gt 0 ]]; do + case "$1" in + --to) to="$2"; shift 2 ;; + --dry-run) dry=1; shift ;; + *) die "unexpected export argument: $1" ;; + esac + done + [[ -n "$to" ]] || die "--to is required" + cursor="" + total=0 + while true; do + url="$BASE_URL/api/v1/drives/$id/files?prefix=$(urlenc "$prefix")&limit=200" + [[ -n "$cursor" ]] && url="$url&cursor=$(urlenc "$cursor")" + files=$(api_json GET "$url") + while IFS= read -r p; do + [[ -n "$p" ]] || continue + rel="$p" + [[ -n "$prefix" ]] && rel="${p#$prefix/}" + out="$to/$rel" + if [[ "$dry" -eq 1 ]]; then + echo "download $p -> $out" + else + mkdir -p "$(dirname "$out")" + curl -fsS "$BASE_URL/api/v1/drives/$id/files/$(urlenc_path "$p")" "${auth_header[@]}" -o "$out" + fi + total=$((total + 1)) + done < <(echo "$files" | "$JQ_BIN" -r '.files[].path') + cursor=$(echo "$files" | "$JQ_BIN" -r '.nextCursor // empty') + [[ -n "$cursor" ]] || break + done + echo "files=$total" + ;; + rm) + [[ $# -ge 2 ]] || die "usage: drive.sh rm [--recursive --confirm ]" + id=$(resolve_drive "$1"); path="$2"; shift 2 + recursive=0; confirm="" + while [[ $# -gt 0 ]]; do + case "$1" in + --recursive) recursive=1; shift ;; + --confirm) confirm="$2"; shift 2 ;; + *) die "unexpected rm argument: $1" ;; + esac + done + if [[ "$recursive" -eq 1 ]]; then + [[ "$confirm" == "$path" ]] || die "recursive delete requires --confirm '$path'" + head=$(drive_head "$id") + api_json DELETE "$BASE_URL/api/v1/drives/$id/files/$(urlenc_path "$path")?recursive=true&baseVersionId=$(urlenc "$head")" | "$JQ_BIN" . + else + meta=$(file_meta "$id" "$path") + etag=$(echo "$meta" | "$JQ_BIN" -r '.etag') + curl -fsS -X DELETE "$BASE_URL/api/v1/drives/$id/files/$(urlenc_path "$path")" "${auth_header[@]}" -H "If-Match: $etag" | "$JQ_BIN" . + fi + ;; + share) + [[ $# -ge 1 ]] || die "usage: drive.sh share --perms read|write [--prefix notes/] [--ttl 30d] [--label text] [--manage-tokens]" + id=$(resolve_drive "$1"); shift + perms="write"; prefix=""; ttl=""; label=""; manage_tokens="false" + while [[ $# -gt 0 ]]; do + case "$1" in + --perms) perms="$2"; shift 2 ;; + --prefix) prefix="$2"; shift 2 ;; + --ttl) ttl="$2"; shift 2 ;; + --label) label="$2"; shift 2 ;; + --manage-tokens) manage_tokens="true"; shift ;; + *) die "unexpected share argument: $1" ;; + esac + done + body=$("$JQ_BIN" -n --arg p "$perms" --arg pp "$prefix" --arg ttl "$ttl" --arg label "$label" --argjson mt "$manage_tokens" \ + '{perms:$p} + (if $mt then {manageTokens:true} else {} end) + (if $ttl == "" then {} else {ttl:$ttl} end) + (if $pp == "" then {} else {pathPrefix:$pp} end) + (if $label == "" then {} else {label:$label} end)') + api_json POST "$BASE_URL/api/v1/drives/$id/tokens" "$body" | "$JQ_BIN" -r '.shareBlock' + ;; + tokens) + [[ $# -eq 1 ]] || die "usage: drive.sh tokens " + id=$(resolve_drive "$1") + api_json GET "$BASE_URL/api/v1/drives/$id/tokens" | "$JQ_BIN" . + ;; + revoke) + [[ $# -eq 2 ]] || die "usage: drive.sh revoke " + id=$(resolve_drive "$1") + api_json DELETE "$BASE_URL/api/v1/drives/$id/tokens/$2" | "$JQ_BIN" . + ;; + delete) + [[ $# -ge 1 ]] || die "usage: drive.sh delete --confirm " + id=$(resolve_drive "$1"); shift + confirm="" + while [[ $# -gt 0 ]]; do + case "$1" in + --confirm) confirm="$2"; shift 2 ;; + *) die "unexpected delete argument: $1" ;; + esac + done + drive=$(api_json GET "$BASE_URL/api/v1/drives/$id") + name=$(echo "$drive" | "$JQ_BIN" -r '.drive.name') + [[ "$confirm" == "$name" ]] || die "delete requires --confirm '$name'" + api_json DELETE "$BASE_URL/api/v1/drives/$id" | "$JQ_BIN" . + ;; + *) + die "unknown command: $CMD" + ;; +esac diff --git a/skills/productivity/here-now/scripts/publish.sh b/skills/productivity/here-now/scripts/publish.sh index c52ce9dd035..f8f0b909e58 100755 --- a/skills/productivity/here-now/scripts/publish.sh +++ b/skills/productivity/here-now/scripts/publish.sh @@ -18,6 +18,8 @@ CLIENT="" TARGET="" FORKABLE="" SPA_MODE="" +FROM_DRIVE="" +DRIVE_VERSION="" usage() { cat <<'USAGE' @@ -33,6 +35,8 @@ Options: --client Agent name for attribution (e.g. cursor, claude-code) --forkable Allow others to fork this site --spa Enable SPA routing + --from-drive Publish a Drive snapshot instead of local files + --version Drive version for --from-drive (default: current head) --base-url API base (default: https://here.now) --allow-nonherenow-base-url Allow auth requests to non-default API base URL @@ -71,14 +75,20 @@ while [[ $# -gt 0 ]]; do --allow-nonherenow-base-url) ALLOW_NON_HERENOW_BASE_URL=1; shift ;; --forkable) FORKABLE="true"; shift ;; --spa) SPA_MODE="true"; shift ;; + --from-drive) FROM_DRIVE="$2"; shift 2 ;; + --version) DRIVE_VERSION="$2"; shift 2 ;; --help|-h) usage ;; -*) die "unknown option: $1" ;; *) [[ -z "$TARGET" ]] && TARGET="$1" || die "unexpected argument: $1"; shift ;; esac done -[[ -n "$TARGET" ]] || usage -[[ -e "$TARGET" ]] || die "path does not exist: $TARGET" +if [[ -n "$FROM_DRIVE" ]]; then + [[ -z "$TARGET" ]] || die "--from-drive does not accept a local file-or-dir argument" +else + [[ -n "$TARGET" ]] || usage + [[ -e "$TARGET" ]] || die "path does not exist: $TARGET" +fi # Load API key from credentials file if not provided via flag or env if [[ -z "$API_KEY" && -f "$CREDENTIALS_FILE" ]]; then @@ -100,6 +110,57 @@ if [[ -n "$SLUG" && -z "$CLAIM_TOKEN" && -z "$API_KEY" && -f "$STATE_FILE" ]]; t CLAIM_TOKEN=$("$JQ_BIN" -r --arg s "$SLUG" '.publishes[$s].claimToken // empty' "$STATE_FILE" 2>/dev/null || true) fi +if [[ -n "$FROM_DRIVE" ]]; then + [[ -n "$API_KEY" ]] || die "--from-drive requires an account API key" + BODY=$("$JQ_BIN" -n --arg d "$FROM_DRIVE" '{driveId:$d}') + [[ -n "$DRIVE_VERSION" ]] && BODY=$(echo "$BODY" | "$JQ_BIN" --arg v "$DRIVE_VERSION" '.versionId = $v') + [[ -n "$SLUG" ]] && BODY=$(echo "$BODY" | "$JQ_BIN" --arg s "$SLUG" '.slug = $s') + if [[ -n "$TITLE" || -n "$DESCRIPTION" ]]; then + viewer="{}" + [[ -n "$TITLE" ]] && viewer=$(echo "$viewer" | "$JQ_BIN" --arg t "$TITLE" '.title = $t') + [[ -n "$DESCRIPTION" ]] && viewer=$(echo "$viewer" | "$JQ_BIN" --arg d "$DESCRIPTION" '.description = $d') + BODY=$(echo "$BODY" | "$JQ_BIN" --argjson v "$viewer" '.viewer = $v') + fi + [[ "$FORKABLE" == "true" ]] && BODY=$(echo "$BODY" | "$JQ_BIN" '.forkable = true') + [[ "$SPA_MODE" == "true" ]] && BODY=$(echo "$BODY" | "$JQ_BIN" '.spaMode = true') + CLIENT_HEADER_VALUE="here-now-publish-sh" + if [[ -n "$CLIENT" ]]; then + normalized_client=$(echo "$CLIENT" | tr '[:upper:]' '[:lower:]' | tr -cs 'a-z0-9._-' '-') + normalized_client="${normalized_client#-}" + normalized_client="${normalized_client%-}" + if [[ -n "$normalized_client" ]]; then + CLIENT_HEADER_VALUE="${normalized_client}/publish-sh" + fi + fi + + echo "publishing from Drive..." >&2 + RESPONSE=$(curl -sS -X POST "$BASE_URL/api/v1/publish/from-drive" \ + -H "authorization: Bearer $API_KEY" \ + -H "x-herenow-client: $CLIENT_HEADER_VALUE" \ + -H "content-type: application/json" \ + -d "$BODY") + if echo "$RESPONSE" | "$JQ_BIN" -e '.error' >/dev/null 2>&1; then + err=$(echo "$RESPONSE" | "$JQ_BIN" -r '.error') + die "$err" + fi + SITE_URL=$(echo "$RESPONSE" | "$JQ_BIN" -r '.siteUrl') + OUT_SLUG=$(echo "$RESPONSE" | "$JQ_BIN" -r '.slug') + CURRENT_VERSION=$(echo "$RESPONSE" | "$JQ_BIN" -r '.currentVersionId') + DRIVE_VERSION_OUT=$(echo "$RESPONSE" | "$JQ_BIN" -r '.driveVersionId') + echo "$SITE_URL" + echo "" >&2 + echo "publish_result.site_url=$SITE_URL" >&2 + echo "publish_result.slug=$OUT_SLUG" >&2 + echo "publish_result.action=from_drive" >&2 + echo "publish_result.auth_mode=authenticated" >&2 + echo "publish_result.api_key_source=$API_KEY_SOURCE" >&2 + echo "publish_result.persistence=permanent" >&2 + echo "publish_result.drive_id=$FROM_DRIVE" >&2 + echo "publish_result.drive_version_id=$DRIVE_VERSION_OUT" >&2 + echo "publish_result.current_version_id=$CURRENT_VERSION" >&2 + exit 0 +fi + compute_sha256() { local f="$1" if command -v sha256sum >/dev/null 2>&1; then From 7cbe943d2dc1cd559320f33ff786b431c879ef06 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 19:45:41 -0700 Subject: [PATCH 027/133] feat(skills): add here.now as an optional skill Moves the here-now skill under optional-skills/productivity/here-now/ so it's discoverable via the Skills Hub but not installed by default, and tightens the SKILL.md description to a single line to match sibling optional-skill descriptions. Install with: hermes skills install official/productivity/here-now Closes #378 --- .../productivity/here-now/SKILL.md | 12 +----------- .../productivity/here-now/scripts/drive.sh | 0 .../productivity/here-now/scripts/publish.sh | 0 scripts/release.py | 1 + 4 files changed, 2 insertions(+), 11 deletions(-) rename {skills => optional-skills}/productivity/here-now/SKILL.md (91%) rename {skills => optional-skills}/productivity/here-now/scripts/drive.sh (100%) rename {skills => optional-skills}/productivity/here-now/scripts/publish.sh (100%) diff --git a/skills/productivity/here-now/SKILL.md b/optional-skills/productivity/here-now/SKILL.md similarity index 91% rename from skills/productivity/here-now/SKILL.md rename to optional-skills/productivity/here-now/SKILL.md index f1491df3fa0..bbb07b0a4e5 100644 --- a/skills/productivity/here-now/SKILL.md +++ b/optional-skills/productivity/here-now/SKILL.md @@ -1,16 +1,6 @@ --- name: here.now -description: > - here.now lets agents publish websites and store private files in cloud - Drives. Use Sites to publish HTML, documents, images, PDFs, videos, and - static files to live URLs at {slug}.here.now or custom domains. Use Drives as private cloud - folders where agents can store files (documents, context, memory, plans, - assets, media, research, code, etc), share them with other agents, and - continue across sessions and tools. Use when asked to "publish this", "host - this", "deploy this", "share this on the web", "make a website", "put this - online", "create a webpage", "generate a URL", "build a chatbot", "save this - to my Drive", "store this for later", "write this to cloud storage", "share a - folder with another agent", or "use my here.now Drive". +description: Publish static sites to {slug}.here.now and store private files in cloud Drives for agent-to-agent handoff. version: 1.15.3 author: here.now license: MIT diff --git a/skills/productivity/here-now/scripts/drive.sh b/optional-skills/productivity/here-now/scripts/drive.sh similarity index 100% rename from skills/productivity/here-now/scripts/drive.sh rename to optional-skills/productivity/here-now/scripts/drive.sh diff --git a/skills/productivity/here-now/scripts/publish.sh b/optional-skills/productivity/here-now/scripts/publish.sh similarity index 100% rename from skills/productivity/here-now/scripts/publish.sh rename to optional-skills/productivity/here-now/scripts/publish.sh diff --git a/scripts/release.py b/scripts/release.py index 86312365240..afed77a69bc 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -45,6 +45,7 @@ AUTHOR_MAP = { "leone.parise@gmail.com": "leoneparise", "teknium@nousresearch.com": "teknium1", "127238744+teknium1@users.noreply.github.com": "teknium1", + "aludwin+gh@gmail.com": "adamludwin", "2093036+exiao@users.noreply.github.com": "exiao", "rylen.anil@gmail.com": "rylena", "14046872+tmimmanuel@users.noreply.github.com": "tmimmanuel", From 2bf73fbe2c2a3b85315345b89090062ab3f83622 Mon Sep 17 00:00:00 2001 From: johnncenae Date: Thu, 30 Apr 2026 11:04:50 +0300 Subject: [PATCH 028/133] fix(cli): coerce tls insecure flag safely in auth state --- hermes_cli/auth.py | 6 +++--- tests/hermes_cli/test_auth_nous_provider.py | 12 ++++++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/hermes_cli/auth.py b/hermes_cli/auth.py index 7885e99d1e6..586962d102e 100644 --- a/hermes_cli/auth.py +++ b/hermes_cli/auth.py @@ -43,7 +43,7 @@ import yaml from hermes_cli.config import get_hermes_home, get_config_path, read_raw_config from hermes_constants import OPENROUTER_BASE_URL -from utils import atomic_replace +from utils import atomic_replace, is_truthy_value logger = logging.getLogger(__name__) @@ -2480,8 +2480,8 @@ def _resolve_verify( tls_state = tls_state if isinstance(tls_state, dict) else {} effective_insecure = ( - bool(insecure) if insecure is not None - else bool(tls_state.get("insecure", False)) + is_truthy_value(insecure, default=False) if insecure is not None + else is_truthy_value(tls_state.get("insecure", False), default=False) ) effective_ca = ( ca_bundle diff --git a/tests/hermes_cli/test_auth_nous_provider.py b/tests/hermes_cli/test_auth_nous_provider.py index 75221b16a22..1293110825c 100644 --- a/tests/hermes_cli/test_auth_nous_provider.py +++ b/tests/hermes_cli/test_auth_nous_provider.py @@ -76,6 +76,18 @@ class TestResolveVerifyFallback: ) assert result is False + def test_string_false_in_auth_state_does_not_disable_tls_verify(self): + from hermes_cli.auth import _resolve_verify + + result = _resolve_verify(auth_state={"tls": {"insecure": "false"}}) + assert result is True + + def test_string_true_in_auth_state_disables_tls_verify(self): + from hermes_cli.auth import _resolve_verify + + result = _resolve_verify(auth_state={"tls": {"insecure": "true"}}) + assert result is False + def test_no_ca_bundle_returns_true(self, monkeypatch): from hermes_cli.auth import _resolve_verify From 79cffa9232a1bb67a6184fc7f6b5139bec5d9d8c Mon Sep 17 00:00:00 2001 From: johnncenae Date: Thu, 30 Apr 2026 12:27:28 +0300 Subject: [PATCH 029/133] auth: coerce tls insecure flag safely instead of using Python truthiness --- tests/hermes_cli/test_auth_nous_provider.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/hermes_cli/test_auth_nous_provider.py b/tests/hermes_cli/test_auth_nous_provider.py index 1293110825c..a8e337c1a0d 100644 --- a/tests/hermes_cli/test_auth_nous_provider.py +++ b/tests/hermes_cli/test_auth_nous_provider.py @@ -77,10 +77,12 @@ class TestResolveVerifyFallback: assert result is False def test_string_false_in_auth_state_does_not_disable_tls_verify(self): + import ssl from hermes_cli.auth import _resolve_verify result = _resolve_verify(auth_state={"tls": {"insecure": "false"}}) - assert result is True + assert result is not False + assert result is True or isinstance(result, ssl.SSLContext) def test_string_true_in_auth_state_disables_tls_verify(self): from hermes_cli.auth import _resolve_verify From ca9a61ae3828a7db53a02e84c1d0b67b744c7739 Mon Sep 17 00:00:00 2001 From: hharry11 Date: Thu, 30 Apr 2026 16:26:48 +0300 Subject: [PATCH 030/133] fix(plugins): await async handlers in CLI and TUI dispatch --- cli.py | 9 +++++-- hermes_cli/plugins.py | 43 ++++++++++++++++++++++++++++++ tests/hermes_cli/test_plugins.py | 22 +++++++++++++++ tests/tui_gateway/test_protocol.py | 18 +++++++++++++ tui_gateway/server.py | 8 ++++-- 5 files changed, 96 insertions(+), 4 deletions(-) diff --git a/cli.py b/cli.py index d76ce01bc32..d045a4e52d3 100644 --- a/cli.py +++ b/cli.py @@ -6582,12 +6582,17 @@ class HermesCLI: self._console_print(f"[bold red]Quick command '{base_cmd}' has unsupported type (supported: 'exec', 'alias')[/]") # Check for plugin-registered slash commands elif base_cmd.lstrip("/") in _get_plugin_cmd_handler_names(): - from hermes_cli.plugins import get_plugin_command_handler + from hermes_cli.plugins import ( + get_plugin_command_handler, + resolve_plugin_command_result, + ) plugin_handler = get_plugin_command_handler(base_cmd.lstrip("/")) if plugin_handler: user_args = cmd_original[len(base_cmd):].strip() try: - result = plugin_handler(user_args) + result = resolve_plugin_command_result( + plugin_handler(user_args) + ) if result: _cprint(str(result)) except Exception as e: diff --git a/hermes_cli/plugins.py b/hermes_cli/plugins.py index d7913eb9b5c..3fff37bb086 100644 --- a/hermes_cli/plugins.py +++ b/hermes_cli/plugins.py @@ -33,12 +33,15 @@ so plugin-defined tools appear alongside the built-in tools. from __future__ import annotations +import asyncio import importlib import importlib.metadata import importlib.util +import inspect import logging import os import sys +import threading import types from dataclasses import dataclass, field from pathlib import Path @@ -1226,6 +1229,46 @@ def get_plugin_command_handler(name: str) -> Optional[Callable]: return entry["handler"] if entry else None +def resolve_plugin_command_result(result: Any) -> Any: + """Resolve a plugin command return value, awaiting async handlers when needed. + + Sync CLI/TUI dispatch sites call plugin handlers from plain functions. + If a handler is async, await it directly when no loop is running; if + we're already inside an active loop, run it in a helper thread with its + own loop so the caller still gets a concrete result synchronously. + """ + if not inspect.isawaitable(result): + return result + + try: + asyncio.get_running_loop() + except RuntimeError: + return asyncio.run(result) + + outcome: Dict[str, Any] = {} + failure: Dict[str, BaseException] = {} + done = threading.Event() + + def _runner() -> None: + try: + outcome["value"] = asyncio.run(result) + except BaseException as exc: # pragma: no cover - re-raised below + failure["exc"] = exc + finally: + done.set() + + thread = threading.Thread( + target=_runner, + name="hermes-plugin-command-await", + daemon=True, + ) + thread.start() + done.wait() + if "exc" in failure: + raise failure["exc"] + return outcome.get("value") + + def get_plugin_commands() -> Dict[str, dict]: """Return the full plugin commands dict (name → {handler, description, plugin}). diff --git a/tests/hermes_cli/test_plugins.py b/tests/hermes_cli/test_plugins.py index 157f967e52e..9a46cf59512 100644 --- a/tests/hermes_cli/test_plugins.py +++ b/tests/hermes_cli/test_plugins.py @@ -21,6 +21,7 @@ from hermes_cli.plugins import ( get_plugin_command_handler, get_plugin_commands, get_pre_tool_call_block_message, + resolve_plugin_command_result, discover_plugins, invoke_hook, ) @@ -1061,6 +1062,27 @@ class TestPluginCommands: assert mgr._plugin_commands["cmd-b"]["plugin"] == "plugin-b" +class TestPluginCommandResultResolution: + def test_returns_sync_values_unchanged(self): + assert resolve_plugin_command_result("ok") == "ok" + + def test_awaits_async_result_without_running_loop(self): + async def _handler(): + return "async-ok" + + assert resolve_plugin_command_result(_handler()) == "async-ok" + + def test_awaits_async_result_with_running_loop(self, monkeypatch): + class _Loop: + pass + + async def _handler(): + return "threaded-ok" + + monkeypatch.setattr("hermes_cli.plugins.asyncio.get_running_loop", lambda: _Loop()) + assert resolve_plugin_command_result(_handler()) == "threaded-ok" + + # ── TestPluginDispatchTool ──────────────────────────────────────────────── diff --git a/tests/tui_gateway/test_protocol.py b/tests/tui_gateway/test_protocol.py index bd527608a79..2e54bb93eac 100644 --- a/tests/tui_gateway/test_protocol.py +++ b/tests/tui_gateway/test_protocol.py @@ -594,6 +594,24 @@ def test_command_dispatch_returns_skill_payload(server): assert result["name"] == "hermes-agent-dev" +def test_command_dispatch_awaits_async_plugin_handler(server): + async def _handler(arg): + return f"async:{arg}" + + with patch( + "hermes_cli.plugins.get_plugin_command_handler", + lambda name: _handler if name == "async-cmd" else None, + ): + resp = server.handle_request({ + "id": "r-plugin", + "method": "command.dispatch", + "params": {"name": "async-cmd", "arg": "hello"}, + }) + + assert "error" not in resp + assert resp["result"] == {"type": "plugin", "output": "async:hello"} + + # ── dispatch(): pool routing for long handlers (#12546) ────────────── diff --git a/tui_gateway/server.py b/tui_gateway/server.py index f503549511b..84b89a437c9 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -4115,11 +4115,15 @@ def _(rid, params: dict) -> dict: return _ok(rid, {"type": "alias", "target": qc.get("target", "")}) try: - from hermes_cli.plugins import get_plugin_command_handler + from hermes_cli.plugins import ( + get_plugin_command_handler, + resolve_plugin_command_result, + ) handler = get_plugin_command_handler(name) if handler: - return _ok(rid, {"type": "plugin", "output": str(handler(arg) or "")}) + result = resolve_plugin_command_result(handler(arg)) + return _ok(rid, {"type": "plugin", "output": str(result or "")}) except Exception: pass From 447a2bba3ac9e9fbc3c80a7bab083b18da085705 Mon Sep 17 00:00:00 2001 From: teknium1 <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 19:53:08 -0700 Subject: [PATCH 031/133] fix(plugins): bound async plugin command await with 30s timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow-up to #17963. The threaded branch of resolve_plugin_command_result previously called Event.wait() with no timeout — a hung async plugin handler would wedge the terminal indefinitely. Cap the wait at 30s and raise TimeoutError instead. Added a regression test covering the hung handler path. --- hermes_cli/plugins.py | 13 +++++++++++-- tests/hermes_cli/test_plugins.py | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/hermes_cli/plugins.py b/hermes_cli/plugins.py index 3fff37bb086..e921034699f 100644 --- a/hermes_cli/plugins.py +++ b/hermes_cli/plugins.py @@ -1229,13 +1229,18 @@ def get_plugin_command_handler(name: str) -> Optional[Callable]: return entry["handler"] if entry else None +_PLUGIN_COMMAND_AWAIT_TIMEOUT_SECS = 30.0 + + def resolve_plugin_command_result(result: Any) -> Any: """Resolve a plugin command return value, awaiting async handlers when needed. Sync CLI/TUI dispatch sites call plugin handlers from plain functions. If a handler is async, await it directly when no loop is running; if we're already inside an active loop, run it in a helper thread with its - own loop so the caller still gets a concrete result synchronously. + own loop so the caller still gets a concrete result synchronously. The + threaded path is bounded by a 30s timeout so a hung async handler cannot + wedge the terminal indefinitely. """ if not inspect.isawaitable(result): return result @@ -1263,7 +1268,11 @@ def resolve_plugin_command_result(result: Any) -> Any: daemon=True, ) thread.start() - done.wait() + if not done.wait(timeout=_PLUGIN_COMMAND_AWAIT_TIMEOUT_SECS): + raise TimeoutError( + "Plugin command async handler did not complete within " + f"{_PLUGIN_COMMAND_AWAIT_TIMEOUT_SECS:.0f}s" + ) if "exc" in failure: raise failure["exc"] return outcome.get("value") diff --git a/tests/hermes_cli/test_plugins.py b/tests/hermes_cli/test_plugins.py index 9a46cf59512..0c2a4a88425 100644 --- a/tests/hermes_cli/test_plugins.py +++ b/tests/hermes_cli/test_plugins.py @@ -1082,6 +1082,24 @@ class TestPluginCommandResultResolution: monkeypatch.setattr("hermes_cli.plugins.asyncio.get_running_loop", lambda: _Loop()) assert resolve_plugin_command_result(_handler()) == "threaded-ok" + def test_running_loop_timeout_does_not_hang_forever(self, monkeypatch): + """Threaded path must abort a hung async handler instead of blocking the caller.""" + import asyncio as _asyncio + + class _Loop: + pass + + async def _slow_handler(): + await _asyncio.sleep(10) + return "should-not-reach" + + monkeypatch.setattr("hermes_cli.plugins.asyncio.get_running_loop", lambda: _Loop()) + monkeypatch.setattr("hermes_cli.plugins._PLUGIN_COMMAND_AWAIT_TIMEOUT_SECS", 0.1) + + import pytest + with pytest.raises(TimeoutError): + resolve_plugin_command_result(_slow_handler()) + # ── TestPluginDispatchTool ──────────────────────────────────────────────── From 1ef9e88549fbcbc3f409e912355ced92942e4188 Mon Sep 17 00:00:00 2001 From: johnncenae Date: Thu, 30 Apr 2026 11:44:27 +0300 Subject: [PATCH 032/133] fix(gateway): write restart markers atomically and fix Windows lock collisions --- gateway/run.py | 18 +++--- gateway/status.py | 12 ++-- tests/gateway/test_restart_notification.py | 30 ++++++++++ tests/gateway/test_restart_resume_pending.py | 62 ++++++++++++++++++++ tests/gateway/test_status.py | 51 ++++++++++++++++ 5 files changed, 162 insertions(+), 11 deletions(-) diff --git a/gateway/run.py b/gateway/run.py index a80f42650e8..7714ca99d8a 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -239,7 +239,7 @@ sys.path.insert(0, str(Path(__file__).parent.parent)) # Resolve Hermes home directory (respects HERMES_HOME override) from hermes_constants import get_hermes_home -from utils import atomic_yaml_write, base_url_host_matches, is_truthy_value +from utils import atomic_json_write, atomic_yaml_write, base_url_host_matches, is_truthy_value _hermes_home = get_hermes_home() # Load environment variables from ~/.hermes/.env first. @@ -2245,7 +2245,7 @@ class GatewayRunner: # (they might become active again next restart) try: - path.write_text(json.dumps(new_counts)) + atomic_json_write(path, new_counts, indent=None) except Exception: pass @@ -2313,7 +2313,7 @@ class GatewayRunner: if session_key in counts: del counts[session_key] if counts: - path.write_text(json.dumps(counts)) + atomic_json_write(path, counts, indent=None) else: path.unlink(missing_ok=True) except Exception: @@ -6734,8 +6734,10 @@ class GatewayRunner: } if event.source.thread_id: notify_data["thread_id"] = event.source.thread_id - (_hermes_home / ".restart_notify.json").write_text( - json.dumps(notify_data) + atomic_json_write( + _hermes_home / ".restart_notify.json", + notify_data, + indent=None, ) except Exception as e: logger.debug("Failed to write restart notify file: %s", e) @@ -6752,8 +6754,10 @@ class GatewayRunner: } if event.platform_update_id is not None: dedup_data["update_id"] = event.platform_update_id - (_hermes_home / ".restart_last_processed.json").write_text( - json.dumps(dedup_data) + atomic_json_write( + _hermes_home / ".restart_last_processed.json", + dedup_data, + indent=None, ) except Exception as e: logger.debug("Failed to write restart dedup marker: %s", e) diff --git a/gateway/status.py b/gateway/status.py index 7f7df182f57..f329b25f08b 100644 --- a/gateway/status.py +++ b/gateway/status.py @@ -21,6 +21,7 @@ from datetime import datetime, timezone from pathlib import Path from hermes_constants import get_hermes_home from typing import Any, Optional +from utils import atomic_json_write if sys.platform == "win32": import msvcrt @@ -34,6 +35,10 @@ _IS_WINDOWS = sys.platform == "win32" _UNSET = object() _GATEWAY_LOCK_FILENAME = "gateway.lock" _gateway_lock_handle = None +# Windows byte-range locks are mandatory for other readers. Lock a byte well +# past the JSON payload so runtime status / PID readers can still read the file +# while another process holds the mutual-exclusion lock. +_WINDOWS_LOCK_OFFSET = 1024 * 1024 def _get_pid_path() -> Path: @@ -205,8 +210,7 @@ def _read_json_file(path: Path) -> Optional[dict[str, Any]]: def _write_json_file(path: Path, payload: dict[str, Any]) -> None: - path.parent.mkdir(parents=True, exist_ok=True) - path.write_text(json.dumps(payload)) + atomic_json_write(path, payload, indent=None, separators=(",", ":")) def _read_pid_record(pid_path: Optional[Path] = None) -> Optional[dict]: @@ -286,7 +290,7 @@ def _try_acquire_file_lock(handle) -> bool: if handle.tell() == 0: handle.write("\n") handle.flush() - handle.seek(0) + handle.seek(_WINDOWS_LOCK_OFFSET) msvcrt.locking(handle.fileno(), msvcrt.LK_NBLCK, 1) else: fcntl.flock(handle.fileno(), fcntl.LOCK_EX | fcntl.LOCK_NB) @@ -298,7 +302,7 @@ def _try_acquire_file_lock(handle) -> bool: def _release_file_lock(handle) -> None: try: if _IS_WINDOWS: - handle.seek(0) + handle.seek(_WINDOWS_LOCK_OFFSET) msvcrt.locking(handle.fileno(), msvcrt.LK_UNLCK, 1) else: fcntl.flock(handle.fileno(), fcntl.LOCK_UN) diff --git a/tests/gateway/test_restart_notification.py b/tests/gateway/test_restart_notification.py index c926596492e..8297dfc32fd 100644 --- a/tests/gateway/test_restart_notification.py +++ b/tests/gateway/test_restart_notification.py @@ -113,6 +113,36 @@ async def test_restart_command_preserves_thread_id(tmp_path, monkeypatch): assert data["thread_id"] == "topic_7" +@pytest.mark.asyncio +async def test_restart_command_uses_atomic_json_writes_for_marker_files(tmp_path, monkeypatch): + monkeypatch.setattr(gateway_run, "_hermes_home", tmp_path) + + calls = [] + + def _fake_atomic_json_write(path, payload, **kwargs): + calls.append((Path(path).name, payload, kwargs)) + + monkeypatch.setattr(gateway_run, "atomic_json_write", _fake_atomic_json_write) + + runner, _adapter = make_restart_runner() + runner.request_restart = MagicMock(return_value=True) + + source = make_restart_source(chat_id="42") + event = MessageEvent( + text="/restart", + message_type=MessageType.TEXT, + source=source, + message_id="m1", + ) + + await runner._handle_restart_command(event) + + names = [name for name, _payload, _kwargs in calls] + assert names == [".restart_notify.json", ".restart_last_processed.json"] + assert calls[0][1]["chat_id"] == "42" + assert calls[1][1]["platform"] == "telegram" + + # ── _send_restart_notification ─────────────────────────────────────────── diff --git a/tests/gateway/test_restart_resume_pending.py b/tests/gateway/test_restart_resume_pending.py index b8937cd4df5..77c639d05f7 100644 --- a/tests/gateway/test_restart_resume_pending.py +++ b/tests/gateway/test_restart_resume_pending.py @@ -999,3 +999,65 @@ class TestStuckLoopEscalation: assert store._entries[entry.session_key].resume_pending is False assert not counts_file.exists() + + def test_increment_restart_failure_counts_uses_atomic_json_write( + self, tmp_path, monkeypatch + ): + from gateway.run import GatewayRunner + + source = _make_source() + session_key = _make_store(tmp_path).get_or_create_session(source).session_key + + monkeypatch.setattr("gateway.run._hermes_home", tmp_path) + calls = [] + + def _fake_atomic_json_write(path, payload, **kwargs): + calls.append((path, payload, kwargs)) + + monkeypatch.setattr("gateway.run.atomic_json_write", _fake_atomic_json_write) + + runner = object.__new__(GatewayRunner) + runner._increment_restart_failure_counts({session_key}) + + assert calls == [ + ( + tmp_path / ".restart_failure_counts", + {session_key: 1}, + {"indent": None}, + ) + ] + + def test_clear_restart_failure_count_uses_atomic_json_write_when_entries_remain( + self, tmp_path, monkeypatch + ): + import json + + from gateway.run import GatewayRunner + + source = _make_source() + session_key = _make_store(tmp_path).get_or_create_session(source).session_key + other_key = "agent:main:telegram:dm:other" + counts_file = tmp_path / ".restart_failure_counts" + counts_file.write_text( + json.dumps({session_key: 2, other_key: 1}), + encoding="utf-8", + ) + + monkeypatch.setattr("gateway.run._hermes_home", tmp_path) + calls = [] + + def _fake_atomic_json_write(path, payload, **kwargs): + calls.append((path, payload, kwargs)) + + monkeypatch.setattr("gateway.run.atomic_json_write", _fake_atomic_json_write) + + runner = object.__new__(GatewayRunner) + runner._clear_restart_failure_count(session_key) + + assert calls == [ + ( + tmp_path / ".restart_failure_counts", + {other_key: 1}, + {"indent": None}, + ) + ] diff --git a/tests/gateway/test_status.py b/tests/gateway/test_status.py index e56b2107e55..7138b6514e0 100644 --- a/tests/gateway/test_status.py +++ b/tests/gateway/test_status.py @@ -2,6 +2,7 @@ import json import os +from pathlib import Path from types import SimpleNamespace from gateway import status @@ -245,6 +246,27 @@ class TestGatewayPidState: class TestGatewayRuntimeStatus: + def test_write_json_file_uses_atomic_json_write(self, tmp_path, monkeypatch): + monkeypatch.setenv("HERMES_HOME", str(tmp_path)) + calls = [] + + def _fake_atomic_json_write(path, payload, **kwargs): + calls.append((Path(path), payload, kwargs)) + + monkeypatch.setattr(status, "atomic_json_write", _fake_atomic_json_write) + + payload = {"gateway_state": "running"} + target = tmp_path / "gateway_state.json" + status._write_json_file(target, payload) + + assert calls == [ + ( + target, + payload, + {"indent": None, "separators": (",", ":")}, + ) + ] + def test_write_runtime_status_overwrites_stale_pid_on_restart(self, tmp_path, monkeypatch): """Regression: setdefault() preserved stale PID from previous process (#1631).""" monkeypatch.setenv("HERMES_HOME", str(tmp_path)) @@ -349,6 +371,35 @@ class TestTerminatePid: class TestScopedLocks: + def test_windows_file_lock_uses_high_offset(self, tmp_path, monkeypatch): + lock_path = tmp_path / "gateway.lock" + handle = open(lock_path, "a+", encoding="utf-8") + fd = handle.fileno() + calls = [] + + def fake_locking(fd, mode, size): + calls.append((fd, mode, size, handle.tell())) + + monkeypatch.setattr(status, "_IS_WINDOWS", True) + monkeypatch.setattr( + status, + "msvcrt", + SimpleNamespace(LK_NBLCK=1, LK_UNLCK=2, locking=fake_locking), + raising=False, + ) + + try: + assert status._try_acquire_file_lock(handle) is True + status._release_file_lock(handle) + finally: + handle.close() + + assert calls == [ + (fd, 1, 1, status._WINDOWS_LOCK_OFFSET), + (fd, 2, 1, status._WINDOWS_LOCK_OFFSET), + ] + assert lock_path.read_text(encoding="utf-8") == "\n" + def test_acquire_scoped_lock_rejects_live_other_process(self, tmp_path, monkeypatch): monkeypatch.setenv("HERMES_GATEWAY_LOCK_DIR", str(tmp_path / "locks")) lock_path = tmp_path / "locks" / "telegram-bot-token-2bb80d537b1da3e3.lock" From f43b1266772df10699ba5f50d3b06f0d6ac4310a Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 19:57:58 -0700 Subject: [PATCH 033/133] fix(gateway): atomic writes for sibling recovery/dedup state files Widen PR #17842's atomic-write fix to two sibling sites that exhibit the same 'partial JSON on interrupted write' class of bug: - gateway/platforms/feishu.py: dedup state (_dedup_state_path) - gateway/platforms/helpers.py: ParticipatedThreadTracker save Both are small recovery/coordination files that get rewritten frequently and break cross-restart dedup if left partial. --- gateway/platforms/feishu.py | 3 ++- gateway/platforms/helpers.py | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/gateway/platforms/feishu.py b/gateway/platforms/feishu.py index 718f01e9954..7d25a227fc9 100644 --- a/gateway/platforms/feishu.py +++ b/gateway/platforms/feishu.py @@ -141,6 +141,7 @@ from gateway.platforms.base import ( ) from gateway.status import acquire_scoped_lock, release_scoped_lock from hermes_constants import get_hermes_home +from utils import atomic_json_write logger = logging.getLogger(__name__) @@ -3804,7 +3805,7 @@ class FeishuAdapter(BasePlatformAdapter): recent = self._seen_message_order[-self._dedup_cache_size:] # Save as {msg_id: timestamp} so TTL filtering works across restarts. payload = {"message_ids": {k: self._seen_message_ids[k] for k in recent if k in self._seen_message_ids}} - self._dedup_state_path.write_text(json.dumps(payload, ensure_ascii=False), encoding="utf-8") + atomic_json_write(self._dedup_state_path, payload, indent=None) except OSError: logger.warning("[Feishu] Failed to persist dedup state to %s", self._dedup_state_path, exc_info=True) diff --git a/gateway/platforms/helpers.py b/gateway/platforms/helpers.py index 64aead4b847..8db7af7eba9 100644 --- a/gateway/platforms/helpers.py +++ b/gateway/platforms/helpers.py @@ -13,6 +13,8 @@ import time from pathlib import Path from typing import TYPE_CHECKING, Dict +from utils import atomic_json_write + if TYPE_CHECKING: from gateway.platforms.base import MessageEvent @@ -237,12 +239,11 @@ class ThreadParticipationTracker: def _save(self) -> None: path = self._state_path() - path.parent.mkdir(parents=True, exist_ok=True) thread_list = list(self._threads) if len(thread_list) > self._max_tracked: thread_list = thread_list[-self._max_tracked:] self._threads = set(thread_list) - path.write_text(json.dumps(thread_list), encoding="utf-8") + atomic_json_write(path, thread_list, indent=None) def mark(self, thread_id: str) -> None: """Mark *thread_id* as participated and persist.""" From b29b709a71273cccbd9752035acb8104dc5d7cc5 Mon Sep 17 00:00:00 2001 From: Stephen Schoettler Date: Wed, 29 Apr 2026 15:06:42 -0700 Subject: [PATCH 034/133] fix(agent): sanitize Codex tool-call history summaries --- agent/context_compressor.py | 4 +- run_agent.py | 11 ++++- tests/agent/test_context_compressor.py | 24 +++++++++ tests/run_agent/test_run_agent.py | 67 ++++++++++++++++++++++++++ 4 files changed, 102 insertions(+), 4 deletions(-) diff --git a/agent/context_compressor.py b/agent/context_compressor.py index edbc89b7dd1..c91c0c1579d 100644 --- a/agent/context_compressor.py +++ b/agent/context_compressor.py @@ -992,8 +992,8 @@ The user has requested that this compaction PRIORITISE preserving all informatio def _get_tool_call_id(tc) -> str: """Extract the call ID from a tool_call entry (dict or SimpleNamespace).""" if isinstance(tc, dict): - return tc.get("id", "") - return getattr(tc, "id", "") or "" + return tc.get("call_id", "") or tc.get("id", "") or "" + return getattr(tc, "call_id", "") or getattr(tc, "id", "") or "" def _sanitize_tool_pairs(self, messages: List[Dict[str, Any]]) -> List[Dict[str, Any]]: """Fix orphaned tool_call / tool_result pairs after compression. diff --git a/run_agent.py b/run_agent.py index f09568c2a13..2645a14a607 100644 --- a/run_agent.py +++ b/run_agent.py @@ -4982,8 +4982,8 @@ class AIAgent: def _get_tool_call_id_static(tc) -> str: """Extract call ID from a tool_call entry (dict or object).""" if isinstance(tc, dict): - return tc.get("id", "") or "" - return getattr(tc, "id", "") or "" + return tc.get("call_id", "") or tc.get("id", "") or "" + return getattr(tc, "call_id", "") or getattr(tc, "id", "") or "" _VALID_API_ROLES = frozenset({"system", "user", "assistant", "tool", "function", "developer"}) @@ -10013,6 +10013,13 @@ class AIAgent: for idx, pfm in enumerate(self.prefill_messages): api_messages.insert(sys_offset + idx, pfm.copy()) + # Same safety net as the main loop: repair tool-call/result + # pairing before asking for a final summary. Compression and + # session resume can leave a tool result whose parent assistant + # tool_call was summarized away; Responses API rejects that as + # "No tool call found for function call output". + api_messages = self._sanitize_api_messages(api_messages) + # Same safety net as the main loop: drop thinking-only assistant # turns so Anthropic-family providers don't 400 the summary call. api_messages = self._drop_thinking_only_and_merge_users(api_messages) diff --git a/tests/agent/test_context_compressor.py b/tests/agent/test_context_compressor.py index 5225fa6eee1..8f5d6c4d154 100644 --- a/tests/agent/test_context_compressor.py +++ b/tests/agent/test_context_compressor.py @@ -640,6 +640,30 @@ class TestCompressWithClient: for tc in msg["tool_calls"]: assert tc["id"] in answered_ids + def test_sanitizer_matches_responses_call_id_when_id_differs(self, compressor): + msgs = [ + { + "role": "assistant", + "content": "", + "tool_calls": [ + { + "id": "fc_123", + "call_id": "call_123", + "response_item_id": "fc_123", + "type": "function", + "function": {"name": "search_files", "arguments": "{}"}, + } + ], + }, + {"role": "tool", "tool_call_id": "call_123", "content": "result"}, + ] + + sanitized = compressor._sanitize_tool_pairs(msgs) + + assert [m.get("tool_call_id") for m in sanitized if m.get("role") == "tool"] == [ + "call_123" + ] + def test_summary_role_avoids_consecutive_user_messages(self): """Summary role should alternate with the last head message to avoid consecutive same-role messages.""" mock_client = MagicMock() diff --git a/tests/run_agent/test_run_agent.py b/tests/run_agent/test_run_agent.py index 5585eea4840..03cef83078f 100644 --- a/tests/run_agent/test_run_agent.py +++ b/tests/run_agent/test_run_agent.py @@ -2181,6 +2181,73 @@ class TestHandleMaxIterations: kwargs = agent.client.chat.completions.create.call_args.kwargs assert "reasoning" not in kwargs.get("extra_body", {}) + def test_codex_summary_sanitizes_orphan_tool_results(self, agent): + agent.api_mode = "codex_responses" + agent.provider = "openai-codex" + agent.base_url = "https://chatgpt.com/backend-api/codex" + agent._base_url_lower = agent.base_url.lower() + agent._base_url_hostname = "chatgpt.com" + agent.model = "gpt-5.5" + agent._cached_system_prompt = "You are helpful." + captured = {} + + def fake_run_codex_stream(kwargs): + captured.update(kwargs) + return SimpleNamespace( + status="completed", + output=[ + SimpleNamespace( + type="message", + status="completed", + content=[SimpleNamespace(type="output_text", text="Summary")], + ) + ], + ) + + messages = [ + {"role": "user", "content": "do stuff"}, + { + "role": "tool", + "tool_call_id": "call_orphan", + "content": "orphaned result from compressed history", + }, + ] + + with patch.object(agent, "_run_codex_stream", side_effect=fake_run_codex_stream): + result = agent._handle_max_iterations(messages, 90) + + assert result == "Summary" + input_items = captured["input"] + assert not any( + item.get("type") == "function_call_output" + and item.get("call_id") == "call_orphan" + for item in input_items + ) + + def test_api_sanitizer_matches_responses_call_id_when_id_differs(self, agent): + messages = [ + { + "role": "assistant", + "content": "", + "tool_calls": [ + { + "id": "fc_123", + "call_id": "call_123", + "response_item_id": "fc_123", + "type": "function", + "function": {"name": "web_search", "arguments": "{}"}, + } + ], + }, + {"role": "tool", "tool_call_id": "call_123", "content": "result"}, + ] + + sanitized = agent._sanitize_api_messages(messages) + + assert [m.get("tool_call_id") for m in sanitized if m.get("role") == "tool"] == [ + "call_123" + ] + class TestRunConversation: """Tests for the main run_conversation method. From 9ae1fa9e39057517ef4cb70511e3e294f39e1a2f Mon Sep 17 00:00:00 2001 From: johnncenae Date: Wed, 29 Apr 2026 21:06:42 +0300 Subject: [PATCH 035/133] fix(delegate): honor runtime default model during provider resolution --- tests/tools/test_delegate.py | 20 ++++++++++++++++++++ tools/delegate_tool.py | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/tests/tools/test_delegate.py b/tests/tools/test_delegate.py index 6b4cc991508..1806a7e60fb 100644 --- a/tests/tools/test_delegate.py +++ b/tests/tools/test_delegate.py @@ -786,6 +786,26 @@ class TestDelegationCredentialResolution(unittest.TestCase): self.assertEqual(creds["api_mode"], "chat_completions") mock_resolve.assert_called_once_with(requested="openrouter") + @patch("hermes_cli.runtime_provider.resolve_runtime_provider") + def test_provider_resolution_uses_runtime_model_when_config_model_missing(self, mock_resolve): + """Named providers should propagate their runtime default model to children.""" + mock_resolve.return_value = { + "provider": "custom", + "base_url": "https://my-server.example/v1", + "api_key": "sk-test-key", + "api_mode": "chat_completions", + "model": "server-default-model", + } + parent = _make_mock_parent(depth=0) + cfg = {"provider": "custom:my-server", "model": ""} + + creds = _resolve_delegation_credentials(cfg, parent) + + self.assertEqual(creds["model"], "server-default-model") + self.assertEqual(creds["provider"], "custom") + self.assertEqual(creds["base_url"], "https://my-server.example/v1") + mock_resolve.assert_called_once_with(requested="custom:my-server") + def test_direct_endpoint_uses_configured_base_url_and_api_key(self): parent = _make_mock_parent(depth=0) cfg = { diff --git a/tools/delegate_tool.py b/tools/delegate_tool.py index 7d2bb197e0b..844e7bdfb0e 100644 --- a/tools/delegate_tool.py +++ b/tools/delegate_tool.py @@ -2309,7 +2309,7 @@ def _resolve_delegation_credentials(cfg: dict, parent_agent) -> dict: ) return { - "model": configured_model, + "model": configured_model or runtime.get("model") or None, "provider": runtime.get("provider"), "base_url": runtime.get("base_url"), "api_key": api_key, From a83d579d5b5e3b971f85c2f27b81b9c1efe3d037 Mon Sep 17 00:00:00 2001 From: johnncenae Date: Thu, 30 Apr 2026 12:19:16 +0300 Subject: [PATCH 036/133] fix(telegram): enforce gateway auth for inline approval callbacks --- gateway/platforms/telegram.py | 77 +++++++++++++++-- .../gateway/test_telegram_approval_buttons.py | 83 +++++++++++++++++++ 2 files changed, 153 insertions(+), 7 deletions(-) diff --git a/gateway/platforms/telegram.py b/gateway/platforms/telegram.py index 23fa8c69620..307c6b89aba 100644 --- a/gateway/platforms/telegram.py +++ b/gateway/platforms/telegram.py @@ -290,14 +290,53 @@ class TelegramAdapter(BasePlatformAdapter): # and any other slash-confirm prompts; see GatewayRunner._request_slash_confirm). self._slash_confirm_state: Dict[str, str] = {} - @staticmethod - def _is_callback_user_authorized(user_id: str) -> bool: + def _is_callback_user_authorized( + self, + user_id: str, + *, + chat_id: Optional[str] = None, + chat_type: Optional[str] = None, + thread_id: Optional[str] = None, + user_name: Optional[str] = None, + ) -> bool: """Return whether a Telegram inline-button caller may perform gated actions.""" + normalized_user_id = str(user_id or "").strip() + if not normalized_user_id: + return False + + runner = getattr(getattr(self, "_message_handler", None), "__self__", None) + auth_fn = getattr(runner, "_is_user_authorized", None) + if callable(auth_fn): + try: + from gateway.session import SessionSource + + normalized_chat_type = str(chat_type or "dm").strip().lower() or "dm" + if normalized_chat_type == "private": + normalized_chat_type = "dm" + elif normalized_chat_type == "supergroup": + normalized_chat_type = "forum" if thread_id is not None else "group" + + source = SessionSource( + platform=Platform.TELEGRAM, + chat_id=str(chat_id or normalized_user_id), + chat_type=normalized_chat_type, + user_id=normalized_user_id, + user_name=str(user_name).strip() if user_name else None, + thread_id=str(thread_id) if thread_id is not None else None, + ) + return bool(auth_fn(source)) + except Exception: + logger.debug( + "[Telegram] Falling back to env-only callback auth for user %s", + normalized_user_id, + exc_info=True, + ) + allowed_csv = os.getenv("TELEGRAM_ALLOWED_USERS", "").strip() if not allowed_csv: return True allowed_ids = {uid.strip() for uid in allowed_csv.split(",") if uid.strip()} - return "*" in allowed_ids or user_id in allowed_ids + return "*" in allowed_ids or normalized_user_id in allowed_ids @classmethod def _metadata_thread_id(cls, metadata: Optional[Dict[str, Any]]) -> Optional[str]: @@ -1760,6 +1799,12 @@ class TelegramAdapter(BasePlatformAdapter): if not query or not query.data: return data = query.data + query_message = getattr(query, "message", None) + query_chat_id = getattr(query_message, "chat_id", None) + query_chat = getattr(query_message, "chat", None) + query_chat_type = getattr(query_chat, "type", None) + query_thread_id = getattr(query_message, "message_thread_id", None) + query_user_name = getattr(query.from_user, "first_name", None) # --- Model picker callbacks --- if data.startswith(("mp:", "mm:", "mb", "mx", "mg:")): @@ -1781,7 +1826,13 @@ class TelegramAdapter(BasePlatformAdapter): # Only authorized users may click approval buttons. caller_id = str(getattr(query.from_user, "id", "")) - if not self._is_callback_user_authorized(caller_id): + if not self._is_callback_user_authorized( + caller_id, + chat_id=query_chat_id, + chat_type=str(query_chat_type) if query_chat_type is not None else None, + thread_id=str(query_thread_id) if query_thread_id is not None else None, + user_name=query_user_name, + ): await query.answer(text="⛔ You are not authorized to approve commands.") return @@ -1831,8 +1882,14 @@ class TelegramAdapter(BasePlatformAdapter): choice = parts[1] # once, always, cancel confirm_id = parts[2] - caller_id = str(getattr(query.from_user, "id", "")) - if not self._is_callback_user_authorized(caller_id): + caller_id = str(getattr(query.from_user, "id", "")) + if not self._is_callback_user_authorized( + caller_id, + chat_id=query_chat_id, + chat_type=str(query_chat_type) if query_chat_type is not None else None, + thread_id=str(query_thread_id) if query_thread_id is not None else None, + user_name=query_user_name, + ): await query.answer(text="⛔ You are not authorized to answer this prompt.") return @@ -1891,7 +1948,13 @@ class TelegramAdapter(BasePlatformAdapter): return answer = data.split(":", 1)[1] # "y" or "n" caller_id = str(getattr(query.from_user, "id", "")) - if not self._is_callback_user_authorized(caller_id): + if not self._is_callback_user_authorized( + caller_id, + chat_id=query_chat_id, + chat_type=str(query_chat_type) if query_chat_type is not None else None, + thread_id=str(query_thread_id) if query_thread_id is not None else None, + user_name=query_user_name, + ): await query.answer(text="⛔ You are not authorized to answer update prompts.") return await query.answer(text=f"Sent '{answer}' to the update process.") diff --git a/tests/gateway/test_telegram_approval_buttons.py b/tests/gateway/test_telegram_approval_buttons.py index 93b5f82eef9..199508c9cca 100644 --- a/tests/gateway/test_telegram_approval_buttons.py +++ b/tests/gateway/test_telegram_approval_buttons.py @@ -59,6 +59,21 @@ def _make_adapter(extra=None): return adapter +class _AuthRunner: + """Minimal runner shim for callback auth tests.""" + + def __init__(self, authorized: bool): + self.authorized = authorized + self.last_source = None + + async def _handle_message(self, event): + return None + + def _is_user_authorized(self, source): + self.last_source = source + return self.authorized + + # =========================================================================== # send_exec_approval — inline keyboard buttons # =========================================================================== @@ -230,6 +245,41 @@ class TestTelegramApprovalCallback: edit_kwargs = query.edit_message_text.call_args[1] assert "Denied" in edit_kwargs["text"] + @pytest.mark.asyncio + async def test_approval_callback_rejects_user_blocked_by_global_allowlist(self): + adapter = _make_adapter() + adapter._approval_state[7] = "agent:main:telegram:group:12345:99" + runner = _AuthRunner(authorized=False) + adapter._message_handler = runner._handle_message + + query = AsyncMock() + query.data = "ea:once:7" + query.message = MagicMock() + query.message.chat_id = 12345 + query.message.chat.type = "private" + query.from_user = MagicMock() + query.from_user.id = 222 + query.from_user.first_name = "Mallory" + query.answer = AsyncMock() + query.edit_message_text = AsyncMock() + + update = MagicMock() + update.callback_query = query + context = MagicMock() + + with patch("tools.approval.resolve_gateway_approval") as mock_resolve: + await adapter._handle_callback_query(update, context) + + mock_resolve.assert_not_called() + query.answer.assert_called_once() + assert "not authorized" in query.answer.call_args[1]["text"].lower() + query.edit_message_text.assert_not_called() + assert adapter._approval_state[7] == "agent:main:telegram:group:12345:99" + assert runner.last_source is not None + assert runner.last_source.platform == Platform.TELEGRAM + assert runner.last_source.user_id == "222" + assert runner.last_source.chat_id == "12345" + @pytest.mark.asyncio async def test_already_resolved(self): adapter = _make_adapter() @@ -333,6 +383,39 @@ class TestTelegramApprovalCallback: query.edit_message_text.assert_not_called() assert not (tmp_path / ".update_response").exists() + @pytest.mark.asyncio + async def test_update_prompt_callback_rejects_user_blocked_by_global_allowlist(self, tmp_path): + adapter = _make_adapter() + runner = _AuthRunner(authorized=False) + adapter._message_handler = runner._handle_message + + query = AsyncMock() + query.data = "update_prompt:y" + query.message = MagicMock() + query.message.chat_id = 12345 + query.message.chat.type = "private" + query.from_user = MagicMock() + query.from_user.id = 222 + query.from_user.first_name = "Mallory" + query.answer = AsyncMock() + query.edit_message_text = AsyncMock() + + update = MagicMock() + update.callback_query = query + context = MagicMock() + + with patch("hermes_constants.get_hermes_home", return_value=tmp_path): + with patch.dict(os.environ, {"TELEGRAM_ALLOWED_USERS": ""}): + await adapter._handle_callback_query(update, context) + + query.answer.assert_called_once() + assert "not authorized" in query.answer.call_args[1]["text"].lower() + query.edit_message_text.assert_not_called() + assert not (tmp_path / ".update_response").exists() + assert runner.last_source is not None + assert runner.last_source.platform == Platform.TELEGRAM + assert runner.last_source.user_id == "222" + @pytest.mark.asyncio async def test_update_prompt_callback_allows_authorized_user(self, tmp_path): """Allowed Telegram users can still answer update prompt buttons.""" From 2997ef944696b3f9ebbe5bc545735ba473bddbf3 Mon Sep 17 00:00:00 2001 From: hharry11 Date: Wed, 29 Apr 2026 20:10:05 +0300 Subject: [PATCH 037/133] fix(api-server): use session-scoped task IDs for tool isolation --- gateway/platforms/api_server.py | 6 ++++-- tests/gateway/test_api_server.py | 30 +++++++++++++++++++++++++++ tests/gateway/test_api_server_runs.py | 5 +---- 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/gateway/platforms/api_server.py b/gateway/platforms/api_server.py index 8c46cc6157c..dc608874594 100644 --- a/gateway/platforms/api_server.py +++ b/gateway/platforms/api_server.py @@ -2351,10 +2351,11 @@ class APIServerAdapter(BasePlatformAdapter): ) if agent_ref is not None: agent_ref[0] = agent + effective_task_id = session_id or str(uuid.uuid4()) result = agent.run_conversation( user_message=user_message, conversation_history=conversation_history, - task_id="default", + task_id=effective_task_id, ) usage = { "input_tokens": getattr(agent, "session_prompt_tokens", 0) or 0, @@ -2551,10 +2552,11 @@ class APIServerAdapter(BasePlatformAdapter): ) self._active_run_agents[run_id] = agent def _run_sync(): + effective_task_id = session_id or run_id r = agent.run_conversation( user_message=user_message, conversation_history=conversation_history, - task_id="default", + task_id=effective_task_id, ) u = { "input_tokens": getattr(agent, "session_prompt_tokens", 0) or 0, diff --git a/tests/gateway/test_api_server.py b/tests/gateway/test_api_server.py index 2ebb48bcf47..74a30541dc7 100644 --- a/tests/gateway/test_api_server.py +++ b/tests/gateway/test_api_server.py @@ -332,6 +332,36 @@ def auth_adapter(): return _make_adapter(api_key="sk-secret") +# --------------------------------------------------------------------------- +# Adapter internals +# --------------------------------------------------------------------------- + + +class TestAgentExecution: + @pytest.mark.asyncio + async def test_run_agent_uses_session_id_as_task_id(self, adapter): + mock_agent = MagicMock() + mock_agent.run_conversation.return_value = {"final_response": "ok"} + mock_agent.session_prompt_tokens = 1 + mock_agent.session_completion_tokens = 2 + mock_agent.session_total_tokens = 3 + + with patch.object(adapter, "_create_agent", return_value=mock_agent): + result, usage = await adapter._run_agent( + user_message="hello", + conversation_history=[], + session_id="session-123", + ) + + assert result == {"final_response": "ok"} + assert usage == {"input_tokens": 1, "output_tokens": 2, "total_tokens": 3} + mock_agent.run_conversation.assert_called_once_with( + user_message="hello", + conversation_history=[], + task_id="session-123", + ) + + # --------------------------------------------------------------------------- # /health endpoint # --------------------------------------------------------------------------- diff --git a/tests/gateway/test_api_server_runs.py b/tests/gateway/test_api_server_runs.py index 900eb3c8692..6ce67db9231 100644 --- a/tests/gateway/test_api_server_runs.py +++ b/tests/gateway/test_api_server_runs.py @@ -253,10 +253,7 @@ class TestRunStatus: await asyncio.sleep(0.05) mock_agent.run_conversation.assert_called_once() - # task_id stays "default" so the Runs API shares one sandbox - # container with CLI/gateway; session_id is surfaced in status - # for external UIs to correlate runs with their own session IDs. - assert mock_agent.run_conversation.call_args.kwargs["task_id"] == "default" + assert mock_agent.run_conversation.call_args.kwargs["task_id"] == "space-session" assert status["session_id"] == "space-session" @pytest.mark.asyncio From b194617d00981d8ea850f100ed262698090963da Mon Sep 17 00:00:00 2001 From: 0z! <162235745+0z1-ghb@users.noreply.github.com> Date: Tue, 28 Apr 2026 16:43:55 +0300 Subject: [PATCH 038/133] fix(context_compressor): off-by-one in tail protection for short conversations --- agent/context_compressor.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/context_compressor.py b/agent/context_compressor.py index c91c0c1579d..21f07df491f 100644 --- a/agent/context_compressor.py +++ b/agent/context_compressor.py @@ -538,7 +538,7 @@ class ContextCompressor(ContextEngine): # Token-budget approach: walk backward accumulating tokens accumulated = 0 boundary = len(result) - min_protect = min(protect_tail_count, len(result) - 1) + min_protect = min(protect_tail_count, len(result)) for i in range(len(result) - 1, -1, -1): msg = result[i] raw_content = msg.get("content") or "" From 8b7b074df9506d512b80ab6855f9773041314e0e Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 19:59:36 -0700 Subject: [PATCH 039/133] test(context_compressor): regression test for PR #17025 tail-protection off-by-one When len(messages) <= protect_tail_count and a token budget is set, the previous formula min(protect_tail_count, len(result) - 1) under-protected the tail by one, allowing the oldest message to be summarized. The test fails on the buggy formula (pruned == 1) and passes on the fix (pruned == 0, tool content preserved verbatim). --- tests/agent/test_context_compressor.py | 28 ++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/agent/test_context_compressor.py b/tests/agent/test_context_compressor.py index 8f5d6c4d154..8d1de377b0e 100644 --- a/tests/agent/test_context_compressor.py +++ b/tests/agent/test_context_compressor.py @@ -1143,6 +1143,34 @@ class TestTokenBudgetTailProtection: # At least one old tool result should have been pruned assert pruned >= 1 + def test_prune_short_conv_protects_entire_tail(self, budget_compressor): + """Regression guard for PR #17025. + + When ``len(messages) <= protect_tail_count`` and a token budget is + also set, every message must be protected. The previous code used + ``min(protect_tail_count, len(result) - 1)`` which capped the floor + one below the full length, leaving the oldest message eligible for + pruning. + """ + c = budget_compressor + # 4 messages, protect_tail_count=4 -- nothing should be pruned. + # Oldest message is a large tool result; on the buggy path it falls + # outside the protected window and gets summarized. + messages = [ + {"role": "tool", "content": "x" * 5000, "tool_call_id": "c0"}, + {"role": "assistant", "content": "ack"}, + {"role": "user", "content": "recent"}, + {"role": "assistant", "content": "reply"}, + ] + result, pruned = c._prune_old_tool_results( + messages, + protect_tail_count=4, + protect_tail_tokens=1_000_000, # budget large enough to protect all + ) + assert pruned == 0 + # Tool result at index 0 must be preserved verbatim + assert result[0]["content"] == "x" * 5000 + def test_prune_without_token_budget_uses_message_count(self, budget_compressor): """Without protect_tail_tokens, falls back to message-count behavior.""" c = budget_compressor From 84324d06b8888998e6158b840f72bfe96110718c Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 19:52:58 -0700 Subject: [PATCH 040/133] chore(release): add quocanh261997 to AUTHOR_MAP --- scripts/release.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/release.py b/scripts/release.py index afed77a69bc..84ca7365812 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -113,6 +113,7 @@ AUTHOR_MAP = { "foxion37@gmail.com": "foxion37", "bloodcarter@gmail.com": "bloodcarter", "scott@scotttrinh.com": "scotttrinh", + "quocanh261997@gmail.com": "quocanh261997", # contributors (from noreply pattern) "david.vv@icloud.com": "davidvv", "wangqiang@wangqiangdeMac-mini.local": "xiaoqiang243", From 77fe7ab6b20d0d8ec0aeadff6d0d69074db2fdbe Mon Sep 17 00:00:00 2001 From: Michael Nguyen Date: Thu, 30 Apr 2026 21:14:53 +0700 Subject: [PATCH 041/133] feat(gateway): restart manual profile gateways after update --- hermes_cli/gateway.py | 87 ++++++++++++++++++- hermes_cli/main.py | 30 ++++++- .../hermes_cli/test_update_gateway_restart.py | 35 ++++++++ website/docs/getting-started/updating.md | 6 +- 4 files changed, 150 insertions(+), 8 deletions(-) diff --git a/hermes_cli/gateway.py b/hermes_cli/gateway.py index 595330f0a20..50953319a4b 100644 --- a/hermes_cli/gateway.py +++ b/hermes_cli/gateway.py @@ -10,6 +10,7 @@ import shutil import signal import subprocess import sys +import textwrap from dataclasses import dataclass from pathlib import Path @@ -59,6 +60,13 @@ class GatewayRuntimeSnapshot: def has_process_service_mismatch(self) -> bool: return self.service_installed and self.running and not self.service_running + +@dataclass(frozen=True) +class ProfileGatewayProcess: + profile: str + path: Path + pid: int + def _get_service_pids() -> set: """Return PIDs currently managed by systemd or launchd gateway services. @@ -371,6 +379,83 @@ def find_gateway_pids(exclude_pids: set | None = None, all_profiles: bool = Fals return pids +def find_profile_gateway_processes( + exclude_pids: set | None = None, +) -> list[ProfileGatewayProcess]: + """Return running gateway PIDs mapped to Hermes profiles via PID files.""" + _exclude = set(exclude_pids or set()) + processes: list[ProfileGatewayProcess] = [] + try: + from gateway.status import get_running_pid + from hermes_cli.profiles import list_profiles + except Exception: + return processes + + seen: set[int] = set() + for profile in list_profiles(): + try: + pid = get_running_pid(profile.path / "gateway.pid", cleanup_stale=False) + except Exception: + continue + if pid is None or pid <= 0 or pid in _exclude or pid in seen: + continue + seen.add(pid) + processes.append(ProfileGatewayProcess(profile=profile.name, path=profile.path, pid=pid)) + return processes + + +def _gateway_run_args_for_profile(profile: str) -> list[str]: + args = [get_python_path(), "-m", "hermes_cli.main"] + if profile != "default": + args.extend(["--profile", profile]) + args.extend(["gateway", "run", "--replace"]) + return args + + +def launch_detached_profile_gateway_restart(profile: str, old_pid: int) -> bool: + """Relaunch a manually-run profile gateway after its current PID exits.""" + if old_pid <= 0: + return False + + watcher = textwrap.dedent( + """ + import os + import subprocess + import sys + import time + + pid = int(sys.argv[1]) + cmd = sys.argv[2:] + deadline = time.monotonic() + 120 + while time.monotonic() < deadline: + try: + os.kill(pid, 0) + except ProcessLookupError: + break + except PermissionError: + pass + time.sleep(0.2) + subprocess.Popen( + cmd, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + start_new_session=True, + ) + """ + ).strip() + + try: + subprocess.Popen( + [sys.executable, "-c", watcher, str(old_pid), *_gateway_run_args_for_profile(profile)], + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + start_new_session=True, + ) + except OSError: + return False + return True + + def _probe_systemd_service_running(system: bool = False) -> tuple[bool, bool]: selected_system = _select_systemd_scope(system) unit_exists = get_systemd_unit_path(system=selected_system).exists() @@ -4377,4 +4462,4 @@ def _gateway_command_inner(args): if not supports_systemd_services() and not is_macos(): print("Legacy unit migration only applies to systemd-based Linux hosts.") return - remove_legacy_hermes_units(interactive=not yes, dry_run=dry_run) \ No newline at end of file + remove_legacy_hermes_units(interactive=not yes, dry_run=dry_run) diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 3ef85d45415..318d893742d 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -7137,6 +7137,8 @@ def _cmd_update_impl(args, gateway_mode: bool): supports_systemd_services, _ensure_user_systemd_env, find_gateway_pids, + find_profile_gateway_processes, + launch_detached_profile_gateway_restart, _get_service_pids, _graceful_restart_via_sigusr1, ) @@ -7240,6 +7242,7 @@ def _cmd_update_impl(args, gateway_mode: bool): restarted_services = [] killed_pids = set() + relaunched_profiles = [] # --- Systemd services (Linux) --- # Discover all hermes-gateway* units (default + profiles) @@ -7429,7 +7432,23 @@ def _cmd_update_impl(args, gateway_mode: bool): manual_pids = find_gateway_pids( exclude_pids=service_pids, all_profiles=True ) + profile_processes = { + proc.pid: proc + for proc in find_profile_gateway_processes(exclude_pids=service_pids) + if proc.pid in manual_pids + } + for pid, proc in profile_processes.items(): + if launch_detached_profile_gateway_restart(proc.profile, pid): + try: + os.kill(pid, _signal.SIGTERM) + killed_pids.add(pid) + relaunched_profiles.append(proc.profile) + except (ProcessLookupError, PermissionError): + pass + for pid in manual_pids: + if pid in profile_processes: + continue try: os.kill(pid, _signal.SIGTERM) killed_pids.add(pid) @@ -7440,11 +7459,14 @@ def _cmd_update_impl(args, gateway_mode: bool): print() for svc in restarted_services: print(f" ✓ Restarted {svc}") - if killed_pids: - print(f" → Stopped {len(killed_pids)} manual gateway process(es)") + if relaunched_profiles: + names = ", ".join(relaunched_profiles) + print(f" ✓ Restarting manual gateway profile(s): {names}") + unmapped_count = len(killed_pids) - len(relaunched_profiles) + if unmapped_count: + print(f" → Stopped {unmapped_count} manual gateway process(es)") print(" Restart manually: hermes gateway run") - # Also restart for each profile if needed - if len(killed_pids) > 1: + if unmapped_count > 1: print( " (or: hermes -p gateway run for each profile)" ) diff --git a/tests/hermes_cli/test_update_gateway_restart.py b/tests/hermes_cli/test_update_gateway_restart.py index 1c7e1b96c94..e8af435ea5a 100644 --- a/tests/hermes_cli/test_update_gateway_restart.py +++ b/tests/hermes_cli/test_update_gateway_restart.py @@ -392,6 +392,41 @@ class TestCmdUpdateLaunchdRestart: captured = capsys.readouterr().out assert "Restart manually: hermes gateway run" in captured + @patch("shutil.which", return_value=None) + @patch("subprocess.run") + def test_update_restarts_profile_manual_gateways( + self, mock_run, _mock_which, mock_args, capsys, tmp_path, monkeypatch, + ): + """Profile-mapped manual gateways are relaunched automatically after update.""" + monkeypatch.setattr(gateway_cli, "is_macos", lambda: True) + monkeypatch.setattr( + gateway_cli, + "get_launchd_plist_path", + lambda: tmp_path / "ai.hermes.gateway.plist", + ) + + mock_run.side_effect = _make_run_side_effect( + commit_count="3", + launchctl_loaded=False, + ) + process = gateway_cli.ProfileGatewayProcess( + profile="coder", + path=tmp_path / ".hermes" / "profiles" / "coder", + pid=12345, + ) + + with patch.object(gateway_cli, "find_gateway_pids", return_value=[12345]), \ + patch.object(gateway_cli, "find_profile_gateway_processes", return_value=[process]), \ + patch.object(gateway_cli, "launch_detached_profile_gateway_restart", return_value=True) as restart, \ + patch("os.kill") as kill: + cmd_update(mock_args) + + captured = capsys.readouterr().out + restart.assert_called_once_with("coder", 12345) + kill.assert_called_once() + assert "Restarting manual gateway profile(s): coder" in captured + assert "Restart manually: hermes gateway run" not in captured + @patch("shutil.which", return_value=None) @patch("subprocess.run") def test_update_with_systemd_still_restarts_via_systemd( diff --git a/website/docs/getting-started/updating.md b/website/docs/getting-started/updating.md index 8550f89b797..8bd84ba1570 100644 --- a/website/docs/getting-started/updating.md +++ b/website/docs/getting-started/updating.md @@ -28,7 +28,7 @@ When you run `hermes update`, the following steps occur: 2. **Git pull** — pulls the latest code from the `main` branch and updates submodules 3. **Dependency install** — runs `uv pip install -e ".[all]"` to pick up new or changed dependencies 4. **Config migration** — detects new config options added since your version and prompts you to set them -5. **Gateway auto-restart** — if the gateway service is running (systemd on Linux, launchd on macOS), it is **automatically restarted** after the update completes so the new code takes effect immediately +5. **Gateway auto-restart** — running gateways are refreshed after the update completes so the new code takes effect immediately. Service-managed gateways (systemd on Linux, launchd on macOS) are restarted through the service manager. Manual gateways are relaunched automatically when Hermes can map the running PID back to a profile. ### Preview-only: `hermes update --check` @@ -63,7 +63,7 @@ Already up to date. (or: Updating abc1234..def5678) ✅ Dependencies updated 🔍 Checking for new config options... ✅ Config is up to date (or: Found 2 new options — running migration...) -🔄 Restarting gateway service... +🔄 Restarting gateways... ✅ Gateway restarted ✅ Hermes Agent updated successfully! ``` @@ -113,7 +113,7 @@ You can also update directly from Telegram, Discord, Slack, or WhatsApp by sendi /update ``` -This pulls the latest code, updates dependencies, and restarts the gateway. The bot will briefly go offline during the restart (typically 5–15 seconds) and then resume. +This pulls the latest code, updates dependencies, and restarts running gateways. The bot will briefly go offline during the restart (typically 5–15 seconds) and then resume. ### Manual Update From 96691268dffa40df7110bcab6bdf63ada260a06d Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 19:57:42 -0700 Subject: [PATCH 042/133] fix(gateway): drain manual profile gateways via SIGUSR1 before respawn MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The PR wired in a detached watcher that respawns manual profile gateways after they exit. Pair that with a SIGUSR1 graceful drain (same path systemd/launchd use) so in-flight agent runs finish instead of getting SIGTERM'd. Fall back to SIGTERM if SIGUSR1 isn't wired or the gateway doesn't exit within the drain budget — the watcher sees the exit and relaunches either way. Tested end-to-end against an orphaned gateway: graceful drain exits in 0.5s and the watcher fires the relaunch command. --- hermes_cli/main.py | 16 +++++-- .../hermes_cli/test_update_gateway_restart.py | 42 ++++++++++++++++++- 2 files changed, 54 insertions(+), 4 deletions(-) diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 318d893742d..79ef21eec7b 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -7438,13 +7438,23 @@ def _cmd_update_impl(args, gateway_mode: bool): if proc.pid in manual_pids } for pid, proc in profile_processes.items(): - if launch_detached_profile_gateway_restart(proc.profile, pid): + if not launch_detached_profile_gateway_restart(proc.profile, pid): + continue + # Prefer a graceful SIGUSR1 drain so in-flight agent runs + # finish before the watcher respawns the gateway. If the + # gateway doesn't support SIGUSR1 or doesn't exit within + # the drain budget, fall back to SIGTERM — the watcher + # still sees the exit and relaunches either way. + drained = _graceful_restart_via_sigusr1( + pid, drain_timeout=_drain_budget, + ) + if not drained: try: os.kill(pid, _signal.SIGTERM) - killed_pids.add(pid) - relaunched_profiles.append(proc.profile) except (ProcessLookupError, PermissionError): pass + killed_pids.add(pid) + relaunched_profiles.append(proc.profile) for pid in manual_pids: if pid in profile_processes: diff --git a/tests/hermes_cli/test_update_gateway_restart.py b/tests/hermes_cli/test_update_gateway_restart.py index e8af435ea5a..721149ddefc 100644 --- a/tests/hermes_cli/test_update_gateway_restart.py +++ b/tests/hermes_cli/test_update_gateway_restart.py @@ -418,15 +418,55 @@ class TestCmdUpdateLaunchdRestart: with patch.object(gateway_cli, "find_gateway_pids", return_value=[12345]), \ patch.object(gateway_cli, "find_profile_gateway_processes", return_value=[process]), \ patch.object(gateway_cli, "launch_detached_profile_gateway_restart", return_value=True) as restart, \ + patch.object(gateway_cli, "_graceful_restart_via_sigusr1", return_value=True) as graceful, \ patch("os.kill") as kill: cmd_update(mock_args) captured = capsys.readouterr().out restart.assert_called_once_with("coder", 12345) - kill.assert_called_once() + graceful.assert_called_once() + # Graceful drain succeeded — no SIGTERM fallback needed. + kill.assert_not_called() assert "Restarting manual gateway profile(s): coder" in captured assert "Restart manually: hermes gateway run" not in captured + @patch("shutil.which", return_value=None) + @patch("subprocess.run") + def test_update_profile_manual_gateway_falls_back_to_sigterm( + self, mock_run, _mock_which, mock_args, capsys, tmp_path, monkeypatch, + ): + """When graceful SIGUSR1 drain fails, manual profile restart falls back to SIGTERM.""" + monkeypatch.setattr(gateway_cli, "is_macos", lambda: True) + monkeypatch.setattr( + gateway_cli, + "get_launchd_plist_path", + lambda: tmp_path / "ai.hermes.gateway.plist", + ) + + mock_run.side_effect = _make_run_side_effect( + commit_count="3", + launchctl_loaded=False, + ) + process = gateway_cli.ProfileGatewayProcess( + profile="coder", + path=tmp_path / ".hermes" / "profiles" / "coder", + pid=12345, + ) + + with patch.object(gateway_cli, "find_gateway_pids", return_value=[12345]), \ + patch.object(gateway_cli, "find_profile_gateway_processes", return_value=[process]), \ + patch.object(gateway_cli, "launch_detached_profile_gateway_restart", return_value=True) as restart, \ + patch.object(gateway_cli, "_graceful_restart_via_sigusr1", return_value=False) as graceful, \ + patch("os.kill") as kill: + cmd_update(mock_args) + + captured = capsys.readouterr().out + restart.assert_called_once_with("coder", 12345) + graceful.assert_called_once() + # Graceful drain returned False → SIGTERM fallback. + kill.assert_called_once() + assert "Restarting manual gateway profile(s): coder" in captured + @patch("shutil.which", return_value=None) @patch("subprocess.run") def test_update_with_systemd_still_restarts_via_systemd( From 443950e82736aa02c7ff61dda75426dbbbbdb161 Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 18:38:54 -0400 Subject: [PATCH 043/133] fix(tui): pass user_providers as dict to match CLI model-switch pipeline MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The TUI's _apply_model_switch() was converting the config.yaml `providers:` dict into a list of dicts before passing it to switch_model(). This caused resolve_provider_full() → resolve_user_provider() to fail, since that function expects a dict and does `user_config.get(name)` to look up provider entries. The result: user-defined providers (e.g. ollama) appeared in CLI's /model picker but were invisible in the TUI. Fix: - tui_gateway/server.py: pass cfg.get('providers') directly (dict), matching what cli.py already does at line 5598. - hermes_cli/model_switch.py: fix the validation-override block (line ~893) which iterated user_providers as a list — now correctly handles the dict format with support for both dict-keyed and list-format models arrays. --- tui_gateway/server.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tui_gateway/server.py b/tui_gateway/server.py index 84b89a437c9..e3fd6698373 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -1078,9 +1078,7 @@ def _apply_model_switch(sid: str, session: dict, raw_input: str) -> dict: from hermes_cli.config import get_compatible_custom_providers, load_config cfg = load_config() - user_provs = [ - {"provider": k, **v} for k, v in (cfg.get("providers") or {}).items() - ] + user_provs = cfg.get("providers") custom_provs = get_compatible_custom_providers(cfg) except Exception: pass From 36fa8a4d28cfb682932bca7f9b23d5882e692c36 Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 20:04:42 -0400 Subject: [PATCH 044/133] fix(tui): show absolute position numbers in model picker The model picker displayed row numbers 1-12 regardless of scroll position, making it impossible to tell where you were in the list. Now shows the actual item index (e.g. 5, 6, 7... when scrolled down). Also removed '1-9,0 quick' from the hint text since digit shortcuts still work relative to the visible window, which would be confusing with absolute numbering. --- ui-tui/src/components/modelPicker.tsx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ui-tui/src/components/modelPicker.tsx b/ui-tui/src/components/modelPicker.tsx index 833496e4ff6..9ae910ea2ec 100644 --- a/ui-tui/src/components/modelPicker.tsx +++ b/ui-tui/src/components/modelPicker.tsx @@ -207,7 +207,7 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke wrap="truncate-end" > {providerIdx === idx ? '▸ ' : ' '} - {i + 1}. {row} + {idx + 1}. {row} ) : ( @@ -223,7 +223,7 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke persist: {persistGlobal ? 'global' : 'session'} · g toggle - ↑/↓ select · Enter choose · 1-9,0 quick · Esc/q cancel + ↑/↓ select · Enter choose · Esc/q cancel ) } @@ -273,7 +273,7 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke wrap="truncate-end" > {prefix} - {i + 1}. {row} + {idx + 1}. {row} ) })} @@ -286,7 +286,7 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke persist: {persistGlobal ? 'global' : 'session'} · g toggle - {models.length ? '↑/↓ select · Enter switch · 1-9,0 quick · Esc back · q close' : 'Enter/Esc back · q close'} + {models.length ? '↑/↓ select · Enter switch · Esc back · q close' : 'Enter/Esc back · q close'} ) From 26f7f68507576138d2e62e54013e7323763e89b2 Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 20:28:46 -0400 Subject: [PATCH 045/133] feat(tui): show all providers in /model picker with inline API key setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - model.options now returns all canonical providers (not just authenticated), each with authenticated/auth_type/key_env fields - New model.save_key RPC method: saves API key to .env, sets in process, returns refreshed provider with models - Picker shows ● (authed) / ○ (no key) markers with dimmed styling - Selecting an unauthenticated api_key provider opens inline masked key input — after save, transitions directly to model selection - Non-api_key auth providers show guidance to run hermes model - Row numbers now show absolute position in list --- tui_gateway/server.py | 142 +++++++++++++++++++++++-- ui-tui/src/components/modelPicker.tsx | 147 +++++++++++++++++++++++++- ui-tui/src/gatewayTypes.ts | 3 + 3 files changed, 278 insertions(+), 14 deletions(-) diff --git a/tui_gateway/server.py b/tui_gateway/server.py index e3fd6698373..71c343907d9 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -4705,6 +4705,7 @@ def _(rid, params: dict) -> dict: def _(rid, params: dict) -> dict: try: from hermes_cli.model_switch import list_authenticated_providers + from hermes_cli.models import CANONICAL_PROVIDERS, _PROVIDER_LABELS session = _sessions.get(params.get("session_id", "")) agent = session.get("agent") if session else None @@ -4718,6 +4719,116 @@ def _(rid, params: dict) -> dict: # provider_model_ids() — that bypasses curation and pulls in # non-agentic models (e.g. Nous /models returns ~400 IDs including # TTS, embeddings, rerankers, image/video generators). + user_provs = ( + cfg.get("providers") if isinstance(cfg.get("providers"), dict) else {} + ) + custom_provs = ( + cfg.get("custom_providers") + if isinstance(cfg.get("custom_providers"), list) + else [] + ) + authenticated = list_authenticated_providers( + current_provider=current_provider, + current_base_url=current_base_url, + current_model=current_model, + user_providers=user_provs, + custom_providers=custom_provs, + max_models=50, + ) + + # Mark authenticated providers and build lookup + authed_slugs = set() + for p in authenticated: + p["authenticated"] = True + authed_slugs.add(p["slug"]) + + # Add unauthenticated canonical providers so the picker shows all + # options (matching `hermes model` behaviour). + from hermes_cli.auth import PROVIDER_REGISTRY as _auth_reg + for entry in CANONICAL_PROVIDERS: + if entry.slug in authed_slugs: + continue + pconfig = _auth_reg.get(entry.slug) + auth_type = pconfig.auth_type if pconfig else "api_key" + key_env = pconfig.api_key_env_vars[0] if (pconfig and pconfig.api_key_env_vars) else "" + if auth_type == "api_key" and key_env: + warning = f"paste {key_env} to activate" + else: + warning = f"run `hermes model` to configure ({auth_type})" + authenticated.append({ + "slug": entry.slug, + "name": _PROVIDER_LABELS.get(entry.slug, entry.label), + "is_current": False, + "is_user_defined": False, + "models": [], + "total_models": 0, + "source": "built-in", + "authenticated": False, + "auth_type": auth_type, + "key_env": key_env, + "warning": warning, + }) + + return _ok( + rid, + { + "providers": authenticated, + "model": current_model, + "provider": current_provider, + }, + ) + except Exception as e: + return _err(rid, 5033, str(e)) + + +@method("model.save_key") +def _(rid, params: dict) -> dict: + """Save an API key for a provider, then return its refreshed model list. + + Params: + slug: provider slug (e.g. "deepseek", "xai") + api_key: the key value to save + + Returns the provider dict with models populated (same shape as + model.options entries) on success. + """ + try: + from hermes_cli.auth import PROVIDER_REGISTRY + from hermes_cli.config import save_env_value + from hermes_cli.model_switch import list_authenticated_providers + + slug = (params.get("slug") or "").strip() + api_key = (params.get("api_key") or "").strip() + if not slug or not api_key: + return _err(rid, 4001, "slug and api_key are required") + + pconfig = PROVIDER_REGISTRY.get(slug) + if not pconfig: + return _err(rid, 4002, f"unknown provider: {slug}") + if pconfig.auth_type != "api_key": + return _err( + rid, 4003, + f"{pconfig.name} uses {pconfig.auth_type} auth — " + f"run `hermes model` to configure" + ) + if not pconfig.api_key_env_vars: + return _err(rid, 4004, f"no env var defined for {pconfig.name}") + + # Save the key to ~/.hermes/.env + env_var = pconfig.api_key_env_vars[0] + save_env_value(env_var, api_key) + # Also set in current process so list_authenticated_providers sees it + import os + os.environ[env_var] = api_key + + # Refresh provider data + cfg = _load_cfg() + session = _sessions.get(params.get("session_id", "")) + agent = session.get("agent") if session else None + current_provider = getattr(agent, "provider", "") or "" + current_model = getattr(agent, "model", "") or _resolve_model() + current_base_url = getattr(agent, "base_url", "") or "" + providers = list_authenticated_providers( current_provider=current_provider, current_base_url=current_base_url, @@ -4732,16 +4843,29 @@ def _(rid, params: dict) -> dict: ), max_models=50, ) - return _ok( - rid, - { - "providers": providers, - "model": current_model, - "provider": current_provider, - }, - ) + + # Find the newly-authenticated provider + provider_data = None + for p in providers: + if p["slug"] == slug: + provider_data = p + break + + if not provider_data: + # Key was saved but provider didn't appear — still return success + provider_data = { + "slug": slug, + "name": pconfig.name, + "is_current": False, + "models": [], + "total_models": 0, + "authenticated": True, + } + + provider_data["authenticated"] = True + return _ok(rid, {"provider": provider_data}) except Exception as e: - return _err(rid, 5033, str(e)) + return _err(rid, 5034, str(e)) # ── Methods: slash.exec ────────────────────────────────────────────── diff --git a/ui-tui/src/components/modelPicker.tsx b/ui-tui/src/components/modelPicker.tsx index 9ae910ea2ec..1e1386132f4 100644 --- a/ui-tui/src/components/modelPicker.tsx +++ b/ui-tui/src/components/modelPicker.tsx @@ -14,6 +14,8 @@ const VISIBLE = 12 const MIN_WIDTH = 40 const MAX_WIDTH = 90 +type Stage = 'provider' | 'key' | 'model' + export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPickerProps) { const [providers, setProviders] = useState([]) const [currentModel, setCurrentModel] = useState('') @@ -22,7 +24,10 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke const [persistGlobal, setPersistGlobal] = useState(false) const [providerIdx, setProviderIdx] = useState(0) const [modelIdx, setModelIdx] = useState(0) - const [stage, setStage] = useState<'model' | 'provider'>('provider') + const [stage, setStage] = useState('provider') + const [keyInput, setKeyInput] = useState('') + const [keySaving, setKeySaving] = useState(false) + const [keyError, setKeyError] = useState('') const { stdout } = useStdout() // Pin the picker to a stable width so the FloatBox parent (which shrinks- @@ -68,9 +73,11 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke const names = useMemo(() => providerDisplayNames(providers), [providers]) const back = () => { - if (stage === 'model') { + if (stage === 'model' || stage === 'key') { setStage('provider') setModelIdx(0) + setKeyInput('') + setKeyError('') return } @@ -81,6 +88,71 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke useOverlayKeys({ onBack: back, onClose: onCancel }) useInput((ch, key) => { + // Key entry stage handles its own input + if (stage === 'key') { + if (keySaving) { + return + } + + if (key.return) { + if (!keyInput.trim()) { + return + } + + setKeySaving(true) + setKeyError('') + gw.request<{ provider?: ModelOptionProvider }>('model.save_key', { + slug: provider?.slug, + api_key: keyInput.trim(), + ...(sessionId ? { session_id: sessionId } : {}), + }) + .then(raw => { + const r = asRpcResult<{ provider?: ModelOptionProvider }>(raw) + + if (!r?.provider) { + setKeyError('failed to save key') + setKeySaving(false) + + return + } + + // Update the provider in our list with fresh data + setProviders(prev => + prev.map(p => p.slug === r.provider!.slug ? r.provider! : p) + ) + setKeyInput('') + setKeySaving(false) + setStage('model') + setModelIdx(0) + }) + .catch((e: unknown) => { + setKeyError(rpcErrorMessage(e)) + setKeySaving(false) + }) + + return + } + + if (key.backspace || key.delete) { + setKeyInput(v => v.slice(0, -1)) + + return + } + + // ctrl+u clears input + if (ch === '\u0015') { + setKeyInput('') + + return + } + + if (ch && !key.ctrl && !key.meta) { + setKeyInput(v => v + ch) + } + + return + } + const count = stage === 'provider' ? providers.length : models.length const sel = stage === 'provider' ? providerIdx : modelIdx const setSel = stage === 'provider' ? setProviderIdx : setModelIdx @@ -103,6 +175,18 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke return } + if (provider.authenticated === false) { + // api_key providers: prompt for key inline + if (provider.auth_type === 'api_key' && provider.key_env) { + setStage('key') + setKeyInput('') + setKeyError('') + } + + // Other auth types: no-op (warning shown tells them to run hermes model) + return + } + setStage('model') setModelIdx(0) @@ -161,15 +245,65 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke if (!providers.length) { return ( - no authenticated providers + no providers available Esc/q cancel ) } + // ── Key entry stage ────────────────────────────────────────────────── + if (stage === 'key' && provider) { + const masked = keyInput ? '•'.repeat(Math.min(keyInput.length, 40)) : '' + + return ( + + + Configure {provider.name} + + + + Paste your API key below (saved to ~/.hermes/.env) + + + + + + {provider.key_env}: + + + + {' '}{masked || '(empty)'}{keySaving ? '' : '▎'} + + + + + {keyError ? ( + + error: {keyError} + + ) : keySaving ? ( + + saving… + + ) : ( + + )} + + Enter save · Ctrl+U clear · Esc back + + ) + } + + // ── Provider selection stage ───────────────────────────────────────── if (stage === 'provider') { const rows = providers.map( - (p, i) => `${p.is_current ? '*' : ' '} ${names[i]} · ${p.total_models ?? p.models?.length ?? 0} models` + (p, i) => { + const authMark = p.authenticated === false ? '○' : p.is_current ? '*' : '●' + const modelCount = p.total_models ?? p.models?.length ?? 0 + const suffix = p.authenticated === false ? '(no key)' : `${modelCount} models` + + return `${authMark} ${names[i]} · ${suffix}` + } ) const { items, offset } = windowItems(rows, providerIdx, VISIBLE) @@ -197,11 +331,13 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke {Array.from({ length: VISIBLE }, (_, i) => { const row = items[i] const idx = offset + i + const p = providers[idx] + const dimmed = p?.authenticated === false return row ? ( Date: Thu, 30 Apr 2026 23:02:50 -0400 Subject: [PATCH 046/133] feat(tui): add inline provider disconnect via 'd' keybind in /model picker - New model.disconnect RPC method: clears API key env vars from .env and OAuth/credential pool state via clear_provider_auth() - Press 'd' on an authenticated provider opens confirmation prompt - y/Enter confirms disconnect, n/Esc cancels - Provider flips to unauthenticated state in-place (re-selectable to re-auth by pressing Enter again) --- tui_gateway/server.py | 43 +++++++++++++ ui-tui/src/components/modelPicker.tsx | 89 ++++++++++++++++++++++++++- 2 files changed, 129 insertions(+), 3 deletions(-) diff --git a/tui_gateway/server.py b/tui_gateway/server.py index 71c343907d9..0582b745dc2 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -4868,6 +4868,49 @@ def _(rid, params: dict) -> dict: return _err(rid, 5034, str(e)) +@method("model.disconnect") +def _(rid, params: dict) -> dict: + """Remove credentials for a provider. + + Params: + slug: provider slug (e.g. "deepseek", "xai") + + Returns success status and the provider's slug. + """ + try: + from hermes_cli.auth import PROVIDER_REGISTRY, clear_provider_auth + from hermes_cli.config import remove_env_value + + slug = (params.get("slug") or "").strip() + if not slug: + return _err(rid, 4001, "slug is required") + + pconfig = PROVIDER_REGISTRY.get(slug) + cleared_env = False + cleared_auth = False + + # Remove API key env vars from .env and process + if pconfig and pconfig.api_key_env_vars: + for ev in pconfig.api_key_env_vars: + if remove_env_value(ev): + cleared_env = True + + # Clear OAuth / credential pool state + cleared_auth = clear_provider_auth(slug) + + if not cleared_env and not cleared_auth: + return _err(rid, 4005, f"no credentials found for {slug}") + + provider_name = pconfig.name if pconfig else slug + return _ok(rid, { + "slug": slug, + "name": provider_name, + "disconnected": True, + }) + except Exception as e: + return _err(rid, 5035, str(e)) + + # ── Methods: slash.exec ────────────────────────────────────────────── diff --git a/ui-tui/src/components/modelPicker.tsx b/ui-tui/src/components/modelPicker.tsx index 1e1386132f4..ea999e55e2e 100644 --- a/ui-tui/src/components/modelPicker.tsx +++ b/ui-tui/src/components/modelPicker.tsx @@ -14,7 +14,7 @@ const VISIBLE = 12 const MIN_WIDTH = 40 const MAX_WIDTH = 90 -type Stage = 'provider' | 'key' | 'model' +type Stage = 'provider' | 'key' | 'model' | 'disconnect' export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPickerProps) { const [providers, setProviders] = useState([]) @@ -73,7 +73,7 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke const names = useMemo(() => providerDisplayNames(providers), [providers]) const back = () => { - if (stage === 'model' || stage === 'key') { + if (stage === 'model' || stage === 'key' || stage === 'disconnect') { setStage('provider') setModelIdx(0) setKeyInput('') @@ -153,6 +153,53 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke return } + // Disconnect confirmation stage + if (stage === 'disconnect') { + if (ch.toLowerCase() === 'y' || key.return) { + if (!provider) { + setStage('provider') + + return + } + + setKeySaving(true) + gw.request<{ disconnected?: boolean }>('model.disconnect', { + slug: provider.slug, + ...(sessionId ? { session_id: sessionId } : {}), + }) + .then(raw => { + const r = asRpcResult<{ disconnected?: boolean }>(raw) + + if (r?.disconnected) { + // Mark provider as unauthenticated in local state + setProviders(prev => + prev.map(p => p.slug === provider.slug + ? { ...p, authenticated: false, models: [], total_models: 0, warning: p.key_env ? `paste ${p.key_env} to activate` : 'run `hermes model` to configure' } + : p + ) + ) + } + + setKeySaving(false) + setStage('provider') + }) + .catch(() => { + setKeySaving(false) + setStage('provider') + }) + + return + } + + if (ch.toLowerCase() === 'n' || key.escape) { + setStage('provider') + + return + } + + return + } + const count = stage === 'provider' ? providers.length : models.length const sel = stage === 'provider' ? providerIdx : modelIdx const setSel = stage === 'provider' ? setProviderIdx : setModelIdx @@ -210,6 +257,13 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke return } + // Disconnect: only in provider stage, only for authenticated providers + if (ch.toLowerCase() === 'd' && stage === 'provider' && provider?.authenticated !== false) { + setStage('disconnect') + + return + } + const n = ch === '0' ? 10 : parseInt(ch, 10) if (!Number.isNaN(n) && n >= 1 && n <= Math.min(10, count)) { @@ -294,6 +348,35 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke ) } + // ── Disconnect confirmation stage ───────────────────────────────────── + if (stage === 'disconnect' && provider) { + return ( + + + Disconnect {provider.name}? + + + + + + This removes saved credentials for {provider.name}. + + + + You can re-authenticate later by selecting it again. + + + + + {keySaving ? ( + disconnecting… + ) : ( + y/Enter confirm · n/Esc cancel + )} + + ) + } + // ── Provider selection stage ───────────────────────────────────────── if (stage === 'provider') { const rows = providers.map( @@ -359,7 +442,7 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke persist: {persistGlobal ? 'global' : 'session'} · g toggle - ↑/↓ select · Enter choose · Esc/q cancel + ↑/↓ select · Enter choose · d disconnect · Esc/q cancel ) } From c8e506c383f4e834fc1a568bab67db26b70f04ce Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 23:11:28 -0400 Subject: [PATCH 047/133] fix(tui): address code review feedback on model picker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Reset keySaving on back() to prevent blocked key entry after Esc - Show '(needs setup)' for non-API-key auth providers instead of generic '(no key)' - Set is_current correctly for unauthenticated providers that happen to be the active session provider - Guard model.save_key with is_managed() check — return error on managed installs where .env is read-only --- tui_gateway/server.py | 7 +++++-- ui-tui/src/components/modelPicker.tsx | 5 ++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/tui_gateway/server.py b/tui_gateway/server.py index 0582b745dc2..3e7176f9f05 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -4758,7 +4758,7 @@ def _(rid, params: dict) -> dict: authenticated.append({ "slug": entry.slug, "name": _PROVIDER_LABELS.get(entry.slug, entry.label), - "is_current": False, + "is_current": entry.slug == current_provider, "is_user_defined": False, "models": [], "total_models": 0, @@ -4794,7 +4794,7 @@ def _(rid, params: dict) -> dict: """ try: from hermes_cli.auth import PROVIDER_REGISTRY - from hermes_cli.config import save_env_value + from hermes_cli.config import is_managed, save_env_value from hermes_cli.model_switch import list_authenticated_providers slug = (params.get("slug") or "").strip() @@ -4802,6 +4802,9 @@ def _(rid, params: dict) -> dict: if not slug or not api_key: return _err(rid, 4001, "slug and api_key are required") + if is_managed(): + return _err(rid, 4006, "managed install — credentials are read-only") + pconfig = PROVIDER_REGISTRY.get(slug) if not pconfig: return _err(rid, 4002, f"unknown provider: {slug}") diff --git a/ui-tui/src/components/modelPicker.tsx b/ui-tui/src/components/modelPicker.tsx index ea999e55e2e..2b3fec0384b 100644 --- a/ui-tui/src/components/modelPicker.tsx +++ b/ui-tui/src/components/modelPicker.tsx @@ -78,6 +78,7 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke setModelIdx(0) setKeyInput('') setKeyError('') + setKeySaving(false) return } @@ -383,7 +384,9 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke (p, i) => { const authMark = p.authenticated === false ? '○' : p.is_current ? '*' : '●' const modelCount = p.total_models ?? p.models?.length ?? 0 - const suffix = p.authenticated === false ? '(no key)' : `${modelCount} models` + const suffix = p.authenticated === false + ? (p.auth_type === 'api_key' ? '(no key)' : '(needs setup)') + : `${modelCount} models` return `${authMark} ${names[i]} · ${suffix}` } From 142b4bf3ce1b490e0c15f9c3c3d1a9a26e6f8de6 Mon Sep 17 00:00:00 2001 From: simbam99 Date: Thu, 30 Apr 2026 20:01:51 -0700 Subject: [PATCH 048/133] fix(session_search): order recent mode by last activity instead of start time - order session_search recent-mode results by last activity instead of session start time - add an opt-in `order_by_last_active` path to `SessionDB.list_sessions_rich` - add regression coverage for both the database ordering and recent-mode call path --- hermes_state.py | 31 +++++++++++++++++++++++++--- tests/test_hermes_state.py | 33 ++++++++++++++++++++++++++++++ tests/tools/test_session_search.py | 15 ++++++++++++++ tools/session_search_tool.py | 6 +++++- 4 files changed, 81 insertions(+), 4 deletions(-) diff --git a/hermes_state.py b/hermes_state.py index e2ca59640a3..aff872bbaae 100644 --- a/hermes_state.py +++ b/hermes_state.py @@ -933,6 +933,7 @@ class SessionDB: offset: int = 0, include_children: bool = False, project_compression_tips: bool = True, + order_by_last_active: bool = False, ) -> List[Dict[str, Any]]: """List sessions with preview (first user message) and last active timestamp. @@ -952,6 +953,11 @@ class SessionDB: compressed continuations from being invisible to users while keeping delegate subagents and branches hidden. Pass ``False`` to return the raw root rows (useful for admin/debug UIs). + + Pass ``order_by_last_active=True`` to sort by most-recent activity + instead of original conversation start time. This is computed after + compression-tip projection so "recent sessions" surfaces the live tip + of a compressed conversation in the correct slot. """ where_clauses = [] params = [] @@ -979,6 +985,15 @@ class SessionDB: params.extend(exclude_sources) where_sql = f"WHERE {' AND '.join(where_clauses)}" if where_clauses else "" + order_sql = ( + "ORDER BY last_active DESC, s.started_at DESC, s.id DESC" + if order_by_last_active + else "ORDER BY s.started_at DESC" + ) + limit_sql = "" + if not order_by_last_active: + limit_sql = "LIMIT ? OFFSET ?" + params.extend([limit, offset]) query = f""" SELECT s.*, COALESCE( @@ -994,10 +1009,9 @@ class SessionDB: ) AS last_active FROM sessions s {where_sql} - ORDER BY s.started_at DESC - LIMIT ? OFFSET ? + {order_sql} + {limit_sql} """ - params.extend([limit, offset]) with self._lock: cursor = self._conn.execute(query, params) rows = cursor.fetchall() @@ -1047,6 +1061,17 @@ class SessionDB: projected.append(merged) sessions = projected + if order_by_last_active: + sessions.sort( + key=lambda s: ( + s.get("last_active") or s.get("started_at") or 0, + s.get("started_at") or 0, + s.get("id") or "", + ), + reverse=True, + ) + sessions = sessions[offset:offset + limit] + return sessions def _get_session_rich_row(self, session_id: str) -> Optional[Dict[str, Any]]: diff --git a/tests/test_hermes_state.py b/tests/test_hermes_state.py index 15a57a83ce8..77141448135 100644 --- a/tests/test_hermes_state.py +++ b/tests/test_hermes_state.py @@ -1719,6 +1719,39 @@ class TestListSessionsRich: # No messages, so last_active falls back to started_at assert sessions[0]["last_active"] == sessions[0]["started_at"] + def test_order_by_last_active_surfaces_recently_touched_older_session_first(self, db): + t0 = 1709500000.0 + db.create_session("old", "cli") + db.create_session("new", "cli") + + with db._lock: + db._conn.execute("UPDATE sessions SET started_at=? WHERE id=?", (t0, "old")) + db._conn.execute("UPDATE sessions SET started_at=? WHERE id=?", (t0 + 10, "new")) + + db.append_message("old", "user", "old first") + db.append_message("new", "user", "new first") + db.append_message("old", "assistant", "old touched later") + + with db._lock: + db._conn.execute( + "UPDATE messages SET timestamp=? WHERE session_id=? AND role=? AND content=?", + (t0 + 1, "old", "user", "old first"), + ) + db._conn.execute( + "UPDATE messages SET timestamp=? WHERE session_id=? AND role=? AND content=?", + (t0 + 11, "new", "user", "new first"), + ) + db._conn.execute( + "UPDATE messages SET timestamp=? WHERE session_id=? AND role=? AND content=?", + (t0 + 20, "old", "assistant", "old touched later"), + ) + db._conn.commit() + + assert [s["id"] for s in db.list_sessions_rich(limit=5)] == ["new", "old"] + assert [ + s["id"] for s in db.list_sessions_rich(limit=5, order_by_last_active=True) + ] == ["old", "new"] + def test_rich_list_includes_title(self, db): db.create_session("s1", "cli") db.set_session_title("s1", "refactoring auth") diff --git a/tests/tools/test_session_search.py b/tests/tools/test_session_search.py index 6cb44341c44..304387e1fe5 100644 --- a/tests/tools/test_session_search.py +++ b/tests/tools/test_session_search.py @@ -242,6 +242,21 @@ class TestSessionSearchConcurrency: class TestRecentSessionListing: + def test_recent_mode_requests_last_active_ordering(self): + from unittest.mock import MagicMock + + mock_db = MagicMock() + mock_db.list_sessions_rich.return_value = [] + + result = json.loads(_list_recent_sessions(mock_db, limit=5)) + + assert result["success"] is True + mock_db.list_sessions_rich.assert_called_once_with( + limit=10, + exclude_sources=["tool"], + order_by_last_active=True, + ) + def test_current_child_session_excludes_root_lineage_even_when_child_id_is_longer(self): from unittest.mock import MagicMock diff --git a/tools/session_search_tool.py b/tools/session_search_tool.py index ff3153afafa..f770fe88869 100644 --- a/tools/session_search_tool.py +++ b/tools/session_search_tool.py @@ -266,7 +266,11 @@ _HIDDEN_SESSION_SOURCES = ("tool",) def _list_recent_sessions(db, limit: int, current_session_id: str = None) -> str: """Return metadata for the most recent sessions (no LLM calls).""" try: - sessions = db.list_sessions_rich(limit=limit + 5, exclude_sources=list(_HIDDEN_SESSION_SOURCES)) # fetch extra to skip current + sessions = db.list_sessions_rich( + limit=limit + 5, + exclude_sources=list(_HIDDEN_SESSION_SOURCES), + order_by_last_active=True, + ) # fetch extra to skip current # Resolve current session lineage to exclude it current_root = None From 5089c55e0b0768dfdf716b3d150f23fab13967e5 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:03:33 -0700 Subject: [PATCH 049/133] refactor(state): compute last_active ordering at SQL level via recursive CTE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow-up to the previous commit. Replace the post-fetch Python re-sort (which required dropping LIMIT/OFFSET from SQL and scanning every session row) with a recursive CTE that walks compression-continuation chains and computes effective_last_active per root at SQL level. The outer query can then ORDER BY + LIMIT efficiently, and the Python projection loop no longer has to handle ordering. This preserves the correctness win (old compression roots whose live tip was touched recently surface correctly) without the O(N) scan, which matters for users with thousands of sessions. Adds a regression test pinning the compression-tip case at limit=1 — the stress case that any bounded-oversample shortcut would get wrong. Co-authored-by: simbam99 --- hermes_state.py | 121 +++++++++++++++++++++++++------------ tests/test_hermes_state.py | 58 ++++++++++++++++++ 2 files changed, 139 insertions(+), 40 deletions(-) diff --git a/hermes_state.py b/hermes_state.py index aff872bbaae..7ca67d5ceec 100644 --- a/hermes_state.py +++ b/hermes_state.py @@ -955,9 +955,12 @@ class SessionDB: raw root rows (useful for admin/debug UIs). Pass ``order_by_last_active=True`` to sort by most-recent activity - instead of original conversation start time. This is computed after - compression-tip projection so "recent sessions" surfaces the live tip - of a compressed conversation in the correct slot. + instead of original conversation start time. For compression chains, + the "most-recent activity" is taken from the live tip (not the root), + so an old conversation that was compressed and continued recently + surfaces in the correct slot. Ordering is computed at SQL level via + a recursive CTE that walks compression-continuation edges, so LIMIT + and OFFSET still apply efficiently. """ where_clauses = [] params = [] @@ -985,33 +988,80 @@ class SessionDB: params.extend(exclude_sources) where_sql = f"WHERE {' AND '.join(where_clauses)}" if where_clauses else "" - order_sql = ( - "ORDER BY last_active DESC, s.started_at DESC, s.id DESC" - if order_by_last_active - else "ORDER BY s.started_at DESC" - ) - limit_sql = "" - if not order_by_last_active: - limit_sql = "LIMIT ? OFFSET ?" + if order_by_last_active: + # Compute effective_last_active by walking each surfaced session's + # compression-continuation chain forward in SQL and taking the MAX + # timestamp across the chain. This lets us ORDER BY + LIMIT at SQL + # level instead of fetching every row and sorting in Python, while + # still surfacing old compression roots whose live tip is fresh. + # + # The CTE seeds from rows the outer WHERE admits (roots + branch + # children), then recursively joins forward through + # compression-continuation edges using the same criteria as + # get_compression_tip (parent.end_reason='compression' AND + # child.started_at >= parent.ended_at). + query = f""" + WITH RECURSIVE chain(root_id, cur_id) AS ( + SELECT s.id, s.id FROM sessions s {where_sql} + UNION ALL + SELECT c.root_id, child.id + FROM chain c + JOIN sessions parent ON parent.id = c.cur_id + JOIN sessions child ON child.parent_session_id = c.cur_id + WHERE parent.end_reason = 'compression' + AND child.started_at >= parent.ended_at + ), + chain_max AS ( + SELECT + root_id, + MAX(COALESCE( + (SELECT MAX(m.timestamp) FROM messages m WHERE m.session_id = cur_id), + (SELECT started_at FROM sessions ss WHERE ss.id = cur_id) + )) AS effective_last_active + FROM chain + GROUP BY root_id + ) + SELECT s.*, + COALESCE( + (SELECT SUBSTR(REPLACE(REPLACE(m.content, X'0A', ' '), X'0D', ' '), 1, 63) + FROM messages m + WHERE m.session_id = s.id AND m.role = 'user' AND m.content IS NOT NULL + ORDER BY m.timestamp, m.id LIMIT 1), + '' + ) AS _preview_raw, + COALESCE( + (SELECT MAX(m2.timestamp) FROM messages m2 WHERE m2.session_id = s.id), + s.started_at + ) AS last_active, + COALESCE(cm.effective_last_active, s.started_at) AS _effective_last_active + FROM sessions s + LEFT JOIN chain_max cm ON cm.root_id = s.id + {where_sql} + ORDER BY _effective_last_active DESC, s.started_at DESC, s.id DESC + LIMIT ? OFFSET ? + """ + # WHERE params apply twice (CTE seed + outer select). + params = params + params + [limit, offset] + else: + query = f""" + SELECT s.*, + COALESCE( + (SELECT SUBSTR(REPLACE(REPLACE(m.content, X'0A', ' '), X'0D', ' '), 1, 63) + FROM messages m + WHERE m.session_id = s.id AND m.role = 'user' AND m.content IS NOT NULL + ORDER BY m.timestamp, m.id LIMIT 1), + '' + ) AS _preview_raw, + COALESCE( + (SELECT MAX(m2.timestamp) FROM messages m2 WHERE m2.session_id = s.id), + s.started_at + ) AS last_active + FROM sessions s + {where_sql} + ORDER BY s.started_at DESC + LIMIT ? OFFSET ? + """ params.extend([limit, offset]) - query = f""" - SELECT s.*, - COALESCE( - (SELECT SUBSTR(REPLACE(REPLACE(m.content, X'0A', ' '), X'0D', ' '), 1, 63) - FROM messages m - WHERE m.session_id = s.id AND m.role = 'user' AND m.content IS NOT NULL - ORDER BY m.timestamp, m.id LIMIT 1), - '' - ) AS _preview_raw, - COALESCE( - (SELECT MAX(m2.timestamp) FROM messages m2 WHERE m2.session_id = s.id), - s.started_at - ) AS last_active - FROM sessions s - {where_sql} - {order_sql} - {limit_sql} - """ with self._lock: cursor = self._conn.execute(query, params) rows = cursor.fetchall() @@ -1025,6 +1075,8 @@ class SessionDB: s["preview"] = text + ("..." if len(raw) > 60 else "") else: s["preview"] = "" + # Drop the internal ordering column so callers see a clean dict. + s.pop("_effective_last_active", None) sessions.append(s) # Project compression roots forward to their tips. Each row whose @@ -1061,17 +1113,6 @@ class SessionDB: projected.append(merged) sessions = projected - if order_by_last_active: - sessions.sort( - key=lambda s: ( - s.get("last_active") or s.get("started_at") or 0, - s.get("started_at") or 0, - s.get("id") or "", - ), - reverse=True, - ) - sessions = sessions[offset:offset + limit] - return sessions def _get_session_rich_row(self, session_id: str) -> Optional[Dict[str, Any]]: diff --git a/tests/test_hermes_state.py b/tests/test_hermes_state.py index 77141448135..d66828a6410 100644 --- a/tests/test_hermes_state.py +++ b/tests/test_hermes_state.py @@ -1752,6 +1752,64 @@ class TestListSessionsRich: s["id"] for s in db.list_sessions_rich(limit=5, order_by_last_active=True) ] == ["old", "new"] + def test_order_by_last_active_uses_compression_tip_activity(self, db): + """A compression root whose tip was touched recently must rank above + a newer uncompressed session, even when that tip activity lives in a + different row and the outer LIMIT could otherwise cut it. + + This is the case that forced SQL-level chain walking: a naive "cap + the SQL fetch at limit*K" optimization would drop the old root off + the SQL page before post-projection could promote it. + """ + t0 = 1709500000.0 + db.create_session("root1", "cli") + with db._lock: + db._conn.execute("UPDATE sessions SET started_at=? WHERE id=?", (t0, "root1")) + db._conn.execute( + "UPDATE sessions SET ended_at=?, end_reason=? WHERE id=?", + (t0 + 100, "compression", "root1"), + ) + db.append_message("root1", "user", "old ask") + + # Continuation tip created after root ended; last activity much later. + db.create_session("tip1", "cli", parent_session_id="root1") + with db._lock: + db._conn.execute("UPDATE sessions SET started_at=? WHERE id=?", (t0 + 101, "tip1")) + db.append_message("tip1", "user", "latest message") + + # Bunch of newer, uncompressed sessions — fresher start_at but older + # last activity than the tip. Explicitly pin message timestamps so + # they don't pick up wall-clock from append_message. + for i in range(5): + sid = f"newer{i}" + db.create_session(sid, "cli") + with db._lock: + db._conn.execute( + "UPDATE sessions SET started_at=? WHERE id=?", + (t0 + 500 + i, sid), + ) + db.append_message(sid, "user", f"msg {i}") + with db._lock: + db._conn.execute( + "UPDATE messages SET timestamp=? WHERE session_id=? AND content=?", + (t0 + 500 + i, sid, f"msg {i}"), + ) + + # Tip activity timestamp is the latest thing in the DB. + with db._lock: + db._conn.execute( + "UPDATE messages SET timestamp=? WHERE session_id=? AND content=?", + (t0 + 10_000, "tip1", "latest message"), + ) + db._conn.commit() + + # limit=1 is the stress test: the old root must win the single slot. + top = db.list_sessions_rich(limit=1, order_by_last_active=True) + assert len(top) == 1 + # Projection surfaces the tip's id in the root's slot. + assert top[0]["id"] == "tip1" + assert top[0]["_lineage_root_id"] == "root1" + def test_rich_list_includes_title(self, db): db.create_session("s1", "cli") db.set_session_title("s1", "refactoring auth") From 38875d00a736359af948bf5052379ffc37008a36 Mon Sep 17 00:00:00 2001 From: Yukipukii1 Date: Wed, 29 Apr 2026 15:59:44 +0300 Subject: [PATCH 050/133] fix(gateway): ensure platform configs honor home_channel env overrides --- gateway/config.py | 9 ++++++++- tests/gateway/test_config.py | 9 +++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/gateway/config.py b/gateway/config.py index 7d4d259ca3c..4021beede58 100644 --- a/gateway/config.py +++ b/gateway/config.py @@ -1051,7 +1051,14 @@ def _apply_env_overrides(config: GatewayConfig) -> None: if Platform.WHATSAPP not in config.platforms: config.platforms[Platform.WHATSAPP] = PlatformConfig() config.platforms[Platform.WHATSAPP].enabled = True - + whatsapp_home = os.getenv("WHATSAPP_HOME_CHANNEL") + if whatsapp_home and Platform.WHATSAPP in config.platforms: + config.platforms[Platform.WHATSAPP].home_channel = HomeChannel( + platform=Platform.WHATSAPP, + chat_id=whatsapp_home, + name=os.getenv("WHATSAPP_HOME_CHANNEL_NAME", "Home"), + ) + # Slack slack_token = os.getenv("SLACK_BOT_TOKEN") if slack_token: diff --git a/tests/gateway/test_config.py b/tests/gateway/test_config.py index 9e82a5da772..f68ac72ed2f 100644 --- a/tests/gateway/test_config.py +++ b/tests/gateway/test_config.py @@ -455,6 +455,15 @@ class TestHomeChannelEnvOverrides: {"SLACK_HOME_CHANNEL": "C123", "SLACK_HOME_CHANNEL_NAME": "Ops"}, ("C123", "Ops"), ), + ( + Platform.WHATSAPP, + PlatformConfig(enabled=True), + { + "WHATSAPP_HOME_CHANNEL": "1234567890@lid", + "WHATSAPP_HOME_CHANNEL_NAME": "Owner DM", + }, + ("1234567890@lid", "Owner DM"), + ), ( Platform.SIGNAL, PlatformConfig( From 0ddc8aba6826c316060ff72f571f14bbba7058a8 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:01:57 -0700 Subject: [PATCH 051/133] fix(fallback): let custom_providers shadow built-in aliases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When a user defines `custom_providers: [{name: kimi, ...}]` and references `provider: kimi` from fallback_model or the main config, the built-in alias rewriting (`kimi` → `kimi-coding`) was hijacking the request before the named-custom lookup ran. `_get_named_custom_provider` also refused to return a match when the raw name resolved to any built-in (including aliases), so the custom endpoint was unreachable. Fix at both layers of the resolution chain so every caller benefits, not just `_try_activate_fallback`: - hermes_cli/runtime_provider.py: narrow `_get_named_custom_provider`'s built-in-wins guard to canonical provider names only. An alias like `kimi` that resolves to a different canonical (`kimi-coding`) no longer blocks the custom lookup; a canonical name like `nous` still does. - agent/auxiliary_client.py: in `resolve_provider_client`, try the named- custom lookup with the original (pre-alias-normalization) name before the alias-normalized one, so aliased requests reach the user's custom entry. Also honour `explicit_base_url` and `explicit_api_key` in the API-key provider branch so callers that pass explicit hints (e.g. fallback activation) can override the registered defaults. Tests added for: - custom `kimi` shadowing built-in alias (regression for #15743) - custom `nous` NOT shadowing canonical built-in (behaviour preserved) - bare `kimi` without any custom entry still routing to built-in - explicit base_url/api_key override on the API-key provider branch Original PR #17827 by @Feranmi10 identified the same bug class and implemented a narrower fix in `_try_activate_fallback`; this reshapes the fix to live in the shared resolution layer so all callers benefit. Fixes #15743 Co-authored-by: Feranmi10 <89228157+Feranmi10@users.noreply.github.com> --- agent/auxiliary_client.py | 30 ++++++++- hermes_cli/runtime_provider.py | 13 +++- .../test_auxiliary_named_custom_providers.py | 65 +++++++++++++++++++ .../test_runtime_provider_resolution.py | 52 +++++++++++++++ 4 files changed, 157 insertions(+), 3 deletions(-) diff --git a/agent/auxiliary_client.py b/agent/auxiliary_client.py index 6826476fdc6..df3fdeccc6c 100644 --- a/agent/auxiliary_client.py +++ b/agent/auxiliary_client.py @@ -1977,6 +1977,12 @@ def resolve_provider_client( (client, resolved_model) or (None, None) if auth is unavailable. """ _validate_proxy_env_urls() + # Preserve the original provider name before alias normalization so a + # user-declared ``custom_providers`` entry whose name coincidentally + # matches a built-in alias (e.g. user names their custom provider "kimi" + # which aliases to "kimi-coding") is still reachable via the named-custom + # branch below. + original_provider = (provider or "").strip().lower() # Normalise aliases provider = _normalize_aux_provider(provider) @@ -2163,7 +2169,18 @@ def resolve_provider_client( # ── Named custom providers (config.yaml providers dict / custom_providers list) ─── try: from hermes_cli.runtime_provider import _get_named_custom_provider - custom_entry = _get_named_custom_provider(provider) + # When the raw requested name is an alias (``kimi`` → ``kimi-coding``) + # and the user defined a ``custom_providers`` entry under that alias + # name, the custom entry is the intended target — the built-in alias + # rewriting would otherwise hijack the request. Only preferred when + # the raw name is an alias (not a canonical provider name) so custom + # entries that coincidentally match a canonical provider (e.g. ``nous``) + # still defer to the built-in per `_get_named_custom_provider`'s guard. + custom_entry = None + if original_provider and original_provider != provider: + custom_entry = _get_named_custom_provider(original_provider) + if custom_entry is None: + custom_entry = _get_named_custom_provider(provider) if custom_entry: custom_base = custom_entry.get("base_url", "").strip() custom_key = custom_entry.get("api_key", "").strip() @@ -2273,6 +2290,12 @@ def resolve_provider_client( creds = resolve_api_key_provider_credentials(provider) api_key = str(creds.get("api_key", "")).strip() + # Honour an explicit api_key override (e.g. from a fallback_model entry + # or a custom_providers entry) so callers that pass an explicit + # credential can authenticate against endpoints where no built-in + # credential is registered for this provider alias. + if explicit_api_key: + api_key = explicit_api_key.strip() or api_key if not api_key: tried_sources = list(pconfig.api_key_env_vars) if provider == "copilot": @@ -2284,6 +2307,11 @@ def resolve_provider_client( raw_base_url = str(creds.get("base_url", "")).strip().rstrip("/") or pconfig.inference_base_url base_url = _to_openai_base_url(raw_base_url) + # Honour an explicit base_url override from the caller — used when a + # fallback_model entry (or custom_providers lookup) routes through a + # built-in provider name but targets a user-specified endpoint. + if explicit_base_url: + base_url = _to_openai_base_url(explicit_base_url.strip().rstrip("/")) default_model = _API_KEY_PROVIDER_AUX_MODELS.get(provider, "") final_model = _normalize_resolved_model(model or default_model, provider) diff --git a/hermes_cli/runtime_provider.py b/hermes_cli/runtime_provider.py index 3afd67e1cc6..dfdc9115699 100644 --- a/hermes_cli/runtime_provider.py +++ b/hermes_cli/runtime_provider.py @@ -358,11 +358,20 @@ def _get_named_custom_provider(requested_provider: str) -> Optional[Dict[str, An return None if not requested_norm.startswith("custom:"): try: - auth_mod.resolve_provider(requested_norm) + canonical = auth_mod.resolve_provider(requested_norm) except AuthError: pass else: - return None + # A user-declared ``custom_providers`` entry whose name matches + # only an *alias* (``kimi`` → built-in ``kimi-coding``) is the + # user's intended target — alias rewriting would otherwise hijack + # the request. We only defer to the built-in when the raw name is + # the canonical provider itself (``nous``, ``openrouter``, …) so + # accidentally shadowing a canonical provider still resolves to + # the built-in. See tests/hermes_cli/test_runtime_provider_resolution.py + # ``test_named_custom_provider_does_not_shadow_builtin_provider``. + if (canonical or "").strip().lower() == requested_norm: + return None config = load_config() diff --git a/tests/agent/test_auxiliary_named_custom_providers.py b/tests/agent/test_auxiliary_named_custom_providers.py index 79f8b2f7e72..52c85998e3d 100644 --- a/tests/agent/test_auxiliary_named_custom_providers.py +++ b/tests/agent/test_auxiliary_named_custom_providers.py @@ -427,3 +427,68 @@ class TestProvidersDictApiModeAnthropicMessages: assert isinstance(sync_client, OpenAI) async_client, _ = resolve_provider_client("localchat", async_mode=True) assert isinstance(async_client, AsyncOpenAI) + + +class TestCustomProviderAliasCollision: + """A user-declared custom_providers entry whose name matches a built-in + *alias* (not a canonical provider) must win over the built-in. + + Regression guard for #15743: users who defined fallback_model pointing at + a custom_providers entry named ``kimi`` were having requests routed to + the built-in kimi-coding endpoint because ``_normalize_aux_provider`` + rewrote ``kimi`` → ``kimi-coding`` before the named-custom lookup. + """ + + def test_custom_named_kimi_wins_over_builtin_alias(self, tmp_path): + _write_config(tmp_path, { + "model": {"provider": "openrouter", "default": "anthropic/claude-sonnet-4.6"}, + "custom_providers": [ + { + "name": "kimi", + "base_url": "https://my-custom-kimi.example.com/v1", + "api_key": "my-kimi-key", + "models": {"my-kimi-model": {"context_length": 200000}}, + }, + ], + }) + from agent.auxiliary_client import resolve_provider_client + from openai import OpenAI + client, model = resolve_provider_client("kimi", model="my-kimi-model", raw_codex=True) + assert isinstance(client, OpenAI) + assert "my-custom-kimi.example.com" in str(client.base_url) + assert client.api_key == "my-kimi-key" + assert model == "my-kimi-model" + + def test_bare_kimi_without_custom_still_routes_to_builtin(self, tmp_path, monkeypatch): + """Regression guard: bare 'kimi' with no custom entry must still + reach the built-in kimi-coding provider.""" + _write_config(tmp_path, { + "model": {"provider": "openrouter", "default": "anthropic/claude-sonnet-4.6"}, + }) + monkeypatch.setenv("KIMI_API_KEY", "builtin-kimi-key") + from agent.auxiliary_client import resolve_provider_client + client, _ = resolve_provider_client("kimi", model="kimi-k2-0905-preview", raw_codex=True) + assert client is not None + base_url = str(client.base_url) + # Built-in kimi-coding points at api.moonshot.ai + assert "moonshot" in base_url or "kimi" in base_url, f"unexpected base_url {base_url!r}" + + def test_explicit_overrides_applied_on_api_key_branch(self, tmp_path, monkeypatch): + """Explicit base_url/api_key from the caller must override the + registered provider's defaults on the API-key branch. Used by + _try_activate_fallback to route a fallback through a built-in + provider name but targeting a user-supplied endpoint.""" + _write_config(tmp_path, { + "model": {"provider": "openrouter", "default": "anthropic/claude-sonnet-4.6"}, + }) + monkeypatch.setenv("KIMI_API_KEY", "builtin-kimi-key") + from agent.auxiliary_client import resolve_provider_client + from openai import OpenAI + client, _ = resolve_provider_client( + "kimi-coding", model="kimi-k2", raw_codex=True, + explicit_base_url="https://override.example.com", + explicit_api_key="override-key", + ) + assert isinstance(client, OpenAI) + assert "override.example.com" in str(client.base_url) + assert client.api_key == "override-key" diff --git a/tests/hermes_cli/test_runtime_provider_resolution.py b/tests/hermes_cli/test_runtime_provider_resolution.py index c7adfe1482d..d17b1a41e3a 100644 --- a/tests/hermes_cli/test_runtime_provider_resolution.py +++ b/tests/hermes_cli/test_runtime_provider_resolution.py @@ -897,6 +897,58 @@ def test_named_custom_provider_does_not_shadow_builtin_provider(monkeypatch): assert resolved["requested_provider"] == "nous" +def test_named_custom_provider_wins_over_builtin_alias(monkeypatch): + """A custom_providers entry named after a built-in *alias* (not a canonical + provider name) must win over the built-in. Regression guard for #15743: + when users define ``custom_providers: [{name: kimi, ...}]`` and reference + ``provider: kimi``, the built-in alias rewriting (``kimi`` → ``kimi-coding``) + would otherwise hijack the request and send it to the wrong endpoint. + """ + monkeypatch.setattr( + rp, + "load_config", + lambda: { + "custom_providers": [ + { + "name": "kimi", + "base_url": "https://my-custom-kimi.example.com/v1", + "api_key": "my-kimi-key", + } + ] + }, + ) + + entry = rp._get_named_custom_provider("kimi") + + assert entry is not None + assert entry["base_url"] == "https://my-custom-kimi.example.com/v1" + assert entry["api_key"] == "my-kimi-key" + + +def test_named_custom_provider_skipped_for_canonical_built_in(monkeypatch): + """Companion to the test above: ``nous`` is a canonical provider name + (``resolve_provider('nous') == 'nous'``), so a custom entry with that name + should NOT be returned — the built-in wins as before. + """ + monkeypatch.setattr( + rp, + "load_config", + lambda: { + "custom_providers": [ + { + "name": "nous", + "base_url": "http://localhost:1234/v1", + "api_key": "shadow-key", + } + ] + }, + ) + + entry = rp._get_named_custom_provider("nous") + + assert entry is None + + def test_explicit_openrouter_skips_openai_base_url(monkeypatch): """When the user explicitly requests openrouter, OPENAI_BASE_URL (which may point to a custom endpoint) must not override the From 226fd79c8e0ad0c7548a93ec2f8db91f1a9e0239 Mon Sep 17 00:00:00 2001 From: Allard Quek Date: Wed, 29 Apr 2026 18:39:55 +0800 Subject: [PATCH 052/133] feat(dashboard): add interactive column sorting to analytics tables --- web/src/pages/AnalyticsPage.tsx | 181 +++++++++++++++++++++----------- 1 file changed, 121 insertions(+), 60 deletions(-) diff --git a/web/src/pages/AnalyticsPage.tsx b/web/src/pages/AnalyticsPage.tsx index 5eab4a7a110..57943eba6f2 100644 --- a/web/src/pages/AnalyticsPage.tsx +++ b/web/src/pages/AnalyticsPage.tsx @@ -1,5 +1,14 @@ -import { useCallback, useEffect, useLayoutEffect, useState } from "react"; -import { BarChart3, Brain, Cpu, RefreshCw, TrendingUp } from "lucide-react"; +import { useCallback, useEffect, useLayoutEffect, useMemo, useState } from "react"; +import { + ArrowDown, + ArrowUp, + ArrowUpDown, + BarChart3, + Brain, + Cpu, + RefreshCw, + TrendingUp, +} from "lucide-react"; import { api } from "@/lib/api"; import type { AnalyticsResponse, @@ -40,6 +49,85 @@ function formatDate(day: string): string { } } +// --------------------------------------------------------------------------- +// Sorting +// --------------------------------------------------------------------------- + +function useTableSort( + data: T[], + defaultKey: keyof T & string, + defaultDir: "asc" | "desc" = "desc", +) { + const [sortKey, setSortKey] = useState(defaultKey); + const [sortDir, setSortDir] = useState<"asc" | "desc">(defaultDir); + + const sorted = useMemo(() => { + return [...data].sort((a, b) => { + const aVal = a[sortKey as keyof T]; + const bVal = b[sortKey as keyof T]; + // Nulls always last regardless of direction + if (aVal === null || aVal === undefined) return 1; + if (bVal === null || bVal === undefined) return -1; + if (aVal === bVal) return 0; + const cmp = aVal > bVal ? 1 : -1; + return sortDir === "asc" ? cmp : -cmp; + }); + }, [data, sortKey, sortDir]); + + const toggle = useCallback( + (key: string) => { + if (key === sortKey) { + setSortDir((d) => (d === "asc" ? "desc" : "asc")); + } else { + setSortKey(key); + setSortDir("desc"); + } + }, + [sortKey], + ); + + return { sorted, sortKey, sortDir, toggle }; +} + +function SortHeader({ + label, + col, + sortKey, + sortDir, + toggle, + className, +}: { + label: string; + col: string; + sortKey: string; + sortDir: "asc" | "desc"; + toggle: (key: string) => void; + className?: string; +}) { + const active = col === sortKey; + return ( + toggle(col)} + className={`cursor-pointer select-none ${className ?? ""}`} + > + + {label} + {active ? ( + sortDir === "asc" ? ( + + ) : ( + + ) + ) : ( + + )} + + + ); +} + + + function TokenBarChart({ daily }: { daily: AnalyticsDailyEntry[] }) { const { t } = useI18n(); if (daily.length === 0) return null; @@ -135,9 +223,9 @@ function TokenBarChart({ daily }: { daily: AnalyticsDailyEntry[] }) { function DailyTable({ daily }: { daily: AnalyticsDailyEntry[] }) { const { t } = useI18n(); - if (daily.length === 0) return null; + const { sorted, sortKey, sortDir, toggle } = useTableSort(daily, "day", "desc"); - const sorted = [...daily].reverse(); + if (daily.length === 0) return null; return ( @@ -154,46 +242,36 @@ function DailyTable({ daily }: { daily: AnalyticsDailyEntry[] }) { - - - - + + + + - {sorted.map((d) => { - return ( - ( + - - - - + - - ); - })} + + + ))}
    - {t.analytics.date} - - {t.sessions.title} - - {t.analytics.input} - - {t.analytics.output} -
    + {formatDate(d.day)} + {d.sessions} - + + {formatTokens(d.input_tokens)} - - + + {formatTokens(d.output_tokens)} -
    @@ -204,12 +282,9 @@ function DailyTable({ daily }: { daily: AnalyticsDailyEntry[] }) { function ModelTable({ models }: { models: AnalyticsModelEntry[] }) { const { t } = useI18n(); - if (models.length === 0) return null; + const { sorted, sortKey, sortDir, toggle } = useTableSort(models, "input_tokens", "desc"); - const sorted = [...models].sort( - (a, b) => - b.input_tokens + b.output_tokens - (a.input_tokens + a.output_tokens), - ); + if (models.length === 0) return null; return ( @@ -226,15 +301,9 @@ function ModelTable({ models }: { models: AnalyticsModelEntry[] }) { - - - + + + @@ -270,6 +339,8 @@ function ModelTable({ models }: { models: AnalyticsModelEntry[] }) { function SkillTable({ skills }: { skills: AnalyticsSkillEntry[] }) { const { t } = useI18n(); + const { sorted, sortKey, sortDir, toggle } = useTableSort(skills, "total_count", "desc"); + if (skills.length === 0) return null; return ( @@ -285,25 +356,15 @@ function SkillTable({ skills }: { skills: AnalyticsSkillEntry[] }) {
    - {t.analytics.model} - - {t.sessions.title} - - {t.analytics.tokens} -
    - - - - - + + + + + - {skills.map((skill) => ( + {sorted.map((skill) => ( Date: Thu, 30 Apr 2026 20:18:24 -0700 Subject: [PATCH 053/133] =?UTF-8?q?chore(release):=20map=20allard.quek@sin?= =?UTF-8?q?gtel.com=20=E2=86=92=20AllardQuek?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/release.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/release.py b/scripts/release.py index 84ca7365812..da9fcbe11fc 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -332,6 +332,7 @@ AUTHOR_MAP = { "stefan@dimagents.ai": "dimitrovi", "hermes@noushq.ai": "benbarclay", "chinmingcock@gmail.com": "ChimingLiu", + "allard.quek@singtel.com": "AllardQuek", "openclaw@sparklab.ai": "openclaw", "semihcvlk53@gmail.com": "Himess", "erenkar950@gmail.com": "erenkarakus", From 25cbe3e1d6cb8526e1d865a8b5d96d4d7e632933 Mon Sep 17 00:00:00 2001 From: Yukipukii1 Date: Wed, 29 Apr 2026 16:55:12 +0300 Subject: [PATCH 054/133] fix(gateway): preserve thread routing for /update progress and prompts --- gateway/platforms/discord.py | 6 ++- gateway/platforms/telegram.py | 4 ++ gateway/run.py | 29 ++++++++++--- tests/gateway/test_update_command.py | 56 +++++++++++++++++++++++++- tests/gateway/test_update_streaming.py | 52 ++++++++++++++++++++++++ 5 files changed, 138 insertions(+), 9 deletions(-) diff --git a/gateway/platforms/discord.py b/gateway/platforms/discord.py index 102e055ffc6..fcd2cbc996c 100644 --- a/gateway/platforms/discord.py +++ b/gateway/platforms/discord.py @@ -3078,6 +3078,7 @@ class DiscordAdapter(BasePlatformAdapter): async def send_update_prompt( self, chat_id: str, prompt: str, default: str = "", session_key: str = "", + metadata: Optional[Dict[str, Any]] = None, ) -> SendResult: """Send an interactive button-based update prompt (Yes / No). @@ -3087,9 +3088,10 @@ class DiscordAdapter(BasePlatformAdapter): if not self._client or not DISCORD_AVAILABLE: return SendResult(success=False, error="Not connected") try: - channel = self._client.get_channel(int(chat_id)) + target_id = metadata.get("thread_id") if metadata and metadata.get("thread_id") else chat_id + channel = self._client.get_channel(int(target_id)) if not channel: - channel = await self._client.fetch_channel(int(chat_id)) + channel = await self._client.fetch_channel(int(target_id)) default_hint = f" (default: {default})" if default else "" embed = discord.Embed( diff --git a/gateway/platforms/telegram.py b/gateway/platforms/telegram.py index 307c6b89aba..3822cb72f84 100644 --- a/gateway/platforms/telegram.py +++ b/gateway/platforms/telegram.py @@ -1360,6 +1360,7 @@ class TelegramAdapter(BasePlatformAdapter): async def send_update_prompt( self, chat_id: str, prompt: str, default: str = "", session_key: str = "", + metadata: Optional[Dict[str, Any]] = None, ) -> SendResult: """Send an inline-keyboard update prompt (Yes / No buttons). @@ -1377,11 +1378,14 @@ class TelegramAdapter(BasePlatformAdapter): InlineKeyboardButton("✗ No", callback_data="update_prompt:n"), ] ]) + thread_id = self._metadata_thread_id(metadata) + message_thread_id = self._message_thread_id_for_send(thread_id) msg = await self._bot.send_message( chat_id=int(chat_id), text=text, parse_mode=ParseMode.MARKDOWN, reply_markup=keyboard, + message_thread_id=message_thread_id, **self._link_preview_kwargs(), ) return SendResult(success=True, message_id=str(msg.message_id)) diff --git a/gateway/run.py b/gateway/run.py index 7714ca99d8a..4890ebe66f9 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -9490,6 +9490,8 @@ class GatewayRunner: "session_key": session_key, "timestamp": datetime.now().isoformat(), } + if event.source.thread_id: + pending["thread_id"] = event.source.thread_id _tmp_pending = pending_path.with_suffix(".tmp") _tmp_pending.write_text(json.dumps(pending)) _tmp_pending.replace(pending_path) @@ -9575,6 +9577,7 @@ class GatewayRunner: adapter = None chat_id = None session_key = None + metadata = None for path in (claimed_path, pending_path): if path.exists(): try: @@ -9582,6 +9585,8 @@ class GatewayRunner: platform_str = pending.get("platform") chat_id = pending.get("chat_id") session_key = pending.get("session_key") + thread_id = pending.get("thread_id") + metadata = {"thread_id": thread_id} if thread_id else None if platform_str and chat_id: platform = Platform(platform_str) adapter = self.adapters.get(platform) @@ -9629,7 +9634,7 @@ class GatewayRunner: chunks = [clean[i:i + max_chunk] for i in range(0, len(clean), max_chunk)] for chunk in chunks: try: - await adapter.send(chat_id, f"```\n{chunk}\n```") + await adapter.send(chat_id, f"```\n{chunk}\n```", metadata=metadata) except Exception as e: logger.debug("Update stream send failed: %s", e) @@ -9652,9 +9657,13 @@ class GatewayRunner: exit_code_raw = exit_code_path.read_text().strip() or "1" exit_code = int(exit_code_raw) if exit_code == 0: - await adapter.send(chat_id, "✅ Hermes update finished.") + await adapter.send(chat_id, "✅ Hermes update finished.", metadata=metadata) else: - await adapter.send(chat_id, "❌ Hermes update failed (exit code {}).".format(exit_code)) + await adapter.send( + chat_id, + "❌ Hermes update failed (exit code {}).".format(exit_code), + metadata=metadata, + ) logger.info("Update finished (exit=%s), notified %s", exit_code, session_key) except Exception as e: logger.warning("Update final notification failed: %s", e) @@ -9704,6 +9713,7 @@ class GatewayRunner: prompt=prompt_text, default=default, session_key=session_key, + metadata=metadata, ) sent_buttons = True except Exception as btn_err: @@ -9715,7 +9725,8 @@ class GatewayRunner: f"⚕ **Update needs your input:**\n\n" f"{prompt_text}{default_hint}\n\n" f"Reply `/approve` (yes) or `/deny` (no), " - f"or type your answer directly." + f"or type your answer directly.", + metadata=metadata, ) self._update_prompt_pending[session_key] = True # Remove the prompt file so it isn't re-read on the @@ -9735,7 +9746,11 @@ class GatewayRunner: exit_code_path.write_text("124") await _flush_buffer() try: - await adapter.send(chat_id, "❌ Hermes update timed out after 30 minutes.") + await adapter.send( + chat_id, + "❌ Hermes update timed out after 30 minutes.", + metadata=metadata, + ) except Exception: pass for p in (pending_path, claimed_path, output_path, @@ -9777,6 +9792,7 @@ class GatewayRunner: pending = json.loads(claimed_path.read_text()) platform_str = pending.get("platform") chat_id = pending.get("chat_id") + thread_id = pending.get("thread_id") if not exit_code_path.exists(): logger.info("Update notification deferred: update still running") @@ -9798,6 +9814,7 @@ class GatewayRunner: adapter = self.adapters.get(platform) if adapter and chat_id: + metadata = {"thread_id": thread_id} if thread_id else None # Strip ANSI escape codes for clean display output = re.sub(r'\x1b\[[0-9;]*m', '', output).strip() if output: @@ -9812,7 +9829,7 @@ class GatewayRunner: msg = "✅ Hermes update finished successfully." else: msg = "❌ Hermes update failed. Check the gateway logs or run `hermes update` manually for details." - await adapter.send(chat_id, msg) + await adapter.send(chat_id, msg, metadata=metadata) logger.info( "Sent post-update notification to %s:%s (exit=%s)", platform_str, diff --git a/tests/gateway/test_update_command.py b/tests/gateway/test_update_command.py index 05be88c2c65..aa6240aa5b5 100644 --- a/tests/gateway/test_update_command.py +++ b/tests/gateway/test_update_command.py @@ -17,13 +17,14 @@ from gateway.session import SessionSource def _make_event(text="/update", platform=Platform.TELEGRAM, - user_id="12345", chat_id="67890"): + user_id="12345", chat_id="67890", thread_id=None): """Build a MessageEvent for testing.""" source = SessionSource( platform=platform, user_id=user_id, chat_id=chat_id, user_name="testuser", + thread_id=thread_id, ) return MessageEvent(text=text, source=source) @@ -214,6 +215,34 @@ class TestHandleUpdateCommand: assert "timestamp" in data assert not (hermes_home / ".update_exit_code").exists() + @pytest.mark.asyncio + async def test_writes_pending_marker_with_thread_id(self, tmp_path): + """Persists thread_id so update notifications can route back to the thread.""" + runner = _make_runner() + event = _make_event( + platform=Platform.TELEGRAM, + chat_id="99999", + thread_id="777", + ) + + fake_root = tmp_path / "project" + fake_root.mkdir() + (fake_root / ".git").mkdir() + (fake_root / "gateway").mkdir() + (fake_root / "gateway" / "run.py").touch() + fake_file = str(fake_root / "gateway" / "run.py") + hermes_home = tmp_path / "hermes" + hermes_home.mkdir() + + with patch("gateway.run._hermes_home", hermes_home), \ + patch("gateway.run.__file__", fake_file), \ + patch("shutil.which", side_effect=lambda x: "/usr/bin/hermes" if x == "hermes" else "/usr/bin/setsid"), \ + patch("subprocess.Popen"): + await runner._handle_update_command(event) + + data = json.loads((hermes_home / ".update_pending.json").read_text()) + assert data["thread_id"] == "777" + @pytest.mark.asyncio async def test_spawns_setsid(self, tmp_path): """Uses setsid when available.""" @@ -432,6 +461,31 @@ class TestSendUpdateNotification: assert call_args[0][0] == "67890" # chat_id assert "Update complete" in call_args[0][1] or "update finished" in call_args[0][1].lower() + @pytest.mark.asyncio + async def test_sends_notification_with_thread_metadata(self, tmp_path): + """Final update notification preserves thread metadata when present.""" + runner = _make_runner() + hermes_home = tmp_path / "hermes" + hermes_home.mkdir() + + pending = { + "platform": "telegram", + "chat_id": "67890", + "thread_id": "777", + "user_id": "12345", + } + (hermes_home / ".update_pending.json").write_text(json.dumps(pending)) + (hermes_home / ".update_output.txt").write_text("done") + (hermes_home / ".update_exit_code").write_text("0") + + mock_adapter = AsyncMock() + runner.adapters = {Platform.TELEGRAM: mock_adapter} + + with patch("gateway.run._hermes_home", hermes_home): + await runner._send_update_notification() + + assert mock_adapter.send.call_args.kwargs["metadata"] == {"thread_id": "777"} + @pytest.mark.asyncio async def test_strips_ansi_codes(self, tmp_path): """ANSI escape codes are removed from output.""" diff --git a/tests/gateway/test_update_streaming.py b/tests/gateway/test_update_streaming.py index 1020ea6c461..b78eaa3327f 100644 --- a/tests/gateway/test_update_streaming.py +++ b/tests/gateway/test_update_streaming.py @@ -321,6 +321,58 @@ class TestWatchUpdateProgress: # Check session was marked as having pending prompt # (may be cleared by the time we check since update finished) + @pytest.mark.asyncio + async def test_prompt_forwarding_preserves_thread_metadata(self, tmp_path): + """Forwarded update prompts keep the originating thread/topic metadata.""" + runner = _make_runner() + hermes_home = tmp_path / "hermes" + hermes_home.mkdir() + + pending = { + "platform": "telegram", + "chat_id": "111", + "thread_id": "777", + "user_id": "222", + "session_key": "agent:main:telegram:group:111:777", + } + (hermes_home / ".update_pending.json").write_text(json.dumps(pending)) + (hermes_home / ".update_output.txt").write_text("") + (hermes_home / ".update_prompt.json").write_text(json.dumps({ + "prompt": "Restore local changes? [Y/n]", + "default": "y", + "id": "threaded-prompt", + })) + + class _PromptCapableAdapter: + def __init__(self): + self.send = AsyncMock() + self.prompt_calls = AsyncMock() + + async def send_update_prompt(self, **kwargs): + return await self.prompt_calls(**kwargs) + + mock_adapter = _PromptCapableAdapter() + runner.adapters = {Platform.TELEGRAM: mock_adapter} + + async def finish_after_prompt(): + await asyncio.sleep(0.3) + (hermes_home / ".update_response").write_text("y") + await asyncio.sleep(0.2) + (hermes_home / ".update_exit_code").write_text("0") + + with patch("gateway.run._hermes_home", hermes_home): + task = asyncio.create_task(finish_after_prompt()) + await runner._watch_update_progress( + poll_interval=0.1, + stream_interval=0.2, + timeout=5.0, + ) + await task + + assert mock_adapter.prompt_calls.call_args.kwargs["metadata"] == { + "thread_id": "777" + } + @pytest.mark.asyncio async def test_cleans_up_on_completion(self, tmp_path): """All marker files are cleaned up when update finishes.""" From 2b512cbca417f84c68f6bc5cfea3ac2905120c47 Mon Sep 17 00:00:00 2001 From: Jezza Hehn Date: Wed, 29 Apr 2026 14:39:18 +0000 Subject: [PATCH 055/133] feat(gateway): add busy_ack_enabled config option to suppress ack messages When a user sends a message while the gateway is busy processing, an acknowledgment message is sent. This can be spammy for users who send rapid messages. Add display.busy_ack_enabled config option (default: true) to allow users to suppress these busy-input acknowledgment messages. Fixes #17457 --- gateway/run.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/gateway/run.py b/gateway/run.py index 4890ebe66f9..acf712e484b 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -381,6 +381,8 @@ if _config_path.exists(): if _display_cfg and isinstance(_display_cfg, dict): if "busy_input_mode" in _display_cfg and "HERMES_GATEWAY_BUSY_INPUT_MODE" not in os.environ: os.environ["HERMES_GATEWAY_BUSY_INPUT_MODE"] = str(_display_cfg["busy_input_mode"]) + if "busy_ack_enabled" in _display_cfg and "HERMES_GATEWAY_BUSY_ACK_ENABLED" not in os.environ: + os.environ["HERMES_GATEWAY_BUSY_ACK_ENABLED"] = str(_display_cfg["busy_ack_enabled"]) # Timezone: bridge config.yaml → HERMES_TIMEZONE env var. # HERMES_TIMEZONE from .env takes precedence (already in os.environ). _tz_cfg = _cfg.get("timezone", "") @@ -1971,6 +1973,12 @@ class GatewayRunner: self._busy_ack_ts[session_key] = now + # Check if busy ack is disabled — skip sending but still process the input + busy_ack_enabled = os.environ.get("HERMES_GATEWAY_BUSY_ACK_ENABLED", "true").lower() == "true" + if not busy_ack_enabled: + logger.debug("Busy ack suppressed for session %s", session_key) + return True # input still processed, just no ack sent + # Build a status-rich acknowledgment status_parts = [] if running_agent and running_agent is not _AGENT_PENDING_SENTINEL: From 01cc701e54efecd18ded1a0c083e640d56111426 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:19:03 -0700 Subject: [PATCH 056/133] docs + nit: busy_ack_enabled follow-ups - Move the disabled-ack guard above the debounce so we don't stamp _busy_ack_ts[session_key] when no ack was actually sent. Harmless (never read when disabled) but cosmetically off. - Document display.busy_ack_enabled in user-guide/messaging/index.md and HERMES_GATEWAY_BUSY_ACK_ENABLED in reference/environment-variables.md. - Add JezzaHehn to scripts/release.py AUTHOR_MAP for contributor credit. Follow-up to #17491 (Jezza Hehn). --- gateway/run.py | 14 ++++++++------ scripts/release.py | 1 + website/docs/reference/environment-variables.md | 1 + website/docs/user-guide/messaging/index.md | 3 +++ 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/gateway/run.py b/gateway/run.py index acf712e484b..ea1977c34eb 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -1963,6 +1963,14 @@ class GatewayRunner: except Exception: pass # don't let interrupt failure block the ack + # Check if busy ack is disabled — skip sending but still process the input. + # Placed before debounce so we don't stamp a "last ack" timestamp that was + # never actually delivered. + busy_ack_enabled = os.environ.get("HERMES_GATEWAY_BUSY_ACK_ENABLED", "true").lower() == "true" + if not busy_ack_enabled: + logger.debug("Busy ack suppressed for session %s", session_key) + return True # input still processed, just no ack sent + # Debounce: only send an acknowledgment once every 30 seconds per session # to avoid spamming the user when they send multiple messages quickly _BUSY_ACK_COOLDOWN = 30 @@ -1973,12 +1981,6 @@ class GatewayRunner: self._busy_ack_ts[session_key] = now - # Check if busy ack is disabled — skip sending but still process the input - busy_ack_enabled = os.environ.get("HERMES_GATEWAY_BUSY_ACK_ENABLED", "true").lower() == "true" - if not busy_ack_enabled: - logger.debug("Busy ack suppressed for session %s", session_key) - return True # input still processed, just no ack sent - # Build a status-rich acknowledgment status_parts = [] if running_agent and running_agent is not _AGENT_PENDING_SENTINEL: diff --git a/scripts/release.py b/scripts/release.py index da9fcbe11fc..bf5350948d6 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -169,6 +169,7 @@ AUTHOR_MAP = { "sir_even@icloud.com": "sirEven", "36056348+sirEven@users.noreply.github.com": "sirEven", "70424851+insecurejezza@users.noreply.github.com": "insecurejezza", + "jezzahehn@gmail.com": "JezzaHehn", "254021826+dodo-reach@users.noreply.github.com": "dodo-reach", "259807879+Bartok9@users.noreply.github.com": "Bartok9", "270082434+crayfish-ai@users.noreply.github.com": "crayfish-ai", diff --git a/website/docs/reference/environment-variables.md b/website/docs/reference/environment-variables.md index e58ccef5aae..235d84654f7 100644 --- a/website/docs/reference/environment-variables.md +++ b/website/docs/reference/environment-variables.md @@ -406,6 +406,7 @@ Advanced per-platform knobs for throttling the outbound message batcher. Most us | `HERMES_RESTART_DRAIN_TIMEOUT` | Gateway: seconds to wait for active runs to drain on `/restart` before forcing the restart (default: `900`). | | `HERMES_GATEWAY_PLATFORM_CONNECT_TIMEOUT` | Per-platform connect timeout during gateway startup (seconds). | | `HERMES_GATEWAY_BUSY_INPUT_MODE` | Default gateway busy-input behavior: `queue`, `steer`, or `interrupt`. Can be overridden per chat with `/busy`. | +| `HERMES_GATEWAY_BUSY_ACK_ENABLED` | Whether the gateway sends an acknowledgment message (⚡/⏳/⏩) when a user sends input while the agent is busy (default: `true`). Set to `false` to suppress these messages entirely — the input is still queued/steered/interrupts as normal, only the chat reply is silenced. Bridged from `display.busy_ack_enabled` in `config.yaml`. | | `HERMES_CRON_TIMEOUT` | Inactivity timeout for cron job agent runs in seconds (default: `600`). The agent can run indefinitely while actively calling tools or receiving stream tokens — this only triggers when idle. Set to `0` for unlimited. | | `HERMES_CRON_SCRIPT_TIMEOUT` | Timeout for pre-run scripts attached to cron jobs in seconds (default: `120`). Override for scripts that need longer execution (e.g., randomized delays for anti-bot timing). Also configurable via `cron.script_timeout_seconds` in `config.yaml`. | | `HERMES_CRON_MAX_PARALLEL` | Max cron jobs run in parallel per tick (default: `4`). | diff --git a/website/docs/user-guide/messaging/index.md b/website/docs/user-guide/messaging/index.md index 126ab8184f6..578a826b645 100644 --- a/website/docs/user-guide/messaging/index.md +++ b/website/docs/user-guide/messaging/index.md @@ -232,10 +232,13 @@ By default, messaging a busy agent interrupts it. Two other modes are available: ```yaml display: busy_input_mode: steer # or queue, or interrupt (default) + busy_ack_enabled: true # set to false to suppress the ⚡/⏳/⏩ chat reply entirely ``` The first time you message a busy agent on any platform, Hermes appends a one-line reminder to the busy-ack explaining the knob (`"💡 First-time tip — …"`). The reminder fires once per install — a flag under `onboarding.seen.busy_input_prompt` latches it. Delete that key to see the tip again. +If you find the busy-ack noisy — especially with voice input or rapid-fire messages — set `display.busy_ack_enabled: false`. Your input is still queued/steered/interrupts as normal, only the chat reply is silenced. + ## Tool Progress Notifications Control how much tool activity is displayed in `~/.hermes/config.yaml`: From 33d24095c4a375e2a6fc6f68b353a61f21a9e1bb Mon Sep 17 00:00:00 2001 From: Allard Quek Date: Wed, 29 Apr 2026 10:41:20 +0800 Subject: [PATCH 057/133] fix(dashboard): normalize typography and layout across built-in themes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All built-in themes now spread DEFAULT_TYPOGRAPHY, removing independent baseSize overrides and converging on 15px. All themes also use density: comfortable, removing the compact/spacious divergence that caused item-count shifts on fixed-height pages (e.g. Skills). Two additional per-theme overrides are also normalized: - rose: lineHeight: "1.7" removed — was paired with density: spacious for an airy feel; once density was normalised the elevated line-height became an orphaned artefact causing nav item height drift. - cyberpunk: letterSpacing changed from "0.02em" to "0" — extra tracking on top of an already-wide monospace font caused text to wrap earlier than in other themes. Switching themes is now a purely cosmetic change — color palette, font family, border-radius, and typographic style differ; font size, spacing, line-height, and letter-spacing do not. --- web/src/themes/presets.ts | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/web/src/themes/presets.ts b/web/src/themes/presets.ts index d8ae293cd0d..a387e9a5691 100644 --- a/web/src/themes/presets.ts +++ b/web/src/themes/presets.ts @@ -65,11 +65,11 @@ export const midnightTheme: DashboardTheme = { noiseOpacity: 0.8, }, typography: { + ...DEFAULT_TYPOGRAPHY, fontSans: `"Inter", ${SYSTEM_SANS}`, fontMono: `"JetBrains Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500;700&display=swap", - baseSize: "14px", lineHeight: "1.6", letterSpacing: "-0.005em", }, @@ -91,11 +91,11 @@ export const emberTheme: DashboardTheme = { noiseOpacity: 1, }, typography: { + ...DEFAULT_TYPOGRAPHY, fontSans: `"Spectral", Georgia, "Times New Roman", serif`, fontMono: `"IBM Plex Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=Spectral:wght@400;500;600;700&family=IBM+Plex+Mono:wght@400;500;700&display=swap", - baseSize: "15px", lineHeight: "1.6", letterSpacing: "0", }, @@ -121,17 +121,17 @@ export const monoTheme: DashboardTheme = { noiseOpacity: 0.6, }, typography: { + ...DEFAULT_TYPOGRAPHY, fontSans: `"IBM Plex Sans", ${SYSTEM_SANS}`, fontMono: `"IBM Plex Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;500;600&family=IBM+Plex+Mono:wght@400;500&display=swap", - baseSize: "13px", lineHeight: "1.5", letterSpacing: "0", }, layout: { radius: "0", - density: "compact", + density: "comfortable", }, }; @@ -147,17 +147,17 @@ export const cyberpunkTheme: DashboardTheme = { noiseOpacity: 1.2, }, typography: { + ...DEFAULT_TYPOGRAPHY, fontSans: `"Share Tech Mono", "JetBrains Mono", ${SYSTEM_MONO}`, fontMono: `"Share Tech Mono", "JetBrains Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=Share+Tech+Mono&family=JetBrains+Mono:wght@400;700&display=swap", - baseSize: "14px", lineHeight: "1.5", - letterSpacing: "0.02em", + letterSpacing: "0", }, layout: { radius: "0", - density: "compact", + density: "comfortable", }, colorOverrides: { success: "#00ff88", @@ -178,17 +178,16 @@ export const roseTheme: DashboardTheme = { noiseOpacity: 0.9, }, typography: { + ...DEFAULT_TYPOGRAPHY, fontSans: `"Fraunces", Georgia, serif`, fontMono: `"DM Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=Fraunces:opsz,wght@9..144,400;9..144,500;9..144,600&family=DM+Mono:wght@400;500&display=swap", - baseSize: "16px", - lineHeight: "1.7", letterSpacing: "0", }, layout: { radius: "1rem", - density: "spacious", + density: "comfortable", }, }; From ebe60abc4f22c8d8f9360da76249cc55499210f4 Mon Sep 17 00:00:00 2001 From: Allard Quek Date: Thu, 30 Apr 2026 10:38:14 +0800 Subject: [PATCH 058/133] fix(dashboard): separate theme identity from layout scale MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Themes previously embedded layout-affecting values (baseSize, lineHeight, density, letterSpacing) alongside visual identity properties, coupling user ergonomic preferences to color theme selection. This change establishes a clear separation of concerns: - Themes own: palette, font family, border-radius, and font-coupled letterSpacing (e.g. Inter's -0.005em tracking) - Layout scale (baseSize, lineHeight, density) is standardized via DEFAULT_TYPOGRAPHY and DEFAULT_LAYOUT — not overridden per theme All themes now spread DEFAULT_TYPOGRAPHY and DEFAULT_LAYOUT as their base, removing silent divergence and making future layout settings (e.g. user-configurable density) trivially applicable across all themes without per-theme special-casing. --- web/src/themes/presets.ts | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/web/src/themes/presets.ts b/web/src/themes/presets.ts index a387e9a5691..956bb68c21f 100644 --- a/web/src/themes/presets.ts +++ b/web/src/themes/presets.ts @@ -70,12 +70,11 @@ export const midnightTheme: DashboardTheme = { fontMono: `"JetBrains Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500;700&display=swap", - lineHeight: "1.6", letterSpacing: "-0.005em", }, layout: { + ...DEFAULT_LAYOUT, radius: "0.75rem", - density: "comfortable", }, }; @@ -96,12 +95,10 @@ export const emberTheme: DashboardTheme = { fontMono: `"IBM Plex Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=Spectral:wght@400;500;600;700&family=IBM+Plex+Mono:wght@400;500;700&display=swap", - lineHeight: "1.6", - letterSpacing: "0", }, layout: { + ...DEFAULT_LAYOUT, radius: "0.25rem", - density: "comfortable", }, colorOverrides: { destructive: "#c92d0f", @@ -126,12 +123,10 @@ export const monoTheme: DashboardTheme = { fontMono: `"IBM Plex Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;500;600&family=IBM+Plex+Mono:wght@400;500&display=swap", - lineHeight: "1.5", - letterSpacing: "0", }, layout: { + ...DEFAULT_LAYOUT, radius: "0", - density: "comfortable", }, }; @@ -152,12 +147,10 @@ export const cyberpunkTheme: DashboardTheme = { fontMono: `"Share Tech Mono", "JetBrains Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=Share+Tech+Mono&family=JetBrains+Mono:wght@400;700&display=swap", - lineHeight: "1.5", - letterSpacing: "0", }, layout: { + ...DEFAULT_LAYOUT, radius: "0", - density: "comfortable", }, colorOverrides: { success: "#00ff88", @@ -183,11 +176,10 @@ export const roseTheme: DashboardTheme = { fontMono: `"DM Mono", ${SYSTEM_MONO}`, fontUrl: "https://fonts.googleapis.com/css2?family=Fraunces:opsz,wght@9..144,400;9..144,500;9..144,600&family=DM+Mono:wght@400;500&display=swap", - letterSpacing: "0", }, layout: { + ...DEFAULT_LAYOUT, radius: "1rem", - density: "comfortable", }, }; From 8e58265b60322c549dc61c64a82e06b6ada98541 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:23:31 -0700 Subject: [PATCH 059/133] =?UTF-8?q?chore(release):=20map=20allard.quek@sin?= =?UTF-8?q?gtel.com=20=E2=86=92=20AllardQuek=20(#18196)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/release.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/release.py b/scripts/release.py index bf5350948d6..9b9c34f48fe 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -498,6 +498,7 @@ AUTHOR_MAP = { "tangyuanjc@JCdeAIfenshendeMac-mini.local": "tangyuanjc", "harryplusplus@gmail.com": "harryplusplus", "anthhub@163.com": "anthhub", + "allard.quek@singtel.com": "AllardQuek", "shenuu@gmail.com": "shenuu", "xiayh17@gmail.com": "xiayh0107", "zhujianxyz@gmail.com": "opriz", From e3624e00db6ddee7b1bf4009fc19453b5317f2f2 Mon Sep 17 00:00:00 2001 From: jatin godnani Date: Wed, 29 Apr 2026 13:24:50 +0530 Subject: [PATCH 060/133] fix: enforce strictly subtractive toolset filtration Refactor tool resolution logic in model_tools.py to ensure that disabled_toolsets are always subtracted at the end, preventing composite toolsets (e.g. 'browser') from implicitly enabling tools that should be hidden. - Added 'disabled_toolsets' to DEFAULT_CONFIG in hermes_cli/config.py - Updated HermesCLI in cli.py to load and propagate disabled toolsets to AIAgent - Implemented robust two-phase resolution (additive then subtractive) in model_tools.py --- cli.py | 7 +++++-- hermes_cli/config.py | 1 + model_tools.py | 15 +++++++++------ 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/cli.py b/cli.py index d045a4e52d3..2e50b30a2fb 100644 --- a/cli.py +++ b/cli.py @@ -15,9 +15,8 @@ Usage: import logging import os -import re +import platform import shutil -import sys import json import re import concurrent.futures @@ -600,6 +599,7 @@ def load_cli_config() -> Dict[str, Any]: # Load configuration at module startup CLI_CONFIG = load_cli_config() + # Initialize centralized logging early — agent.log + errors.log in ~/.hermes/logs/. # This ensures CLI sessions produce a log trail even before AIAgent is instantiated. try: @@ -2118,6 +2118,8 @@ class HermesCLI: # Parse and validate toolsets self.enabled_toolsets = toolsets + self.disabled_toolsets = CLI_CONFIG["agent"].get("disabled_toolsets") or [] + if toolsets and "all" not in toolsets and "*" not in toolsets: # Validate each toolset — MCP server names are resolved via # live registry aliases (registered during discover_mcp_tools), @@ -3568,6 +3570,7 @@ class HermesCLI: credential_pool=runtime.get("credential_pool"), max_iterations=self.max_turns, enabled_toolsets=self.enabled_toolsets, + disabled_toolsets=self.disabled_toolsets, verbose_logging=self.verbose, quiet_mode=not self.verbose, ephemeral_system_prompt=self.system_prompt if self.system_prompt else None, diff --git a/hermes_cli/config.py b/hermes_cli/config.py index 153b9f5b2d4..e765448b7bf 100644 --- a/hermes_cli/config.py +++ b/hermes_cli/config.py @@ -457,6 +457,7 @@ DEFAULT_CONFIG = { # remains available as a tool regardless of this setting — the routing # only controls how inbound user images are presented. "image_input_mode": "auto", + "disabled_toolsets": [], }, "terminal": { diff --git a/model_tools.py b/model_tools.py index b991780a618..1eb84d03f95 100644 --- a/model_tools.py +++ b/model_tools.py @@ -23,6 +23,8 @@ Public API (signatures preserved from the original 2,400-line version): import json import asyncio import logging +import os +import sys import threading import time from typing import Dict, Any, List, Optional, Tuple @@ -356,12 +358,17 @@ def _compute_tool_definitions( else: if not quiet_mode: print(f"⚠️ Unknown toolset: {toolset_name}") - - elif disabled_toolsets: + else: + # Default: start with everything from toolsets import get_all_toolsets for ts_name in get_all_toolsets(): tools_to_include.update(resolve_toolset(ts_name)) + # Always apply disabled toolsets as a subtraction step at the end. + # This ensures that even if a composite toolset (like hermes-cli) + # is enabled, any tools belonging to a disabled toolset are strictly + # stripped out. See issue #15291. + if disabled_toolsets: for toolset_name in disabled_toolsets: if validate_toolset(toolset_name): resolved = resolve_toolset(toolset_name) @@ -376,10 +383,6 @@ def _compute_tool_definitions( else: if not quiet_mode: print(f"⚠️ Unknown toolset: {toolset_name}") - else: - from toolsets import get_all_toolsets - for ts_name in get_all_toolsets(): - tools_to_include.update(resolve_toolset(ts_name)) # Plugin-registered tools are now resolved through the normal toolset # path — validate_toolset() / resolve_toolset() / get_all_toolsets() From 9a757434967f3834d3925fec057ec6d4e7d7411c Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:23:04 -0700 Subject: [PATCH 061/133] fix(gateway): apply agent.disabled_toolsets in gateway message loop MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Widens the cherry-picked fix from @jatingodnani (#17343) to the gateway path. On main, user_config.agent.disabled_toolsets was only honored by _get_platform_tools' name-level subtraction — it did not catch tools pulled in implicitly by a composite toolset (browser includes web_search, hermes-* platforms include most tools). Changes: - gateway/run.py: resolve disabled_toolsets alongside enabled_toolsets and pass to AIAgent at both user-facing construction sites (normal message loop + single-turn cron-like path). Hygiene/compression agents (fixed enabled_toolsets=[memory]) are intentionally untouched. - gateway/run.py: add (agent, disabled_toolsets) to _CACHE_BUSTING_CONFIG_KEYS so editing the list in config.yaml invalidates the cached AIAgent on the next message. - cli.py: drop unused 'import platform' left over from PR #17343's import churn; restore 'import sys' used throughout the file. - model_tools.py: drop unused 'import os, sys' added by PR #17343; fix comment reference from #15291 (unrelated OAuth issue) to #17309. Co-authored-by: jatin godnani --- cli.py | 2 +- gateway/run.py | 7 +++++++ model_tools.py | 4 +--- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/cli.py b/cli.py index 2e50b30a2fb..bfe0dcbaa9d 100644 --- a/cli.py +++ b/cli.py @@ -15,8 +15,8 @@ Usage: import logging import os -import platform import shutil +import sys import json import re import concurrent.futures diff --git a/gateway/run.py b/gateway/run.py index ea1977c34eb..65394935c67 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -7988,6 +7988,8 @@ class GatewayRunner: from hermes_cli.tools_config import _get_platform_tools enabled_toolsets = sorted(_get_platform_tools(user_config, platform_key)) + agent_cfg = user_config.get("agent") or {} + disabled_toolsets = agent_cfg.get("disabled_toolsets") or None pr = self._provider_routing max_iterations = int(os.getenv("HERMES_MAX_ITERATIONS", "90")) @@ -8004,6 +8006,7 @@ class GatewayRunner: quiet_mode=True, verbose_logging=False, enabled_toolsets=enabled_toolsets, + disabled_toolsets=disabled_toolsets, reasoning_config=reasoning_config, service_tier=self._service_tier, request_overrides=turn_route.get("request_overrides"), @@ -10379,6 +10382,7 @@ class GatewayRunner: ("compression", "threshold"), ("compression", "target_ratio"), ("compression", "protect_last_n"), + ("agent", "disabled_toolsets"), ) @classmethod @@ -11162,6 +11166,8 @@ class GatewayRunner: from hermes_cli.tools_config import _get_platform_tools enabled_toolsets = sorted(_get_platform_tools(user_config, platform_key)) + agent_cfg_local = user_config.get("agent") or {} + disabled_toolsets = agent_cfg_local.get("disabled_toolsets") or None display_config = user_config.get("display", {}) if not isinstance(display_config, dict): @@ -11790,6 +11796,7 @@ class GatewayRunner: quiet_mode=True, verbose_logging=False, enabled_toolsets=enabled_toolsets, + disabled_toolsets=disabled_toolsets, ephemeral_system_prompt=combined_ephemeral or None, prefill_messages=self._prefill_messages or None, reasoning_config=reasoning_config, diff --git a/model_tools.py b/model_tools.py index 1eb84d03f95..2eb31ab0df7 100644 --- a/model_tools.py +++ b/model_tools.py @@ -23,8 +23,6 @@ Public API (signatures preserved from the original 2,400-line version): import json import asyncio import logging -import os -import sys import threading import time from typing import Dict, Any, List, Optional, Tuple @@ -367,7 +365,7 @@ def _compute_tool_definitions( # Always apply disabled toolsets as a subtraction step at the end. # This ensures that even if a composite toolset (like hermes-cli) # is enabled, any tools belonging to a disabled toolset are strictly - # stripped out. See issue #15291. + # stripped out. See issue #17309. if disabled_toolsets: for toolset_name in disabled_toolsets: if validate_toolset(toolset_name): From 19136dfc07666e40e4ff39d49ef802c42b249c1d Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:23:30 -0700 Subject: [PATCH 062/133] chore: map jatingodnani email in AUTHOR_MAP --- scripts/release.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/release.py b/scripts/release.py index 9b9c34f48fe..b560812fbb5 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -48,6 +48,7 @@ AUTHOR_MAP = { "aludwin+gh@gmail.com": "adamludwin", "2093036+exiao@users.noreply.github.com": "exiao", "rylen.anil@gmail.com": "rylena", + "godnanijatin@gmail.com": "jatingodnani", "14046872+tmimmanuel@users.noreply.github.com": "tmimmanuel", "revar@users.noreply.github.com": "revaraver", # Matrix parity salvage batch (April 2026) From cc340c4a4d8a5c624b764443957cfc84fcd83664 Mon Sep 17 00:00:00 2001 From: Harry Riddle Date: Wed, 29 Apr 2026 20:39:52 +0700 Subject: [PATCH 063/133] fix(tui): always call input.detect_drop for reliable image attachment Remove frontend regex pre-check that truncated paths containing spaces, quotes, or Windows drive letters. Backend _detect_file_drop correctly handles these patterns. This fixes image attachment for common filenames like "Screenshot 2026-04-29.png". Add tests: - test_input_detect_drop_path_with_spaces: attaches image with spaces in name - test_input_detect_drop_path_with_spaces_and_remainder: remainder handling Also restored missing in test_rollback_restore_resolves_number_and_file_path. Scope: tui, vision, tests --- tests/test_tui_gateway_server.py | 49 ++++++++++++++++++++++++++++++++ ui-tui/src/app/useSubmission.ts | 10 ++----- 2 files changed, 52 insertions(+), 7 deletions(-) diff --git a/tests/test_tui_gateway_server.py b/tests/test_tui_gateway_server.py index 0c6263663ef..a18a1b39bf0 100644 --- a/tests/test_tui_gateway_server.py +++ b/tests/test_tui_gateway_server.py @@ -1923,6 +1923,55 @@ def test_input_detect_drop_attaches_image(monkeypatch): assert resp["result"]["text"] == "[User attached image: cat.png]" +def test_input_detect_drop_path_with_spaces(tmp_path): + """input.detect_drop correctly handles image paths containing spaces.""" + # Create a minimal PNG file with a space in its name + img = tmp_path / "screenshot with spaces.png" + img.write_bytes(b"\x89PNG\r\n\x1a\n") # valid PNG header + + server._sessions["sid"] = _session() + + resp = server.handle_request( + { + "id": "2", + "method": "input.detect_drop", + "params": {"session_id": "sid", "text": str(img)}, + } + ) + + assert resp["result"]["matched"] is True + assert resp["result"]["is_image"] is True + assert resp["result"]["path"] == str(img) + assert resp["result"]["text"] == f"[User attached image: {img.name}]" + # Verify attachment was recorded in the session + assert len(server._sessions["sid"]["attached_images"]) == 1 + assert server._sessions["sid"]["attached_images"][0] == str(img) + + +def test_input_detect_drop_path_with_spaces_and_remainder(tmp_path): + """input.detect_drop splits remainder when path contains spaces.""" + img = tmp_path / "photo with space.jpg" + img.write_bytes(b"\xff\xd8\xff" + b"fakejpeg") # minimal-ish JPEG header + + server._sessions["sid"] = _session() + + user_input = f"{img} describe this image" + resp = server.handle_request( + { + "id": "3", + "method": "input.detect_drop", + "params": {"session_id": "sid", "text": user_input}, + } + ) + + assert resp["result"]["matched"] is True + assert resp["result"]["is_image"] is True + assert resp["result"]["path"] == str(img) + # Remainder becomes the text sent to the model + assert resp["result"]["text"] == "describe this image" + assert server._sessions["sid"]["attached_images"][0] == str(img) + + def test_rollback_restore_resolves_number_and_file_path(): calls = {} diff --git a/ui-tui/src/app/useSubmission.ts b/ui-tui/src/app/useSubmission.ts index bbb288e0012..9f87a6b5dbc 100644 --- a/ui-tui/src/app/useSubmission.ts +++ b/ui-tui/src/app/useSubmission.ts @@ -126,13 +126,9 @@ export function useSubmission(opts: UseSubmissionOptions) { return sys('session not ready yet') } - // Plain prompts are the common path and should not pay an extra RPC - // before prompt.submit. File-drop detection still runs for absolute, - // tilde, file://, and explicit relative paths. - if (!looksLikeSlashCommand(text) && !/(?:^|\s)(?:file:\/\/|~\/|\.?\.\/|\/)[^\s]+/.test(text)) { - return startSubmit(text, expand(text), showUserMessage) - } - + // Always ask the backend whether this looks like a file drop. + // The backend's _detect_file_drop handles paths with spaces, quotes, + // Windows drive letters, and escaped characters correctly. gw.request('input.detect_drop', { session_id: sid, text }) .then(r => { if (!r?.matched) { From 531ac204081f8a925f547df0f3415bcbd7321817 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:22:40 -0700 Subject: [PATCH 064/133] fix(state): JSON-encode multimodal message content for sqlite sqlite3 can only bind str/bytes/int/float/None to query parameters. Multimodal message content is a list of parts (text + image_url), which raised 'Error binding parameter 3: type list is not supported' in append_message and replace_messages. In the CLI/TUI this surfaced as a visible crash when users pasted screenshots. In the gateway it was silently swallowed by a bare except in append_to_transcript, causing multimodal turns to be lost from the session transcript. Fix at the DB layer: _encode_content wraps lists/dicts as '\\x00json:' + json.dumps(...) on write, _decode_content unwraps on read. Plain strings are untouched, so existing FTS search, previews, and JSONL compat are unaffected. Paired decode in get_messages, get_messages_as_conversation, and search_messages context previews. Regression test covers: list content round-trip, dict content round-trip, string content stored unchanged, replace_messages with multimodal content. Also included: aligned fix #17522 for TUI image attachment with paths containing spaces (see previous commit). --- hermes_state.py | 77 +++++++++++++++++++++++++++++++---- tests/gateway/test_session.py | 21 +++++++--- tests/test_hermes_state.py | 76 ++++++++++++++++++++++++++++++++++ 3 files changed, 162 insertions(+), 12 deletions(-) diff --git a/hermes_state.py b/hermes_state.py index 7ca67d5ceec..a808b684c74 100644 --- a/hermes_state.py +++ b/hermes_state.py @@ -1154,6 +1154,48 @@ class SessionDB: # Message storage # ========================================================================= + # Sentinel prefix used to distinguish JSON-encoded structured content + # (multimodal messages: lists of parts like text + image_url) from plain + # string content. The NUL byte is not legal in normal text, so this + # cannot collide with real user content. + _CONTENT_JSON_PREFIX = "\x00json:" + + @classmethod + def _encode_content(cls, content: Any) -> Any: + """Serialize structured (list/dict) message content for sqlite. + + sqlite3 can only bind ``str``, ``bytes``, ``int``, ``float``, and ``None`` + to query parameters. Multimodal messages have ``content`` as a list of + parts (``[{"type": "text", ...}, {"type": "image_url", ...}]``), which + raises ``ProgrammingError: Error binding parameter N: type 'list' is + not supported`` when bound directly. + + Returns the value unchanged when it's already a safe scalar, or a + sentinel-prefixed JSON string for lists/dicts. Paired with + :meth:`_decode_content` on read. + """ + if content is None or isinstance(content, (str, bytes, int, float)): + return content + try: + return cls._CONTENT_JSON_PREFIX + json.dumps(content) + except (TypeError, ValueError): + # Last-resort fallback: stringify so persistence never fails. + return str(content) + + @classmethod + def _decode_content(cls, content: Any) -> Any: + """Reverse :meth:`_encode_content`; returns scalars unchanged.""" + if isinstance(content, str) and content.startswith(cls._CONTENT_JSON_PREFIX): + try: + return json.loads(content[len(cls._CONTENT_JSON_PREFIX):]) + except (json.JSONDecodeError, TypeError): + logger.warning( + "Failed to decode JSON-encoded message content; " + "returning raw string" + ) + return content + return content + def append_message( self, session_id: str, @@ -1190,6 +1232,9 @@ class SessionDB: if codex_message_items else None ) tool_calls_json = json.dumps(tool_calls) if tool_calls else None + # Multimodal content (list of parts) must be JSON-encoded: sqlite3 + # cannot bind list/dict parameters directly. + stored_content = self._encode_content(content) # Pre-compute tool call count num_tool_calls = 0 @@ -1206,7 +1251,7 @@ class SessionDB: ( session_id, role, - content, + stored_content, tool_call_id, tool_calls_json, tool_name, @@ -1289,7 +1334,7 @@ class SessionDB: ( session_id, role, - msg.get("content"), + self._encode_content(msg.get("content")), msg.get("tool_call_id"), tool_calls_json, msg.get("tool_name"), @@ -1328,6 +1373,8 @@ class SessionDB: result = [] for row in rows: msg = dict(row) + if "content" in msg: + msg["content"] = self._decode_content(msg["content"]) if msg.get("tool_calls"): try: msg["tool_calls"] = json.loads(msg["tool_calls"]) @@ -1425,7 +1472,7 @@ class SessionDB: messages = [] for row in rows: - content = row["content"] + content = self._decode_content(row["content"]) if row["role"] in {"user", "assistant"} and isinstance(content, str): content = sanitize_context(content).strip() msg = {"role": row["role"], "content": content} @@ -1810,10 +1857,26 @@ class SessionDB: )""", (match["id"], match["id"]), ) - context_msgs = [ - {"role": r["role"], "content": (r["content"] or "")[:200]} - for r in ctx_cursor.fetchall() - ] + context_msgs = [] + for r in ctx_cursor.fetchall(): + raw = r["content"] + decoded = self._decode_content(raw) + # Multimodal context: render a compact text-only + # summary for search previews. + if isinstance(decoded, list): + text_parts = [ + p.get("text", "") for p in decoded + if isinstance(p, dict) and p.get("type") == "text" + ] + text = " ".join(t for t in text_parts if t).strip() + preview = text or "[multimodal content]" + elif isinstance(decoded, str): + preview = decoded + else: + preview = "" + context_msgs.append( + {"role": r["role"], "content": preview[:200]} + ) match["context"] = context_msgs except Exception: match["context"] = [] diff --git a/tests/gateway/test_session.py b/tests/gateway/test_session.py index 5e8af49e3e1..57a8aefa5e8 100644 --- a/tests/gateway/test_session.py +++ b/tests/gateway/test_session.py @@ -1243,7 +1243,7 @@ class TestRewriteTranscriptPreservesReasoning: assert after[0].get("reasoning_details") == [{"type": "summary", "text": "step by step"}] assert after[0].get("codex_reasoning_items") == [{"id": "r1", "type": "reasoning"}] - def test_db_rewrite_is_atomic_on_insert_failure(self, tmp_path): + def test_db_rewrite_is_atomic_on_insert_failure(self, tmp_path, monkeypatch): from hermes_state import SessionDB db = SessionDB(db_path=tmp_path / "test.db") @@ -1258,16 +1258,27 @@ class TestRewriteTranscriptPreservesReasoning: store._db = db store._loaded = True + # Force the second insert inside replace_messages to fail, simulating + # any storage-layer error that might abort a multi-row rewrite. + real_encode = SessionDB._encode_content + calls = {"n": 0} + + def flaky_encode(cls, content): + calls["n"] += 1 + if calls["n"] == 2: + raise RuntimeError("simulated storage failure") + return real_encode.__func__(cls, content) + + monkeypatch.setattr(SessionDB, "_encode_content", classmethod(flaky_encode)) + replacement = [ {"role": "user", "content": "after user"}, - { - "role": "assistant", - "content": {"not": "sqlite-bindable but JSONL-safe"}, - }, + {"role": "assistant", "content": "after assistant"}, ] store.rewrite_transcript(session_id, replacement) + # The rewrite must roll back atomically — original messages preserved. after = db.get_messages_as_conversation(session_id) assert [msg["content"] for msg in after] == [ "before user", diff --git a/tests/test_hermes_state.py b/tests/test_hermes_state.py index d66828a6410..a2c48366ded 100644 --- a/tests/test_hermes_state.py +++ b/tests/test_hermes_state.py @@ -212,6 +212,82 @@ class TestMessageStorage: messages = db.get_messages("s1") assert messages[0]["tool_calls"] == tool_calls + def test_multimodal_list_content_round_trip(self, db): + """Multimodal ``content`` (list of parts) must survive the SQLite + round-trip. sqlite3 cannot bind Python lists directly, so the DB + layer JSON-encodes structured content on write and decodes on read. + + Regression test for the "Error binding parameter 3: type 'list' is + not supported" crash users hit when pasting screenshots into the + TUI (issue #17522). + """ + db.create_session(session_id="s1", source="cli") + content = [ + {"type": "text", "text": "describe this screenshot"}, + { + "type": "image_url", + "image_url": {"url": "data:image/png;base64,iVBORw0KG..."}, + }, + ] + + # Write must not raise + db.append_message("s1", role="user", content=content) + + # get_messages decodes back to the original list + msgs = db.get_messages("s1") + assert len(msgs) == 1 + assert msgs[0]["content"] == content + + # get_messages_as_conversation decodes back to the original list + conv = db.get_messages_as_conversation("s1") + assert len(conv) == 1 + assert conv[0] == {"role": "user", "content": content} + + def test_dict_content_round_trip(self, db): + """Dict-shaped content (e.g. provider wrappers) also round-trips.""" + db.create_session(session_id="s1", source="cli") + content = {"parts": [{"text": "hi"}]} + + db.append_message("s1", role="user", content=content) + msgs = db.get_messages("s1") + assert msgs[0]["content"] == content + + def test_string_content_unchanged_by_encoding(self, db): + """Plain strings must not be wrapped — FTS search and legacy + consumers depend on raw-string storage for text content. + """ + db.create_session(session_id="s1", source="cli") + db.append_message("s1", role="user", content="plain text") + + # Peek at the raw column to confirm no encoding was applied + with db._lock: + row = db._conn.execute( + "SELECT content FROM messages WHERE session_id = ?", ("s1",) + ).fetchone() + assert row["content"] == "plain text" + + def test_replace_messages_handles_multimodal_content(self, db): + """`replace_messages` (used by /retry, /undo, /compress) must also + handle list content without crashing.""" + db.create_session(session_id="s1", source="cli") + content = [ + {"type": "text", "text": "look at this"}, + {"type": "image_url", "image_url": {"url": "data:image/png;base64,AAA"}}, + ] + + db.replace_messages( + "s1", + [ + {"role": "user", "content": content}, + {"role": "assistant", "content": "I see a screenshot."}, + ], + ) + + msgs = db.get_messages("s1") + assert len(msgs) == 2 + assert msgs[0]["content"] == content + assert msgs[1]["content"] == "I see a screenshot." + def test_get_messages_as_conversation(self, db): db.create_session(session_id="s1", source="cli") db.append_message("s1", role="user", content="Hello") From 5ed27c0f743c42d1f086f5e972f04c78eb930e00 Mon Sep 17 00:00:00 2001 From: sprmn24 Date: Wed, 29 Apr 2026 01:44:48 +0300 Subject: [PATCH 065/133] fix(tui_gateway): guard env var parsing against invalid values at import _SLASH_WORKER_TIMEOUT_S and _pool used raw float()/int() on env vars at module level. A non-numeric value (e.g. HERMES_TUI_SLASH_TIMEOUT_S=abc) raises ValueError during import, preventing TUI gateway from starting with no useful error message. Wrap both parses in try/except with safe fallbacks: - HERMES_TUI_SLASH_TIMEOUT_S: fallback to 45.0s - HERMES_TUI_RPC_POOL_WORKERS: fallback to 4 workers --- tui_gateway/server.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tui_gateway/server.py b/tui_gateway/server.py index 84b89a437c9..61aa683b770 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -125,9 +125,11 @@ _cfg_lock = threading.Lock() _cfg_cache: dict | None = None _cfg_mtime: float | None = None _cfg_path = None -_SLASH_WORKER_TIMEOUT_S = max( - 5.0, float(os.environ.get("HERMES_TUI_SLASH_TIMEOUT_S", "45") or 45) -) +try: + _slash_timeout = float(os.environ.get("HERMES_TUI_SLASH_TIMEOUT_S") or "45") +except (ValueError, TypeError): + _slash_timeout = 45.0 +_SLASH_WORKER_TIMEOUT_S = max(5.0, _slash_timeout) _DETAIL_SECTION_NAMES = ("thinking", "tools", "subagents", "activity") _DETAIL_MODES = frozenset({"hidden", "collapsed", "expanded"}) @@ -153,8 +155,12 @@ _LONG_HANDLERS = frozenset( } ) +try: + _rpc_pool_workers = max(2, int(os.environ.get("HERMES_TUI_RPC_POOL_WORKERS") or "4")) +except (ValueError, TypeError): + _rpc_pool_workers = 4 _pool = concurrent.futures.ThreadPoolExecutor( - max_workers=max(2, int(os.environ.get("HERMES_TUI_RPC_POOL_WORKERS", "4") or 4)), + max_workers=_rpc_pool_workers, thread_name_prefix="tui-rpc", ) atexit.register(lambda: _pool.shutdown(wait=False, cancel_futures=True)) From bdb7edd89e09f5789fbb759dc1207a00eef7162b Mon Sep 17 00:00:00 2001 From: Yukipukii1 Date: Tue, 28 Apr 2026 15:41:25 +0300 Subject: [PATCH 066/133] fix(gateway): isolate pending native image paths by session --- gateway/run.py | 44 ++++++++--- .../test_native_image_buffer_isolation.py | 79 +++++++++++++++++++ 2 files changed, 110 insertions(+), 13 deletions(-) create mode 100644 tests/gateway/test_native_image_buffer_isolation.py diff --git a/gateway/run.py b/gateway/run.py index 65394935c67..94683edb9a1 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -884,6 +884,7 @@ class GatewayRunner: # /new and /reset. /model and other mid-session operations # preserve the queue. self._queued_events: Dict[str, List[MessageEvent]] = {} + self._pending_native_image_paths_by_session: Dict[str, List[str]] = {} self._busy_ack_ts: Dict[str, float] = {} # last busy-ack timestamp per session (debounce) self._session_run_generation: Dict[str, int] = {} @@ -5079,22 +5080,30 @@ class GatewayRunner: preprocessing pipeline so sender attribution, image enrichment, STT, document notes, reply context, and @ references all behave the same. - Side effect: writes ``self._pending_native_image_paths`` to a list of - local image paths when the active model supports native vision AND - the user has images attached. The caller consumes and clears this - attribute at the ``run_conversation`` site to build a multimodal user - turn. When the list is empty, the ``_enrich_message_with_vision`` - text path has already run and images are represented in-text. + Side effect: buffers per-session native image paths when the active + model supports native vision AND the user has images attached. The + caller consumes and clears that session-scoped buffer at the + ``run_conversation`` site to build a multimodal user turn. When the + list is empty, the ``_enrich_message_with_vision`` text path has + already run and images are represented in-text. """ history = history or [] message_text = event.text or "" - # Reset per-call buffer; set only when native routing is chosen. - self._pending_native_image_paths = [] + _group_sessions_per_user = getattr(self.config, "group_sessions_per_user", True) + _thread_sessions_per_user = getattr(self.config, "thread_sessions_per_user", False) + session_key = build_session_key( + source, + group_sessions_per_user=_group_sessions_per_user, + thread_sessions_per_user=_thread_sessions_per_user, + ) + # Reset only this session's per-call buffer; other sessions may be + # concurrently preparing multimodal turns on the same runner. + self._consume_pending_native_image_paths(session_key) _is_shared_multi_user = is_shared_multi_user_session( source, - group_sessions_per_user=getattr(self.config, "group_sessions_per_user", True), - thread_sessions_per_user=getattr(self.config, "thread_sessions_per_user", False), + group_sessions_per_user=_group_sessions_per_user, + thread_sessions_per_user=_thread_sessions_per_user, ) if _is_shared_multi_user and source.user_name: message_text = f"[{source.user_name}] {message_text}" @@ -5115,7 +5124,11 @@ class GatewayRunner: _img_mode = self._decide_image_input_mode() if _img_mode == "native": # Defer attachment to the run_conversation call site. - self._pending_native_image_paths = list(image_paths) + pending_native = getattr(self, "_pending_native_image_paths_by_session", None) + if pending_native is None: + pending_native = {} + self._pending_native_image_paths_by_session = pending_native + pending_native[session_key] = list(image_paths) logger.info( "Image routing: native (model supports vision). %d image(s) will be attached inline.", len(image_paths), @@ -5254,6 +5267,12 @@ class GatewayRunner: return message_text + def _consume_pending_native_image_paths(self, session_key: str) -> List[str]: + pending_native = getattr(self, "_pending_native_image_paths_by_session", None) + if not pending_native: + return [] + return list(pending_native.pop(session_key, []) or []) + async def _handle_message_with_agent(self, event, source, _quick_key: str, run_generation: int): """Inner handler that runs under the _running_agents sentinel guard.""" _msg_start_time = time.time() @@ -12136,8 +12155,7 @@ class GatewayRunner: # attachment, wrap the user turn as an OpenAI-style multimodal # content list. Consume-and-clear so subsequent turns on the same # runner instance don't re-attach stale images. - _native_imgs = list(getattr(self, "_pending_native_image_paths", []) or []) - self._pending_native_image_paths = [] + _native_imgs = self._consume_pending_native_image_paths(session_key) if _native_imgs: try: from agent.image_routing import build_native_content_parts diff --git a/tests/gateway/test_native_image_buffer_isolation.py b/tests/gateway/test_native_image_buffer_isolation.py new file mode 100644 index 00000000000..f8fb2e65a71 --- /dev/null +++ b/tests/gateway/test_native_image_buffer_isolation.py @@ -0,0 +1,79 @@ +import pytest + +from gateway.config import GatewayConfig, Platform, PlatformConfig +from gateway.platforms.base import MessageEvent, MessageType +from gateway.run import GatewayRunner +from gateway.session import SessionSource, build_session_key + + +def _make_runner() -> GatewayRunner: + runner = GatewayRunner.__new__(GatewayRunner) + runner.config = GatewayConfig( + platforms={Platform.TELEGRAM: PlatformConfig(enabled=True, token="fake")}, + ) + runner.adapters = {} + runner._model = "openai/gpt-4.1-mini" + runner._base_url = None + runner._decide_image_input_mode = lambda: "native" + return runner + + +def _source(chat_id: str) -> SessionSource: + return SessionSource( + platform=Platform.TELEGRAM, + chat_id=chat_id, + chat_type="private", + user_name=f"user-{chat_id}", + ) + + +def _image_event(source: SessionSource, path: str) -> MessageEvent: + return MessageEvent( + text="see image", + message_type=MessageType.PHOTO, + source=source, + media_urls=[path], + media_types=["image/png"], + ) + + +@pytest.mark.asyncio +async def test_native_image_buffer_isolated_per_session(): + runner = _make_runner() + source_a = _source("chat-a") + source_b = _source("chat-b") + + await runner._prepare_inbound_message_text( + event=_image_event(source_a, "/tmp/a.png"), + source=source_a, + history=[], + ) + await runner._prepare_inbound_message_text( + event=_image_event(source_b, "/tmp/b.png"), + source=source_b, + history=[], + ) + + assert runner._consume_pending_native_image_paths(build_session_key(source_a)) == ["/tmp/a.png"] + assert runner._consume_pending_native_image_paths(build_session_key(source_b)) == ["/tmp/b.png"] + + +@pytest.mark.asyncio +async def test_native_image_buffer_not_cleared_by_other_sessions_without_images(): + runner = _make_runner() + source_a = _source("chat-a") + source_b = _source("chat-b") + + await runner._prepare_inbound_message_text( + event=_image_event(source_a, "/tmp/a.png"), + source=source_a, + history=[], + ) + await runner._prepare_inbound_message_text( + event=MessageEvent(text="plain text", source=source_b), + source=source_b, + history=[], + ) + + assert runner._consume_pending_native_image_paths(build_session_key(source_a)) == ["/tmp/a.png"] + assert runner._consume_pending_native_image_paths(build_session_key(source_b)) == [] From a17808146848023b411771257208e66b8b7d7a0b Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:25:17 -0700 Subject: [PATCH 067/133] fix(gateway): use _session_key_for_source for native image buffer write MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Minor follow-up to the native-image-buffer isolation fix. The write site in _prepare_inbound_message_text was calling build_session_key directly, while every other call site in gateway/run.py uses the _session_key_for_source helper — which consults session_store._generate_session_key first and falls back to build_session_key. Keeping the write key and consume key on the same helper prevents key drift if the session store ever overrides the default keying behavior. --- gateway/run.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/gateway/run.py b/gateway/run.py index 94683edb9a1..710bf3b00a7 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -5091,11 +5091,10 @@ class GatewayRunner: message_text = event.text or "" _group_sessions_per_user = getattr(self.config, "group_sessions_per_user", True) _thread_sessions_per_user = getattr(self.config, "thread_sessions_per_user", False) - session_key = build_session_key( - source, - group_sessions_per_user=_group_sessions_per_user, - thread_sessions_per_user=_thread_sessions_per_user, - ) + # Use the same helper every other call site uses so the write key here + # matches the consume key at the run_conversation site — even if the + # session store overrides build_session_key's default behavior. + session_key = self._session_key_for_source(source) # Reset only this session's per-call buffer; other sessions may be # concurrently preparing multimodal turns on the same runner. self._consume_pending_native_image_paths(session_key) From 7abc9ce4dfc389fb2363f80a38c8a12f3017a269 Mon Sep 17 00:00:00 2001 From: Jezza Hehn Date: Thu, 30 Apr 2026 20:26:54 -0700 Subject: [PATCH 068/133] fix(gateway): read /status token totals from SessionDB (#17158) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit /status was reading session_entry.total_tokens from the in-memory SessionStore (gateway/session.py), which the agent never writes to — so the token count was always 0. The agent already persists token deltas to the SQLite SessionDB (run_agent.py:11497) for every platform with a session_id. Route /status through that single source of truth instead of duplicating token writes into a second store. Fix: - gateway/run.py: _handle_status_command now calls self._session_db.get_session(session_id) and sums the five token component columns (input/output/cache_read/cache_write/reasoning). Falls back to 0 when no SessionDB is configured or no row exists. - Two new regression tests covering the populated-row and missing-row paths. Co-authored-by: Hermes <127238744+teknium1@users.noreply.github.com> --- gateway/run.py | 21 +++++++++- tests/gateway/test_status_command.py | 61 ++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 1 deletion(-) diff --git a/gateway/run.py b/gateway/run.py index 710bf3b00a7..49eee192aa6 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -6568,11 +6568,30 @@ class GatewayRunner: queue_depth = self._queue_depth(session_key, adapter=adapter) title = None + # Pull token totals from the SQLite session DB rather than the + # in-memory SessionStore. The agent's per-turn token deltas are + # persisted into sessions_db (run_agent.py), not into SessionEntry, + # so session_entry.total_tokens is always 0. SessionDB is the + # single source of truth; reading it here keeps /status accurate + # without duplicating token writes into two stores. + db_total_tokens = 0 if self._session_db: try: title = self._session_db.get_session_title(session_entry.session_id) except Exception: title = None + try: + row = self._session_db.get_session(session_entry.session_id) + if row: + db_total_tokens = ( + (row.get("input_tokens") or 0) + + (row.get("output_tokens") or 0) + + (row.get("cache_read_tokens") or 0) + + (row.get("cache_write_tokens") or 0) + + (row.get("reasoning_tokens") or 0) + ) + except Exception: + db_total_tokens = 0 lines = [ "📊 **Hermes Gateway Status**", @@ -6584,7 +6603,7 @@ class GatewayRunner: lines.extend([ f"**Created:** {session_entry.created_at.strftime('%Y-%m-%d %H:%M')}", f"**Last Activity:** {session_entry.updated_at.strftime('%Y-%m-%d %H:%M')}", - f"**Tokens:** {session_entry.total_tokens:,}", + f"**Tokens:** {db_total_tokens:,}", f"**Agent Running:** {'Yes ⚡' if is_running else 'No'}", ]) if queue_depth: diff --git a/tests/gateway/test_status_command.py b/tests/gateway/test_status_command.py index 759effb8390..20e45fb4f08 100644 --- a/tests/gateway/test_status_command.py +++ b/tests/gateway/test_status_command.py @@ -55,6 +55,9 @@ def _make_runner(session_entry: SessionEntry, *, platform: Platform = Platform.T runner._pending_approvals = {} runner._session_db = MagicMock() runner._session_db.get_session_title.return_value = None + # Default: no DB row → /status reports 0 tokens. Tests that exercise + # the populated path override this. + runner._session_db.get_session.return_value = None runner._reasoning_config = None runner._provider_routing = {} runner._fallback_model = None @@ -80,6 +83,14 @@ async def test_status_command_reports_running_agent_without_interrupt(monkeypatc total_tokens=321, ) runner = _make_runner(session_entry) + # Token total comes from the SQLite SessionDB, not SessionEntry. + runner._session_db.get_session.return_value = { + "input_tokens": 200, + "output_tokens": 121, + "cache_read_tokens": 0, + "cache_write_tokens": 0, + "reasoning_tokens": 0, + } running_agent = MagicMock() runner._running_agents[build_session_key(_make_source())] = running_agent @@ -113,6 +124,56 @@ async def test_status_command_includes_session_title_when_present(): assert "**Title:** My titled session" in result +@pytest.mark.asyncio +async def test_status_command_reads_token_totals_from_session_db(): + """Regression test for #17158: /status must source token totals from the + SQLite SessionDB (where run_agent.py persists them) and sum all component + counts, not from SessionEntry (which the agent never writes).""" + session_entry = SessionEntry( + session_key=build_session_key(_make_source()), + session_id="sess-1", + created_at=datetime.now(), + updated_at=datetime.now(), + platform=Platform.TELEGRAM, + chat_type="dm", + total_tokens=0, # SessionEntry never gets written to — always 0. + ) + runner = _make_runner(session_entry) + runner._session_db.get_session.return_value = { + "input_tokens": 1000, + "output_tokens": 250, + "cache_read_tokens": 500, + "cache_write_tokens": 100, + "reasoning_tokens": 50, + } + + result = await runner._handle_message(_make_event("/status")) + + # 1000 + 250 + 500 + 100 + 50 = 1,900 + assert "**Tokens:** 1,900" in result + + +@pytest.mark.asyncio +async def test_status_command_tokens_zero_when_session_db_row_missing(): + """When the SessionDB has no row for the current session yet (fresh + session, no agent calls), /status reports 0 without raising.""" + session_entry = SessionEntry( + session_key=build_session_key(_make_source()), + session_id="sess-1", + created_at=datetime.now(), + updated_at=datetime.now(), + platform=Platform.TELEGRAM, + chat_type="dm", + total_tokens=999, # This should be ignored. + ) + runner = _make_runner(session_entry) + runner._session_db.get_session.return_value = None + + result = await runner._handle_message(_make_event("/status")) + + assert "**Tokens:** 0" in result + + @pytest.mark.asyncio async def test_agents_command_reports_active_agents_and_processes(monkeypatch): session_key = build_session_key(_make_source()) From fa9fd26acba4d6f3907ec798974b1431b115557c Mon Sep 17 00:00:00 2001 From: buray Date: Thu, 30 Apr 2026 20:26:27 -0700 Subject: [PATCH 069/133] fix(gateway): re-inject topic-bound skill after /new or /reset MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit reset_session() creates a fresh SessionEntry with created_at == updated_at, but get_or_create_session() bumps updated_at on the next inbound message, causing _is_new_session in _handle_message_with_agent to evaluate False. The topic/channel skill auto-load gate (group_topics, channel_skill_bindings) silently skips the first message after a manual reset. Add an is_fresh_reset flag on SessionEntry, set by reset_session() and consumed once by the message handler. Kept distinct from was_auto_reset because that flag also drives a 'session expired due to inactivity' user-facing notice and a context-note prepend — both wrong for an explicit /new or /reset. Persisted through to_dict/from_dict so the flag survives gateway restart between /reset and the next message. Fixes #6508 Co-authored-by: warabe1122 <45554392+warabe1122@users.noreply.github.com> Co-authored-by: willy-scr <187001140+willy-scr@users.noreply.github.com> --- gateway/run.py | 5 + gateway/session.py | 12 ++ scripts/release.py | 2 + .../test_fresh_reset_skill_injection.py | 201 ++++++++++++++++++ 4 files changed, 220 insertions(+) create mode 100644 tests/gateway/test_fresh_reset_skill_injection.py diff --git a/gateway/run.py b/gateway/run.py index 49eee192aa6..78bd7139beb 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -5300,7 +5300,12 @@ class GatewayRunner: _is_new_session = ( session_entry.created_at == session_entry.updated_at or getattr(session_entry, "was_auto_reset", False) + or getattr(session_entry, "is_fresh_reset", False) ) + # Consume the is_fresh_reset flag immediately so it doesn't leak + # onto subsequent messages in the same session (issue #6508). + if getattr(session_entry, "is_fresh_reset", False): + session_entry.is_fresh_reset = False if _is_new_session: await self.hooks.emit("session:start", { "platform": source.platform.value if source.platform else "", diff --git a/gateway/session.py b/gateway/session.py index 557f026ff14..fcff336afa7 100644 --- a/gateway/session.py +++ b/gateway/session.py @@ -458,6 +458,15 @@ class SessionEntry: was_auto_reset: bool = False auto_reset_reason: Optional[str] = None # "idle" or "daily" reset_had_activity: bool = False # whether the expired session had any messages + + # Set by reset_session() when the user explicitly sends /new or /reset. + # Consumed once by _handle_message_with_agent to trigger topic/channel + # skill re-injection on the first message of the new session. We can't + # reuse was_auto_reset for this because that flag fires the "session + # expired due to inactivity" user-facing notice and a misleading + # context-note prepend — both wrong for an explicit manual reset. + # See issue #6508. + is_fresh_reset: bool = False # Set by the background expiry watcher after it finalizes an expired # session (invoking on_session_finalize hooks and evicting the cached @@ -508,6 +517,7 @@ class SessionEntry: if self.last_resume_marked_at else None ), + "is_fresh_reset": self.is_fresh_reset, } if self.origin: result["origin"] = self.origin.to_dict() @@ -556,6 +566,7 @@ class SessionEntry: resume_pending=data.get("resume_pending", False), resume_reason=data.get("resume_reason"), last_resume_marked_at=last_resume_marked_at, + is_fresh_reset=data.get("is_fresh_reset", False), ) @@ -1132,6 +1143,7 @@ class SessionStore: display_name=old_entry.display_name, platform=old_entry.platform, chat_type=old_entry.chat_type, + is_fresh_reset=True, ) self._entries[session_key] = new_entry diff --git a/scripts/release.py b/scripts/release.py index b560812fbb5..4d93b506fba 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -427,6 +427,8 @@ AUTHOR_MAP = { "ogzerber@users.noreply.github.com": "ogzerber", "cola-runner@users.noreply.github.com": "cola-runner", "ygd58@users.noreply.github.com": "ygd58", + "45554392+warabe1122@users.noreply.github.com": "warabe1122", + "187001140+willy-scr@users.noreply.github.com": "willy-scr", "vominh1919@users.noreply.github.com": "vominh1919", "iamagenius00@users.noreply.github.com": "iamagenius00", "9219265+cresslank@users.noreply.github.com": "cresslank", diff --git a/tests/gateway/test_fresh_reset_skill_injection.py b/tests/gateway/test_fresh_reset_skill_injection.py new file mode 100644 index 00000000000..885dd0f15d6 --- /dev/null +++ b/tests/gateway/test_fresh_reset_skill_injection.py @@ -0,0 +1,201 @@ +"""Regression tests for topic/channel skill auto-injection after /new or /reset. + +Covers the fix for issue #6508. + +Before the fix: + 1. User sends ``/new`` — ``reset_session`` creates a fresh SessionEntry + with ``created_at == updated_at``. + 2. User sends the next message. + 3. ``get_or_create_session`` finds the entry and bumps + ``entry.updated_at = now`` (microseconds after ``created_at``). + 4. ``_handle_message_with_agent`` checks + ``_is_new_session = (created_at == updated_at) or was_auto_reset``. + Both are False → ``_is_new_session = False`` → topic/channel skills + are silently skipped for the first message of a manually reset session. + +After the fix: + ``reset_session`` stamps the new entry with ``is_fresh_reset=True``. + ``_handle_message_with_agent`` ORs this into ``_is_new_session`` and + consumes the flag immediately after the check, so subsequent messages + are treated as continuing the session and the flag does not leak. + +We use ``was_auto_reset`` for surprise resets (idle/daily/suspended) and +``is_fresh_reset`` for user-initiated resets because the former also drives +a "Session automatically reset due to inactivity" user-facing notice and +a context-note prepend into the agent's prompt — both wrong for an explicit +/new or /reset. +""" +import pytest + +from gateway.config import GatewayConfig, Platform +from gateway.session import SessionEntry, SessionSource, SessionStore + + +def _make_store(tmp_path): + return SessionStore(sessions_dir=tmp_path, config=GatewayConfig()) + + +def _make_source(chat_id="123", user_id="u1"): + return SessionSource( + platform=Platform.TELEGRAM, + chat_id=chat_id, + user_id=user_id, + ) + + +def _is_new_session(entry) -> bool: + """Mirror of the predicate in ``_handle_message_with_agent``. + + Kept in-sync with the production check so this test fails loudly if the + upstream logic regresses. + """ + return ( + entry.created_at == entry.updated_at + or getattr(entry, "was_auto_reset", False) + or getattr(entry, "is_fresh_reset", False) + ) + + +# --------------------------------------------------------------------------- +# reset_session stamps is_fresh_reset=True +# --------------------------------------------------------------------------- + +class TestResetSessionStampsFreshReset: + def test_reset_session_sets_is_fresh_reset_true(self, tmp_path): + store = _make_store(tmp_path) + source = _make_source() + store.get_or_create_session(source) + session_key = store._generate_session_key(source) + + new_entry = store.reset_session(session_key) + + assert new_entry is not None + assert new_entry.is_fresh_reset is True + + def test_reset_session_unknown_key_returns_none(self, tmp_path): + store = _make_store(tmp_path) + assert store.reset_session("unknown:key") is None + + def test_fresh_session_does_not_have_is_fresh_reset(self, tmp_path): + """A vanilla first-time session should not carry the flag.""" + store = _make_store(tmp_path) + entry = store.get_or_create_session(_make_source()) + assert entry.is_fresh_reset is False + + +# --------------------------------------------------------------------------- +# Core regression: _is_new_session stays True after updated_at bump +# --------------------------------------------------------------------------- + +class TestIsNewSessionSurvivesUpdatedAtBump: + def test_is_new_session_true_after_reset_then_next_message(self, tmp_path): + """The actual bug: _is_new_session was False on message after /reset.""" + store = _make_store(tmp_path) + source = _make_source() + store.get_or_create_session(source) + session_key = store._generate_session_key(source) + + # User sends /reset + store.reset_session(session_key) + + # Next inbound message — get_or_create_session bumps updated_at + entry = store.get_or_create_session(source) + + # Before the fix: created_at != updated_at, was_auto_reset=False → False + # After the fix: is_fresh_reset=True carries the signal through the bump + assert _is_new_session(entry) is True + + def test_flag_consumed_after_first_read(self, tmp_path): + """After the message handler consumes is_fresh_reset, the NEXT + message should not be treated as a new session (skill re-injection + must not fire a second time). + """ + store = _make_store(tmp_path) + source = _make_source() + store.get_or_create_session(source) + session_key = store._generate_session_key(source) + store.reset_session(session_key) + + # First message — handler consumes the flag + entry = store.get_or_create_session(source) + assert _is_new_session(entry) is True + entry.is_fresh_reset = False # what _handle_message_with_agent does + + # Second message — must not be treated as new + entry = store.get_or_create_session(source) + assert _is_new_session(entry) is False + + +# --------------------------------------------------------------------------- +# Vanilla-session behavior is unchanged +# --------------------------------------------------------------------------- + +class TestVanillaBehaviorUnaffected: + def test_ongoing_session_not_flagged_as_new(self, tmp_path): + store = _make_store(tmp_path) + source = _make_source() + store.get_or_create_session(source) + + # Second message on the same session — updated_at bumps, + # is_fresh_reset was never set + entry = store.get_or_create_session(source) + assert entry.is_fresh_reset is False + assert _is_new_session(entry) is False + + def test_idle_auto_reset_does_not_set_is_fresh_reset(self, tmp_path): + """Idle/daily auto-resets use was_auto_reset — confirm they do NOT + also set is_fresh_reset (which would double-fire the skill path and + not leak through the auto-reset guard). + """ + store = _make_store(tmp_path) + source = _make_source() + entry = store.get_or_create_session(source) + + # Simulate the auto-reset code path: get_or_create_session's internal + # branch that sets was_auto_reset does NOT touch is_fresh_reset. + # Construct a fresh entry the same way that branch does. + store._entries.pop(store._generate_session_key(source)) + fresh = SessionEntry( + session_key=entry.session_key, + session_id="new_id", + created_at=entry.created_at, + updated_at=entry.created_at, + origin=source, + was_auto_reset=True, + auto_reset_reason="idle", + ) + assert fresh.is_fresh_reset is False + assert fresh.was_auto_reset is True + + +# --------------------------------------------------------------------------- +# Persistence through sessions.json round-trip +# --------------------------------------------------------------------------- + +class TestPersistence: + def test_is_fresh_reset_survives_to_dict_from_dict(self, tmp_path): + """Protect against the gateway restarting between /reset and the + next message — the flag must be persisted in sessions.json. + """ + store = _make_store(tmp_path) + source = _make_source() + store.get_or_create_session(source) + session_key = store._generate_session_key(source) + new_entry = store.reset_session(session_key) + + assert new_entry.is_fresh_reset is True + restored = SessionEntry.from_dict(new_entry.to_dict()) + assert restored.is_fresh_reset is True + + def test_default_false_when_missing_from_dict(self, tmp_path): + """Older sessions.json files written before this field existed must + load cleanly with is_fresh_reset defaulting to False. + """ + data = { + "session_key": "telegram:1:123", + "session_id": "sess1", + "created_at": "2026-01-01T00:00:00", + "updated_at": "2026-01-01T00:00:00", + } + entry = SessionEntry.from_dict(data) + assert entry.is_fresh_reset is False From b94cb8e2c4ebf2a8c7688cf676c3cf9899584adb Mon Sep 17 00:00:00 2001 From: Roy-oss1 <268667990+Roy-oss1@users.noreply.github.com> Date: Sun, 26 Apr 2026 15:03:00 +0800 Subject: [PATCH 070/133] feat(feishu): operator-configurable bot admission and mention policy Add two operator-facing toggles for inbound Feishu admission, enabling bot-to-bot scenarios such as A2A orchestration and inter-bot notifications: FEISHU_ALLOW_BOTS=none|mentions|all (default: none) Accept messages from other bots. `mentions` requires the peer bot to @-mention Hermes; `all` admits every peer-bot message. FEISHU_REQUIRE_MENTION=true|false (default: true) Whether group messages must @-mention the bot. Override per-chat via `group_rules..require_mention` in config.yaml. Defaults preserve prior behavior. Self-echo protection is always on: when the bot's identity is unresolved (auto-detection failed and FEISHU_BOT_OPEN_ID unset), peer-bot messages are rejected fail-closed to avoid feedback loops. Admitted peer bots bypass the human-user allowlist (FEISHU_ALLOWED_USERS) to match existing Discord behavior; humans still need an explicit allowlist entry. yaml feishu.allow_bots is bridged to the env var so the adapter and gateway auth layer share one source of truth. Resolving peer-bot display names requires the application:bot.basic_info:read scope; without it, peers still route but appear as their open_id. Test: tests/gateway/test_feishu_bot_admission.py covers the admission pipeline, group-policy bot-bypass, hydration, and event-dispatch plumbing as a parametrized matrix. Change-Id: I363cccb578c2a5c8b8bf0f0a890c01c89909e256 --- gateway/config.py | 6 + gateway/platforms/feishu.py | 255 ++++-- gateway/run.py | 16 +- tests/gateway/feishu_helpers.py | 65 ++ tests/gateway/test_config.py | 32 + tests/gateway/test_feishu.py | 373 ++++++--- tests/gateway/test_feishu_bot_admission.py | 745 ++++++++++++++++++ tests/gateway/test_feishu_bot_auth_bypass.py | 113 +++ .../docs/reference/environment-variables.md | 2 + website/docs/user-guide/messaging/feishu.md | 53 +- 10 files changed, 1478 insertions(+), 182 deletions(-) create mode 100644 tests/gateway/feishu_helpers.py create mode 100644 tests/gateway/test_feishu_bot_admission.py create mode 100644 tests/gateway/test_feishu_bot_auth_bypass.py diff --git a/gateway/config.py b/gateway/config.py index 4021beede58..9cf4ec12f69 100644 --- a/gateway/config.py +++ b/gateway/config.py @@ -900,6 +900,12 @@ def load_gateway_config() -> GatewayConfig: if "dm_mention_threads" in matrix_cfg and not os.getenv("MATRIX_DM_MENTION_THREADS"): os.environ["MATRIX_DM_MENTION_THREADS"] = str(matrix_cfg["dm_mention_threads"]).lower() + # Feishu settings → env vars (env vars take precedence) + feishu_cfg = yaml_cfg.get("feishu", {}) + if isinstance(feishu_cfg, dict): + if "allow_bots" in feishu_cfg and not os.getenv("FEISHU_ALLOW_BOTS"): + os.environ["FEISHU_ALLOW_BOTS"] = str(feishu_cfg["allow_bots"]).lower() + except Exception as e: logger.warning( "Failed to process config.yaml — falling back to .env / gateway.json values. " diff --git a/gateway/platforms/feishu.py b/gateway/platforms/feishu.py index 7d25a227fc9..8bc2ae816ed 100644 --- a/gateway/platforms/feishu.py +++ b/gateway/platforms/feishu.py @@ -64,7 +64,7 @@ from dataclasses import dataclass, field from datetime import datetime from pathlib import Path from types import SimpleNamespace -from typing import Any, Dict, List, Optional, Sequence +from typing import Any, Dict, List, Literal, Optional, Sequence from urllib.error import HTTPError, URLError from urllib.parse import urlencode from urllib.request import Request, urlopen @@ -388,6 +388,8 @@ class FeishuAdapterSettings: admins: frozenset[str] = frozenset() default_group_policy: str = "" group_rules: Dict[str, FeishuGroupRule] = field(default_factory=dict) + allow_bots: str = "none" # "none" | "mentions" | "all" + require_mention: bool = True @dataclass @@ -397,6 +399,7 @@ class FeishuGroupRule: policy: str # "open" | "allowlist" | "blacklist" | "admin_only" | "disabled" allowlist: set[str] = field(default_factory=set) blacklist: set[str] = field(default_factory=set) + require_mention: Optional[bool] = None # None = inherit global @dataclass @@ -406,6 +409,40 @@ class FeishuBatchState: counts: Dict[str, int] = field(default_factory=dict) +# --------------------------------------------------------------------------- +# Admission: policy types +# --------------------------------------------------------------------------- + + +RejectReason = Literal[ + "self_echo", + "self_ids_unknown", + "bots_disabled", + "bot_not_mentioned", + "group_policy_rejected", +] + + +def _is_bot_sender(sender: Any) -> bool: + # receive_v1 docs say {user, bot}; accept "app" defensively. + return getattr(sender, "sender_type", "") in ("bot", "app") + + +def _sender_identity(sender: Any) -> frozenset: + # Take any non-empty id variant — tenant sender_id_type decides which are populated. + sid = getattr(sender, "sender_id", None) + if sid is None: + return frozenset() + return frozenset( + v for v in ( + getattr(sid, "open_id", None), + getattr(sid, "user_id", None), + getattr(sid, "union_id", None), + ) + if v + ) + + # --------------------------------------------------------------------------- # Markdown rendering helpers # --------------------------------------------------------------------------- @@ -1378,10 +1415,16 @@ class FeishuAdapter(BasePlatformAdapter): for chat_id, rule_cfg in raw_group_rules.items(): if not isinstance(rule_cfg, dict): continue + # Only override when the key is explicitly set — missing vs false + # must not collapse. + per_chat_require_mention: Optional[bool] = None + if "require_mention" in rule_cfg: + per_chat_require_mention = _to_boolean(rule_cfg.get("require_mention")) group_rules[str(chat_id)] = FeishuGroupRule( policy=str(rule_cfg.get("policy", "open")).strip().lower(), allowlist=set(str(u).strip() for u in rule_cfg.get("allowlist", []) if str(u).strip()), blacklist=set(str(u).strip() for u in rule_cfg.get("blacklist", []) if str(u).strip()), + require_mention=per_chat_require_mention, ) # Bot-level admins @@ -1391,6 +1434,16 @@ class FeishuAdapter(BasePlatformAdapter): # Default group policy (for groups not in group_rules) default_group_policy = str(extra.get("default_group_policy", "")).strip().lower() + # Env-only so adapter and gateway auth bypass share one source; yaml + # feishu.allow_bots is bridged to this env var at config load. + allow_bots = os.getenv("FEISHU_ALLOW_BOTS", "none").strip().lower() + if allow_bots not in ("none", "mentions", "all"): + logger.warning( + "[Feishu] Unknown allow_bots=%r, falling back to 'none'. Valid: none, mentions, all.", + allow_bots, + ) + allow_bots = "none" + return FeishuAdapterSettings( app_id=str(extra.get("app_id") or os.getenv("FEISHU_APP_ID", "")).strip(), app_secret=str(extra.get("app_secret") or os.getenv("FEISHU_APP_SECRET", "")).strip(), @@ -1447,6 +1500,10 @@ class FeishuAdapter(BasePlatformAdapter): admins=admins, default_group_policy=default_group_policy, group_rules=group_rules, + allow_bots=allow_bots, + require_mention=_to_boolean( + extra.get("require_mention", os.getenv("FEISHU_REQUIRE_MENTION", "true")) + ), ) def _apply_settings(self, settings: FeishuAdapterSettings) -> None: @@ -1477,6 +1534,8 @@ class FeishuAdapter(BasePlatformAdapter): self._ws_reconnect_interval = settings.ws_reconnect_interval self._ws_ping_interval = settings.ws_ping_interval self._ws_ping_timeout = settings.ws_ping_timeout + self._allow_bots = settings.allow_bots + self._require_mention = settings.require_mention def _build_event_handler(self) -> Any: if EventDispatcherHandler is None: @@ -2190,30 +2249,28 @@ class FeishuAdapter(BasePlatformAdapter): event = getattr(data, "event", None) message = getattr(event, "message", None) sender = getattr(event, "sender", None) - sender_id = getattr(sender, "sender_id", None) - if not message or not sender_id: - logger.debug("[Feishu] Dropping malformed inbound event: missing message or sender_id") + if not message or not sender or not getattr(sender, "sender_id", None): + logger.debug("[Feishu] Dropping malformed inbound event: missing message/sender") return message_id = getattr(message, "message_id", None) if not message_id or self._is_duplicate(message_id): logger.debug("[Feishu] Dropping duplicate/missing message_id: %s", message_id) return - if self._is_self_sent_bot_message(event): - logger.debug("[Feishu] Dropping self-sent bot event: %s", message_id) + + reason = self._admit(sender, message) + if reason is not None: + logger.debug("[Feishu] dropping inbound event: %s", reason) return chat_type = getattr(message, "chat_type", "p2p") - chat_id = getattr(message, "chat_id", "") or "" - if chat_type != "p2p" and not self._should_accept_group_message(message, sender_id, chat_id): - logger.debug("[Feishu] Dropping group message that failed mention/policy gate: %s", message_id) - return await self._process_inbound_message( data=data, message=message, - sender_id=sender_id, + sender_id=getattr(sender, "sender_id", None), chat_type=chat_type, message_id=message_id, + is_bot=_is_bot_sender(sender), ) def _on_message_read_event(self, data: P2ImMessageMessageReadV1) -> None: @@ -2390,10 +2447,11 @@ class FeishuAdapter(BasePlatformAdapter): msg = items[0] if items else None if not msg: return + # GET im/v1/messages returns sender.id=app_id for bot messages — + # peer bots and us share sender_type="app" but differ on app_id. sender = getattr(msg, "sender", None) - sender_type = str(getattr(sender, "sender_type", "") or "").lower() - if sender_type != "app": - return # only route reactions on our own bot messages + if str(getattr(sender, "id", "") or "") != self._app_id: + return # only route reactions on this bot's own messages chat_id = str(getattr(msg, "chat_id", "") or "") chat_type_raw = str(getattr(msg, "chat_type", "p2p") or "p2p") if not chat_id: @@ -2680,6 +2738,7 @@ class FeishuAdapter(BasePlatformAdapter): sender_id: Any, chat_type: str, message_id: str, + is_bot: bool = False, ) -> None: text, inbound_type, media_urls, media_types, mentions = await self._extract_message_content(message) @@ -2705,19 +2764,27 @@ class FeishuAdapter(BasePlatformAdapter): ) reply_to_text = await self._fetch_message_text(reply_to_message_id) if reply_to_message_id else None + sender_primary = ( + getattr(sender_id, "open_id", None) + or getattr(sender_id, "user_id", None) + or getattr(sender_id, "union_id", None) + or "" + ) logger.info( - "[Feishu] Inbound %s message received: id=%s type=%s chat_id=%s text=%r media=%d", + "[Feishu] Inbound %s message received: id=%s type=%s chat_id=%s sender=%s:%s text=%r media=%d", "dm" if chat_type == "p2p" else "group", message_id, inbound_type.value, getattr(message, "chat_id", "") or "", + "bot" if is_bot else "user", + sender_primary, text[:120], len(media_urls), ) chat_id = getattr(message, "chat_id", "") or "" chat_info = await self.get_chat_info(chat_id) - sender_profile = await self._resolve_sender_profile(sender_id) + sender_profile = await self._resolve_sender_profile(sender_id, is_bot=is_bot) source = self.build_source( chat_id=chat_id, chat_name=chat_info.get("name") or chat_id or "Feishu Chat", @@ -2726,6 +2793,7 @@ class FeishuAdapter(BasePlatformAdapter): user_name=sender_profile["user_name"], thread_id=getattr(message, "thread_id", None) or None, user_id_alt=sender_profile["user_id_alt"], + is_bot=is_bot, ) normalized = MessageEvent( text=text, @@ -3448,7 +3516,12 @@ class FeishuAdapter(BasePlatformAdapter): return "dm" return "group" - async def _resolve_sender_profile(self, sender_id: Any) -> Dict[str, Optional[str]]: + async def _resolve_sender_profile( + self, + sender_id: Any, + *, + is_bot: bool = False, + ) -> Dict[str, Optional[str]]: """Map Feishu's three-tier user IDs onto Hermes' SessionSource fields. Preference order for the primary ``user_id`` field: @@ -3465,7 +3538,11 @@ class FeishuAdapter(BasePlatformAdapter): union_id = getattr(sender_id, "union_id", None) or None # Prefer tenant-scoped user_id; fall back to app-scoped open_id. primary_id = user_id or open_id - display_name = await self._resolve_sender_name_from_api(primary_id or union_id) + # bot/v3/bots/basic_batch only accepts open_id. + name_lookup_id = open_id if is_bot else (primary_id or union_id) + display_name = await self._resolve_sender_name_from_api( + name_lookup_id, is_bot=is_bot, + ) return { "user_id": primary_id, "user_name": display_name, @@ -3485,11 +3562,14 @@ class FeishuAdapter(BasePlatformAdapter): self._sender_name_cache.pop(sender_id, None) return None - async def _resolve_sender_name_from_api(self, sender_id: Optional[str]) -> Optional[str]: - """Fetch the sender's display name from the Feishu contact API with a 10-minute cache. - - ID-type detection mirrors openclaw: ou_ → open_id, on_ → union_id, else user_id. - Failures are silently suppressed; the message pipeline must not block on name resolution. + async def _resolve_sender_name_from_api( + self, + sender_id: Optional[str], + *, + is_bot: bool = False, + ) -> Optional[str]: + """Bots divert to bot/basic_batch — contact API doesn't return bot names. + Failures are silent so the pipeline never blocks on name resolution. """ if not sender_id or not self._client: return None @@ -3499,7 +3579,16 @@ class FeishuAdapter(BasePlatformAdapter): now = time.time() cached_name = self._get_cached_sender_name(trimmed) if cached_name is not None: - return cached_name + return cached_name or None # "" cached means "known nameless" + if is_bot: + names = await self._fetch_bot_names([trimmed]) + if names is None: + return None + expire_at = now + _FEISHU_SENDER_NAME_TTL_SECONDS + for oid, name in names.items(): + self._sender_name_cache[oid] = (name, expire_at) + hit = self._sender_name_cache.get(trimmed) + return (hit[0] or None) if hit else None try: from lark_oapi.api.contact.v3 import GetUserRequest # lazy import if trimmed.startswith("ou_"): @@ -3528,6 +3617,35 @@ class FeishuAdapter(BasePlatformAdapter): logger.debug("[Feishu] Failed to resolve sender name for %s", sender_id, exc_info=True) return None + async def _fetch_bot_names(self, bot_ids: List[str]) -> Optional[Dict[str, str]]: + if not self._client or not bot_ids: + return None + try: + req = ( + BaseRequest.builder() + .http_method(HttpMethod.GET) + .uri("/open-apis/bot/v3/bots/basic_batch") + .queries([("bot_ids", oid) for oid in bot_ids]) + .token_types({AccessTokenType.TENANT}) + .build() + ) + resp = await asyncio.to_thread(self._client.request, req) + content = getattr(getattr(resp, "raw", None), "content", None) + if not content: + return None + payload = json.loads(content) + if payload.get("code") != 0: + return None + bots = (payload.get("data") or {}).get("bots") or {} + return { + oid: str(info.get("name") or "").strip() + for oid, info in bots.items() + if oid + } + except Exception: + logger.debug("[Feishu] Failed to fetch bot names for %s", bot_ids, exc_info=True) + return None + async def _fetch_message_text(self, message_id: str) -> Optional[str]: if not self._client or not message_id: return None @@ -3591,10 +3709,60 @@ class FeishuAdapter(BasePlatformAdapter): logger.exception("[Feishu] Background inbound processing failed") # ========================================================================= - # Group policy and mention gating + # Inbound admission # ========================================================================= - def _allow_group_message(self, sender_id: Any, chat_id: str = "") -> bool: + def _admit(self, sender: Any, message: Any) -> Optional[RejectReason]: + sender_ids = _sender_identity(sender) + self_ids = frozenset(v for v in (self._bot_open_id, self._bot_user_id) if v) + is_bot = _is_bot_sender(sender) + is_group = getattr(message, "chat_type", "p2p") != "p2p" + chat_id = getattr(message, "chat_id", "") or "" + require_mention = is_group and self._require_mention_for(chat_id) + + # Defensive only — Feishu doesn't echo our outbound back as inbound, + # and open_id is always populated on both sides. + if self_ids and sender_ids & self_ids: + return "self_echo" + + if is_bot: + mode = self._allow_bots + if mode != "mentions" and mode != "all": + return "bots_disabled" + # Defensive: pre-hydration or malformed payloads. + if not self_ids or not sender_ids: + return "self_ids_unknown" + # Step 4 covers mention enforcement for groups when require_mention + # is on; check here only on paths step 4 won't reach. + if mode == "mentions" and not require_mention and not self._mentions_self(message): + return "bot_not_mentioned" + + if not is_group: + return None + + if not self._allow_group_message( + getattr(sender, "sender_id", None), chat_id, is_bot=is_bot, + ): + return "group_policy_rejected" + if require_mention and not self._mentions_self(message): + return "group_policy_rejected" + return None + + def _require_mention_for(self, chat_id: str) -> bool: + rule = self._group_rules.get(chat_id) if chat_id else None + if rule and rule.require_mention is not None: + return rule.require_mention + return self._require_mention + + # --- Group policy --------------------------------------------------------- + + def _allow_group_message( + self, + sender_id: Any, + chat_id: str = "", + *, + is_bot: bool = False, + ) -> bool: """Per-group policy gate for non-DM traffic.""" sender_open_id = getattr(sender_id, "open_id", None) sender_user_id = getattr(sender_id, "user_id", None) @@ -3613,12 +3781,17 @@ class FeishuAdapter(BasePlatformAdapter): allowlist = self._allowed_group_users blacklist = set() + # Channel locks apply to everyone; allowlist/blacklist only gate humans + # (bots were already cleared upstream by FEISHU_ALLOW_BOTS). if policy == "disabled": return False if policy == "open": return True if policy == "admin_only": return False + if is_bot: + return True + if policy == "allowlist": return bool(sender_ids and (sender_ids & allowlist)) if policy == "blacklist": @@ -3626,17 +3799,16 @@ class FeishuAdapter(BasePlatformAdapter): return bool(sender_ids and (sender_ids & self._allowed_group_users)) - def _should_accept_group_message(self, message: Any, sender_id: Any, chat_id: str = "") -> bool: - """Require an explicit @mention before group messages enter the agent.""" - if not self._allow_group_message(sender_id, chat_id): - return False - # @_all is Feishu's @everyone placeholder — always route to the bot. + # --- Mention detection ---------------------------------------------------- + + def _mentions_self(self, message: Any) -> bool: + # @_all is Feishu's @everyone placeholder. raw_content = getattr(message, "content", "") or "" if "@_all" in raw_content: return True mentions = getattr(message, "mentions", None) or [] - if mentions: - return self._message_mentions_bot(mentions) + if mentions and self._message_mentions_bot(mentions): + return True normalized = normalize_feishu_message( message_type=getattr(message, "message_type", "") or "", raw_content=raw_content, @@ -3645,23 +3817,6 @@ class FeishuAdapter(BasePlatformAdapter): ) return self._post_mentions_bot(normalized.mentions) - def _is_self_sent_bot_message(self, event: Any) -> bool: - """Return True only for Feishu events emitted by this Hermes bot.""" - sender = getattr(event, "sender", None) - sender_type = str(getattr(sender, "sender_type", "") or "").strip().lower() - if sender_type not in {"bot", "app"}: - return False - - sender_id = getattr(sender, "sender_id", None) - sender_open_id = str(getattr(sender_id, "open_id", "") or "").strip() - sender_user_id = str(getattr(sender_id, "user_id", "") or "").strip() - - if self._bot_open_id and sender_open_id == self._bot_open_id: - return True - if self._bot_user_id and sender_user_id == self._bot_user_id: - return True - return False - def _message_mentions_bot(self, mentions: List[Any]) -> bool: # IDs trump names: when both sides have open_id (or both user_id), # match requires equal IDs. Name fallback only when either side diff --git a/gateway/run.py b/gateway/run.py index 78bd7139beb..c7ed4550017 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -3958,6 +3958,11 @@ class GatewayRunner: Platform.QQBOT: "QQ_ALLOW_ALL_USERS", Platform.YUANBAO: "YUANBAO_ALLOW_ALL_USERS", } + # Bots admitted by {PLATFORM}_ALLOW_BOTS bypass the human allowlist (#4466). + platform_allow_bots_map = { + Platform.DISCORD: "DISCORD_ALLOW_BOTS", + Platform.FEISHU: "FEISHU_ALLOW_BOTS", + } # Plugin platforms: check the registry for auth env var names if source.platform not in platform_env_map: @@ -3977,14 +3982,9 @@ class GatewayRunner: if platform_allow_all_var and os.getenv(platform_allow_all_var, "").lower() in ("true", "1", "yes"): return True - # Discord bot senders that passed the DISCORD_ALLOW_BOTS platform - # filter are already authorized at the platform level — skip the - # user allowlist. Without this, bot messages allowed by - # DISCORD_ALLOW_BOTS=mentions/all would be rejected here with - # "Unauthorized user" (fixes #4466). - if source.platform == Platform.DISCORD and getattr(source, "is_bot", False): - allow_bots = os.getenv("DISCORD_ALLOW_BOTS", "none").lower().strip() - if allow_bots in ("mentions", "all"): + if getattr(source, "is_bot", False): + allow_bots_var = platform_allow_bots_map.get(source.platform) + if allow_bots_var and os.getenv(allow_bots_var, "none").lower().strip() in ("mentions", "all"): return True # Discord role-based access (DISCORD_ALLOWED_ROLES): the adapter's diff --git a/tests/gateway/feishu_helpers.py b/tests/gateway/feishu_helpers.py new file mode 100644 index 00000000000..753a61a70a8 --- /dev/null +++ b/tests/gateway/feishu_helpers.py @@ -0,0 +1,65 @@ +"""Shared fixtures for Feishu adapter tests (admission, group policy, dispatch).""" + +from __future__ import annotations + +import threading +from types import SimpleNamespace +from typing import Any, Optional + + +def make_sender(sender_type: str = "user", open_id: str = "ou_human", + user_id: Optional[str] = None, union_id: Optional[str] = None) -> Any: + return SimpleNamespace( + sender_type=sender_type, + sender_id=SimpleNamespace(open_id=open_id, user_id=user_id, union_id=union_id), + ) + + +def make_message(message_id: str = "om_xxx", chat_type: str = "p2p", + chat_id: str = "oc_1", mentions: Optional[list] = None) -> Any: + return SimpleNamespace( + message_id=message_id, + chat_type=chat_type, + chat_id=chat_id, + mentions=mentions, + content="", + message_type="text", + ) + + +def make_adapter_skeleton( + *, + bot_open_id: str = "ou_me", + bot_user_id: str = "", + allow_bots: str = "none", + require_mention: bool = True, + group_policy: str = "allowlist", +) -> Any: + from gateway.platforms.feishu import FeishuAdapter + + adapter = object.__new__(FeishuAdapter) + adapter._bot_open_id = bot_open_id + adapter._bot_user_id = bot_user_id + adapter._bot_name = "" + adapter._app_id = "" + adapter._admins = set() + adapter._group_rules = {} + adapter._group_policy = group_policy + adapter._default_group_policy = group_policy + adapter._allowed_group_users = frozenset() + adapter._allow_bots = allow_bots + adapter._require_mention = require_mention + return adapter + + +def install_dedup_state(adapter: Any, seen: Optional[dict] = None) -> None: + adapter._seen_message_ids = dict(seen) if seen else {} + adapter._seen_message_order = list((seen or {}).keys()) + adapter._dedup_cache_size = 100 + adapter._dedup_lock = threading.Lock() + adapter._dedup_state_path = None + adapter._persist_seen_message_ids = lambda: None + + +def stub_mention(adapter: Any, mentions_self: bool) -> None: + adapter._mentions_self = lambda _message: mentions_self diff --git a/tests/gateway/test_config.py b/tests/gateway/test_config.py index f68ac72ed2f..669545c8f48 100644 --- a/tests/gateway/test_config.py +++ b/tests/gateway/test_config.py @@ -360,6 +360,38 @@ class TestLoadGatewayConfig: "C01ABC": "Code review mode", } + def test_bridges_feishu_allow_bots_from_config_yaml_to_env(self, tmp_path, monkeypatch): + hermes_home = tmp_path / ".hermes" + hermes_home.mkdir() + config_path = hermes_home / "config.yaml" + config_path.write_text( + "feishu:\n allow_bots: mentions\n", + encoding="utf-8", + ) + + monkeypatch.setenv("HERMES_HOME", str(hermes_home)) + monkeypatch.delenv("FEISHU_ALLOW_BOTS", raising=False) + + load_gateway_config() + + assert os.environ.get("FEISHU_ALLOW_BOTS") == "mentions" + + def test_feishu_allow_bots_env_takes_precedence_over_config_yaml(self, tmp_path, monkeypatch): + hermes_home = tmp_path / ".hermes" + hermes_home.mkdir() + config_path = hermes_home / "config.yaml" + config_path.write_text( + "feishu:\n allow_bots: all\n", + encoding="utf-8", + ) + + monkeypatch.setenv("HERMES_HOME", str(hermes_home)) + monkeypatch.setenv("FEISHU_ALLOW_BOTS", "none") + + load_gateway_config() + + assert os.environ.get("FEISHU_ALLOW_BOTS") == "none" + def test_invalid_quick_commands_in_config_yaml_are_ignored(self, tmp_path, monkeypatch): hermes_home = tmp_path / ".hermes" hermes_home.mkdir() diff --git a/tests/gateway/test_feishu.py b/tests/gateway/test_feishu.py index f21b7dcef82..ea5a8057293 100644 --- a/tests/gateway/test_feishu.py +++ b/tests/gateway/test_feishu.py @@ -8,6 +8,7 @@ import time import unittest from pathlib import Path from types import SimpleNamespace +from typing import Dict from unittest.mock import AsyncMock, Mock, patch from gateway.platforms.base import ProcessingOutcome @@ -557,6 +558,16 @@ class TestAdapterModule(unittest.TestCase): self.assertEqual(fake_client._ping_interval, 4) +def _admits_group(adapter, message, sender_id, chat_id=""): + """Group-path shim: run a message through ``_admit`` and return a bool.""" + sender = SimpleNamespace(sender_type="user", sender_id=sender_id) + if not hasattr(message, "chat_type"): + message.chat_type = "group" + if chat_id: + message.chat_id = chat_id + return adapter._admit(sender, message) is None + + class TestAdapterBehavior(unittest.TestCase): @patch.dict(os.environ, {}, clear=True) def test_build_event_handler_registers_reaction_and_card_processors(self): @@ -689,6 +700,67 @@ class TestAdapterBehavior(unittest.TestCase): adapter._on_reaction_event("im.message.reaction.created_v1", data) run_threadsafe.assert_called_once() + def _build_reaction_adapter(self, *, msg_sender_id: str): + """Build a FeishuAdapter wired up to return a single GET-message result.""" + from gateway.config import PlatformConfig + from gateway.platforms.feishu import FeishuAdapter + + adapter = FeishuAdapter(PlatformConfig()) + adapter._app_id = "cli_self_app" + adapter._bot_open_id = "ou_self_bot" + adapter._bot_user_id = "u_self_bot" + + msg = SimpleNamespace( + sender=SimpleNamespace(sender_type="app", id=msg_sender_id, id_type="app_id"), + chat_id="oc_chat", + chat_type="group", + ) + response = SimpleNamespace(success=lambda: True, data=SimpleNamespace(items=[msg])) + adapter._client = SimpleNamespace( + im=SimpleNamespace( + v1=SimpleNamespace(message=SimpleNamespace(get=Mock(return_value=response))) + ) + ) + adapter._build_get_message_request = Mock(return_value=object()) + adapter._handle_message_with_guards = AsyncMock() + adapter._resolve_sender_profile = AsyncMock( + return_value={"user_id": "u_human", "user_name": "Human", "user_id_alt": None} + ) + adapter.get_chat_info = AsyncMock(return_value={"name": "Test Chat"}) + return adapter + + @patch.dict(os.environ, {}, clear=True) + def test_reaction_on_peer_bot_message_is_not_routed(self): + # GET im/v1/messages sender for bot messages carries id=app_id; a peer + # bot's message has a different app_id than ours, so it must be dropped. + adapter = self._build_reaction_adapter(msg_sender_id="cli_peer_app") + + event = SimpleNamespace( + message_id="om_peer_msg", + user_id=SimpleNamespace(open_id="ou_human", user_id=None, union_id=None), + reaction_type=SimpleNamespace(emoji_type="THUMBSUP"), + ) + data = SimpleNamespace(event=event) + asyncio.run( + adapter._handle_reaction_event("im.message.reaction.created_v1", data) + ) + adapter._handle_message_with_guards.assert_not_awaited() + + @patch.dict(os.environ, {}, clear=True) + def test_reaction_on_our_own_bot_message_is_routed(self): + adapter = self._build_reaction_adapter(msg_sender_id="cli_self_app") + + event = SimpleNamespace( + message_id="om_self_msg", + user_id=SimpleNamespace(open_id="ou_human", user_id=None, union_id=None), + reaction_type=SimpleNamespace(emoji_type="THUMBSUP"), + ) + data = SimpleNamespace(event=event) + asyncio.run( + adapter._handle_reaction_event("im.message.reaction.created_v1", data) + ) + adapter._handle_message_with_guards.assert_awaited_once() + @patch.dict(os.environ, {"FEISHU_GROUP_POLICY": "open"}, clear=True) def test_group_message_requires_mentions_even_when_policy_open(self): from gateway.config import PlatformConfig @@ -697,10 +769,10 @@ class TestAdapterBehavior(unittest.TestCase): adapter = FeishuAdapter(PlatformConfig()) message = SimpleNamespace(mentions=[]) sender_id = SimpleNamespace(open_id="ou_any", user_id=None) - self.assertFalse(adapter._should_accept_group_message(message, sender_id, "")) + self.assertFalse(_admits_group(adapter, message, sender_id, "")) message_with_mention = SimpleNamespace(mentions=[SimpleNamespace(key="@_user_1")]) - self.assertFalse(adapter._should_accept_group_message(message_with_mention, sender_id, "")) + self.assertFalse(_admits_group(adapter, message_with_mention, sender_id, "")) @patch.dict(os.environ, {"FEISHU_GROUP_POLICY": "open"}, clear=True) def test_group_message_with_other_user_mention_is_rejected_when_bot_identity_unknown(self): @@ -714,59 +786,10 @@ class TestAdapterBehavior(unittest.TestCase): id=SimpleNamespace(open_id="ou_other", user_id="u_other"), ) - self.assertFalse(adapter._should_accept_group_message(SimpleNamespace(mentions=[other_mention]), sender_id, "")) - - @patch.dict( - os.environ, - { - "FEISHU_BOT_OPEN_ID": "ou_hermes", - "FEISHU_BOT_USER_ID": "u_hermes", - }, - clear=True, - ) - def test_other_bot_sender_is_not_treated_as_self_sent_message(self): - from gateway.config import PlatformConfig - from gateway.platforms.feishu import FeishuAdapter - - adapter = FeishuAdapter(PlatformConfig()) - event = SimpleNamespace( - sender=SimpleNamespace( - sender_type="bot", - sender_id=SimpleNamespace(open_id="ou_other_bot", user_id="u_other_bot"), - ) + self.assertFalse( + _admits_group(adapter, SimpleNamespace(mentions=[other_mention]), sender_id, "") ) - self.assertFalse(adapter._is_self_sent_bot_message(event)) - - @patch.dict( - os.environ, - { - "FEISHU_BOT_OPEN_ID": "ou_hermes", - "FEISHU_BOT_USER_ID": "u_hermes", - }, - clear=True, - ) - def test_self_bot_sender_is_treated_as_self_sent_message(self): - from gateway.config import PlatformConfig - from gateway.platforms.feishu import FeishuAdapter - - adapter = FeishuAdapter(PlatformConfig()) - by_open_id = SimpleNamespace( - sender=SimpleNamespace( - sender_type="bot", - sender_id=SimpleNamespace(open_id="ou_hermes", user_id="u_other"), - ) - ) - by_user_id = SimpleNamespace( - sender=SimpleNamespace( - sender_type="app", - sender_id=SimpleNamespace(open_id="ou_other", user_id="u_hermes"), - ) - ) - - self.assertTrue(adapter._is_self_sent_bot_message(by_open_id)) - self.assertTrue(adapter._is_self_sent_bot_message(by_user_id)) - @patch.dict( os.environ, { @@ -792,14 +815,14 @@ class TestAdapterBehavior(unittest.TestCase): ) self.assertTrue( - adapter._should_accept_group_message( + _admits_group(adapter, mentioned, SimpleNamespace(open_id="ou_allowed", user_id=None), "", ) ) self.assertFalse( - adapter._should_accept_group_message( + _admits_group(adapter, mentioned, SimpleNamespace(open_id="ou_blocked", user_id=None), "", @@ -828,14 +851,14 @@ class TestAdapterBehavior(unittest.TestCase): ) self.assertTrue( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_alice", user_id=None), "oc_chat_a", ) ) self.assertFalse( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_charlie", user_id=None), "oc_chat_a", @@ -864,14 +887,14 @@ class TestAdapterBehavior(unittest.TestCase): ) self.assertTrue( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_alice", user_id=None), "oc_chat_b", ) ) self.assertFalse( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_blocked", user_id=None), "oc_chat_b", @@ -900,14 +923,14 @@ class TestAdapterBehavior(unittest.TestCase): ) self.assertTrue( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_admin", user_id=None), "oc_chat_c", ) ) self.assertFalse( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_regular", user_id=None), "oc_chat_c", @@ -936,14 +959,14 @@ class TestAdapterBehavior(unittest.TestCase): ) self.assertTrue( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_admin", user_id=None), "oc_chat_d", ) ) self.assertFalse( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_regular", user_id=None), "oc_chat_d", @@ -973,7 +996,7 @@ class TestAdapterBehavior(unittest.TestCase): ) self.assertTrue( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_admin", user_id=None), "oc_chat_e", @@ -997,7 +1020,7 @@ class TestAdapterBehavior(unittest.TestCase): ) self.assertTrue( - adapter._should_accept_group_message( + _admits_group(adapter, message, SimpleNamespace(open_id="ou_anyone", user_id=None), "oc_chat_unknown", @@ -1022,8 +1045,12 @@ class TestAdapterBehavior(unittest.TestCase): id=SimpleNamespace(open_id="ou_other", user_id="u_other"), ) - self.assertTrue(adapter._should_accept_group_message(SimpleNamespace(mentions=[bot_mention]), sender_id, "")) - self.assertFalse(adapter._should_accept_group_message(SimpleNamespace(mentions=[other_mention]), sender_id, "")) + self.assertTrue( + _admits_group(adapter, SimpleNamespace(mentions=[bot_mention]), sender_id, "") + ) + self.assertFalse( + _admits_group(adapter, SimpleNamespace(mentions=[other_mention]), sender_id, "") + ) @patch.dict(os.environ, {"FEISHU_GROUP_POLICY": "open"}, clear=True) def test_group_message_matches_bot_name_when_only_name_available(self): @@ -1048,8 +1075,12 @@ class TestAdapterBehavior(unittest.TestCase): id=SimpleNamespace(open_id=None, user_id=None), ) - self.assertTrue(adapter._should_accept_group_message(SimpleNamespace(mentions=[name_only_mention]), sender_id, "")) - self.assertFalse(adapter._should_accept_group_message(SimpleNamespace(mentions=[different_mention]), sender_id, "")) + self.assertTrue( + _admits_group(adapter, SimpleNamespace(mentions=[name_only_mention]), sender_id, "") + ) + self.assertFalse( + _admits_group(adapter, SimpleNamespace(mentions=[different_mention]), sender_id, "") + ) # Case 2: bot's open_id IS known — a same-name human with different # open_id must NOT admit (IDs override names). @@ -1066,8 +1097,17 @@ class TestAdapterBehavior(unittest.TestCase): id=SimpleNamespace(open_id="ou_bot", user_id=None), ) - self.assertFalse(adapter2._should_accept_group_message(SimpleNamespace(mentions=[same_name_other_id_mention]), sender_id, "")) - self.assertTrue(adapter2._should_accept_group_message(SimpleNamespace(mentions=[bot_mention]), sender_id, "")) + self.assertFalse( + _admits_group( + adapter2, + SimpleNamespace(mentions=[same_name_other_id_mention]), + sender_id, + "", + ) + ) + self.assertTrue( + _admits_group(adapter2, SimpleNamespace(mentions=[bot_mention]), sender_id, "") + ) @patch.dict(os.environ, {}, clear=True) def test_extract_post_message_as_text(self): @@ -1411,6 +1451,7 @@ class TestAdapterBehavior(unittest.TestCase): data=SimpleNamespace(event=SimpleNamespace(message=message)), message=message, sender_id=SimpleNamespace(open_id="ou_user", user_id=None, union_id=None), + is_bot=False, chat_type="p2p", message_id="om_command", ) @@ -1522,13 +1563,14 @@ class TestAdapterBehavior(unittest.TestCase): user_id="u_user", union_id="on_union", ) - data = SimpleNamespace(event=SimpleNamespace(message=message, sender=SimpleNamespace(sender_id=sender_id))) + sender = SimpleNamespace(sender_type="user", sender_id=sender_id) + data = SimpleNamespace(event=SimpleNamespace(message=message, sender=sender)) asyncio.run( adapter._process_inbound_message( data=data, message=message, - sender_id=sender_id, + sender_id=sender.sender_id, chat_type="p2p", message_id="om_text", ) @@ -1761,13 +1803,14 @@ class TestAdapterBehavior(unittest.TestCase): message_id="om_group_text", ) sender_id = SimpleNamespace(open_id="ou_user", user_id=None, union_id=None) + sender = SimpleNamespace(sender_type="user", sender_id=sender_id) data = SimpleNamespace(event=SimpleNamespace(message=message)) asyncio.run( adapter._process_inbound_message( data=data, message=message, - sender_id=sender_id, + sender_id=sender.sender_id, chat_type="group", message_id="om_group_text", ) @@ -1805,6 +1848,7 @@ class TestAdapterBehavior(unittest.TestCase): data=SimpleNamespace(event=SimpleNamespace(message=message)), message=message, sender_id=SimpleNamespace(open_id="ou_user", user_id=None, union_id=None), + is_bot=False, chat_type="p2p", message_id="om_reply", ) @@ -2667,11 +2711,12 @@ class TestAdapterBehavior(unittest.TestCase): @unittest.skipUnless(_HAS_LARK_OAPI, "lark-oapi not installed") class TestHydrateBotIdentity(unittest.TestCase): - """Hydration of bot identity via /open-apis/bot/v3/info and application info. + """Hydration of bot identity via ``/open-apis/bot/v3/info``. - Covers the manual-setup path where FEISHU_BOT_OPEN_ID / FEISHU_BOT_USER_ID - are not configured. Hydration must populate _bot_open_id so that - _is_self_sent_bot_message() can filter the adapter's own outbound echoes. + Covers the manual-setup path where ``FEISHU_BOT_OPEN_ID`` / + ``FEISHU_BOT_NAME`` are not configured — hydration populates them so + self-echo protection and group @mention gating both have something to + match against. """ def _make_adapter(self): @@ -2700,11 +2745,6 @@ class TestHydrateBotIdentity(unittest.TestCase): self.assertEqual(adapter._bot_open_id, "ou_hermes_hydrated") self.assertEqual(adapter._bot_name, "Hermes Bot") - # Application-info fallback must NOT run when bot_name is already set. - self.assertFalse( - adapter._client.application.v6.application.get.called - if hasattr(adapter._client, "application") else False - ) @patch.dict( os.environ, @@ -2721,7 +2761,6 @@ class TestHydrateBotIdentity(unittest.TestCase): asyncio.run(adapter._hydrate_bot_identity()) - # Neither probe should run — both fields are already populated. adapter._client.request.assert_not_called() self.assertEqual(adapter._bot_open_id, "ou_env") self.assertEqual(adapter._bot_name, "Env Hermes") @@ -2766,33 +2805,6 @@ class TestHydrateBotIdentity(unittest.TestCase): self.assertEqual(adapter._bot_open_id, "") self.assertEqual(adapter._bot_name, "Fallback Bot") - @patch.dict(os.environ, {}, clear=True) - def test_hydrated_open_id_enables_self_send_filter(self): - """E2E: after hydration, _is_self_sent_bot_message() rejects adapter's own id.""" - adapter = self._make_adapter() - adapter._client = Mock() - payload = json.dumps( - {"code": 0, "bot": {"bot_name": "Hermes", "open_id": "ou_hermes"}} - ).encode("utf-8") - adapter._client.request = Mock(return_value=SimpleNamespace(raw=SimpleNamespace(content=payload))) - - asyncio.run(adapter._hydrate_bot_identity()) - - self_event = SimpleNamespace( - sender=SimpleNamespace( - sender_type="bot", - sender_id=SimpleNamespace(open_id="ou_hermes", user_id=""), - ) - ) - peer_event = SimpleNamespace( - sender=SimpleNamespace( - sender_type="bot", - sender_id=SimpleNamespace(open_id="ou_peer_bot", user_id=""), - ) - ) - self.assertTrue(adapter._is_self_sent_bot_message(self_event)) - self.assertFalse(adapter._is_self_sent_bot_message(peer_event)) - @unittest.skipUnless(_HAS_LARK_OAPI, "lark-oapi not installed") class TestPendingInboundQueue(unittest.TestCase): @@ -3137,7 +3149,7 @@ class TestGroupMentionAtAll(unittest.TestCase): mentions=[], ) sender_id = SimpleNamespace(open_id="ou_any", user_id=None) - self.assertTrue(adapter._should_accept_group_message(message, sender_id, "")) + self.assertTrue(_admits_group(adapter, message, sender_id, "")) @patch.dict(os.environ, {"FEISHU_GROUP_POLICY": "allowlist", "FEISHU_ALLOWED_USERS": "ou_allowed"}, clear=True) def test_at_all_still_requires_policy_gate(self): @@ -3149,15 +3161,15 @@ class TestGroupMentionAtAll(unittest.TestCase): message = SimpleNamespace(content='{"text":"@_all attention"}', mentions=[]) # Non-allowlisted user — should be blocked even with @_all. blocked_sender = SimpleNamespace(open_id="ou_blocked", user_id=None) - self.assertFalse(adapter._should_accept_group_message(message, blocked_sender, "")) + self.assertFalse(_admits_group(adapter, message, blocked_sender, "")) # Allowlisted user — should pass. allowed_sender = SimpleNamespace(open_id="ou_allowed", user_id=None) - self.assertTrue(adapter._should_accept_group_message(message, allowed_sender, "")) + self.assertTrue(_admits_group(adapter, message, allowed_sender, "")) @unittest.skipUnless(_HAS_LARK_OAPI, "lark-oapi not installed") class TestSenderNameResolution(unittest.TestCase): - """Tests for _resolve_sender_name_from_api.""" + """Tests for _resolve_sender_name_from_api (contact API + cache).""" @patch.dict(os.environ, {}, clear=True) def test_returns_none_when_client_is_none(self): @@ -3261,6 +3273,137 @@ class TestSenderNameResolution(unittest.TestCase): self.assertIsNone(result) +@unittest.skipUnless(_HAS_LARK_OAPI, "lark-oapi not installed") +class TestBotNameResolution(unittest.TestCase): + """Tests for the bot branch of _resolve_sender_name_from_api (basic_batch API + shared cache).""" + + @staticmethod + def _batch_payload(bots: Dict[str, str]): + import json as _json + body = { + oid: {"bot_id": oid, "name": name, "i18n_names": {"en_us": name}} + for oid, name in bots.items() + } + return _json.dumps({"code": 0, "msg": "", "data": {"bots": body, "failed_bots": {}}}).encode() + + def _build_adapter_with_bots(self, bots: Dict[str, str]): + from gateway.config import PlatformConfig + from gateway.platforms.feishu import FeishuAdapter + + adapter = FeishuAdapter(PlatformConfig()) + calls = [] + + def _fake_request(request): + calls.append(request) + return SimpleNamespace(raw=SimpleNamespace(content=self._batch_payload(bots))) + + adapter._client = SimpleNamespace(request=_fake_request) + return adapter, calls + + @patch.dict(os.environ, {}, clear=True) + def test_returns_cached_bot_name_without_api_call(self): + from gateway.config import PlatformConfig + from gateway.platforms.feishu import FeishuAdapter + + adapter = FeishuAdapter(PlatformConfig()) + adapter._sender_name_cache["ou_peer"] = ("Peer Bot", time.time() + 600) + adapter._client = SimpleNamespace( + request=lambda _r: (_ for _ in ()).throw(RuntimeError("should not fetch")) + ) + result = asyncio.run(adapter._resolve_sender_name_from_api("ou_peer", is_bot=True)) + self.assertEqual(result, "Peer Bot") + + @patch.dict(os.environ, {}, clear=True) + def test_fetches_and_caches_bot_name(self): + adapter, calls = self._build_adapter_with_bots({"ou_peer": "Peer Bot"}) + + async def _direct(func, *args, **kwargs): + return func(*args, **kwargs) + + with patch("gateway.platforms.feishu.asyncio.to_thread", side_effect=_direct): + result = asyncio.run(adapter._resolve_sender_name_from_api("ou_peer", is_bot=True)) + + self.assertEqual(result, "Peer Bot") + self.assertEqual(adapter._sender_name_cache["ou_peer"][0], "Peer Bot") + self.assertEqual(len(calls), 1) + self.assertIn("/open-apis/bot/v3/bots/basic_batch", calls[0].uri) + # Feishu expects repeated ?bot_ids= params, not comma-joined. + self.assertEqual(calls[0].queries, [("bot_ids", "ou_peer")]) + + @patch.dict(os.environ, {}, clear=True) + def test_api_failure_returns_none_and_does_not_poison_cache(self): + from gateway.config import PlatformConfig + from gateway.platforms.feishu import FeishuAdapter + + adapter = FeishuAdapter(PlatformConfig()) + + def _broken_request(_req): + raise RuntimeError("API down") + + adapter._client = SimpleNamespace(request=_broken_request) + + async def _direct(func, *args, **kwargs): + return func(*args, **kwargs) + + with patch("gateway.platforms.feishu.asyncio.to_thread", side_effect=_direct): + result = asyncio.run(adapter._resolve_sender_name_from_api("ou_peer", is_bot=True)) + + self.assertIsNone(result) + self.assertNotIn("ou_peer", adapter._sender_name_cache) + + @patch.dict(os.environ, {}, clear=True) + def test_bot_absent_from_response_is_not_cached(self): + """Bot not in ``data.bots`` (e.g. landed in ``failed_bots``) → no + cache entry, next lookup re-fetches.""" + adapter, _ = self._build_adapter_with_bots({"ou_other": "Other Bot"}) + + async def _direct(func, *args, **kwargs): + return func(*args, **kwargs) + + with patch("gateway.platforms.feishu.asyncio.to_thread", side_effect=_direct): + result = asyncio.run(adapter._resolve_sender_name_from_api("ou_ghost", is_bot=True)) + + self.assertIsNone(result) + self.assertNotIn("ou_ghost", adapter._sender_name_cache) + + @patch.dict(os.environ, {}, clear=True) + def test_empty_name_in_response_is_negative_cached(self): + """API returns name="" → cache "" so repeat lookups short-circuit.""" + adapter, calls = self._build_adapter_with_bots({"ou_nameless": ""}) + + async def _direct(func, *args, **kwargs): + return func(*args, **kwargs) + + with patch("gateway.platforms.feishu.asyncio.to_thread", side_effect=_direct): + first = asyncio.run(adapter._resolve_sender_name_from_api("ou_nameless", is_bot=True)) + second = asyncio.run(adapter._resolve_sender_name_from_api("ou_nameless", is_bot=True)) + + self.assertIsNone(first) + self.assertIsNone(second) + self.assertEqual(adapter._sender_name_cache["ou_nameless"][0], "") + self.assertEqual(len(calls), 1) + + @patch.dict(os.environ, {}, clear=True) + def test_non_zero_code_returns_none(self): + from gateway.config import PlatformConfig + from gateway.platforms.feishu import FeishuAdapter + + adapter = FeishuAdapter(PlatformConfig()) + error_payload = b'{"code":99991663,"msg":"permission denied"}' + adapter._client = SimpleNamespace( + request=lambda _r: SimpleNamespace(raw=SimpleNamespace(content=error_payload)) + ) + + async def _direct(func, *args, **kwargs): + return func(*args, **kwargs) + + with patch("gateway.platforms.feishu.asyncio.to_thread", side_effect=_direct): + result = asyncio.run(adapter._resolve_sender_name_from_api("ou_peer", is_bot=True)) + + self.assertIsNone(result) + self.assertNotIn("ou_peer", adapter._sender_name_cache) + + @unittest.skipUnless(_HAS_LARK_OAPI, "lark-oapi not installed") class TestProcessingReactions(unittest.TestCase): """Typing on start → removed on SUCCESS, swapped for CrossMark on FAILURE, diff --git a/tests/gateway/test_feishu_bot_admission.py b/tests/gateway/test_feishu_bot_admission.py new file mode 100644 index 00000000000..83b70238430 --- /dev/null +++ b/tests/gateway/test_feishu_bot_admission.py @@ -0,0 +1,745 @@ +"""Adapter-layer tests for Feishu bot-sender admission (``FeishuAdapter._admit``).""" + +from __future__ import annotations + +from types import SimpleNamespace +from typing import Any + +import pytest + +from tests.gateway.feishu_helpers import ( + install_dedup_state, + make_adapter_skeleton, + make_message, + make_sender, + stub_mention, +) + + +# --- FeishuAdapterSettings wiring ------------------------------------------ + + +@pytest.mark.parametrize( + "env_value, expected", + [ + ("none", "none"), + ("mentions", "mentions"), + ("all", "all"), + (" Mentions ", "mentions"), + ], +) +def test_feishu_load_settings_populates_allow_bots(monkeypatch, env_value, expected): + from gateway.platforms.feishu import FeishuAdapter + + monkeypatch.setenv("FEISHU_APP_ID", "cli_test") + monkeypatch.setenv("FEISHU_APP_SECRET", "secret_test") + monkeypatch.setenv("FEISHU_ALLOW_BOTS", env_value) + + settings = FeishuAdapter._load_settings(extra={}) + assert settings.allow_bots == expected + + +def test_feishu_load_settings_allow_bots_defaults_to_none(monkeypatch): + from gateway.platforms.feishu import FeishuAdapter + + monkeypatch.setenv("FEISHU_APP_ID", "cli_test") + monkeypatch.setenv("FEISHU_APP_SECRET", "secret_test") + monkeypatch.delenv("FEISHU_ALLOW_BOTS", raising=False) + + settings = FeishuAdapter._load_settings(extra={}) + assert settings.allow_bots == "none" + + +def test_feishu_load_settings_ignores_extra_allow_bots(monkeypatch): + # extra is ignored — env is single source of truth (yaml is bridged to env). + from gateway.platforms.feishu import FeishuAdapter + + monkeypatch.setenv("FEISHU_APP_ID", "cli_test") + monkeypatch.setenv("FEISHU_APP_SECRET", "secret_test") + monkeypatch.delenv("FEISHU_ALLOW_BOTS", raising=False) + + settings = FeishuAdapter._load_settings(extra={"allow_bots": "all"}) + assert settings.allow_bots == "none" + + +def test_feishu_load_settings_falls_back_to_env_when_extra_missing(monkeypatch): + from gateway.platforms.feishu import FeishuAdapter + + monkeypatch.setenv("FEISHU_APP_ID", "cli_test") + monkeypatch.setenv("FEISHU_APP_SECRET", "secret_test") + monkeypatch.setenv("FEISHU_ALLOW_BOTS", "mentions") + + settings = FeishuAdapter._load_settings(extra={}) + assert settings.allow_bots == "mentions" + + +def test_feishu_load_settings_warns_on_unknown_allow_bots(monkeypatch, caplog): + import logging + + from gateway.platforms.feishu import FeishuAdapter + + monkeypatch.setenv("FEISHU_APP_ID", "cli_test") + monkeypatch.setenv("FEISHU_APP_SECRET", "secret_test") + monkeypatch.setenv("FEISHU_ALLOW_BOTS", "menton") # typo + + with caplog.at_level(logging.WARNING, logger="gateway.platforms.feishu"): + settings = FeishuAdapter._load_settings(extra={}) + + assert settings.allow_bots == "none" + assert any("allow_bots" in r.message and "menton" in r.message for r in caplog.records) + + +@pytest.mark.parametrize( + "env_value, extra, expected", + [ + (None, {}, True), + ("false", {}, False), + ("true", {}, True), + ("true", {"require_mention": False}, False), + ], +) +def test_feishu_load_settings_require_mention(monkeypatch, env_value, extra, expected): + from gateway.platforms.feishu import FeishuAdapter + + monkeypatch.setenv("FEISHU_APP_ID", "cli_test") + monkeypatch.setenv("FEISHU_APP_SECRET", "secret_test") + if env_value is None: + monkeypatch.delenv("FEISHU_REQUIRE_MENTION", raising=False) + else: + monkeypatch.setenv("FEISHU_REQUIRE_MENTION", env_value) + + settings = FeishuAdapter._load_settings(extra=extra) + assert settings.require_mention is expected + + +def test_feishu_load_settings_parses_per_group_require_mention(monkeypatch): + from gateway.platforms.feishu import FeishuAdapter + + monkeypatch.setenv("FEISHU_APP_ID", "cli_test") + monkeypatch.setenv("FEISHU_APP_SECRET", "secret_test") + + settings = FeishuAdapter._load_settings(extra={ + "group_rules": { + "oc_free": {"policy": "open", "require_mention": False}, + "oc_strict": {"policy": "open", "require_mention": True}, + "oc_inherit": {"policy": "open"}, + }, + }) + assert settings.group_rules["oc_free"].require_mention is False + assert settings.group_rules["oc_strict"].require_mention is True + assert settings.group_rules["oc_inherit"].require_mention is None + + +# --- Module-level helpers -------------------------------------------------- + + +def test_sender_identity_collects_every_non_empty_id_variant(): + from gateway.platforms.feishu import _sender_identity + + sender = SimpleNamespace( + sender_id=SimpleNamespace(open_id="ou_x", user_id="", union_id="un_x"), + ) + assert _sender_identity(sender) == frozenset({"ou_x", "un_x"}) + + +def test_sender_identity_handles_missing_sender_id(): + from gateway.platforms.feishu import _sender_identity + + assert _sender_identity(SimpleNamespace()) == frozenset() + + +@pytest.mark.parametrize("sender_type", ["bot", "app"]) +def test_is_bot_sender_treats_bot_and_app_as_bot_origin(sender_type): + from gateway.platforms.feishu import _is_bot_sender + + assert _is_bot_sender(SimpleNamespace(sender_type=sender_type)) is True + + +@pytest.mark.parametrize("sender_type", ["user", "", None]) +def test_is_bot_sender_rejects_non_bot_origin(sender_type): + from gateway.platforms.feishu import _is_bot_sender + + assert _is_bot_sender(SimpleNamespace(sender_type=sender_type)) is False + + +# --- _admit pipeline matrix ------------------------------------------------ +# +# Covers the four-step admission pipeline (self_echo → bot_policy → +# DM bypass → group_policy + mention) as a single result-only matrix. +# Each row pins one decision in the pipeline; tests asserting call-count +# semantics live below in their own functions. + + +def _admit_case( + *, + adapter: dict | None = None, + sender: dict | None = None, + message: dict | None = None, + mentions_self: bool | None = None, + expected: str | None = None, +): + return { + "adapter": adapter or {}, + "sender": sender or {}, + "message": message or {}, + "mentions_self": mentions_self, + "expected": expected, + } + + +_ADMIT_CASES = [ + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_me", "allow_bots": "all"}, + sender={"sender_type": "bot", "open_id": "ou_me"}, + expected="self_echo", + ), + id="self_echo:open_id_under_all_mode", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "", "bot_user_id": "u_me", "allow_bots": "all"}, + sender={"sender_type": "bot", "open_id": None, "user_id": "u_me"}, + expected="self_echo", + ), + id="self_echo:user_id_only", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_me", "allow_bots": "all"}, + sender={"sender_type": "bot", "open_id": "ou_me", "user_id": "u_me", "union_id": "un_me"}, + expected="self_echo", + ), + id="self_echo:mixed_ids", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "bot_user_id": "u_self", "allow_bots": "all"}, + sender={"sender_type": "bot", "open_id": None, "user_id": "u_self"}, + expected="self_echo", + ), + id="self_echo:user_id_when_bot_user_id_set", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "allow_bots": "none"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + expected="bots_disabled", + ), + id="bots_disabled:mode_none", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "allow_bots": ""}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + expected="bots_disabled", + ), + id="bots_disabled:mode_empty", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "allow_bots": "loose"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + expected="bots_disabled", + ), + id="bots_disabled:mode_unknown_value", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "", "allow_bots": "none"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + expected="bots_disabled", + ), + id="bots_disabled:wins_over_self_ids_unknown", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "", "allow_bots": "all"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + expected="self_ids_unknown", + ), + id="self_ids_unknown:bot_sender_no_self_ids", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "", "allow_bots": "all"}, + sender={"sender_type": "app", "open_id": "ou_peer"}, + expected="self_ids_unknown", + ), + id="self_ids_unknown:app_sender_no_self_ids", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "allow_bots": "all"}, + sender={"sender_type": "app", "open_id": None}, + expected="self_ids_unknown", + ), + id="self_ids_unknown:no_sender_ids", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "allow_bots": "mentions"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + mentions_self=False, + expected="bot_not_mentioned", + ), + id="mentions_mode:not_mentioned_dm", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "allow_bots": "mentions"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + mentions_self=True, + expected=None, + ), + id="mentions_mode:mentioned_dm", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "allow_bots": "all"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + mentions_self=False, + expected=None, + ), + id="all_mode:not_mentioned_dm", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "ou_self", "allow_bots": "all"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + mentions_self=True, + expected=None, + ), + id="all_mode:mentioned_dm", + ), + pytest.param( + _admit_case( + adapter={"bot_open_id": "", "allow_bots": "none"}, + sender={"sender_type": "user", "open_id": "ou_human"}, + expected=None, + ), + id="human:dm_admitted_regardless_of_allow_bots", + ), + pytest.param( + _admit_case( + adapter={"allow_bots": "all"}, + sender={"sender_type": "user", "open_id": "ou_human"}, + message={"message_id": "om_ok", "chat_type": "p2p"}, + expected=None, + ), + id="human:p2p_admitted", + ), + pytest.param( + _admit_case( + adapter={ + "bot_open_id": "ou_self", + "require_mention": False, + "group_policy": "open", + }, + sender={"sender_type": "user", "open_id": "ou_human"}, + message={"chat_type": "group"}, + mentions_self=False, + expected=None, + ), + id="require_mention_false:group_human_no_mention_admitted", + ), + pytest.param( + _admit_case( + adapter={ + "bot_open_id": "ou_self", + "allow_bots": "all", + "require_mention": False, + "group_policy": "open", + }, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + message={"chat_type": "group"}, + mentions_self=False, + expected=None, + ), + id="require_mention_false:group_bot_all_mode_admitted", + ), + pytest.param( + _admit_case( + adapter={ + "bot_open_id": "ou_self", + "allow_bots": "mentions", + "require_mention": False, + "group_policy": "open", + }, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + message={"chat_type": "group"}, + mentions_self=False, + expected="bot_not_mentioned", + ), + id="require_mention_false:group_bot_mentions_mode_still_gated", + ), +] + + +@pytest.mark.parametrize("case", _ADMIT_CASES) +def test_admit_pipeline(case): + adapter = make_adapter_skeleton(**case["adapter"]) + if case["mentions_self"] is not None: + stub_mention(adapter, case["mentions_self"]) + sender = make_sender(**case["sender"]) + message = make_message(**case["message"]) + assert adapter._admit(sender, message) == case["expected"] + + +# --- Mention call-count semantics ------------------------------------------ + + +def test_admit_skips_mention_check_under_all_mode(): + # Tripwire: under allow_bots=all the mention path must not be probed. + adapter = make_adapter_skeleton(bot_open_id="ou_self", allow_bots="all") + calls = 0 + + def _tripwire(_message): + nonlocal calls + calls += 1 + return False + + adapter._mentions_self = _tripwire + + sender = make_sender(sender_type="bot", open_id="ou_peer") + assert adapter._admit(sender, make_message()) is None + assert calls == 0 + + +def test_admit_group_mention_checked_once_per_call(): + # Stage 2 (mentions mode) and stage 4 (group require_mention) must not + # double-evaluate _mentions_self for the same admit call. + adapter = make_adapter_skeleton( + bot_open_id="ou_self", allow_bots="mentions", require_mention=True, + group_policy="open", + ) + calls = 0 + + def _counting(_message): + nonlocal calls + calls += 1 + return True + + adapter._mentions_self = _counting + + sender = make_sender(sender_type="bot", open_id="ou_peer") + assert adapter._admit(sender, make_message(chat_type="group")) is None + assert calls == 1 + + +# --- Per-group require_mention override ------------------------------------ + + +def test_admit_per_group_require_mention_overrides_global(): + from gateway.platforms.feishu import FeishuGroupRule + + adapter = make_adapter_skeleton( + bot_open_id="ou_self", require_mention=True, group_policy="open", + ) + adapter._group_rules = { + "oc_free": FeishuGroupRule(policy="open", require_mention=False), + } + stub_mention(adapter, False) + + sender = make_sender(sender_type="user", open_id="ou_human") + assert adapter._admit(sender, make_message(chat_id="oc_free", chat_type="group")) is None + assert ( + adapter._admit(sender, make_message(chat_id="oc_other", chat_type="group")) + == "group_policy_rejected" + ) + + +# --- Hydration ------------------------------------------------------------- + + +def test_hydrate_bot_identity_populates_self_ids_from_bot_v3_info(monkeypatch): + import asyncio + + from gateway.platforms.feishu import FeishuAdapter + + adapter = object.__new__(FeishuAdapter) + adapter._bot_open_id = "" + adapter._bot_user_id = "" + adapter._bot_name = "" + adapter._allow_bots = "all" + + captured = {} + + def _fake_request(request): + captured["uri"] = getattr(request, "uri", None) + captured["http_method"] = getattr(request, "http_method", None) + return SimpleNamespace(raw=SimpleNamespace( + content=b'{"code":0,"bot":{"app_name":"Hermes","open_id":"ou_hydrated"}}' + )) + + adapter._client = SimpleNamespace(request=_fake_request) + + asyncio.run(adapter._hydrate_bot_identity()) + + assert captured["uri"] == "/open-apis/bot/v3/info" + assert str(captured["http_method"]).endswith("GET") + assert adapter._bot_open_id == "ou_hydrated" + assert adapter._bot_name == "Hermes" + # /bot/v3/info doesn't surface user_id, so _bot_user_id stays empty. + assert adapter._bot_user_id == "" + + +def test_resolve_sender_profile_uses_open_id_for_bot_name_lookup(): + import asyncio + + from gateway.platforms.feishu import FeishuAdapter + + adapter = object.__new__(FeishuAdapter) + adapter._client = object() + adapter._sender_name_cache = {} + seen_ids = [] + + async def _fake_fetch_bot_names(bot_ids): + seen_ids.extend(bot_ids) + return {"ou_peer": "Peer Bot"} + + adapter._fetch_bot_names = _fake_fetch_bot_names + + profile = asyncio.run( + adapter._resolve_sender_profile( + SimpleNamespace(open_id="ou_peer", user_id="u_peer", union_id="on_peer"), + is_bot=True, + ) + ) + + assert seen_ids == ["ou_peer"] + assert profile["user_id"] == "u_peer" + assert profile["user_name"] == "Peer Bot" + + +# --- _allow_group_message matrix ------------------------------------------- +# +# Bot-bypass semantics: admitted bots skip allowlist/blacklist (parallel +# human-scope filters), but channel-level locks (disabled, admin_only) and +# admin short-circuits still apply. + + +def _group_case( + *, + adapter: dict | None = None, + admins: set | None = None, + group_rules: dict | None = None, + sender: dict | None = None, + chat_id: str = "oc_1", + is_bot: bool = False, + expected: bool = False, +): + return { + "adapter": adapter or {}, + "admins": admins or set(), + "group_rules": group_rules or {}, + "sender": sender or {}, + "chat_id": chat_id, + "is_bot": is_bot, + "expected": expected, + } + + +def _group_rule(policy: str, **kwargs): + from gateway.platforms.feishu import FeishuGroupRule + return FeishuGroupRule(policy=policy, **kwargs) + + +_GROUP_CASES = [ + pytest.param( + _group_case( + sender={"sender_type": "bot", "open_id": "ou_peer"}, + is_bot=True, + expected=True, + ), + id="bot:bypasses_default_allowlist", + ), + pytest.param( + _group_case( + sender={"sender_type": "user", "open_id": "ou_stranger"}, + is_bot=False, + expected=False, + ), + id="human:gated_by_default_allowlist", + ), + pytest.param( + _group_case( + admins={"ou_peer"}, + sender={"sender_type": "bot", "open_id": "ou_peer"}, + is_bot=True, + expected=True, + ), + id="bot:admin_short_circuit", + ), + pytest.param( + _group_case( + admins={"u_admin"}, + sender={"sender_type": "user", "open_id": None, "user_id": "u_admin"}, + is_bot=False, + expected=True, + ), + id="human:admin_via_user_id", + ), + pytest.param( + _group_case( + sender={"sender_type": "bot", "open_id": "ou_peer"}, + is_bot=True, + expected=True, + ), + id="bot:allowlist_skipped", + ), + pytest.param( + _group_case( + sender={"sender_type": "app", "open_id": "ou_peer"}, + is_bot=True, + expected=True, + ), + id="app:allowlist_skipped", + ), +] + + +# Channel-lock cases need group_rules construction; keep them in a separate +# parametrize so we can use _group_rule() (FeishuGroupRule import). +_GROUP_RULE_CASES = [ + pytest.param( + "disabled", "bot", False, + id="bot:disabled_policy_blocks_even_with_bypass", + ), + pytest.param( + "disabled", "app", False, + id="app:disabled_policy_blocks_even_with_bypass", + ), + pytest.param( + "admin_only", "bot", False, + id="bot:admin_only_policy_blocks_non_admin", + ), + pytest.param( + "admin_only", "app", False, + id="app:admin_only_policy_blocks_non_admin", + ), +] + + +@pytest.mark.parametrize("case", _GROUP_CASES) +def test_allow_group_message_matrix(case): + adapter = make_adapter_skeleton(**case["adapter"]) + adapter._admins = case["admins"] + adapter._group_rules = case["group_rules"] + sender = make_sender(**case["sender"]) + assert adapter._allow_group_message( + sender_id=sender.sender_id, + chat_id=case["chat_id"], + is_bot=case["is_bot"], + ) is case["expected"] + + +@pytest.mark.parametrize("policy, sender_type, expected", _GROUP_RULE_CASES) +def test_allow_group_message_channel_locks_apply_to_bots(policy, sender_type, expected): + adapter = make_adapter_skeleton() + adapter._group_rules = {"oc_locked": _group_rule(policy)} + sender = make_sender(sender_type=sender_type, open_id="ou_peer") + assert adapter._allow_group_message( + sender_id=sender.sender_id, + chat_id="oc_locked", + is_bot=True, + ) is expected + + +@pytest.mark.parametrize("sender_type", ["bot", "app"]) +def test_allow_group_message_blacklist_is_human_scope_only(sender_type): + # blacklist is parallel to allowlist (human-scope); admitted bots bypass + # it. To block a specific bot, gate upstream via FEISHU_ALLOW_BOTS. + adapter = make_adapter_skeleton() + adapter._group_rules = { + "oc_1": _group_rule("blacklist", blacklist={"ou_peer"}) + } + sender = make_sender(sender_type=sender_type, open_id="ou_peer") + assert adapter._allow_group_message( + sender_id=sender.sender_id, + chat_id="oc_1", + is_bot=True, + ) is True + + +# --- Realistic payload smoke ----------------------------------------------- + + +def test_admit_accepts_realistic_bot_at_bot_group_event(): + # Locks in the real im.message.receive_v1 payload shape under mode=mentions. + adapter = make_adapter_skeleton(bot_open_id="ou_self", allow_bots="mentions") + + mention = SimpleNamespace( + key="@_user_1", + id=SimpleNamespace(union_id="on_mentionUnion", user_id="", open_id="ou_self"), + name="Hermes", + mentioned_type="bot", + tenant_key="tenant_ab", + ) + message = SimpleNamespace( + message_id="om_realistic_bot_at_bot", + chat_id="oc_real", + chat_type="group", + message_type="text", + content='{"text":"@_user_1 hello"}', + mentions=[mention], + ) + sender = SimpleNamespace( + sender_type="bot", + sender_id=SimpleNamespace(union_id="on_peerUnion", user_id="u_peer", open_id="ou_peer_bot"), + tenant_key="tenant_ab", + ) + + assert adapter._admit(sender, message) is None + + +# --- Event-dispatch plumbing ----------------------------------------------- + + +def test_handle_message_event_data_drops_bot_sender_by_default(): + import asyncio + + adapter = make_adapter_skeleton() + install_dedup_state(adapter) + processed = [] + + async def _fake_process_inbound_message(**kwargs): + processed.append(kwargs) + + adapter._process_inbound_message = _fake_process_inbound_message + + data = SimpleNamespace( + event=SimpleNamespace( + sender=make_sender(sender_type="bot", open_id="ou_peer"), + message=make_message(message_id="om_bot_default", chat_type="p2p"), + ) + ) + + asyncio.run(adapter._handle_message_event_data(data)) + assert processed == [] + + +def test_handle_message_event_data_forwards_sender_when_admitted(): + import asyncio + + adapter = make_adapter_skeleton(allow_bots="all") + install_dedup_state(adapter) + captured = {} + + async def _fake_process_inbound_message(**kwargs): + captured.update(kwargs) + + adapter._process_inbound_message = _fake_process_inbound_message + + sender = make_sender(sender_type="bot", open_id="ou_peer") + data = SimpleNamespace( + event=SimpleNamespace( + sender=sender, + message=make_message(message_id="om_bot_ok", chat_type="p2p"), + ) + ) + + asyncio.run(adapter._handle_message_event_data(data)) + assert captured.get("sender_id") is sender.sender_id + assert captured.get("is_bot") is True + assert captured.get("message_id") == "om_bot_ok" diff --git a/tests/gateway/test_feishu_bot_auth_bypass.py b/tests/gateway/test_feishu_bot_auth_bypass.py new file mode 100644 index 00000000000..4dd83a1bd37 --- /dev/null +++ b/tests/gateway/test_feishu_bot_auth_bypass.py @@ -0,0 +1,113 @@ +"""Regression guard for Feishu bot-sender authorization bypass. + +Mirrors tests/gateway/test_discord_bot_auth_bypass.py for Platform.FEISHU. +Without the bypass in gateway/run.py, Feishu bot senders admitted by the +adapter would be rejected at _is_user_authorized with "Unauthorized user" +— same class of bug as Discord #4466. +""" + +from __future__ import annotations + +from types import SimpleNamespace + +import pytest + +from gateway.session import Platform, SessionSource + + +@pytest.fixture(autouse=True) +def _isolate_feishu_env(monkeypatch): + for var in ( + "FEISHU_ALLOW_BOTS", + "FEISHU_ALLOWED_USERS", + "FEISHU_ALLOW_ALL_USERS", + "GATEWAY_ALLOW_ALL_USERS", + "GATEWAY_ALLOWED_USERS", + ): + monkeypatch.delenv(var, raising=False) + + +def _make_bare_runner(): + from gateway.run import GatewayRunner + + runner = object.__new__(GatewayRunner) + runner.pairing_store = SimpleNamespace(is_approved=lambda *_a, **_kw: False) + return runner + + +def _make_feishu_bot_source(open_id: str = "ou_peer"): + return SessionSource( + platform=Platform.FEISHU, + chat_id="oc_1", + chat_type="group", + user_id=open_id, + user_name="PeerBot", + is_bot=True, + ) + + +def _make_feishu_human_source(open_id: str = "ou_human"): + return SessionSource( + platform=Platform.FEISHU, + chat_id="oc_1", + chat_type="group", + user_id=open_id, + user_name="Human", + is_bot=False, + ) + + +def test_feishu_bot_authorized_when_allow_bots_mentions(monkeypatch): + runner = _make_bare_runner() + monkeypatch.setenv("FEISHU_ALLOW_BOTS", "mentions") + monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human") + + assert runner._is_user_authorized(_make_feishu_bot_source("ou_peer")) is True + + +def test_feishu_bot_authorized_when_allow_bots_all(monkeypatch): + runner = _make_bare_runner() + monkeypatch.setenv("FEISHU_ALLOW_BOTS", "all") + monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human") + + assert runner._is_user_authorized(_make_feishu_bot_source()) is True + + +def test_feishu_bot_NOT_authorized_when_allow_bots_none(monkeypatch): + runner = _make_bare_runner() + monkeypatch.setenv("FEISHU_ALLOW_BOTS", "none") + monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human") + + assert runner._is_user_authorized(_make_feishu_bot_source("ou_peer")) is False + + +def test_feishu_bot_NOT_authorized_when_allow_bots_unset(monkeypatch): + runner = _make_bare_runner() + monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human") + + assert runner._is_user_authorized(_make_feishu_bot_source("ou_peer")) is False + + +def test_feishu_human_still_checked_against_allowlist_when_bot_policy_set(monkeypatch): + """FEISHU_ALLOW_BOTS=all must NOT open the gate for humans.""" + runner = _make_bare_runner() + monkeypatch.setenv("FEISHU_ALLOW_BOTS", "all") + monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human") + + assert runner._is_user_authorized(_make_feishu_human_source("ou_stranger")) is False + assert runner._is_user_authorized(_make_feishu_human_source("ou_human")) is True + + +def test_feishu_bot_bypass_does_not_leak_to_other_platforms(monkeypatch): + """FEISHU_ALLOW_BOTS=all must not authorize Telegram/Discord bot sources.""" + runner = _make_bare_runner() + monkeypatch.setenv("FEISHU_ALLOW_BOTS", "all") + + telegram_bot = SessionSource( + platform=Platform.TELEGRAM, + chat_id="123", + chat_type="channel", + user_id="999", + is_bot=True, + ) + assert runner._is_user_authorized(telegram_bot) is False diff --git a/website/docs/reference/environment-variables.md b/website/docs/reference/environment-variables.md index 235d84654f7..afe2c40d2a9 100644 --- a/website/docs/reference/environment-variables.md +++ b/website/docs/reference/environment-variables.md @@ -300,6 +300,8 @@ For cloud sandbox backends, persistence is filesystem-oriented. `TERMINAL_LIFETI | `FEISHU_ENCRYPT_KEY` | Optional encryption key for webhook mode | | `FEISHU_VERIFICATION_TOKEN` | Optional verification token for webhook mode | | `FEISHU_ALLOWED_USERS` | Comma-separated Feishu user IDs allowed to message the bot | +| `FEISHU_ALLOW_BOTS` | `none` (default) / `mentions` / `all` — accept inbound messages from other bots. See [bot-to-bot messaging](../user-guide/messaging/feishu.md#bot-to-bot-messaging) | +| `FEISHU_REQUIRE_MENTION` | `true` (default) / `false` — whether group messages must @mention the bot. Override per-chat via `group_rules..require_mention`. | | `FEISHU_HOME_CHANNEL` | Feishu chat ID for cron delivery and notifications | | `WECOM_BOT_ID` | WeCom AI Bot ID from admin console | | `WECOM_SECRET` | WeCom AI Bot secret | diff --git a/website/docs/user-guide/messaging/feishu.md b/website/docs/user-guide/messaging/feishu.md index d2b52dff4bd..879964c80fc 100644 --- a/website/docs/user-guide/messaging/feishu.md +++ b/website/docs/user-guide/messaging/feishu.md @@ -201,19 +201,45 @@ FEISHU_GROUP_POLICY=allowlist # default | `allowlist` | Hermes only responds to @mentions from users listed in `FEISHU_ALLOWED_USERS`. | | `disabled` | Hermes ignores all group messages entirely. | -In all modes, the bot must be explicitly @mentioned (or @all) in the group before the message is processed. Direct messages bypass this gate. +In all modes, the bot must be explicitly @mentioned (or @all) in the group before the message is processed. Direct messages always bypass this gate. -### Bot Identity for @Mention Gating - -For precise @mention detection in groups, the adapter needs to know the bot's identity. It can be provided explicitly: +Set `FEISHU_REQUIRE_MENTION=false` to let Hermes read all group traffic without requiring an @mention: ```bash -FEISHU_BOT_OPEN_ID=ou_xxx -FEISHU_BOT_USER_ID=xxx -FEISHU_BOT_NAME=MyBot +FEISHU_REQUIRE_MENTION=false ``` -If none of these are set, the adapter will attempt to auto-discover the bot name via the Application Info API on startup. For this to work, grant the `admin:app.info:readonly` or `application:application:self_manage` permission scope. +For per-chat control, set `require_mention` on a `group_rules` entry — see [Per-Group Access Control](#per-group-access-control) below. + +### Bot Identity + +Hermes auto-detects the bot's `open_id` and display name on startup. You only need to set these manually when auto-detection cannot reach the Feishu API, or when your app uses tenant-scoped user IDs: + +```bash +FEISHU_BOT_OPEN_ID=ou_xxx # only when auto-detection fails +FEISHU_BOT_USER_ID=xxx # required if your app uses sender_id_type=user_id +FEISHU_BOT_NAME=MyBot # only when auto-detection fails +``` + +## Bot-to-Bot Messaging + +By default Hermes ignores messages sent by other bots. Enable bot-to-bot messaging when you want Hermes to participate in A2A orchestration or receive notifications from other bots in the same group. + +```bash +FEISHU_ALLOW_BOTS=mentions # default: none +``` + +| Value | Behavior | +|-------|----------| +| `none` | Ignore all messages from other bots (default). | +| `mentions` | Accept only when the peer bot @mentions Hermes. | +| `all` | Accept every peer bot message. | + +Also configurable as `feishu.allow_bots` in `config.yaml` (env wins when both are set). + +Peer bots do not need to be added to `FEISHU_ALLOWED_USERS` — that allowlist applies to human senders only. + +Grant the `application:bot.basic_info:read` scope to display peer bot names; without it, peer bots still route correctly but appear as their `open_id`. ## Interactive Card Actions @@ -426,6 +452,9 @@ platforms: policy: "blacklist" blacklist: - "ou_blocked_user" + "oc_free_chat": + policy: "open" + require_mention: false # overrides FEISHU_REQUIRE_MENTION for this chat ``` | Policy | Description | @@ -436,6 +465,8 @@ platforms: | `admin_only` | Only users in the global `admins` list can use the bot in this group | | `disabled` | Bot ignores all messages in this group | +Set `require_mention: false` on a `group_rules` entry to skip the @-mention requirement for that specific chat. When omitted, the chat inherits the global `FEISHU_REQUIRE_MENTION` value. + Groups not listed in `group_rules` fall back to `default_group_policy` (defaults to the value of `FEISHU_GROUP_POLICY`). ## Deduplication @@ -455,6 +486,8 @@ Inbound messages are deduplicated using message IDs with a 24-hour TTL. The dedu | `FEISHU_DOMAIN` | — | `feishu` | `feishu` (China) or `lark` (international) | | `FEISHU_CONNECTION_MODE` | — | `websocket` | `websocket` or `webhook` | | `FEISHU_ALLOWED_USERS` | — | _(empty)_ | Comma-separated open_id list for user allowlist | +| `FEISHU_ALLOW_BOTS` | — | `none` | Accept messages from other bots: `none`, `mentions`, or `all` | +| `FEISHU_REQUIRE_MENTION` | — | `true` | Whether group messages must @mention the bot | | `FEISHU_HOME_CHANNEL` | — | — | Chat ID for cron/notification output | | `FEISHU_ENCRYPT_KEY` | — | _(empty)_ | Encrypt key for webhook signature verification | | `FEISHU_VERIFICATION_TOKEN` | — | _(empty)_ | Verification token for webhook payload auth | @@ -487,7 +520,9 @@ WebSocket and per-group ACL settings are configured via `config.yaml` under `pla | `Webhook rejected: invalid signature` | Ensure `FEISHU_ENCRYPT_KEY` matches the encrypt key in your Feishu app config | | Post messages show as plain text | The Feishu API rejected the post payload; this is normal fallback behavior. Check logs for details. | | Images/files not received by bot | Grant `im:message` and `im:resource` permission scopes to your Feishu app | -| Bot identity not auto-detected | Grant `admin:app.info:readonly` scope, or set `FEISHU_BOT_OPEN_ID` / `FEISHU_BOT_NAME` manually | +| Bot identity not auto-detected | Usually a transient network issue reaching Feishu's bot info endpoint. Set `FEISHU_BOT_OPEN_ID` and `FEISHU_BOT_NAME` manually as a workaround. | +| Peer bot messages still ignored after enabling `FEISHU_ALLOW_BOTS` | Hermes can't identify itself yet — set `FEISHU_BOT_OPEN_ID` (and `FEISHU_BOT_USER_ID` if your app uses `sender_id_type=user_id`). | +| Peer bots show as `ou_xxxxxx` instead of by name | Grant the `application:bot.basic_info:read` scope. | | Error 200340 when clicking approval buttons | Enable **Interactive Card** capability and configure **Card Request URL** in the Feishu Developer Console. See [Required Feishu App Configuration](#required-feishu-app-configuration) above. | | `Webhook rate limit exceeded` | More than 120 requests/minute from the same IP. This is usually a misconfiguration or loop. | From bea2562fc4b3b0e32e23a91b91809682cf6553e0 Mon Sep 17 00:00:00 2001 From: sprmn24 Date: Mon, 27 Apr 2026 22:55:44 +0300 Subject: [PATCH 071/133] fix(honcho): replace raw int() config parsing with safe helper Three int() calls in HonchoClient.from_global_config() parsed dialecticMaxChars, messageMaxChars, and dialecticMaxInputChars directly without guards. A malformed value in honcho.json would raise ValueError and abort provider initialization entirely. Add _parse_int_config() helper following the existing _parse_context_tokens() pattern, and replace all three raw int() calls with it. --- plugins/memory/honcho/client.py | 35 ++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/plugins/memory/honcho/client.py b/plugins/memory/honcho/client.py index 63e45b46283..7210c6071e8 100644 --- a/plugins/memory/honcho/client.py +++ b/plugins/memory/honcho/client.py @@ -110,6 +110,17 @@ def _parse_context_tokens(host_val, root_val) -> int | None: return None +def _parse_int_config(host_val, root_val, default: int) -> int: + """Parse an integer config: host wins, then root, then default.""" + for val in (host_val, root_val): + if val is not None: + try: + return int(val) + except (ValueError, TypeError): + pass + return default + + def _parse_dialectic_depth(host_val, root_val) -> int: """Parse dialecticDepth: host wins, then root, then 1. Clamped to 1-3.""" for val in (host_val, root_val): @@ -463,10 +474,10 @@ class HonchoClientConfig: raw.get("dialecticDynamic"), default=True, ), - dialectic_max_chars=int( - host_block.get("dialecticMaxChars") - or raw.get("dialecticMaxChars") - or 600 + dialectic_max_chars=_parse_int_config( + host_block.get("dialecticMaxChars"), + raw.get("dialecticMaxChars"), + default=600, ), dialectic_depth=_parse_dialectic_depth( host_block.get("dialecticDepth"), @@ -487,15 +498,15 @@ class HonchoClientConfig: or raw.get("reasoningLevelCap") or "high" ), - message_max_chars=int( - host_block.get("messageMaxChars") - or raw.get("messageMaxChars") - or 25000 + message_max_chars=_parse_int_config( + host_block.get("messageMaxChars"), + raw.get("messageMaxChars"), + default=25000, ), - dialectic_max_input_chars=int( - host_block.get("dialecticMaxInputChars") - or raw.get("dialecticMaxInputChars") - or 10000 + dialectic_max_input_chars=_parse_int_config( + host_block.get("dialecticMaxInputChars"), + raw.get("dialecticMaxInputChars"), + default=10000, ), recall_mode=_normalize_recall_mode( host_block.get("recallMode") From ec4cb16a29ec882df0ff931cda287ae97d61601c Mon Sep 17 00:00:00 2001 From: sprmn24 Date: Mon, 27 Apr 2026 23:03:12 +0300 Subject: [PATCH 072/133] fix(honcho): guard _peers_cache and _sessions_cache reads under _cache_lock _get_peer() and _get_or_create_honcho_session() accessed _peers_cache and _sessions_cache without holding _cache_lock, while other paths in the same class use the lock consistently. Under concurrent tool calls or prefetch threads, this can produce stale reads or lost cache updates. Wrap both unguarded cache read sites in _cache_lock. Network calls (honcho.peer() and honcho.session()) remain outside the lock to avoid holding it during I/O. --- plugins/memory/honcho/session.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/plugins/memory/honcho/session.py b/plugins/memory/honcho/session.py index 46eb3118a50..d76790a3e5b 100644 --- a/plugins/memory/honcho/session.py +++ b/plugins/memory/honcho/session.py @@ -160,11 +160,13 @@ class HonchoSessionManager: Peers are lazy -- no API call until first use. Observation settings are controlled per-session via SessionPeerConfig. """ - if peer_id in self._peers_cache: - return self._peers_cache[peer_id] + with self._cache_lock: + if peer_id in self._peers_cache: + return self._peers_cache[peer_id] peer = self.honcho.peer(peer_id) - self._peers_cache[peer_id] = peer + with self._cache_lock: + self._peers_cache[peer_id] = peer return peer def _get_or_create_honcho_session( @@ -176,9 +178,10 @@ class HonchoSessionManager: Returns: Tuple of (honcho_session, existing_messages). """ - if session_id in self._sessions_cache: - logger.debug("Honcho session '%s' retrieved from cache", session_id) - return self._sessions_cache[session_id], [] + with self._cache_lock: + if session_id in self._sessions_cache: + logger.debug("Honcho session '%s' retrieved from cache", session_id) + return self._sessions_cache[session_id], [] session = self.honcho.session(session_id) From 73a6b80317652a63faad3d8f0917e38e82cf8175 Mon Sep 17 00:00:00 2001 From: sprmn24 Date: Mon, 27 Apr 2026 22:31:33 +0300 Subject: [PATCH 073/133] fix(browser_supervisor): verify thread and loop health before returning cached supervisor _SupervisorRegistry.get_or_start() returned an existing supervisor whenever the cdp_url matched, without checking if the supervisor's thread or event loop was still alive. A crashed supervisor would be silently reused, causing missed dialog/frame updates. Now checks both _thread.is_alive() and _loop.is_running() before returning the cached instance. An unhealthy supervisor is torn down and recreated, matching the existing URL-changed code path. --- tools/browser_supervisor.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tools/browser_supervisor.py b/tools/browser_supervisor.py index 91d7e786216..db0b1e29909 100644 --- a/tools/browser_supervisor.py +++ b/tools/browser_supervisor.py @@ -1304,8 +1304,12 @@ class _SupervisorRegistry: existing = self._by_task.get(task_id) if existing is not None: if existing.cdp_url == cdp_url: - return existing - # URL changed — tear down old, fall through to re-create. + thread_ok = existing._thread is not None and existing._thread.is_alive() + loop_ok = existing._loop is not None and existing._loop.is_running() + if thread_ok and loop_ok: + return existing + # Unhealthy — tear down and recreate. + # URL changed or unhealthy — tear down, fall through to re-create. self._by_task.pop(task_id, None) if existing is not None: existing.stop() From 82b5786721d2ea4741899e59ddb2358ad200b805 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:31:01 -0700 Subject: [PATCH 074/133] test(browser_supervisor): cover cache-hit healthcheck on dead thread/loop MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pure unit tests for _SupervisorRegistry — no Chrome required. Verified to fail when the fix is reverted, pass with it in place. --- .../test_browser_supervisor_healthcheck.py | 167 ++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 tests/tools/test_browser_supervisor_healthcheck.py diff --git a/tests/tools/test_browser_supervisor_healthcheck.py b/tests/tools/test_browser_supervisor_healthcheck.py new file mode 100644 index 00000000000..794c50be8c8 --- /dev/null +++ b/tests/tools/test_browser_supervisor_healthcheck.py @@ -0,0 +1,167 @@ +"""Unit tests for _SupervisorRegistry cache-hit healthcheck. + +Verifies that get_or_start() does NOT return a cached supervisor whose +thread has exited or whose event loop has stopped. Avoids a real Chrome — +the only thing under test is the registry's cache decision. +""" + +from __future__ import annotations + +import threading +from types import SimpleNamespace + +import pytest + +from tools import browser_supervisor as bs + + +class _FakeLoop: + def __init__(self, running: bool) -> None: + self._running = running + + def is_running(self) -> bool: + return self._running + + +def _make_fake_supervisor(cdp_url: str, *, thread_alive: bool, loop_running: bool): + """Build a minimal stand-in for a CDPSupervisor entry in the registry. + + Only the attributes touched by the healthcheck (_thread, _loop, cdp_url) + and by the teardown path (stop()) need to exist. + """ + + if thread_alive: + # A thread that is actually running — parks on an Event we never set. + hold = threading.Event() + t = threading.Thread(target=hold.wait, daemon=True) + t.start() + # Attach the release hook so the test can let the thread exit. + setattr(t, "_release", hold.set) + else: + # An un-started thread — is_alive() returns False. + t = threading.Thread(target=lambda: None) + + stop_calls: list[bool] = [] + + fake = SimpleNamespace( + cdp_url=cdp_url, + _thread=t, + _loop=_FakeLoop(loop_running), + stop=lambda: stop_calls.append(True), + ) + fake._stop_calls = stop_calls # type: ignore[attr-defined] + return fake + + +@pytest.fixture +def isolated_registry(): + """A fresh registry instance, independent of the global SUPERVISOR_REGISTRY.""" + return bs._SupervisorRegistry() + + +@pytest.fixture +def stub_cdp_supervisor(monkeypatch): + """Replace CDPSupervisor in the module so recreate paths don't touch Chrome. + + Returns a callable that reads the last-constructed fake out. + """ + created: list[SimpleNamespace] = [] + + class _StubSupervisor: + def __init__(self, *, task_id, cdp_url, dialog_policy, dialog_timeout_s): + self.task_id = task_id + self.cdp_url = cdp_url + self.dialog_policy = dialog_policy + self.dialog_timeout_s = dialog_timeout_s + # Healthy by default — real thread, running "loop". + hold = threading.Event() + self._thread = threading.Thread(target=hold.wait, daemon=True) + self._thread.start() + self._thread_release = hold.set # type: ignore[attr-defined] + self._loop = _FakeLoop(True) + self.start_called = False + self.stop_called = False + created.append(self) + + def start(self, timeout: float = 15.0) -> None: + self.start_called = True + + def stop(self) -> None: + self.stop_called = True + # Release the parked thread so the process exits cleanly. + release = getattr(self, "_thread_release", None) + if release is not None: + release() + + monkeypatch.setattr(bs, "CDPSupervisor", _StubSupervisor) + yield created + # Teardown: release any parked threads in stubs the test left behind. + for s in created: + release = getattr(s, "_thread_release", None) + if release is not None: + release() + + +def test_cache_hit_returns_same_instance_when_healthy( + isolated_registry, stub_cdp_supervisor +): + """Sanity: healthy cached supervisor is returned without recreate.""" + first = isolated_registry.get_or_start(task_id="t1", cdp_url="http://h/1") + second = isolated_registry.get_or_start(task_id="t1", cdp_url="http://h/1") + assert first is second + # Only one CDPSupervisor was ever constructed. + assert len(stub_cdp_supervisor) == 1 + first.stop() + + +def test_dead_thread_triggers_recreate(isolated_registry, stub_cdp_supervisor): + """Cached supervisor with a non-live thread must not be reused.""" + cdp_url = "http://h/2" + dead = _make_fake_supervisor(cdp_url, thread_alive=False, loop_running=True) + isolated_registry._by_task["t2"] = dead # pre-seed cache with a dead entry + + fresh = isolated_registry.get_or_start(task_id="t2", cdp_url=cdp_url) + + assert fresh is not dead, "dead-thread supervisor must be replaced" + assert dead._stop_calls == [True], "dead supervisor must be torn down" + assert isolated_registry._by_task["t2"] is fresh + assert len(stub_cdp_supervisor) == 1 + assert stub_cdp_supervisor[0].start_called + fresh.stop() + + +def test_stopped_loop_triggers_recreate(isolated_registry, stub_cdp_supervisor): + """Cached supervisor whose event loop is no longer running is recreated.""" + cdp_url = "http://h/3" + broken = _make_fake_supervisor(cdp_url, thread_alive=True, loop_running=False) + isolated_registry._by_task["t3"] = broken + + fresh = isolated_registry.get_or_start(task_id="t3", cdp_url=cdp_url) + + assert fresh is not broken + assert broken._stop_calls == [True] + # Release the still-live thread from the pre-seeded fake so we don't leak. + release = getattr(broken._thread, "_release", None) + if release is not None: + release() + assert isolated_registry._by_task["t3"] is fresh + fresh.stop() + + +def test_missing_thread_and_loop_attrs_trigger_recreate( + isolated_registry, stub_cdp_supervisor +): + """Defensive: None _thread or None _loop counts as unhealthy.""" + cdp_url = "http://h/4" + broken = SimpleNamespace( + cdp_url=cdp_url, + _thread=None, + _loop=None, + stop=lambda: None, + ) + isolated_registry._by_task["t4"] = broken + + fresh = isolated_registry.get_or_start(task_id="t4", cdp_url=cdp_url) + assert fresh is not broken + assert isolated_registry._by_task["t4"] is fresh + fresh.stop() From fa7b0b0a67886f6d50e55d06370434e4f84ebb00 Mon Sep 17 00:00:00 2001 From: sprmn24 Date: Mon, 27 Apr 2026 22:37:15 +0300 Subject: [PATCH 075/133] fix(discord_tool): key capability cache by token instead of single global _capability_cache was a single module-level dict shared across all tokens. If the bot token rotates or multiple tokens are used in one process, capabilities detected for token A would be returned for token B, causing wrong schema gating and incorrect runtime behavior. Replace the single Optional cache with a Dict keyed by token so each token gets its own isolated capability entry. --- tools/discord_tool.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/discord_tool.py b/tools/discord_tool.py index 88e8c9fb287..589b7022289 100644 --- a/tools/discord_tool.py +++ b/tools/discord_tool.py @@ -132,7 +132,7 @@ def _channel_type_name(type_id: int) -> str: # --------------------------------------------------------------------------- # Module-level cache so the app/me endpoint is hit at most once per process. -_capability_cache: Optional[Dict[str, Any]] = None +_capability_cache: Dict[str, Dict[str, Any]] = {} def _detect_capabilities(token: str, *, force: bool = False) -> Dict[str, Any]: @@ -148,8 +148,8 @@ def _detect_capabilities(token: str, *, force: bool = False) -> Dict[str, Any]: Cached in a module-global. Pass ``force=True`` to re-fetch. """ global _capability_cache - if _capability_cache is not None and not force: - return _capability_cache + if token in _capability_cache and not force: + return _capability_cache[token] caps: Dict[str, Any] = { "has_members_intent": True, @@ -172,14 +172,14 @@ def _detect_capabilities(token: str, *, force: bool = False) -> Dict[str, Any]: "Discord capability detection failed (%s); exposing all actions.", exc, ) - _capability_cache = caps + _capability_cache[token] = caps return caps def _reset_capability_cache() -> None: """Test hook: clear the detection cache.""" global _capability_cache - _capability_cache = None + _capability_cache = {} # --------------------------------------------------------------------------- From e21898ea987e2b671a57346df06307d409f7bad1 Mon Sep 17 00:00:00 2001 From: teknium1 <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:32:07 -0700 Subject: [PATCH 076/133] test(discord_tool): add regression test for per-token capability cache Proves token A's detected capabilities do not leak to token B after the fix in the preceding commit. Before the fix this test would have seen both tokens return token A's cached value. --- tests/tools/test_discord_tool.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/tools/test_discord_tool.py b/tests/tools/test_discord_tool.py index 70b43903ecf..51226f07023 100644 --- a/tests/tools/test_discord_tool.py +++ b/tests/tools/test_discord_tool.py @@ -696,6 +696,38 @@ class TestCapabilityDetection: _detect_capabilities("tok", force=True) assert mock_req.call_count == 2 + @patch("tools.discord_tool._discord_request") + def test_cache_is_keyed_by_token(self, mock_req): + """Regression: token A's capabilities must not leak to token B. + + Before the fix, the cache was a single module-global dict. The first + call populated it and every subsequent call — regardless of token — + returned the same cached value, producing wrong schema gating for + rotated or multi-token deployments. + """ + def _per_token_flags(method, path, token, **_kwargs): + # token A: both intents; token B: neither. + if token == "tok_a": + return {"flags": (1 << 14) | (1 << 18)} + return {"flags": 0} + + mock_req.side_effect = _per_token_flags + + caps_a = _detect_capabilities("tok_a") + caps_b = _detect_capabilities("tok_b") + + assert caps_a["has_members_intent"] is True + assert caps_a["has_message_content"] is True + assert caps_b["has_members_intent"] is False + assert caps_b["has_message_content"] is False + # Each token should hit the endpoint exactly once. + assert mock_req.call_count == 2 + + # Re-requesting either token serves from its own cache entry. + _detect_capabilities("tok_a") + _detect_capabilities("tok_b") + assert mock_req.call_count == 2 + # --------------------------------------------------------------------------- # Config allowlist From adaee2c72c3ec85129b6b1cac8c7c6e791dd94e5 Mon Sep 17 00:00:00 2001 From: sprmn24 Date: Mon, 27 Apr 2026 16:56:44 +0300 Subject: [PATCH 077/133] test(skill_utils): add regression tests for non-dict metadata in extract_skill_conditions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The fix for this bug (isinstance guard) was merged via commit 3ff9e010, but test coverage was not included. Adding 4 tests: - dict metadata with hermes keys (normal case) - string metadata (bug case — previously caused AttributeError) - None metadata - missing metadata key --- tests/agent/test_skill_utils.py | 58 +++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 tests/agent/test_skill_utils.py diff --git a/tests/agent/test_skill_utils.py b/tests/agent/test_skill_utils.py new file mode 100644 index 00000000000..206cc5f4b11 --- /dev/null +++ b/tests/agent/test_skill_utils.py @@ -0,0 +1,58 @@ +"""Tests for agent/skill_utils.py — extract_skill_conditions metadata handling.""" + +from agent.skill_utils import extract_skill_conditions + + +def test_metadata_as_dict_with_hermes(): + """Normal case: metadata is a dict containing hermes keys.""" + frontmatter = { + "metadata": { + "hermes": { + "fallback_for_toolsets": ["toolset_a"], + "requires_toolsets": ["toolset_b"], + "fallback_for_tools": ["tool_x"], + "requires_tools": ["tool_y"], + } + } + } + result = extract_skill_conditions(frontmatter) + assert result["fallback_for_toolsets"] == ["toolset_a"] + assert result["requires_toolsets"] == ["toolset_b"] + assert result["fallback_for_tools"] == ["tool_x"] + assert result["requires_tools"] == ["tool_y"] + + +def test_metadata_as_string_does_not_crash(): + """Bug case: metadata is a non-dict truthy value (e.g. a YAML string).""" + frontmatter = {"metadata": "some text"} + result = extract_skill_conditions(frontmatter) + assert result == { + "fallback_for_toolsets": [], + "requires_toolsets": [], + "fallback_for_tools": [], + "requires_tools": [], + } + + +def test_metadata_as_none(): + """metadata key is present but set to null/None.""" + frontmatter = {"metadata": None} + result = extract_skill_conditions(frontmatter) + assert result == { + "fallback_for_toolsets": [], + "requires_toolsets": [], + "fallback_for_tools": [], + "requires_tools": [], + } + + +def test_metadata_missing_entirely(): + """metadata key is absent from frontmatter.""" + frontmatter = {"name": "my-skill", "description": "Does stuff."} + result = extract_skill_conditions(frontmatter) + assert result == { + "fallback_for_toolsets": [], + "requires_toolsets": [], + "fallback_for_tools": [], + "requires_tools": [], + } From 158eb32686cdaebae6737d6874060b14b2d6eda4 Mon Sep 17 00:00:00 2001 From: hharry11 Date: Mon, 27 Apr 2026 17:15:38 +0300 Subject: [PATCH 078/133] fix(gateway): preserve document type when merging queued events --- gateway/platforms/base.py | 5 ++++ tests/gateway/test_session_race_guard.py | 33 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/gateway/platforms/base.py b/gateway/platforms/base.py index 417893fea2d..3575220575c 100644 --- a/gateway/platforms/base.py +++ b/gateway/platforms/base.py @@ -1034,6 +1034,11 @@ def merge_pending_message_event( existing.text = event.text if existing_is_photo or incoming_is_photo: existing.message_type = MessageType.PHOTO + elif ( + getattr(existing, "message_type", None) == MessageType.TEXT + and event.message_type != MessageType.TEXT + ): + existing.message_type = event.message_type return if ( diff --git a/tests/gateway/test_session_race_guard.py b/tests/gateway/test_session_race_guard.py index fe1ef011a37..152a1704766 100644 --- a/tests/gateway/test_session_race_guard.py +++ b/tests/gateway/test_session_race_guard.py @@ -226,6 +226,39 @@ def test_merge_pending_message_event_merges_text_and_photo_followups(): assert merged.media_types == ["image/png"] +def test_merge_pending_message_event_promotes_document_followups_over_text(): + pending = {} + source = SessionSource( + platform=Platform.TELEGRAM, + chat_id="12345", + chat_type="dm", + user_id="u1", + ) + session_key = build_session_key(source) + + text_event = MessageEvent( + text="please review this", + message_type=MessageType.TEXT, + source=source, + ) + document_event = MessageEvent( + text="", + message_type=MessageType.DOCUMENT, + source=source, + media_urls=["/tmp/report.pdf"], + media_types=["application/pdf"], + ) + + merge_pending_message_event(pending, session_key, text_event, merge_text=True) + merge_pending_message_event(pending, session_key, document_event, merge_text=True) + + merged = pending[session_key] + assert merged.message_type == MessageType.DOCUMENT + assert merged.text == "please review this" + assert merged.media_urls == ["/tmp/report.pdf"] + assert merged.media_types == ["application/pdf"] + + @pytest.mark.asyncio async def test_recent_telegram_text_followup_is_queued_without_interrupt(): runner = _make_runner() From 24130b7e53abcd434c7d0ce06de93b27b57047f8 Mon Sep 17 00:00:00 2001 From: hharry11 Date: Mon, 27 Apr 2026 06:42:32 +0300 Subject: [PATCH 079/133] fix(approval): harden YOLO mode env parsing against quoted-bool strings --- cli.py | 4 ++-- tests/test_tui_gateway_server.py | 15 +++++++++++++++ tests/tools/test_yolo_mode.py | 27 +++++++++++++++++++++++++++ tools/approval.py | 6 ++++-- tui_gateway/server.py | 3 ++- 5 files changed, 50 insertions(+), 5 deletions(-) diff --git a/cli.py b/cli.py index bfe0dcbaa9d..bef1d87ba5a 100644 --- a/cli.py +++ b/cli.py @@ -85,7 +85,7 @@ from hermes_cli.browser_connect import ( try_launch_chrome_debug, ) from hermes_cli.env_loader import load_hermes_dotenv -from utils import base_url_host_matches +from utils import base_url_host_matches, is_truthy_value _hermes_home = get_hermes_home() _project_env = Path(__file__).parent / '.env' @@ -7146,7 +7146,7 @@ class HermesCLI: import os from hermes_cli.colors import Colors as _Colors - current = bool(os.environ.get("HERMES_YOLO_MODE")) + current = is_truthy_value(os.environ.get("HERMES_YOLO_MODE")) if current: os.environ.pop("HERMES_YOLO_MODE", None) _cprint( diff --git a/tests/test_tui_gateway_server.py b/tests/test_tui_gateway_server.py index a18a1b39bf0..41b5194da63 100644 --- a/tests/test_tui_gateway_server.py +++ b/tests/test_tui_gateway_server.py @@ -1005,6 +1005,21 @@ def test_config_busy_get_and_set(monkeypatch): assert ("display.busy_input_mode", "interrupt") in writes +def test_config_set_yolo_process_scope_treats_false_like_env_as_disabled(monkeypatch): + monkeypatch.setenv("HERMES_YOLO_MODE", "false") + + resp = server.handle_request( + { + "id": "1", + "method": "config.set", + "params": {"key": "yolo"}, + } + ) + + assert resp["result"]["value"] == "1" + assert os.environ.get("HERMES_YOLO_MODE") == "1" + + def test_config_get_statusbar_survives_non_dict_display(monkeypatch): monkeypatch.setattr(server, "_load_cfg", lambda: {"display": "broken"}) diff --git a/tests/tools/test_yolo_mode.py b/tests/tools/test_yolo_mode.py index 866ce8e5a07..29a68f07ae0 100644 --- a/tests/tools/test_yolo_mode.py +++ b/tests/tools/test_yolo_mode.py @@ -125,6 +125,33 @@ class TestYoloMode: approval_callback=lambda *a: "deny") assert not result["approved"] + @pytest.mark.parametrize("value", ["false", "False", "0", "off", "no"]) + def test_false_like_yolo_values_do_not_bypass_dangerous_command(self, monkeypatch, value): + """False-like env strings must not silently enable YOLO bypass.""" + monkeypatch.setenv("HERMES_YOLO_MODE", value) + monkeypatch.setenv("HERMES_INTERACTIVE", "1") + monkeypatch.setenv("HERMES_SESSION_KEY", "test-session") + + result = check_dangerous_command( + "rm -rf /tmp/stuff", + "local", + approval_callback=lambda *a: "deny", + ) + assert not result["approved"] + + @pytest.mark.parametrize("value", ["false", "False", "0", "off", "no"]) + def test_false_like_yolo_values_do_not_bypass_combined_guard(self, monkeypatch, value): + """Combined guard must treat false-like YOLO env strings as disabled.""" + monkeypatch.setenv("HERMES_YOLO_MODE", value) + monkeypatch.setenv("HERMES_INTERACTIVE", "1") + + result = check_all_command_guards( + "rm -rf /tmp/stuff", + "local", + approval_callback=lambda *a: "deny", + ) + assert not result["approved"] + def test_session_scoped_yolo_only_bypasses_current_session(self, monkeypatch): """Gateway /yolo should only bypass approvals for the active session.""" monkeypatch.delenv("HERMES_YOLO_MODE", raising=False) diff --git a/tools/approval.py b/tools/approval.py index aa20a86aecc..e13c019c0af 100644 --- a/tools/approval.py +++ b/tools/approval.py @@ -19,6 +19,8 @@ import unicodedata from typing import Optional from hermes_cli.config import cfg_get +from utils import is_truthy_value + logger = logging.getLogger(__name__) # Per-thread/per-task gateway session identity. @@ -802,7 +804,7 @@ def check_dangerous_command(command: str, env_type: str, # --yolo: bypass all approval prompts. Gateway /yolo is session-scoped; # CLI --yolo remains process-scoped via the env var for local use. - if os.getenv("HERMES_YOLO_MODE") or is_current_session_yolo_enabled(): + if is_truthy_value(os.getenv("HERMES_YOLO_MODE")) or is_current_session_yolo_enabled(): return {"approved": True, "message": None} is_dangerous, pattern_key, description = detect_dangerous_command(command) @@ -927,7 +929,7 @@ def check_all_command_guards(command: str, env_type: str, # --yolo or approvals.mode=off: bypass all approval prompts. # Gateway /yolo is session-scoped; CLI --yolo remains process-scoped. approval_mode = _get_approval_mode() - if os.getenv("HERMES_YOLO_MODE") or is_current_session_yolo_enabled() or approval_mode == "off": + if is_truthy_value(os.getenv("HERMES_YOLO_MODE")) or is_current_session_yolo_enabled() or approval_mode == "off": return {"approved": True, "message": None} is_cli = os.getenv("HERMES_INTERACTIVE") diff --git a/tui_gateway/server.py b/tui_gateway/server.py index 61aa683b770..fb8aaa81464 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -17,6 +17,7 @@ from typing import Any, Optional from hermes_constants import get_hermes_home from hermes_cli.env_loader import load_hermes_dotenv +from utils import is_truthy_value from tui_gateway.transport import ( StdioTransport, Transport, @@ -3421,7 +3422,7 @@ def _(rid, params: dict) -> dict: enable_session_yolo(session["session_key"]) nv = "1" else: - current = bool(os.environ.get("HERMES_YOLO_MODE")) + current = is_truthy_value(os.environ.get("HERMES_YOLO_MODE")) if current: os.environ.pop("HERMES_YOLO_MODE", None) nv = "0" From ccfe6a47c3fd68064a286b648d118bf73d9730d7 Mon Sep 17 00:00:00 2001 From: simbam99 Date: Mon, 27 Apr 2026 11:53:02 +0300 Subject: [PATCH 080/133] fix(gateway): coerce StreamingConfig booleans and malformed numerics safely --- gateway/config.py | 30 +++++++++++++++++++++++++----- tests/gateway/test_config.py | 19 +++++++++++++++++++ 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/gateway/config.py b/gateway/config.py index 9cf4ec12f69..ce7baffac11 100644 --- a/gateway/config.py +++ b/gateway/config.py @@ -36,6 +36,26 @@ def _coerce_bool(value: Any, default: bool = True) -> bool: return is_truthy_value(value, default=default) +def _coerce_float(value: Any, default: float) -> float: + """Coerce numeric config values, falling back on malformed input.""" + if value is None: + return default + try: + return float(value) + except (TypeError, ValueError): + return default + + +def _coerce_int(value: Any, default: int) -> int: + """Coerce integer config values, falling back on malformed input.""" + if value is None: + return default + try: + return int(value) + except (TypeError, ValueError): + return default + + def _normalize_unauthorized_dm_behavior(value: Any, default: str = "pair") -> str: """Normalize unauthorized DM behavior to a supported value.""" if isinstance(value, str): @@ -301,13 +321,13 @@ class StreamingConfig: if not data: return cls() return cls( - enabled=data.get("enabled", False), + enabled=_coerce_bool(data.get("enabled"), False), transport=data.get("transport", "edit"), - edit_interval=float(data.get("edit_interval", 1.0)), - buffer_threshold=int(data.get("buffer_threshold", 40)), + edit_interval=_coerce_float(data.get("edit_interval"), 1.0), + buffer_threshold=_coerce_int(data.get("buffer_threshold"), 40), cursor=data.get("cursor", " ▉"), - fresh_final_after_seconds=float( - data.get("fresh_final_after_seconds", 60.0) + fresh_final_after_seconds=_coerce_float( + data.get("fresh_final_after_seconds"), 60.0 ), ) diff --git a/tests/gateway/test_config.py b/tests/gateway/test_config.py index 669545c8f48..0f5a1440b1c 100644 --- a/tests/gateway/test_config.py +++ b/tests/gateway/test_config.py @@ -9,6 +9,7 @@ from gateway.config import ( Platform, PlatformConfig, SessionResetPolicy, + StreamingConfig, _apply_env_overrides, load_gateway_config, ) @@ -149,6 +150,24 @@ class TestSessionResetPolicy: assert restored.notify is False +class TestStreamingConfig: + def test_from_dict_coerces_quoted_false_enabled(self): + restored = StreamingConfig.from_dict({"enabled": "false"}) + assert restored.enabled is False + + def test_from_dict_malformed_numeric_values_fall_back_to_defaults(self): + restored = StreamingConfig.from_dict( + { + "edit_interval": "oops", + "buffer_threshold": "oops", + "fresh_final_after_seconds": "oops", + } + ) + assert restored.edit_interval == 1.0 + assert restored.buffer_threshold == 40 + assert restored.fresh_final_after_seconds == 60.0 + + class TestGatewayConfigRoundtrip: def test_full_roundtrip(self): config = GatewayConfig( From ab6c629ccc31ed2dea0b6a2955750b75416d0058 Mon Sep 17 00:00:00 2001 From: Mind-Dragon Date: Thu, 30 Apr 2026 20:37:37 -0700 Subject: [PATCH 081/133] fix(terminal): skip sudo prompt when local NOPASSWD sudo works When running on a host with sudoers NOPASSWD configured for the current user, interactive Hermes sessions were unnecessarily entering the password prompt path before executing sudo commands. Outside Hermes, `sudo -n true` exits 0 for that user. Add `_sudo_nopasswd_works()` that probes `sudo -n true` and, when it succeeds, lets `_transform_sudo_command()` return the command unchanged with no stdin password. The probe: - Is scoped to the `local` terminal backend only, so Docker/SSH/Modal and other remote backends do not inherit host sudo state. - Re-probes every call (no process-lifetime cache) so an expired sudo timestamp cannot silently make a later command block waiting for a password that Hermes never prompts for. - Is bypassed entirely when `SUDO_PASSWORD` is configured or a cached password already exists, preserving existing explicit-password flows. Co-authored-by: Junting Wu --- tests/tools/test_terminal_tool.py | 51 +++++++++++++++++++++++++++++++ tools/terminal_tool.py | 35 +++++++++++++++++++++ 2 files changed, 86 insertions(+) diff --git a/tests/tools/test_terminal_tool.py b/tests/tools/test_terminal_tool.py index 9245d9c6b8f..b17fc332c49 100644 --- a/tests/tools/test_terminal_tool.py +++ b/tests/tools/test_terminal_tool.py @@ -104,6 +104,57 @@ def test_cached_sudo_password_isolated_by_session_key(monkeypatch): assert terminal_tool._get_cached_sudo_password() == "alpha-pass" +def test_passwordless_sudo_skips_interactive_prompt_and_rewrite(monkeypatch): + monkeypatch.delenv("SUDO_PASSWORD", raising=False) + monkeypatch.delenv("TERMINAL_ENV", raising=False) + monkeypatch.setenv("HERMES_INTERACTIVE", "1") + + def _fail_prompt(*_args, **_kwargs): + raise AssertionError( + "interactive sudo prompt should not run when sudo -n already works" + ) + + monkeypatch.setattr(terminal_tool, "_prompt_for_sudo_password", _fail_prompt) + monkeypatch.setattr(terminal_tool, "_sudo_nopasswd_works", lambda: True, raising=False) + + transformed, sudo_stdin = terminal_tool._transform_sudo_command("sudo whoami") + + assert transformed == "sudo whoami" + assert sudo_stdin is None + + +def test_passwordless_sudo_probe_rechecks_local_terminal(monkeypatch): + monkeypatch.delenv("TERMINAL_ENV", raising=False) + calls = [] + + class Result: + def __init__(self, returncode): + self.returncode = returncode + + def fake_run(args, **kwargs): + calls.append((args, kwargs)) + return Result(0 if len(calls) == 1 else 1) + + monkeypatch.setattr(terminal_tool.subprocess, "run", fake_run) + + assert terminal_tool._sudo_nopasswd_works() is True + assert terminal_tool._sudo_nopasswd_works() is False + assert len(calls) == 2 + assert calls[0][0] == ["sudo", "-n", "true"] + assert calls[1][0] == ["sudo", "-n", "true"] + + +def test_passwordless_sudo_probe_is_disabled_for_nonlocal_terminal_env(monkeypatch): + monkeypatch.setenv("TERMINAL_ENV", "docker") + + def _fail_run(*_args, **_kwargs): + raise AssertionError("host sudo probe must not run for non-local terminal envs") + + monkeypatch.setattr(terminal_tool.subprocess, "run", _fail_run) + + assert terminal_tool._sudo_nopasswd_works() is False + + def test_validate_workdir_allows_windows_drive_paths(): assert terminal_tool._validate_workdir(r"C:\Users\Alice\project") is None assert terminal_tool._validate_workdir("C:/Users/Alice/project") is None diff --git a/tools/terminal_tool.py b/tools/terminal_tool.py index f9c203fe065..b65af93fa3b 100644 --- a/tools/terminal_tool.py +++ b/tools/terminal_tool.py @@ -620,6 +620,32 @@ def _rewrite_real_sudo_invocations(command: str) -> tuple[str, bool]: return "".join(out), found +def _sudo_nopasswd_works() -> bool: + """Return True when local sudo currently works without prompting. + + Only probes for the `local` terminal backend; Docker/SSH/Modal/etc. must + not inherit the host's sudo state. Re-probes every call (no process-level + cache) so an expired sudo timestamp cannot make a later command silently + block waiting for a password. + """ + terminal_env = os.getenv("TERMINAL_ENV", "local").strip().lower() or "local" + if terminal_env != "local": + return False + + try: + probe = subprocess.run( + ["sudo", "-n", "true"], + stdin=subprocess.DEVNULL, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + timeout=3, + check=False, + ) + return probe.returncode == 0 + except Exception: + return False + + def _rewrite_compound_background(command: str) -> str: """Wrap `A && B &` (or `A || B &`) to `A && { B & }` at depth 0. @@ -833,6 +859,15 @@ def _transform_sudo_command(command: str | None) -> tuple[str | None, str | None else _get_cached_sudo_password() ) + # Local hosts with sudoers NOPASSWD should not be forced through the + # interactive Hermes password prompt or the sudo -S password-pipe path. + # Scoped to the local terminal backend so Docker/SSH/Modal/etc. can't + # inherit host sudo state. Re-probes every call (no process-lifetime + # cache) so an expired sudo timestamp doesn't make a later command block + # silently without Hermes prompting. + if not has_configured_password and not sudo_password and _sudo_nopasswd_works(): + return command, None + if not has_configured_password and not sudo_password and os.getenv("HERMES_INTERACTIVE"): sudo_password = _prompt_for_sudo_password(timeout_seconds=45) if sudo_password: From 787b5c5f934a72df349dc2522f942d26db58f18f Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:37:46 -0700 Subject: [PATCH 082/133] chore(release): map Mind-Dragon and JustinUssuri emails for AUTHOR_MAP --- scripts/release.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/release.py b/scripts/release.py index 4d93b506fba..0f563c7416a 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -94,6 +94,8 @@ AUTHOR_MAP = { "130918800+devorun@users.noreply.github.com": "devorun", "surat.s@itm.kmutnb.ac.th": "beesrsj2500", "beesr@bee.localdomain": "beesrsj2500", + "mind-dragon@nous.research": "Mind-Dragon", + "juntingpublic@gmail.com": "JustinUssuri", "mtf201013@gmail.com": "ma-pony", "sonoyuncudmr@gmail.com": "Sonoyunchu", "43525405+yatesjalex@users.noreply.github.com": "yatesjalex", From 55366510e55a9a15cbba3d7e59667d215d4b9a26 Mon Sep 17 00:00:00 2001 From: Yukipukii1 Date: Mon, 27 Apr 2026 13:55:16 +0300 Subject: [PATCH 083/133] fix(auth): make provider config writes atomic --- hermes_cli/auth.py | 6 ++-- tests/hermes_cli/test_auth_commands.py | 35 +++++++++++++++++++ .../test_model_provider_persistence.py | 26 ++++++++++++++ 3 files changed, 64 insertions(+), 3 deletions(-) diff --git a/hermes_cli/auth.py b/hermes_cli/auth.py index 586962d102e..1d77fffa92f 100644 --- a/hermes_cli/auth.py +++ b/hermes_cli/auth.py @@ -43,7 +43,7 @@ import yaml from hermes_cli.config import get_hermes_home, get_config_path, read_raw_config from hermes_constants import OPENROUTER_BASE_URL -from utils import atomic_replace, is_truthy_value +from utils import atomic_replace, atomic_yaml_write, is_truthy_value logger = logging.getLogger(__name__) @@ -3653,7 +3653,7 @@ def _update_config_for_provider( config["model"] = model_cfg - config_path.write_text(yaml.safe_dump(config, sort_keys=False)) + atomic_yaml_write(config_path, config, sort_keys=False) return config_path @@ -3712,7 +3712,7 @@ def _reset_config_provider() -> Path: model["provider"] = "auto" if "base_url" in model: model["base_url"] = OPENROUTER_BASE_URL - config_path.write_text(yaml.safe_dump(config, sort_keys=False)) + atomic_yaml_write(config_path, config, sort_keys=False) return config_path diff --git a/tests/hermes_cli/test_auth_commands.py b/tests/hermes_cli/test_auth_commands.py index 824d0608c07..50f639d08ac 100644 --- a/tests/hermes_cli/test_auth_commands.py +++ b/tests/hermes_cli/test_auth_commands.py @@ -5,8 +5,10 @@ from __future__ import annotations import base64 import json from datetime import datetime, timezone +from unittest.mock import patch import pytest +import yaml def _write_auth_store(tmp_path, payload: dict) -> None: @@ -589,6 +591,39 @@ def test_logout_clears_stale_active_codex_without_provider_credentials(tmp_path, assert "provider: auto" in config_text +def test_reset_config_provider_uses_atomic_yaml_write(tmp_path, monkeypatch): + """Logout config reset should delegate the YAML write atomically.""" + hermes_home = tmp_path / "hermes" + hermes_home.mkdir(parents=True, exist_ok=True) + monkeypatch.setenv("HERMES_HOME", str(hermes_home)) + config_path = hermes_home / "config.yaml" + original = { + "model": { + "default": "gpt-5.3-codex", + "provider": "openai-codex", + "base_url": "https://chatgpt.com/backend-api/codex", + } + } + config_path.write_text(yaml.safe_dump(original, sort_keys=False), encoding="utf-8") + original_text = config_path.read_text(encoding="utf-8") + + from hermes_cli.auth import _reset_config_provider + + def _boom(path, data, **kwargs): + assert path == config_path + assert data["model"]["provider"] == "auto" + assert data["model"]["base_url"] == "https://openrouter.ai/api/v1" + assert kwargs["sort_keys"] is False + raise OSError("simulated atomic write failure") + + with patch("hermes_cli.auth.atomic_yaml_write", side_effect=_boom) as mock_write: + with pytest.raises(OSError, match="simulated atomic write failure"): + _reset_config_provider() + + assert mock_write.call_count == 1 + assert config_path.read_text(encoding="utf-8") == original_text + + def test_auth_list_does_not_call_mutating_select(monkeypatch, capsys): from hermes_cli.auth_commands import auth_list_command diff --git a/tests/hermes_cli/test_model_provider_persistence.py b/tests/hermes_cli/test_model_provider_persistence.py index 2a827ca7ef2..8808e009b4a 100644 --- a/tests/hermes_cli/test_model_provider_persistence.py +++ b/tests/hermes_cli/test_model_provider_persistence.py @@ -71,6 +71,32 @@ class TestSaveModelChoiceAlwaysDict: class TestProviderPersistsAfterModelSave: + def test_update_config_for_provider_uses_atomic_yaml_write(self, config_home): + """Provider switches should delegate config writes to atomic_yaml_write.""" + from hermes_cli.auth import _update_config_for_provider + + config_path = config_home / "config.yaml" + original_text = config_path.read_text(encoding="utf-8") + + def _boom(path, data, **kwargs): + assert path == config_path + assert data["model"]["provider"] == "nous" + assert data["model"]["base_url"] == "https://inference.example.com/v1" + assert data["model"]["default"] == "some-old-model" + assert kwargs["sort_keys"] is False + raise OSError("simulated atomic write failure") + + with patch("hermes_cli.auth.atomic_yaml_write", side_effect=_boom) as mock_write: + with pytest.raises(OSError, match="simulated atomic write failure"): + _update_config_for_provider( + "nous", + "https://inference.example.com/v1/", + default_model="llama-3.3", + ) + + assert mock_write.call_count == 1 + assert config_path.read_text(encoding="utf-8") == original_text + def test_api_key_provider_saved_when_model_was_string(self, config_home, monkeypatch): """_model_flow_api_key_provider must persist the provider even when config.model started as a plain string.""" From 7ba1a2b3df0cc6ebb5de37ded726ca3281a04a14 Mon Sep 17 00:00:00 2001 From: simbam99 Date: Mon, 27 Apr 2026 11:07:10 +0300 Subject: [PATCH 084/133] fix(gateway): preserve assistant metadata when branching sessions --- gateway/run.py | 4 +++ .../test_session_boundary_security_state.py | 32 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/gateway/run.py b/gateway/run.py index c7ed4550017..f14e9274e20 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -8794,8 +8794,12 @@ class GatewayRunner: tool_name=msg.get("tool_name") or msg.get("name"), tool_calls=msg.get("tool_calls"), tool_call_id=msg.get("tool_call_id"), + finish_reason=msg.get("finish_reason"), reasoning=msg.get("reasoning"), reasoning_content=msg.get("reasoning_content"), + reasoning_details=msg.get("reasoning_details"), + codex_reasoning_items=msg.get("codex_reasoning_items"), + codex_message_items=msg.get("codex_message_items"), ) except Exception: pass # Best-effort copy diff --git a/tests/gateway/test_session_boundary_security_state.py b/tests/gateway/test_session_boundary_security_state.py index 00c1568de18..47cf4752755 100644 --- a/tests/gateway/test_session_boundary_security_state.py +++ b/tests/gateway/test_session_boundary_security_state.py @@ -173,6 +173,38 @@ async def test_branch_clears_session_scoped_approval_and_yolo_state(): assert other_key in runner._update_prompt_pending +@pytest.mark.asyncio +async def test_branch_preserves_persisted_assistant_metadata(): + runner, _session_key = _make_branch_runner() + runner.session_store.load_transcript.return_value = [ + {"role": "user", "content": "hello"}, + { + "role": "assistant", + "content": "world", + "finish_reason": "stop", + "reasoning": "thinking", + "reasoning_content": "provider scratchpad", + "reasoning_details": [{"type": "summary", "text": "step"}], + "codex_reasoning_items": [{"id": "r1", "type": "reasoning"}], + "codex_message_items": [{"id": "m1", "type": "message"}], + }, + ] + + result = await runner._handle_branch_command(_make_event("/branch")) + + assert "Branched to" in result + append_calls = runner._session_db.append_message.call_args_list + assert len(append_calls) == 2 + assistant_kwargs = append_calls[1].kwargs + assert assistant_kwargs["role"] == "assistant" + assert assistant_kwargs["finish_reason"] == "stop" + assert assistant_kwargs["reasoning"] == "thinking" + assert assistant_kwargs["reasoning_content"] == "provider scratchpad" + assert assistant_kwargs["reasoning_details"] == [{"type": "summary", "text": "step"}] + assert assistant_kwargs["codex_reasoning_items"] == [{"id": "r1", "type": "reasoning"}] + assert assistant_kwargs["codex_message_items"] == [{"id": "m1", "type": "message"}] + + def test_clear_session_boundary_security_state_is_scoped(): """The helper must wipe only the target session's approval/yolo state. From a94841eaa0a89bde990fe76743f1aa7ddb6866bb Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:39:43 -0700 Subject: [PATCH 085/133] fix(state): include finish_reason in conversation replay SELECT in get_messages_as_conversation() was missing finish_reason, so assistant messages round-tripped through replay (including /branch copies) silently dropped the provider's stop signal. Adds it to the SELECT, restores it on assistant rows, and locks it in with a round-trip test. --- hermes_state.py | 6 ++++-- tests/test_hermes_state.py | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/hermes_state.py b/hermes_state.py index a808b684c74..b3e00b9ff65 100644 --- a/hermes_state.py +++ b/hermes_state.py @@ -1464,8 +1464,8 @@ class SessionDB: placeholders = ",".join("?" for _ in session_ids) rows = self._conn.execute( "SELECT role, content, tool_call_id, tool_calls, tool_name, " - "reasoning, reasoning_content, reasoning_details, codex_reasoning_items, " - "codex_message_items " + "finish_reason, reasoning, reasoning_content, reasoning_details, " + "codex_reasoning_items, codex_message_items " f"FROM messages WHERE session_id IN ({placeholders}) ORDER BY timestamp, id", tuple(session_ids), ).fetchall() @@ -1490,6 +1490,8 @@ class SessionDB: # that replay reasoning (OpenRouter, OpenAI, Nous) receive # coherent multi-turn reasoning context. if row["role"] == "assistant": + if row["finish_reason"]: + msg["finish_reason"] = row["finish_reason"] if row["reasoning"]: msg["reasoning"] = row["reasoning"] if row["reasoning_content"] is not None: diff --git a/tests/test_hermes_state.py b/tests/test_hermes_state.py index a2c48366ded..806735f5dff 100644 --- a/tests/test_hermes_state.py +++ b/tests/test_hermes_state.py @@ -399,6 +399,27 @@ class TestMessageStorage: assert msg["reasoning"] == "Thinking about what to say" assert msg["reasoning_details"] == details + def test_finish_reason_restored_by_get_messages_as_conversation(self, db): + """finish_reason on assistant messages must survive conversation replay. + + Without this, /branch copies and other transcript round-trips silently + drop the provider's stop signal. + """ + db.create_session(session_id="s1", source="cli") + db.append_message( + "s1", + role="assistant", + content="Done", + finish_reason="tool_calls", + ) + db.append_message("s1", role="user", content="next") + + conv = db.get_messages_as_conversation("s1") + assert conv[0]["role"] == "assistant" + assert conv[0]["finish_reason"] == "tool_calls" + # Non-assistant rows should not have a finish_reason key added. + assert "finish_reason" not in conv[1] + def test_reasoning_content_persisted_and_restored(self, db): """reasoning_content must survive session replay as its own field.""" db.create_session(session_id="s1", source="cli") From bb706c3f38600cefdd651583220b8da1f980e3e3 Mon Sep 17 00:00:00 2001 From: johnncenae Date: Mon, 27 Apr 2026 14:58:56 +0300 Subject: [PATCH 086/133] fix(gateway): coerce tool_progress_command as a real boolean --- gateway/run.py | 10 ++++++++-- hermes_cli/commands.py | 4 +++- tests/gateway/test_verbose_command.py | 19 +++++++++++++++++++ tests/hermes_cli/test_commands.py | 15 +++++++++++++++ 4 files changed, 45 insertions(+), 3 deletions(-) diff --git a/gateway/run.py b/gateway/run.py index f14e9274e20..144bbe41d1b 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -8351,7 +8351,10 @@ class GatewayRunner: # --- check config gate ------------------------------------------------ try: user_config = _load_gateway_config() - gate_enabled = cfg_get(user_config, "display", "tool_progress_command", default=False) + gate_enabled = is_truthy_value( + cfg_get(user_config, "display", "tool_progress_command"), + default=False, + ) except Exception: gate_enabled = False @@ -11302,7 +11305,10 @@ class GatewayRunner: tool_progress_hint_gateway, ) _cfg = _load_gateway_config() - gate_on = bool(cfg_get(_cfg, "display", "tool_progress_command", default=False)) + gate_on = is_truthy_value( + cfg_get(_cfg, "display", "tool_progress_command"), + default=False, + ) if gate_on and not is_seen(_cfg, TOOL_PROGRESS_FLAG): long_tool_hint_fired[0] = True progress_queue.put(tool_progress_hint_gateway()) diff --git a/hermes_cli/commands.py b/hermes_cli/commands.py index 15e211b997f..2acffe331a4 100644 --- a/hermes_cli/commands.py +++ b/hermes_cli/commands.py @@ -19,6 +19,8 @@ from collections.abc import Callable, Mapping from dataclasses import dataclass from typing import Any +from utils import is_truthy_value + # prompt_toolkit is an optional CLI dependency — only needed for # SlashCommandCompleter and SlashCommandAutoSuggest. Gateway and test # environments that lack it must still be able to import this module @@ -371,7 +373,7 @@ def _resolve_config_gates() -> set[str]: else: val = None break - if val: + if is_truthy_value(val, default=False): result.add(cmd.name) return result diff --git a/tests/gateway/test_verbose_command.py b/tests/gateway/test_verbose_command.py index c3743e59154..d6debebae59 100644 --- a/tests/gateway/test_verbose_command.py +++ b/tests/gateway/test_verbose_command.py @@ -85,6 +85,25 @@ class TestVerboseCommand: saved = yaml.safe_load(config_path.read_text(encoding="utf-8")) assert saved["display"]["platforms"]["telegram"]["tool_progress"] == "verbose" + @pytest.mark.asyncio + async def test_quoted_false_keeps_command_disabled(self, tmp_path, monkeypatch): + """Quoted false must not enable the /verbose gateway command.""" + hermes_home = tmp_path / "hermes" + hermes_home.mkdir() + config_path = hermes_home / "config.yaml" + config_path.write_text( + 'display:\n tool_progress_command: "false"\n tool_progress: all\n', + encoding="utf-8", + ) + + monkeypatch.setattr(gateway_run, "_hermes_home", hermes_home) + + runner = _make_runner() + result = await runner._handle_verbose_command(_make_event()) + + assert "not enabled" in result.lower() + assert "tool_progress_command" in result + @pytest.mark.asyncio async def test_cycles_through_all_modes(self, tmp_path, monkeypatch): """Calling /verbose repeatedly cycles through all four modes.""" diff --git a/tests/hermes_cli/test_commands.py b/tests/hermes_cli/test_commands.py index 26bba9d58f1..adafe58c647 100644 --- a/tests/hermes_cli/test_commands.py +++ b/tests/hermes_cli/test_commands.py @@ -405,6 +405,21 @@ class TestGatewayConfigGate: joined = "\n".join(lines) assert "`/verbose" in joined + def test_config_gate_quoted_false_stays_disabled_everywhere(self, tmp_path, monkeypatch): + """Quoted false must not enable config-gated gateway commands.""" + config_file = tmp_path / "config.yaml" + config_file.write_text('display:\n tool_progress_command: "false"\n') + monkeypatch.setenv("HERMES_HOME", str(tmp_path)) + + lines = gateway_help_lines() + joined = "\n".join(lines) + names = {name for name, _ in telegram_bot_commands()} + mapping = slack_subcommand_map() + + assert "`/verbose" not in joined + assert "verbose" not in names + assert "verbose" not in mapping + def test_config_gate_excluded_from_telegram_when_off(self, tmp_path, monkeypatch): config_file = tmp_path / "config.yaml" config_file.write_text("display:\n tool_progress_command: false\n") From 27ec74c68a16d411f1184dfae45d139dda33d6d5 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:39:29 -0700 Subject: [PATCH 087/133] fix: coerce show_reasoning and guard_agent_created config bools Widens #16528 to two sibling sites that had the same quoted-boolean bug: a YAML string "false" (or "0", "no", "off") silently evaluated truthy under bool() / if-check. - gateway/run.py _load_show_reasoning: is_truthy_value wrap - tools/skill_manager_tool.py _guard_agent_created_enabled: is_truthy_value wrap - regression tests for both --- gateway/run.py | 5 ++- tests/gateway/test_reasoning_command.py | 41 +++++++++++++++++++++++++ tests/tools/test_skill_manager_tool.py | 20 ++++++++++++ tools/skill_manager_tool.py | 7 +++-- 4 files changed, 70 insertions(+), 3 deletions(-) diff --git a/gateway/run.py b/gateway/run.py index 144bbe41d1b..8c2c6478cba 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -1742,7 +1742,10 @@ class GatewayRunner: if cfg_path.exists(): with open(cfg_path, encoding="utf-8") as _f: cfg = _y.safe_load(_f) or {} - return bool(cfg_get(cfg, "display", "show_reasoning", default=False)) + return is_truthy_value( + cfg_get(cfg, "display", "show_reasoning"), + default=False, + ) except Exception: pass return False diff --git a/tests/gateway/test_reasoning_command.py b/tests/gateway/test_reasoning_command.py index 5020df30a74..f22704dedf6 100644 --- a/tests/gateway/test_reasoning_command.py +++ b/tests/gateway/test_reasoning_command.py @@ -407,3 +407,44 @@ class TestReasoningCommand: assert result["final_response"] == "ok" assert _CapturingAgent.last_init is not None assert "homeassistant" in set(_CapturingAgent.last_init["enabled_toolsets"]) + + +class TestLoadShowReasoningCoercion: + """Regression: display.show_reasoning must be coerced, not bool()'d.""" + + def _load_with_config(self, tmp_path, monkeypatch, yaml_body: str) -> bool: + hermes_home = tmp_path / "hermes" + hermes_home.mkdir() + (hermes_home / "config.yaml").write_text(yaml_body, encoding="utf-8") + monkeypatch.setattr(gateway_run, "_hermes_home", hermes_home) + return gateway_run.GatewayRunner._load_show_reasoning() + + def test_quoted_false_is_false(self, tmp_path, monkeypatch): + assert self._load_with_config( + tmp_path, monkeypatch, + 'display:\n show_reasoning: "false"\n', + ) is False + + def test_quoted_off_is_false(self, tmp_path, monkeypatch): + assert self._load_with_config( + tmp_path, monkeypatch, + 'display:\n show_reasoning: "off"\n', + ) is False + + def test_quoted_true_is_true(self, tmp_path, monkeypatch): + assert self._load_with_config( + tmp_path, monkeypatch, + 'display:\n show_reasoning: "true"\n', + ) is True + + def test_bare_true_is_true(self, tmp_path, monkeypatch): + assert self._load_with_config( + tmp_path, monkeypatch, + 'display:\n show_reasoning: true\n', + ) is True + + def test_missing_is_false(self, tmp_path, monkeypatch): + assert self._load_with_config( + tmp_path, monkeypatch, + 'display: {}\n', + ) is False diff --git a/tests/tools/test_skill_manager_tool.py b/tests/tools/test_skill_manager_tool.py index 9fc8957f1e0..00eaf51ea04 100644 --- a/tests/tools/test_skill_manager_tool.py +++ b/tests/tools/test_skill_manager_tool.py @@ -567,6 +567,26 @@ class TestSecurityScanGate: with patch("hermes_cli.config.load_config", side_effect=RuntimeError("boom")): assert _guard_agent_created_enabled() is False + def test_guard_flag_quoted_false_stays_disabled(self): + """Quoted 'false' from YAML edits must not enable the guard.""" + from tools.skill_manager_tool import _guard_agent_created_enabled + + for quoted in ("false", "False", "0", "no", "off"): + with patch("hermes_cli.config.load_config", + return_value={"skills": {"guard_agent_created": quoted}}): + assert _guard_agent_created_enabled() is False, \ + f"guard_agent_created={quoted!r} must coerce to False" + + def test_guard_flag_quoted_true_enables(self): + """Quoted truthy strings must enable the guard.""" + from tools.skill_manager_tool import _guard_agent_created_enabled + + for quoted in ("true", "True", "1", "yes", "on"): + with patch("hermes_cli.config.load_config", + return_value={"skills": {"guard_agent_created": quoted}}): + assert _guard_agent_created_enabled() is True, \ + f"guard_agent_created={quoted!r} must coerce to True" + # --------------------------------------------------------------------------- # External skills directories (skills.external_dirs) — mutations in place diff --git a/tools/skill_manager_tool.py b/tools/skill_manager_tool.py index cc8b0fed28f..e1b9a5f0555 100644 --- a/tools/skill_manager_tool.py +++ b/tools/skill_manager_tool.py @@ -42,7 +42,7 @@ from pathlib import Path from hermes_constants import get_hermes_home, display_hermes_home from typing import Dict, Any, Optional, Tuple -from utils import atomic_replace +from utils import atomic_replace, is_truthy_value from hermes_cli.config import cfg_get logger = logging.getLogger(__name__) @@ -67,7 +67,10 @@ def _guard_agent_created_enabled() -> bool: try: from hermes_cli.config import load_config cfg = load_config() - return bool(cfg_get(cfg, "skills", "guard_agent_created", default=False)) + return is_truthy_value( + cfg_get(cfg, "skills", "guard_agent_created"), + default=False, + ) except Exception: return False From 8d7500d80d1e20f963d531bb459c36c6922b2ad3 Mon Sep 17 00:00:00 2001 From: Oxidane-bot <1317078257maroon@gmail.com> Date: Thu, 30 Apr 2026 20:38:27 -0700 Subject: [PATCH 088/133] fix(gateway): snapshot callback generation after agent binds it, not before MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit _process_message_background snapshotted callback_generation from the interrupt event at the TOP of the task — before the handler ran. _hermes_run_generation is only set on the event by GatewayRunner._bind_adapter_run_generation during _handle_message_with_agent, which runs DURING the handler await. The early snapshot always captured None, which then flowed into pop_post_delivery_callback(..., generation=None) in the finally block. In pop_post_delivery_callback, generation=None with a tuple-registered entry (generation, callback) bypasses the ownership check — it pops and fires the callback regardless of which run owns it. Result: a stale run could fire a fresher run's post-delivery callback (e.g. a background-review notification attributed to the wrong turn). Fix: move the snapshot into the finally block, after the handler has run and _hermes_run_generation has been bound to the current run. Regression test added: simulates a stale handler at generation=1 and a fresher callback registered at generation=2. Pre-fix: snapshot=None → pop fires the generation=2 callback under generation=1's ownership ("newer" fires). Post-fix: snapshot=1 → pop skips the mismatched entry, callback stays in the dict for the correct run to claim. Verified: test FAILS on current main (captures "newer" in fired list), PASSES with this fix. Salvaged from PR #12565 (the callback-ownership portion only; the /status totals portion was already fixed on main in 7abc9ce4d via #17158). Co-authored-by: Oxidane-bot <1317078257maroon@gmail.com> --- gateway/platforms/base.py | 16 ++++++- scripts/release.py | 2 + tests/gateway/test_status_command.py | 65 ++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+), 2 deletions(-) diff --git a/gateway/platforms/base.py b/gateway/platforms/base.py index 3575220575c..9f53042395a 100644 --- a/gateway/platforms/base.py +++ b/gateway/platforms/base.py @@ -2521,7 +2521,6 @@ class BasePlatformAdapter(ABC): # Fall back to a new Event only if the entry was removed externally. interrupt_event = self._active_sessions.get(session_key) or asyncio.Event() self._active_sessions[session_key] = interrupt_event - callback_generation = getattr(interrupt_event, "_hermes_run_generation", None) # Start continuous typing indicator (refreshes every 2 seconds) _thread_metadata = {"thread_id": event.source.thread_id} if event.source.thread_id else None @@ -2820,7 +2819,20 @@ class BasePlatformAdapter(ABC): finally: # Fire any one-shot post-delivery callback registered for this # session (e.g. deferred background-review notifications). - _callback_generation = callback_generation + # + # Snapshot the callback generation HERE (after the agent has run), + # not at the top of this task. _hermes_run_generation is set on + # the interrupt event by GatewayRunner._bind_adapter_run_generation + # during _handle_message_with_agent — which happens DURING the + # self._message_handler(event) await above. Snapshotting earlier + # always captured None, which bypassed the generation-ownership + # check in pop_post_delivery_callback and let stale runs fire a + # fresher run's callbacks. + _callback_generation = getattr( + interrupt_event, + "_hermes_run_generation", + None, + ) if hasattr(self, "pop_post_delivery_callback"): _post_cb = self.pop_post_delivery_callback( session_key, diff --git a/scripts/release.py b/scripts/release.py index 0f563c7416a..ee6a65d757d 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -298,6 +298,7 @@ AUTHOR_MAP = { "154585401+LeonSGP43@users.noreply.github.com": "LeonSGP43", "12250313+Kailigithub@users.noreply.github.com": "Kailigithub", "mgparkprint@gmail.com": "vlwkaos", + "1317078257maroon@gmail.com": "Oxidane-bot", "tranquil_flow@protonmail.com": "Tranquil-Flow", "LyleLengyel@gmail.com": "mcndjxlefnd", "wangshengyang2004@163.com": "Wangshengyang2004", @@ -455,6 +456,7 @@ AUTHOR_MAP = { "taosiyuan163@153.com": "taosiyuan163", "tesseracttars@gmail.com": "tesseracttars-creator", "tianliangjay@gmail.com": "xingkongliang", + "1317078257maroon@gmail.com": "Oxidane-bot", "tranquil_flow@protonmail.com": "Tranquil-Flow", "LyleLengyel@gmail.com": "mcndjxlefnd", "unayung@gmail.com": "Unayung", diff --git a/tests/gateway/test_status_command.py b/tests/gateway/test_status_command.py index 20e45fb4f08..d8504370a5f 100644 --- a/tests/gateway/test_status_command.py +++ b/tests/gateway/test_status_command.py @@ -568,3 +568,68 @@ async def test_profile_command_reports_custom_root_profile(monkeypatch, tmp_path assert "**Profile:** `coder`" in result assert f"**Home:** `{profile_home}`" in result + + +@pytest.mark.asyncio +async def test_post_delivery_callback_generation_snapshot_happens_after_bind(): + """Regression: the callback_generation snapshot in _process_message_background + must happen AFTER the handler runs, not before. + + _hermes_run_generation is set on the interrupt event by + GatewayRunner._bind_adapter_run_generation during _handle_message_with_agent. + The earlier snapshot-at-task-start always captured None, which bypassed the + generation-ownership check in pop_post_delivery_callback and let stale runs + fire a fresher run's callbacks. + """ + import asyncio + from gateway.platforms.base import BasePlatformAdapter + + source = _make_source() + session_key = build_session_key(source) + fired = [] + + class _ConcreteAdapter(BasePlatformAdapter): + platform = Platform.TELEGRAM + + async def connect(self): pass + async def disconnect(self): pass + async def send(self, chat_id, content, **kwargs): pass + async def get_chat_info(self, chat_id): return {} + + adapter = _ConcreteAdapter( + PlatformConfig(enabled=True, token="***"), Platform.TELEGRAM + ) + + async def fake_handler(event): + # Simulate what _bind_adapter_run_generation does mid-run. + interrupt_event = adapter._active_sessions.get(session_key) + setattr(interrupt_event, "_hermes_run_generation", 1) + # Stale run registers its callback at generation=1. + adapter.register_post_delivery_callback( + session_key, + lambda: fired.append("older"), + generation=1, + ) + # A fresher run overwrites with generation=2 (different dict entry). + adapter.register_post_delivery_callback( + session_key, + lambda: fired.append("newer"), + generation=2, + ) + return None + + adapter.set_message_handler(fake_handler) + event = MessageEvent(text="hello", source=source, message_id="m1") + + await adapter.handle_message(event) + tasks = list(adapter._background_tasks) + assert tasks, "expected background task to be created" + await asyncio.gather(*tasks) + + # The stale run (generation=1) must NOT fire the fresher run's callback + # (generation=2). With the pre-fix code, callback_generation was snapshotted + # as None before the handler ran, bypassing the ownership check and firing + # "newer" anyway. + assert fired == [] + assert session_key in adapter._post_delivery_callbacks + assert adapter._post_delivery_callbacks[session_key][0] == 2 From c23c7c994bf8b77c513b7c3fb4a68774970e47ac Mon Sep 17 00:00:00 2001 From: Austin Pickett Date: Thu, 30 Apr 2026 23:41:19 -0400 Subject: [PATCH 089/133] =?UTF-8?q?fix(tui):=20address=20remaining=20revie?= =?UTF-8?q?w=20feedback=20=E2=80=94=20ordering=20and=20digit=20shortcuts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Emit providers in CANONICAL_PROVIDERS order (matching hermes model) with user-defined/custom providers appended after - Remove digit quick-select (1-9,0) handler — inconsistent with absolute row numbering and already removed from hint text - Remove unused windowOffset import --- tui_gateway/server.py | 62 +++++++++++++++------------ ui-tui/src/components/modelPicker.tsx | 20 +-------- 2 files changed, 36 insertions(+), 46 deletions(-) diff --git a/tui_gateway/server.py b/tui_gateway/server.py index 3e7176f9f05..7dad4e76399 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -4736,43 +4736,51 @@ def _(rid, params: dict) -> dict: max_models=50, ) - # Mark authenticated providers and build lookup - authed_slugs = set() + # Mark authenticated providers and build lookup by slug + authed_map: dict = {} + authed_extra: list = [] # user-defined/custom not in CANONICAL_PROVIDERS + canonical_slugs = {e.slug for e in CANONICAL_PROVIDERS} for p in authenticated: p["authenticated"] = True - authed_slugs.add(p["slug"]) + authed_map[p["slug"]] = p + if p["slug"] not in canonical_slugs: + authed_extra.append(p) - # Add unauthenticated canonical providers so the picker shows all - # options (matching `hermes model` behaviour). + # Build final list in CANONICAL_PROVIDERS order, merging auth data from hermes_cli.auth import PROVIDER_REGISTRY as _auth_reg + ordered: list = [] for entry in CANONICAL_PROVIDERS: - if entry.slug in authed_slugs: - continue - pconfig = _auth_reg.get(entry.slug) - auth_type = pconfig.auth_type if pconfig else "api_key" - key_env = pconfig.api_key_env_vars[0] if (pconfig and pconfig.api_key_env_vars) else "" - if auth_type == "api_key" and key_env: - warning = f"paste {key_env} to activate" + if entry.slug in authed_map: + ordered.append(authed_map[entry.slug]) else: - warning = f"run `hermes model` to configure ({auth_type})" - authenticated.append({ - "slug": entry.slug, - "name": _PROVIDER_LABELS.get(entry.slug, entry.label), - "is_current": entry.slug == current_provider, - "is_user_defined": False, - "models": [], - "total_models": 0, - "source": "built-in", - "authenticated": False, - "auth_type": auth_type, - "key_env": key_env, - "warning": warning, - }) + pconfig = _auth_reg.get(entry.slug) + auth_type = pconfig.auth_type if pconfig else "api_key" + key_env = pconfig.api_key_env_vars[0] if (pconfig and pconfig.api_key_env_vars) else "" + if auth_type == "api_key" and key_env: + warning = f"paste {key_env} to activate" + else: + warning = f"run `hermes model` to configure ({auth_type})" + ordered.append({ + "slug": entry.slug, + "name": _PROVIDER_LABELS.get(entry.slug, entry.label), + "is_current": entry.slug == current_provider, + "is_user_defined": False, + "models": [], + "total_models": 0, + "source": "built-in", + "authenticated": False, + "auth_type": auth_type, + "key_env": key_env, + "warning": warning, + }) + + # Append user-defined/custom providers not in canonical list + ordered.extend(authed_extra) return _ok( rid, { - "providers": authenticated, + "providers": ordered, "model": current_model, "provider": current_provider, }, diff --git a/ui-tui/src/components/modelPicker.tsx b/ui-tui/src/components/modelPicker.tsx index 2b3fec0384b..45c9bc4cdac 100644 --- a/ui-tui/src/components/modelPicker.tsx +++ b/ui-tui/src/components/modelPicker.tsx @@ -8,7 +8,7 @@ import type { ModelOptionProvider, ModelOptionsResponse } from '../gatewayTypes. import { asRpcResult, rpcErrorMessage } from '../lib/rpc.js' import type { Theme } from '../theme.js' -import { OverlayHint, useOverlayKeys, windowItems, windowOffset } from './overlayControls.js' +import { OverlayHint, useOverlayKeys, windowItems } from './overlayControls.js' const VISIBLE = 12 const MIN_WIDTH = 40 @@ -264,24 +264,6 @@ export function ModelPicker({ gw, onCancel, onSelect, sessionId, t }: ModelPicke return } - - const n = ch === '0' ? 10 : parseInt(ch, 10) - - if (!Number.isNaN(n) && n >= 1 && n <= Math.min(10, count)) { - const offset = windowOffset(count, sel, VISIBLE) - - if (stage === 'provider') { - const next = offset + n - 1 - - if (providers[next]) { - setProviderIdx(next) - } - } else if (provider && models[offset + n - 1]) { - onSelect( - `${models[offset + n - 1]} --provider ${provider.slug}${persistGlobal ? ' --global' : ` ${TUI_SESSION_MODEL_FLAG}`}` - ) - } - } }) if (loading) { From 58b89965c8c4489db817be737eb4e458df0a8e06 Mon Sep 17 00:00:00 2001 From: Mind-Dragon Date: Mon, 27 Apr 2026 16:29:19 +0200 Subject: [PATCH 090/133] fix(agent): add tool-call loop guardrails --- agent/display.py | 26 +- agent/tool_guardrails.py | 381 ++++++++++++++++++ run_agent.py | 301 ++++++++++---- tests/agent/test_tool_guardrails.py | 142 +++++++ .../test_tool_call_guardrail_runtime.py | 202 ++++++++++ 5 files changed, 944 insertions(+), 108 deletions(-) create mode 100644 agent/tool_guardrails.py create mode 100644 tests/agent/test_tool_guardrails.py create mode 100644 tests/run_agent/test_tool_call_guardrail_runtime.py diff --git a/agent/display.py b/agent/display.py index 474595d76c0..43b35ed3018 100644 --- a/agent/display.py +++ b/agent/display.py @@ -14,6 +14,7 @@ from difflib import unified_diff from pathlib import Path from utils import safe_json_loads +from agent.tool_guardrails import classify_tool_failure # ANSI escape codes for coloring tool failure indicators _RED = "\033[31m" @@ -808,30 +809,7 @@ def _detect_tool_failure(tool_name: str, result: str | None) -> tuple[bool, str] like ``" [exit 1]"`` for terminal failures, or ``" [error]"`` for generic failures. On success, returns ``(False, "")``. """ - if result is None: - return False, "" - - if tool_name == "terminal": - data = safe_json_loads(result) - if isinstance(data, dict): - exit_code = data.get("exit_code") - if exit_code is not None and exit_code != 0: - return True, f" [exit {exit_code}]" - return False, "" - - # Memory-specific: distinguish "full" from real errors - if tool_name == "memory": - data = safe_json_loads(result) - if isinstance(data, dict): - if data.get("success") is False and "exceed the limit" in data.get("error", ""): - return True, " [full]" - - # Generic heuristic for non-terminal tools - lower = result[:500].lower() - if '"error"' in lower or '"failed"' in lower or result.startswith("Error"): - return True, " [error]" - - return False, "" + return classify_tool_failure(tool_name, result) def get_cute_tool_message( diff --git a/agent/tool_guardrails.py b/agent/tool_guardrails.py new file mode 100644 index 00000000000..c8a7aa009a4 --- /dev/null +++ b/agent/tool_guardrails.py @@ -0,0 +1,381 @@ +"""Pure tool-call loop guardrail primitives. + +The controller in this module is intentionally side-effect free: it tracks +per-turn tool-call observations and returns decisions. Runtime code owns whether +those decisions become synthetic tool results or controlled turn halts. +""" + +from __future__ import annotations + +import hashlib +import json +from dataclasses import dataclass, field +from typing import Any, Mapping + +from utils import safe_json_loads + + +IDEMPOTENT_TOOL_NAMES = frozenset( + { + "read_file", + "search_files", + "web_search", + "web_extract", + "session_search", + "browser_snapshot", + "browser_console", + "browser_get_images", + "mcp_filesystem_read_file", + "mcp_filesystem_read_text_file", + "mcp_filesystem_read_multiple_files", + "mcp_filesystem_list_directory", + "mcp_filesystem_list_directory_with_sizes", + "mcp_filesystem_directory_tree", + "mcp_filesystem_get_file_info", + "mcp_filesystem_search_files", + } +) + +MUTATING_TOOL_NAMES = frozenset( + { + "terminal", + "execute_code", + "write_file", + "patch", + "todo", + "memory", + "skill_manage", + "browser_click", + "browser_type", + "browser_press", + "browser_scroll", + "browser_navigate", + "send_message", + "cronjob", + "delegate_task", + "process", + } +) + + +@dataclass(frozen=True) +class ToolCallGuardrailConfig: + """Thresholds for per-turn tool-call loop detection.""" + + exact_failure_warn_after: int = 2 + exact_failure_block_after: int = 2 + same_tool_failure_warn_after: int = 3 + same_tool_failure_halt_after: int = 5 + no_progress_warn_after: int = 2 + no_progress_block_after: int = 2 + idempotent_tools: frozenset[str] = field(default_factory=lambda: IDEMPOTENT_TOOL_NAMES) + mutating_tools: frozenset[str] = field(default_factory=lambda: MUTATING_TOOL_NAMES) + + +@dataclass(frozen=True) +class ToolCallSignature: + """Stable, non-reversible identity for a tool name plus canonical args.""" + + tool_name: str + args_hash: str + + @classmethod + def from_call(cls, tool_name: str, args: Mapping[str, Any] | None) -> "ToolCallSignature": + canonical = canonical_tool_args(args or {}) + return cls(tool_name=tool_name, args_hash=_sha256(canonical)) + + def to_metadata(self) -> dict[str, str]: + """Return public metadata without raw argument values.""" + return {"tool_name": self.tool_name, "args_hash": self.args_hash} + + +@dataclass(frozen=True) +class ToolGuardrailDecision: + """Decision returned by the tool-call guardrail controller.""" + + action: str = "allow" # allow | warn | block | halt + code: str = "allow" + message: str = "" + tool_name: str = "" + count: int = 0 + signature: ToolCallSignature | None = None + + @property + def allows_execution(self) -> bool: + return self.action in {"allow", "warn"} + + @property + def should_halt(self) -> bool: + return self.action in {"block", "halt"} + + def to_metadata(self) -> dict[str, Any]: + data: dict[str, Any] = { + "action": self.action, + "code": self.code, + "message": self.message, + "tool_name": self.tool_name, + "count": self.count, + } + if self.signature is not None: + data["signature"] = self.signature.to_metadata() + return data + + +def canonical_tool_args(args: Mapping[str, Any]) -> str: + """Return sorted compact JSON for parsed tool arguments.""" + if not isinstance(args, Mapping): + raise TypeError(f"tool args must be a mapping, got {type(args).__name__}") + return json.dumps( + args, + ensure_ascii=False, + sort_keys=True, + separators=(",", ":"), + default=str, + ) + + +def classify_tool_failure(tool_name: str, result: str | None) -> tuple[bool, str]: + """Classify a tool result using shared display/runtime semantics.""" + if result is None: + return False, "" + + if tool_name == "terminal": + data = safe_json_loads(result) + if isinstance(data, dict): + exit_code = data.get("exit_code") + if exit_code is not None and exit_code != 0: + return True, f" [exit {exit_code}]" + if data.get("success") is False or data.get("failed") is True: + return True, " [error]" + error = data.get("error") + if error is not None and error != "": + return True, " [error]" + return False, "" + + data = safe_json_loads(result) + if isinstance(data, dict): + if tool_name == "memory": + error = data.get("error", "") + if data.get("success") is False and isinstance(error, str) and "exceed the limit" in error: + return True, " [full]" + if data.get("success") is False or data.get("failed") is True: + return True, " [error]" + error = data.get("error") + if error is not None and error != "": + return True, " [error]" + return False, "" + + lower = result[:500].lower() + if "traceback" in lower or lower.startswith("error:"): + return True, " [error]" + if '"error"' in lower or '"failed"' in lower or result.startswith("Error"): + return True, " [error]" + return False, "" + + +class ToolCallGuardrailController: + """Per-turn controller for repeated failed/non-progressing tool calls.""" + + def __init__(self, config: ToolCallGuardrailConfig | None = None): + self.config = config or ToolCallGuardrailConfig() + self.reset_for_turn() + + def reset_for_turn(self) -> None: + self._exact_failure_counts: dict[ToolCallSignature, int] = {} + self._same_tool_failure_counts: dict[str, int] = {} + self._no_progress: dict[ToolCallSignature, tuple[str, int]] = {} + self._halt_decision: ToolGuardrailDecision | None = None + + @property + def halt_decision(self) -> ToolGuardrailDecision | None: + return self._halt_decision + + def before_call(self, tool_name: str, args: Mapping[str, Any] | None) -> ToolGuardrailDecision: + signature = ToolCallSignature.from_call(tool_name, _coerce_args(args)) + + exact_count = self._exact_failure_counts.get(signature, 0) + if exact_count >= self.config.exact_failure_block_after: + decision = ToolGuardrailDecision( + action="block", + code="repeated_exact_failure_block", + message=( + f"Blocked {tool_name}: the same tool call failed {exact_count} " + "times with identical arguments. Stop retrying it unchanged; " + "change strategy or explain the blocker." + ), + tool_name=tool_name, + count=exact_count, + signature=signature, + ) + self._halt_decision = decision + return decision + + if self._is_idempotent(tool_name): + record = self._no_progress.get(signature) + if record is not None: + _result_hash, repeat_count = record + if repeat_count >= self.config.no_progress_block_after: + decision = ToolGuardrailDecision( + action="block", + code="idempotent_no_progress_block", + message=( + f"Blocked {tool_name}: this read-only call returned the same " + f"result {repeat_count} times. Stop repeating it unchanged; " + "use the result already provided or try a different query." + ), + tool_name=tool_name, + count=repeat_count, + signature=signature, + ) + self._halt_decision = decision + return decision + + return ToolGuardrailDecision(tool_name=tool_name, signature=signature) + + def after_call( + self, + tool_name: str, + args: Mapping[str, Any] | None, + result: str | None, + *, + failed: bool | None = None, + ) -> ToolGuardrailDecision: + args = _coerce_args(args) + signature = ToolCallSignature.from_call(tool_name, args) + if failed is None: + failed, _ = classify_tool_failure(tool_name, result) + + if failed: + exact_count = self._exact_failure_counts.get(signature, 0) + 1 + self._exact_failure_counts[signature] = exact_count + self._no_progress.pop(signature, None) + + same_count = self._same_tool_failure_counts.get(tool_name, 0) + 1 + self._same_tool_failure_counts[tool_name] = same_count + + if same_count >= self.config.same_tool_failure_halt_after: + decision = ToolGuardrailDecision( + action="halt", + code="same_tool_failure_halt", + message=( + f"Stopped {tool_name}: it failed {same_count} times this turn. " + "Stop retrying the same failing tool path and choose a different approach." + ), + tool_name=tool_name, + count=same_count, + signature=signature, + ) + self._halt_decision = decision + return decision + + if exact_count >= self.config.exact_failure_warn_after: + return ToolGuardrailDecision( + action="warn", + code="repeated_exact_failure_warning", + message=( + f"Tool guardrail: {tool_name} has failed {exact_count} times " + "with identical arguments. Do not retry it unchanged; inspect the " + "error and change strategy." + ), + tool_name=tool_name, + count=exact_count, + signature=signature, + ) + + if same_count >= self.config.same_tool_failure_warn_after: + return ToolGuardrailDecision( + action="warn", + code="same_tool_failure_warning", + message=( + f"Tool guardrail: {tool_name} has failed {same_count} times " + "this turn. Change approach before retrying." + ), + tool_name=tool_name, + count=same_count, + signature=signature, + ) + + return ToolGuardrailDecision(tool_name=tool_name, count=exact_count, signature=signature) + + self._exact_failure_counts.pop(signature, None) + self._same_tool_failure_counts.pop(tool_name, None) + + if not self._is_idempotent(tool_name): + self._no_progress.pop(signature, None) + return ToolGuardrailDecision(tool_name=tool_name, signature=signature) + + result_hash = _result_hash(result) + previous = self._no_progress.get(signature) + repeat_count = 1 + if previous is not None and previous[0] == result_hash: + repeat_count = previous[1] + 1 + self._no_progress[signature] = (result_hash, repeat_count) + + if repeat_count >= self.config.no_progress_warn_after: + return ToolGuardrailDecision( + action="warn", + code="idempotent_no_progress_warning", + message=( + f"Tool guardrail: {tool_name} returned the same result " + f"{repeat_count} times. Use the result or change the query instead " + "of repeating it unchanged." + ), + tool_name=tool_name, + count=repeat_count, + signature=signature, + ) + + return ToolGuardrailDecision(tool_name=tool_name, count=repeat_count, signature=signature) + + def _is_idempotent(self, tool_name: str) -> bool: + if tool_name in self.config.mutating_tools: + return False + return tool_name in self.config.idempotent_tools + + +def toolguard_synthetic_result(decision: ToolGuardrailDecision) -> str: + """Build a synthetic role=tool content string for a blocked tool call.""" + return json.dumps( + { + "error": decision.message, + "guardrail": decision.to_metadata(), + }, + ensure_ascii=False, + ) + + +def append_toolguard_guidance(result: str, decision: ToolGuardrailDecision) -> str: + """Append runtime guidance to the current tool result content.""" + if decision.action not in {"warn", "halt"} or not decision.message: + return result + suffix = ( + "\n\n[Tool guardrail: " + f"{decision.code}; count={decision.count}; {decision.message}]" + ) + return (result or "") + suffix + + +def _coerce_args(args: Mapping[str, Any] | None) -> Mapping[str, Any]: + return args if isinstance(args, Mapping) else {} + + +def _result_hash(result: str | None) -> str: + parsed = safe_json_loads(result or "") + if parsed is not None: + try: + canonical = json.dumps( + parsed, + ensure_ascii=False, + sort_keys=True, + separators=(",", ":"), + default=str, + ) + except TypeError: + canonical = str(parsed) + else: + canonical = result or "" + return _sha256(canonical) + + +def _sha256(value: str) -> str: + return hashlib.sha256(value.encode("utf-8")).hexdigest() diff --git a/run_agent.py b/run_agent.py index 2645a14a607..20b396f01ef 100644 --- a/run_agent.py +++ b/run_agent.py @@ -162,6 +162,12 @@ from agent.display import ( _detect_tool_failure, get_tool_emoji as _get_tool_emoji, ) +from agent.tool_guardrails import ( + ToolCallGuardrailController, + ToolGuardrailDecision, + append_toolguard_guidance, + toolguard_synthetic_result, +) from agent.trajectory import ( convert_scratchpad_to_think, has_incomplete_scratchpad, save_trajectory as _save_trajectory_to_file, @@ -1150,6 +1156,8 @@ class AIAgent: # Tool execution state — allows _vprint during tool execution # even when stream consumers are registered (no tokens streaming then) self._executing_tools = False + self._tool_guardrails = ToolCallGuardrailController() + self._tool_guardrail_halt_decision: ToolGuardrailDecision | None = None # Interrupt mechanism for breaking out of tool loops self._interrupt_requested = False @@ -9107,6 +9115,44 @@ class AIAgent: ) return compressed, new_system_prompt + def _set_tool_guardrail_halt(self, decision: ToolGuardrailDecision) -> None: + """Record the first guardrail decision that should stop this turn.""" + if decision.should_halt and self._tool_guardrail_halt_decision is None: + self._tool_guardrail_halt_decision = decision + + def _toolguard_controlled_halt_response(self, decision: ToolGuardrailDecision) -> str: + tool = decision.tool_name or "a tool" + return ( + f"I stopped retrying {tool} because it hit the tool-call guardrail " + f"({decision.code}) after {decision.count} repeated non-progressing " + "attempts. The last tool result explains the blocker; the next step is " + "to change strategy instead of repeating the same call." + ) + + def _append_guardrail_observation( + self, + tool_name: str, + function_args: dict, + function_result: str, + *, + failed: bool, + ) -> str: + decision = self._tool_guardrails.after_call( + tool_name, + function_args, + function_result, + failed=failed, + ) + if decision.action in {"warn", "halt"}: + function_result = append_toolguard_guidance(function_result, decision) + if decision.should_halt: + self._set_tool_guardrail_halt(decision) + return function_result + + def _guardrail_block_result(self, decision: ToolGuardrailDecision) -> str: + self._set_tool_guardrail_halt(decision) + return toolguard_synthetic_result(decision) + def _execute_tool_calls(self, assistant_message, messages: list, effective_task_id: str, api_call_count: int = 0) -> None: """Execute tool calls from the assistant message and append results to messages. @@ -9150,7 +9196,8 @@ class AIAgent: ) def _invoke_tool(self, function_name: str, function_args: dict, effective_task_id: str, - tool_call_id: Optional[str] = None, messages: list = None) -> str: + tool_call_id: Optional[str] = None, messages: list = None, + pre_tool_block_checked: bool = False) -> str: """Invoke a single tool and return the result string. No display logic. Handles both agent-level tools (todo, memory, etc.) and registry-dispatched @@ -9159,13 +9206,14 @@ class AIAgent: """ # Check plugin hooks for a block directive before executing anything. block_message: Optional[str] = None - try: - from hermes_cli.plugins import get_pre_tool_call_block_message - block_message = get_pre_tool_call_block_message( - function_name, function_args, task_id=effective_task_id or "", - ) - except Exception: - pass + if not pre_tool_block_checked: + try: + from hermes_cli.plugins import get_pre_tool_call_block_message + block_message = get_pre_tool_call_block_message( + function_name, function_args, task_id=effective_task_id or "", + ) + except Exception: + pass if block_message is not None: return json.dumps({"error": block_message}, ensure_ascii=False) @@ -9317,13 +9365,31 @@ class AIAgent: except Exception: pass - parsed_calls.append((tool_call, function_name, function_args)) + block_result = None + blocked_by_guardrail = False + try: + from hermes_cli.plugins import get_pre_tool_call_block_message + block_message = get_pre_tool_call_block_message( + function_name, function_args, task_id=effective_task_id or "", + ) + except Exception: + block_message = None + + if block_message is not None: + block_result = json.dumps({"error": block_message}, ensure_ascii=False) + else: + guardrail_decision = self._tool_guardrails.before_call(function_name, function_args) + if not guardrail_decision.allows_execution: + block_result = self._guardrail_block_result(guardrail_decision) + blocked_by_guardrail = True + + parsed_calls.append((tool_call, function_name, function_args, block_result, blocked_by_guardrail)) # ── Logging / callbacks ────────────────────────────────────────── - tool_names_str = ", ".join(name for _, name, _ in parsed_calls) + tool_names_str = ", ".join(name for _, name, _, _, _ in parsed_calls) if not self.quiet_mode: print(f" ⚡ Concurrent: {num_tools} tool calls — {tool_names_str}") - for i, (tc, name, args) in enumerate(parsed_calls, 1): + for i, (tc, name, args, block_result, blocked_by_guardrail) in enumerate(parsed_calls, 1): args_str = json.dumps(args, ensure_ascii=False) if self.verbose_logging: print(f" 📞 Tool {i}: {name}({list(args.keys())})") @@ -9332,7 +9398,9 @@ class AIAgent: args_preview = args_str[:self.log_prefix_chars] + "..." if len(args_str) > self.log_prefix_chars else args_str print(f" 📞 Tool {i}: {name}({list(args.keys())}) - {args_preview}") - for tc, name, args in parsed_calls: + for tc, name, args, block_result, blocked_by_guardrail in parsed_calls: + if block_result is not None: + continue if self.tool_progress_callback: try: preview = _build_tool_preview(name, args) @@ -9340,7 +9408,9 @@ class AIAgent: except Exception as cb_err: logging.debug(f"Tool progress callback error: {cb_err}") - for tc, name, args in parsed_calls: + for tc, name, args, block_result, blocked_by_guardrail in parsed_calls: + if block_result is not None: + continue if self.tool_start_callback: try: self.tool_start_callback(tc.id, name, args) @@ -9348,8 +9418,11 @@ class AIAgent: logging.debug(f"Tool start callback error: {cb_err}") # ── Concurrent execution ───────────────────────────────────────── - # Each slot holds (function_name, function_args, function_result, duration, error_flag) + # Each slot holds (function_name, function_args, function_result, duration, error_flag, blocked_flag) results = [None] * num_tools + for i, (tc, name, args, block_result, blocked_by_guardrail) in enumerate(parsed_calls): + if block_result is not None: + results[i] = (name, args, block_result, 0.0, True, True) # Touch activity before launching workers so the gateway knows # we're executing tools (not stuck). @@ -9404,7 +9477,14 @@ class AIAgent: pass start = time.time() try: - result = self._invoke_tool(function_name, function_args, effective_task_id, tool_call.id, messages=messages) + result = self._invoke_tool( + function_name, + function_args, + effective_task_id, + tool_call.id, + messages=messages, + pre_tool_block_checked=True, + ) except Exception as tool_error: result = f"Error executing tool '{function_name}': {tool_error}" logger.error("_invoke_tool raised for %s: %s", function_name, tool_error, exc_info=True) @@ -9414,7 +9494,7 @@ class AIAgent: logger.info("tool %s failed (%.2fs): %s", function_name, duration, result[:200]) else: logger.info("tool %s completed (%.2fs, %d chars)", function_name, duration, len(result)) - results[index] = (function_name, function_args, result, duration, is_error) + results[index] = (function_name, function_args, result, duration, is_error, False) # Tear down worker-tid tracking. Clear any interrupt bit we may # have set so the next task scheduled onto this recycled tid # starts with a clean slate. @@ -9440,61 +9520,67 @@ class AIAgent: spinner.start() try: - max_workers = min(num_tools, _MAX_TOOL_WORKERS) - with concurrent.futures.ThreadPoolExecutor(max_workers=max_workers) as executor: - futures = [] - for i, (tc, name, args) in enumerate(parsed_calls): - # Propagate ContextVars (e.g. _approval_session_key); mirrors asyncio.to_thread. - ctx = contextvars.copy_context() - f = executor.submit(ctx.run, _run_tool, i, tc, name, args) - futures.append(f) + runnable_calls = [ + (i, tc, name, args) + for i, (tc, name, args, block_result, blocked_by_guardrail) in enumerate(parsed_calls) + if block_result is None + ] + futures = [] + if runnable_calls: + max_workers = min(len(runnable_calls), _MAX_TOOL_WORKERS) + with concurrent.futures.ThreadPoolExecutor(max_workers=max_workers) as executor: + for i, tc, name, args in runnable_calls: + # Propagate ContextVars (e.g. _approval_session_key); mirrors asyncio.to_thread. + ctx = contextvars.copy_context() + f = executor.submit(ctx.run, _run_tool, i, tc, name, args) + futures.append(f) - # Wait for all to complete with periodic heartbeats so the - # gateway's inactivity monitor doesn't kill us during long - # concurrent tool batches. Also check for user interrupts - # so we don't block indefinitely when the user sends /stop - # or a new message during concurrent tool execution. - _conc_start = time.time() - _interrupt_logged = False - while True: - done, not_done = concurrent.futures.wait( - futures, timeout=5.0, - ) - if not not_done: - break - - # Check for interrupt — the per-thread interrupt signal - # already causes individual tools (terminal, execute_code) - # to abort, but tools without interrupt checks (web_search, - # read_file) will run to completion. Cancel any futures - # that haven't started yet so we don't block on them. - if self._interrupt_requested: - if not _interrupt_logged: - _interrupt_logged = True - self._vprint( - f"{self.log_prefix}⚡ Interrupt: cancelling " - f"{len(not_done)} pending concurrent tool(s)", - force=True, - ) - for f in not_done: - f.cancel() - # Give already-running tools a moment to notice the - # per-thread interrupt signal and exit gracefully. - concurrent.futures.wait(not_done, timeout=3.0) - break - - _conc_elapsed = int(time.time() - _conc_start) - # Heartbeat every ~30s (6 × 5s poll intervals) - if _conc_elapsed > 0 and _conc_elapsed % 30 < 6: - _still_running = [ - parsed_calls[futures.index(f)][1] - for f in not_done - if f in futures - ] - self._touch_activity( - f"concurrent tools running ({_conc_elapsed}s, " - f"{len(not_done)} remaining: {', '.join(_still_running[:3])})" + # Wait for all to complete with periodic heartbeats so the + # gateway's inactivity monitor doesn't kill us during long + # concurrent tool batches. Also check for user interrupts + # so we don't block indefinitely when the user sends /stop + # or a new message during concurrent tool execution. + _conc_start = time.time() + _interrupt_logged = False + while True: + done, not_done = concurrent.futures.wait( + futures, timeout=5.0, ) + if not not_done: + break + + # Check for interrupt — the per-thread interrupt signal + # already causes individual tools (terminal, execute_code) + # to abort, but tools without interrupt checks (web_search, + # read_file) will run to completion. Cancel any futures + # that haven't started yet so we don't block on them. + if self._interrupt_requested: + if not _interrupt_logged: + _interrupt_logged = True + self._vprint( + f"{self.log_prefix}⚡ Interrupt: cancelling " + f"{len(not_done)} pending concurrent tool(s)", + force=True, + ) + for f in not_done: + f.cancel() + # Give already-running tools a moment to notice the + # per-thread interrupt signal and exit gracefully. + concurrent.futures.wait(not_done, timeout=3.0) + break + + _conc_elapsed = int(time.time() - _conc_start) + # Heartbeat every ~30s (6 × 5s poll intervals) + if _conc_elapsed > 0 and _conc_elapsed % 30 < 6: + _still_running = [ + parsed_calls[futures.index(f)][1] + for f in not_done + if f in futures + ] + self._touch_activity( + f"concurrent tools running ({_conc_elapsed}s, " + f"{len(not_done)} remaining: {', '.join(_still_running[:3])})" + ) finally: if spinner: # Build a summary message for the spinner stop @@ -9503,8 +9589,9 @@ class AIAgent: spinner.stop(f"⚡ {completed}/{num_tools} tools completed in {total_dur:.1f}s total") # ── Post-execution: display per-tool results ───────────────────── - for i, (tc, name, args) in enumerate(parsed_calls): + for i, (tc, name, args, block_result, blocked_by_guardrail) in enumerate(parsed_calls): r = results[i] + blocked = False if r is None: # Tool was cancelled (interrupt) or thread didn't return if self._interrupt_requested: @@ -9513,13 +9600,21 @@ class AIAgent: function_result = f"Error executing tool '{name}': thread did not return a result" tool_duration = 0.0 else: - function_name, function_args, function_result, tool_duration, is_error = r + function_name, function_args, function_result, tool_duration, is_error, blocked = r + + if not blocked: + function_result = self._append_guardrail_observation( + function_name, + function_args, + function_result, + failed=is_error, + ) if is_error: result_preview = function_result[:200] if len(function_result) > 200 else function_result logger.warning("Tool %s returned error (%.2fs): %s", function_name, tool_duration, result_preview) - if self.tool_progress_callback: + if not blocked and self.tool_progress_callback: try: self.tool_progress_callback( "tool.completed", function_name, None, None, @@ -9547,7 +9642,7 @@ class AIAgent: self._current_tool = None self._touch_activity(f"tool completed: {name} ({tool_duration:.1f}s)") - if self.tool_complete_callback: + if not blocked and self.tool_complete_callback: try: self.tool_complete_callback(tc.id, name, args, function_result) except Exception as cb_err: @@ -9629,9 +9724,17 @@ class AIAgent: except Exception: pass - if _block_msg is not None: - # Tool blocked by plugin policy — skip counter resets. - # Execution is handled below in the tool dispatch chain. + _guardrail_block_decision: ToolGuardrailDecision | None = None + if _block_msg is None: + guardrail_decision = self._tool_guardrails.before_call(function_name, function_args) + if not guardrail_decision.allows_execution: + _guardrail_block_decision = guardrail_decision + + _execution_blocked = _block_msg is not None or _guardrail_block_decision is not None + + if _execution_blocked: + # Tool blocked by plugin or guardrail policy — skip counters, + # callbacks, checkpointing, activity mutation, and real execution. pass else: # Reset nudge counters when the relevant tool is actually used @@ -9649,35 +9752,35 @@ class AIAgent: args_preview = args_str[:self.log_prefix_chars] + "..." if len(args_str) > self.log_prefix_chars else args_str print(f" 📞 Tool {i}: {function_name}({list(function_args.keys())}) - {args_preview}") - if _block_msg is None: + if not _execution_blocked: self._current_tool = function_name self._touch_activity(f"executing tool: {function_name}") # Set activity callback for long-running tool execution (terminal # commands, etc.) so the gateway's inactivity monitor doesn't kill # the agent while a command is running. - if _block_msg is None: + if not _execution_blocked: try: from tools.environments.base import set_activity_callback set_activity_callback(self._touch_activity) except Exception: pass - if _block_msg is None and self.tool_progress_callback: + if not _execution_blocked and self.tool_progress_callback: try: preview = _build_tool_preview(function_name, function_args) self.tool_progress_callback("tool.started", function_name, preview, function_args) except Exception as cb_err: logging.debug(f"Tool progress callback error: {cb_err}") - if _block_msg is None and self.tool_start_callback: + if not _execution_blocked and self.tool_start_callback: try: self.tool_start_callback(tool_call.id, function_name, function_args) except Exception as cb_err: logging.debug(f"Tool start callback error: {cb_err}") # Checkpoint: snapshot working dir before file-mutating tools - if _block_msg is None and function_name in ("write_file", "patch") and self._checkpoint_mgr.enabled: + if not _execution_blocked and function_name in ("write_file", "patch") and self._checkpoint_mgr.enabled: try: file_path = function_args.get("path", "") if file_path: @@ -9689,7 +9792,7 @@ class AIAgent: pass # never block tool execution # Checkpoint before destructive terminal commands - if _block_msg is None and function_name == "terminal" and self._checkpoint_mgr.enabled: + if not _execution_blocked and function_name == "terminal" and self._checkpoint_mgr.enabled: try: cmd = function_args.get("command", "") if _is_destructive_command(cmd): @@ -9706,6 +9809,11 @@ class AIAgent: # Tool blocked by plugin policy — return error without executing. function_result = json.dumps({"error": _block_msg}, ensure_ascii=False) tool_duration = 0.0 + elif _guardrail_block_decision is not None: + # Tool blocked by tool-loop guardrail — synthesize exactly one + # tool result for the original tool_call_id without executing. + function_result = self._guardrail_block_result(_guardrail_block_decision) + tool_duration = 0.0 elif function_name == "todo": from tools.todo_tool import todo_tool as _todo_tool function_result = _todo_tool( @@ -9889,12 +9997,22 @@ class AIAgent: # Log tool errors to the persistent error log so [error] tags # in the UI always have a corresponding detailed entry on disk. _is_error_result, _ = _detect_tool_failure(function_name, function_result) + if not _execution_blocked: + function_result = self._append_guardrail_observation( + function_name, + function_args, + function_result, + failed=_is_error_result, + ) + result_preview = function_result if self.verbose_logging else ( + function_result[:200] if len(function_result) > 200 else function_result + ) if _is_error_result: logger.warning("Tool %s returned error (%.2fs): %s", function_name, tool_duration, result_preview) else: logger.info("tool %s completed (%.2fs, %d chars)", function_name, tool_duration, len(function_result)) - if self.tool_progress_callback: + if not _execution_blocked and self.tool_progress_callback: try: self.tool_progress_callback( "tool.completed", function_name, None, None, @@ -9910,7 +10028,7 @@ class AIAgent: logging.debug(f"Tool {function_name} completed in {tool_duration:.2f}s") logging.debug(f"Tool result ({len(function_result)} chars): {function_result}") - if self.tool_complete_callback: + if not _execution_blocked and self.tool_complete_callback: try: self.tool_complete_callback(tool_call.id, function_name, function_args, function_result) except Exception as cb_err: @@ -10244,6 +10362,8 @@ class AIAgent: self._last_content_tools_all_housekeeping = False self._mute_post_response = False self._unicode_sanitization_passes = 0 + self._tool_guardrails.reset_for_turn() + self._tool_guardrail_halt_decision = None # Pre-turn connection health check: detect and clean up dead TCP # connections left over from provider outages or dropped streams. @@ -13041,6 +13161,16 @@ class AIAgent: self._execute_tool_calls(assistant_message, messages, effective_task_id, api_call_count) + if self._tool_guardrail_halt_decision is not None: + decision = self._tool_guardrail_halt_decision + _turn_exit_reason = "guardrail_halt" + final_response = self._toolguard_controlled_halt_response(decision) + self._emit_status( + f"⚠️ Tool guardrail halted {decision.tool_name}: {decision.code}" + ) + messages.append({"role": "assistant", "content": final_response}) + break + # Reset per-turn retry counters after successful tool # execution so a single truncation doesn't poison the # entire conversation. @@ -13567,6 +13697,7 @@ class AIAgent: "messages": messages, "api_calls": api_call_count, "completed": completed, + "turn_exit_reason": _turn_exit_reason, "partial": False, # True only when stopped due to invalid tool calls "interrupted": interrupted, "response_previewed": getattr(self, "_response_was_previewed", False), @@ -13586,6 +13717,8 @@ class AIAgent: "cost_status": self.session_cost_status, "cost_source": self.session_cost_source, } + if self._tool_guardrail_halt_decision is not None: + result["guardrail"] = self._tool_guardrail_halt_decision.to_metadata() # If a /steer landed after the final assistant turn (no more tool # batches to drain into), hand it back to the caller so it can be # delivered as the next user turn instead of being silently lost. diff --git a/tests/agent/test_tool_guardrails.py b/tests/agent/test_tool_guardrails.py new file mode 100644 index 00000000000..18999b2f39c --- /dev/null +++ b/tests/agent/test_tool_guardrails.py @@ -0,0 +1,142 @@ +"""Pure tool-call guardrail primitive tests.""" + +import json + +from agent.tool_guardrails import ( + ToolCallGuardrailConfig, + ToolCallGuardrailController, + ToolCallSignature, + canonical_tool_args, +) + + +def test_tool_call_signature_hashes_canonical_nested_unicode_args_without_exposing_raw_args(): + args_a = { + "z": [{"β": "☤", "a": 1}], + "a": {"y": 2, "x": "secret-token-value"}, + } + args_b = { + "a": {"x": "secret-token-value", "y": 2}, + "z": [{"a": 1, "β": "☤"}], + } + + assert canonical_tool_args(args_a) == canonical_tool_args(args_b) + sig_a = ToolCallSignature.from_call("web_search", args_a) + sig_b = ToolCallSignature.from_call("web_search", args_b) + + assert sig_a == sig_b + assert len(sig_a.args_hash) == 64 + metadata = sig_a.to_metadata() + assert metadata == {"tool_name": "web_search", "args_hash": sig_a.args_hash} + assert "secret-token-value" not in json.dumps(metadata) + assert "☤" not in json.dumps(metadata) + + +def test_repeated_identical_failed_call_warns_then_blocks_before_third_execution(): + controller = ToolCallGuardrailController( + ToolCallGuardrailConfig( + exact_failure_warn_after=2, + exact_failure_block_after=2, + same_tool_failure_halt_after=99, + ) + ) + args = {"query": "same"} + + assert controller.before_call("web_search", args).action == "allow" + first = controller.after_call("web_search", args, '{"error":"boom"}', failed=True) + assert first.action == "allow" + + assert controller.before_call("web_search", args).action == "allow" + second = controller.after_call("web_search", args, '{"error":"boom"}', failed=True) + assert second.action == "warn" + assert second.code == "repeated_exact_failure_warning" + assert second.count == 2 + + blocked = controller.before_call("web_search", args) + assert blocked.action == "block" + assert blocked.code == "repeated_exact_failure_block" + assert blocked.tool_name == "web_search" + assert blocked.count == 2 + + +def test_success_resets_exact_signature_failure_streak(): + controller = ToolCallGuardrailController( + ToolCallGuardrailConfig(exact_failure_block_after=2, same_tool_failure_halt_after=99) + ) + args = {"query": "same"} + + controller.after_call("web_search", args, '{"error":"boom"}', failed=True) + controller.after_call("web_search", args, '{"ok":true}', failed=False) + + assert controller.before_call("web_search", args).action == "allow" + controller.after_call("web_search", args, '{"error":"boom"}', failed=True) + assert controller.before_call("web_search", args).action == "allow" + + +def test_same_tool_varying_args_failure_streak_warns_then_halts_independent_of_exact_streak(): + controller = ToolCallGuardrailController( + ToolCallGuardrailConfig( + exact_failure_block_after=99, + same_tool_failure_warn_after=2, + same_tool_failure_halt_after=3, + ) + ) + + first = controller.after_call("terminal", {"command": "cmd-1"}, '{"exit_code":1}', failed=True) + assert first.action == "allow" + second = controller.after_call("terminal", {"command": "cmd-2"}, '{"exit_code":1}', failed=True) + assert second.action == "warn" + assert second.code == "same_tool_failure_warning" + third = controller.after_call("terminal", {"command": "cmd-3"}, '{"exit_code":1}', failed=True) + assert third.action == "halt" + assert third.code == "same_tool_failure_halt" + assert third.count == 3 + + +def test_idempotent_no_progress_repeated_result_warns_then_blocks_future_repeat(): + controller = ToolCallGuardrailController( + ToolCallGuardrailConfig(no_progress_warn_after=2, no_progress_block_after=2) + ) + args = {"path": "/tmp/same.txt"} + result = "same file contents" + + assert controller.before_call("read_file", args).action == "allow" + assert controller.after_call("read_file", args, result, failed=False).action == "allow" + assert controller.before_call("read_file", args).action == "allow" + warn = controller.after_call("read_file", args, result, failed=False) + assert warn.action == "warn" + assert warn.code == "idempotent_no_progress_warning" + + blocked = controller.before_call("read_file", args) + assert blocked.action == "block" + assert blocked.code == "idempotent_no_progress_block" + + +def test_mutating_or_unknown_tools_are_not_blocked_for_repeated_identical_success_output_by_default(): + controller = ToolCallGuardrailController( + ToolCallGuardrailConfig(no_progress_warn_after=2, no_progress_block_after=2) + ) + + for _ in range(3): + assert controller.before_call("write_file", {"path": "/tmp/x", "content": "x"}).action == "allow" + assert controller.after_call("write_file", {"path": "/tmp/x", "content": "x"}, "ok", failed=False).action == "allow" + assert controller.before_call("custom_tool", {"x": 1}).action == "allow" + assert controller.after_call("custom_tool", {"x": 1}, "ok", failed=False).action == "allow" + + +def test_reset_for_turn_clears_bounded_guardrail_state(): + controller = ToolCallGuardrailController( + ToolCallGuardrailConfig(exact_failure_block_after=2, no_progress_block_after=2) + ) + controller.after_call("web_search", {"query": "same"}, '{"error":"boom"}', failed=True) + controller.after_call("web_search", {"query": "same"}, '{"error":"boom"}', failed=True) + controller.after_call("read_file", {"path": "/tmp/x"}, "same", failed=False) + controller.after_call("read_file", {"path": "/tmp/x"}, "same", failed=False) + + assert controller.before_call("web_search", {"query": "same"}).action == "block" + assert controller.before_call("read_file", {"path": "/tmp/x"}).action == "block" + + controller.reset_for_turn() + + assert controller.before_call("web_search", {"query": "same"}).action == "allow" + assert controller.before_call("read_file", {"path": "/tmp/x"}).action == "allow" diff --git a/tests/run_agent/test_tool_call_guardrail_runtime.py b/tests/run_agent/test_tool_call_guardrail_runtime.py new file mode 100644 index 00000000000..1b138b02e1c --- /dev/null +++ b/tests/run_agent/test_tool_call_guardrail_runtime.py @@ -0,0 +1,202 @@ +"""Runtime tests for tool-call loop guardrails.""" + +import json +import uuid +from types import SimpleNamespace +from unittest.mock import MagicMock, patch + +from run_agent import AIAgent + + +def _make_tool_defs(*names: str) -> list[dict]: + return [ + { + "type": "function", + "function": { + "name": name, + "description": f"{name} tool", + "parameters": {"type": "object", "properties": {}}, + }, + } + for name in names + ] + + +def _mock_tool_call(name="web_search", arguments="{}", call_id=None): + return SimpleNamespace( + id=call_id or f"call_{uuid.uuid4().hex[:8]}", + type="function", + function=SimpleNamespace(name=name, arguments=arguments), + ) + + +def _mock_response(content="Hello", finish_reason="stop", tool_calls=None): + msg = SimpleNamespace(content=content, tool_calls=tool_calls) + choice = SimpleNamespace(message=msg, finish_reason=finish_reason) + return SimpleNamespace(choices=[choice], model="test/model", usage=None) + + +def _make_agent(*tool_names: str, max_iterations: int = 10) -> AIAgent: + with ( + patch("run_agent.get_tool_definitions", return_value=_make_tool_defs(*tool_names)), + patch("run_agent.check_toolset_requirements", return_value={}), + patch("run_agent.OpenAI"), + ): + agent = AIAgent( + api_key="test-key-1234567890", + base_url="https://openrouter.ai/api/v1", + max_iterations=max_iterations, + quiet_mode=True, + skip_context_files=True, + skip_memory=True, + ) + agent.client = MagicMock() + agent._cached_system_prompt = "You are helpful." + agent._use_prompt_caching = False + agent.tool_delay = 0 + agent.compression_enabled = False + agent.save_trajectories = False + return agent + + +def _seed_exact_failures(agent: AIAgent, tool_name: str, args: dict, count: int = 2) -> None: + for _ in range(count): + agent._tool_guardrails.after_call( + tool_name, + args, + json.dumps({"error": "boom"}), + failed=True, + ) + + +def test_sequential_path_blocks_repeated_exact_failure_before_execution(): + agent = _make_agent("web_search") + args = {"query": "same"} + _seed_exact_failures(agent, "web_search", args) + starts = [] + progress = [] + agent.tool_start_callback = lambda *a, **k: starts.append((a, k)) + agent.tool_progress_callback = lambda *a, **k: progress.append((a, k)) + tc = _mock_tool_call("web_search", json.dumps(args), "c-block") + msg = SimpleNamespace(content="", tool_calls=[tc]) + messages = [] + + with patch("run_agent.handle_function_call", return_value="SHOULD_NOT_RUN") as mock_hfc: + agent._execute_tool_calls_sequential(msg, messages, "task-1") + + mock_hfc.assert_not_called() + assert starts == [] + assert progress == [] + assert len(messages) == 1 + assert messages[0]["role"] == "tool" + assert messages[0]["tool_call_id"] == "c-block" + assert "repeated_exact_failure_block" in messages[0]["content"] + + +def test_sequential_after_call_appends_guidance_to_tool_result_without_extra_messages(): + agent = _make_agent("web_search") + args = {"query": "same"} + _seed_exact_failures(agent, "web_search", args, count=1) + tc = _mock_tool_call("web_search", json.dumps(args), "c-warn") + msg = SimpleNamespace(content="", tool_calls=[tc]) + messages = [] + + with patch("run_agent.handle_function_call", return_value=json.dumps({"error": "boom"})): + agent._execute_tool_calls_sequential(msg, messages, "task-1") + + assert [m["role"] for m in messages] == ["tool"] + assert messages[0]["tool_call_id"] == "c-warn" + assert "Tool guardrail" in messages[0]["content"] + assert "repeated_exact_failure_warning" in messages[0]["content"] + + +def test_concurrent_path_does_not_submit_blocked_calls_and_preserves_result_order(): + agent = _make_agent("web_search") + blocked_args = {"query": "blocked"} + allowed_args = {"query": "allowed"} + _seed_exact_failures(agent, "web_search", blocked_args) + starts = [] + progress_events = [] + agent.tool_start_callback = lambda tool_call_id, name, args: starts.append((tool_call_id, name, args)) + agent.tool_progress_callback = lambda event, name, preview, args, **kw: progress_events.append((event, name, args, kw)) + calls = [ + _mock_tool_call("web_search", json.dumps(blocked_args), "c-block"), + _mock_tool_call("web_search", json.dumps(allowed_args), "c-allow"), + ] + msg = SimpleNamespace(content="", tool_calls=calls) + messages = [] + executed = [] + + def fake_handle(name, args, task_id, **kwargs): + executed.append((name, args, kwargs["tool_call_id"])) + return json.dumps({"ok": args["query"]}) + + with patch("run_agent.handle_function_call", side_effect=fake_handle): + agent._execute_tool_calls_concurrent(msg, messages, "task-1") + + assert executed == [("web_search", allowed_args, "c-allow")] + assert [m["tool_call_id"] for m in messages] == ["c-block", "c-allow"] + assert "repeated_exact_failure_block" in messages[0]["content"] + assert json.loads(messages[1]["content"]) == {"ok": "allowed"} + assert starts == [("c-allow", "web_search", allowed_args)] + started_events = [event for event in progress_events if event[0] == "tool.started"] + completed_events = [event for event in progress_events if event[0] == "tool.completed"] + assert started_events == [("tool.started", "web_search", allowed_args, {})] + assert len(completed_events) == 1 + assert completed_events[0][1] == "web_search" + + +def test_plugin_pre_tool_block_wins_without_counting_as_toolguard_block(): + agent = _make_agent("web_search") + args = {"query": "same"} + tc = _mock_tool_call("web_search", json.dumps(args), "c-plugin") + msg = SimpleNamespace(content="", tool_calls=[tc]) + messages = [] + + with ( + patch("hermes_cli.plugins.get_pre_tool_call_block_message", return_value="plugin policy"), + patch("run_agent.handle_function_call", return_value="SHOULD_NOT_RUN") as mock_hfc, + ): + agent._execute_tool_calls_sequential(msg, messages, "task-1") + + mock_hfc.assert_not_called() + assert "plugin policy" in messages[0]["content"] + assert agent._tool_guardrails.before_call("web_search", args).action == "allow" + + +def test_run_conversation_returns_controlled_guardrail_halt_without_top_level_error(): + agent = _make_agent("web_search", max_iterations=10) + same_args = {"query": "same"} + responses = [ + _mock_response( + content="", + finish_reason="tool_calls", + tool_calls=[_mock_tool_call("web_search", json.dumps(same_args), f"c{i}")], + ) + for i in range(1, 10) + ] + agent.client.chat.completions.create.side_effect = responses + + with ( + patch("run_agent.handle_function_call", return_value=json.dumps({"error": "boom"})) as mock_hfc, + patch.object(agent, "_persist_session"), + patch.object(agent, "_save_trajectory"), + patch.object(agent, "_cleanup_task_resources"), + ): + result = agent.run_conversation("search repeatedly") + + assert mock_hfc.call_count == 2 + assert result["api_calls"] == 3 + assert result["api_calls"] < agent.max_iterations + assert result["turn_exit_reason"] == "guardrail_halt" + assert "error" not in result + assert result["completed"] is True + assert "stopped retrying" in result["final_response"] + assert result["guardrail"]["code"] == "repeated_exact_failure_block" + assert result["guardrail"]["tool_name"] == "web_search" + + assistant_tool_calls = [m for m in result["messages"] if m.get("role") == "assistant" and m.get("tool_calls")] + for assistant_msg in assistant_tool_calls: + call_ids = [tc["id"] for tc in assistant_msg["tool_calls"]] + following_results = [m for m in result["messages"] if m.get("role") == "tool" and m.get("tool_call_id") in call_ids] + assert len(following_results) == len(call_ids) From 0704589ceb1365c1b7aefff382923ed28380714e Mon Sep 17 00:00:00 2001 From: Mind-Dragon Date: Mon, 27 Apr 2026 17:01:30 +0200 Subject: [PATCH 091/133] fix(agent): make tool loop guardrails warning-first --- agent/tool_guardrails.py | 116 +++++++++++++++--- cli-config.yaml.example | 19 +++ hermes_cli/config.py | 18 +++ run_agent.py | 9 ++ tests/agent/test_tool_guardrails.py | 110 +++++++++++++++-- .../test_tool_call_guardrail_runtime.py | 85 ++++++++++++- 6 files changed, 326 insertions(+), 31 deletions(-) diff --git a/agent/tool_guardrails.py b/agent/tool_guardrails.py index c8a7aa009a4..b3237bc390b 100644 --- a/agent/tool_guardrails.py +++ b/agent/tool_guardrails.py @@ -2,7 +2,8 @@ The controller in this module is intentionally side-effect free: it tracks per-turn tool-call observations and returns decisions. Runtime code owns whether -those decisions become synthetic tool results or controlled turn halts. +those decisions become warning guidance, synthetic tool results, or controlled +turn halts. """ from __future__ import annotations @@ -60,17 +61,67 @@ MUTATING_TOOL_NAMES = frozenset( @dataclass(frozen=True) class ToolCallGuardrailConfig: - """Thresholds for per-turn tool-call loop detection.""" + """Thresholds for per-turn tool-call loop detection. + Warnings are enabled by default and never prevent tool execution. Hard stops + are explicit opt-in so interactive CLI/TUI sessions get a gentle nudge unless + the user enables circuit-breaker behavior in config.yaml. + """ + + warnings_enabled: bool = True + hard_stop_enabled: bool = False exact_failure_warn_after: int = 2 - exact_failure_block_after: int = 2 + exact_failure_block_after: int = 5 same_tool_failure_warn_after: int = 3 - same_tool_failure_halt_after: int = 5 + same_tool_failure_halt_after: int = 8 no_progress_warn_after: int = 2 - no_progress_block_after: int = 2 + no_progress_block_after: int = 5 idempotent_tools: frozenset[str] = field(default_factory=lambda: IDEMPOTENT_TOOL_NAMES) mutating_tools: frozenset[str] = field(default_factory=lambda: MUTATING_TOOL_NAMES) + @classmethod + def from_mapping(cls, data: Mapping[str, Any] | None) -> "ToolCallGuardrailConfig": + """Build config from the `tool_loop_guardrails` config.yaml section.""" + if not isinstance(data, Mapping): + return cls() + + warn_after = data.get("warn_after") + if not isinstance(warn_after, Mapping): + warn_after = {} + hard_stop_after = data.get("hard_stop_after") + if not isinstance(hard_stop_after, Mapping): + hard_stop_after = {} + + defaults = cls() + return cls( + warnings_enabled=_as_bool(data.get("warnings_enabled"), defaults.warnings_enabled), + hard_stop_enabled=_as_bool(data.get("hard_stop_enabled"), defaults.hard_stop_enabled), + exact_failure_warn_after=_positive_int( + warn_after.get("exact_failure", data.get("exact_failure_warn_after")), + defaults.exact_failure_warn_after, + ), + same_tool_failure_warn_after=_positive_int( + warn_after.get("same_tool_failure", data.get("same_tool_failure_warn_after")), + defaults.same_tool_failure_warn_after, + ), + no_progress_warn_after=_positive_int( + warn_after.get("idempotent_no_progress", data.get("no_progress_warn_after")), + defaults.no_progress_warn_after, + ), + exact_failure_block_after=_positive_int( + hard_stop_after.get("exact_failure", data.get("exact_failure_block_after")), + defaults.exact_failure_block_after, + ), + same_tool_failure_halt_after=_positive_int( + hard_stop_after.get("same_tool_failure", data.get("same_tool_failure_halt_after")), + defaults.same_tool_failure_halt_after, + ), + no_progress_block_after=_positive_int( + hard_stop_after.get("idempotent_no_progress", data.get("no_progress_block_after")), + defaults.no_progress_block_after, + ), + ) + @dataclass(frozen=True) class ToolCallSignature: @@ -192,6 +243,8 @@ class ToolCallGuardrailController: def before_call(self, tool_name: str, args: Mapping[str, Any] | None) -> ToolGuardrailDecision: signature = ToolCallSignature.from_call(tool_name, _coerce_args(args)) + if not self.config.hard_stop_enabled: + return ToolGuardrailDecision(tool_name=tool_name, signature=signature) exact_count = self._exact_failure_counts.get(signature, 0) if exact_count >= self.config.exact_failure_block_after: @@ -253,7 +306,7 @@ class ToolCallGuardrailController: same_count = self._same_tool_failure_counts.get(tool_name, 0) + 1 self._same_tool_failure_counts[tool_name] = same_count - if same_count >= self.config.same_tool_failure_halt_after: + if self.config.hard_stop_enabled and same_count >= self.config.same_tool_failure_halt_after: decision = ToolGuardrailDecision( action="halt", code="same_tool_failure_halt", @@ -268,27 +321,27 @@ class ToolCallGuardrailController: self._halt_decision = decision return decision - if exact_count >= self.config.exact_failure_warn_after: + if self.config.warnings_enabled and exact_count >= self.config.exact_failure_warn_after: return ToolGuardrailDecision( action="warn", code="repeated_exact_failure_warning", message=( - f"Tool guardrail: {tool_name} has failed {exact_count} times " - "with identical arguments. Do not retry it unchanged; inspect the " - "error and change strategy." + f"{tool_name} has failed {exact_count} times with identical arguments. " + "This looks like a loop; inspect the error and change strategy " + "instead of retrying it unchanged." ), tool_name=tool_name, count=exact_count, signature=signature, ) - if same_count >= self.config.same_tool_failure_warn_after: + if self.config.warnings_enabled and same_count >= self.config.same_tool_failure_warn_after: return ToolGuardrailDecision( action="warn", code="same_tool_failure_warning", message=( - f"Tool guardrail: {tool_name} has failed {same_count} times " - "this turn. Change approach before retrying." + f"{tool_name} has failed {same_count} times this turn. " + "This looks like a loop; change approach before retrying." ), tool_name=tool_name, count=same_count, @@ -311,14 +364,14 @@ class ToolCallGuardrailController: repeat_count = previous[1] + 1 self._no_progress[signature] = (result_hash, repeat_count) - if repeat_count >= self.config.no_progress_warn_after: + if self.config.warnings_enabled and repeat_count >= self.config.no_progress_warn_after: return ToolGuardrailDecision( action="warn", code="idempotent_no_progress_warning", message=( - f"Tool guardrail: {tool_name} returned the same result " - f"{repeat_count} times. Use the result or change the query instead " - "of repeating it unchanged." + f"{tool_name} returned the same result {repeat_count} times. " + "Use the result already provided or change the query instead of " + "repeating it unchanged." ), tool_name=tool_name, count=repeat_count, @@ -348,8 +401,9 @@ def append_toolguard_guidance(result: str, decision: ToolGuardrailDecision) -> s """Append runtime guidance to the current tool result content.""" if decision.action not in {"warn", "halt"} or not decision.message: return result + label = "Tool loop hard stop" if decision.action == "halt" else "Tool loop warning" suffix = ( - "\n\n[Tool guardrail: " + f"\n\n[{label}: " f"{decision.code}; count={decision.count}; {decision.message}]" ) return (result or "") + suffix @@ -377,5 +431,31 @@ def _result_hash(result: str | None) -> str: return _sha256(canonical) +def _as_bool(value: Any, default: bool) -> bool: + if value is None: + return default + if isinstance(value, bool): + return value + if isinstance(value, (int, float)): + return bool(value) + if isinstance(value, str): + lowered = value.strip().lower() + if lowered in {"1", "true", "yes", "on", "enabled"}: + return True + if lowered in {"0", "false", "no", "off", "disabled"}: + return False + return default + + +def _positive_int(value: Any, default: int) -> int: + if value is None: + return default + try: + parsed = int(value) + except (TypeError, ValueError): + return default + return parsed if parsed >= 1 else default + + def _sha256(value: str) -> str: return hashlib.sha256(value.encode("utf-8")).hexdigest() diff --git a/cli-config.yaml.example b/cli-config.yaml.example index e292498b0c0..c92be7e26b8 100644 --- a/cli-config.yaml.example +++ b/cli-config.yaml.example @@ -289,6 +289,25 @@ browser: # after this period of no activity between agent loops (default: 120 = 2 minutes) inactivity_timeout: 120 +# ============================================================================= +# Tool Loop Guardrails +# ============================================================================= +# Soft warnings are enabled by default. They append guidance to repeated failed +# or non-progressing tool results but still let the tool execute. Hard stops are +# opt-in circuit breakers for autonomous/cron sessions where stopping a loop is +# preferable to spending the full iteration budget. +tool_loop_guardrails: + warnings_enabled: true + hard_stop_enabled: false + warn_after: + exact_failure: 2 + same_tool_failure: 3 + idempotent_no_progress: 2 + hard_stop_after: + exact_failure: 5 + same_tool_failure: 8 + idempotent_no_progress: 5 + # ============================================================================= # Context Compression (Auto-shrinks long conversations) # ============================================================================= diff --git a/hermes_cli/config.py b/hermes_cli/config.py index e765448b7bf..d392467676f 100644 --- a/hermes_cli/config.py +++ b/hermes_cli/config.py @@ -607,6 +607,24 @@ DEFAULT_CONFIG = { "max_line_length": 2000, }, + # Tool loop guardrails nudge models when they repeat failed or + # non-progressing tool calls. Soft warnings are always-on by default; + # hard stops are opt-in so interactive CLI/TUI sessions keep flowing. + "tool_loop_guardrails": { + "warnings_enabled": True, + "hard_stop_enabled": False, + "warn_after": { + "exact_failure": 2, + "same_tool_failure": 3, + "idempotent_no_progress": 2, + }, + "hard_stop_after": { + "exact_failure": 5, + "same_tool_failure": 8, + "idempotent_no_progress": 5, + }, + }, + "compression": { "enabled": True, "threshold": 0.50, # compress when context usage exceeds this ratio diff --git a/run_agent.py b/run_agent.py index 20b396f01ef..0fe6e4a8263 100644 --- a/run_agent.py +++ b/run_agent.py @@ -163,6 +163,7 @@ from agent.display import ( get_tool_emoji as _get_tool_emoji, ) from agent.tool_guardrails import ( + ToolCallGuardrailConfig, ToolCallGuardrailController, ToolGuardrailDecision, append_toolguard_guidance, @@ -1666,6 +1667,14 @@ class AIAgent: _agent_cfg = _load_agent_config() except Exception: _agent_cfg = {} + try: + self._tool_guardrails = ToolCallGuardrailController( + ToolCallGuardrailConfig.from_mapping( + _agent_cfg.get("tool_loop_guardrails", {}) + ) + ) + except Exception as _tlg_err: + logger.warning("Tool loop guardrail config ignored: %s", _tlg_err) # Cache only the derived auxiliary compression context override that is # needed later by the startup feasibility check. Avoid exposing a # broad pseudo-public config object on the agent instance. diff --git a/tests/agent/test_tool_guardrails.py b/tests/agent/test_tool_guardrails.py index 18999b2f39c..c50be56f43e 100644 --- a/tests/agent/test_tool_guardrails.py +++ b/tests/agent/test_tool_guardrails.py @@ -32,9 +32,69 @@ def test_tool_call_signature_hashes_canonical_nested_unicode_args_without_exposi assert "☤" not in json.dumps(metadata) -def test_repeated_identical_failed_call_warns_then_blocks_before_third_execution(): +def test_default_config_is_soft_warning_only_with_hard_stop_disabled(): + cfg = ToolCallGuardrailConfig() + + assert cfg.warnings_enabled is True + assert cfg.hard_stop_enabled is False + assert cfg.exact_failure_warn_after == 2 + assert cfg.same_tool_failure_warn_after == 3 + assert cfg.no_progress_warn_after == 2 + assert cfg.exact_failure_block_after == 5 + assert cfg.same_tool_failure_halt_after == 8 + assert cfg.no_progress_block_after == 5 + + +def test_config_parses_nested_warn_and_hard_stop_thresholds(): + cfg = ToolCallGuardrailConfig.from_mapping( + { + "warnings_enabled": False, + "hard_stop_enabled": True, + "warn_after": { + "exact_failure": 3, + "same_tool_failure": 4, + "idempotent_no_progress": 5, + }, + "hard_stop_after": { + "exact_failure": 6, + "same_tool_failure": 7, + "idempotent_no_progress": 8, + }, + } + ) + + assert cfg.warnings_enabled is False + assert cfg.hard_stop_enabled is True + assert cfg.exact_failure_warn_after == 3 + assert cfg.same_tool_failure_warn_after == 4 + assert cfg.no_progress_warn_after == 5 + assert cfg.exact_failure_block_after == 6 + assert cfg.same_tool_failure_halt_after == 7 + assert cfg.no_progress_block_after == 8 + + +def test_default_repeated_identical_failed_call_warns_without_blocking(): + controller = ToolCallGuardrailController() + args = {"query": "same"} + + decisions = [] + for _ in range(5): + assert controller.before_call("web_search", args).action == "allow" + decisions.append( + controller.after_call("web_search", args, '{"error":"boom"}', failed=True) + ) + + assert decisions[0].action == "allow" + assert [d.action for d in decisions[1:]] == ["warn", "warn", "warn", "warn"] + assert {d.code for d in decisions[1:]} == {"repeated_exact_failure_warning"} + assert controller.before_call("web_search", args).action == "allow" + assert controller.halt_decision is None + + +def test_hard_stop_enabled_blocks_repeated_exact_failure_before_next_execution(): controller = ToolCallGuardrailController( ToolCallGuardrailConfig( + hard_stop_enabled=True, exact_failure_warn_after=2, exact_failure_block_after=2, same_tool_failure_halt_after=99, @@ -50,18 +110,16 @@ def test_repeated_identical_failed_call_warns_then_blocks_before_third_execution second = controller.after_call("web_search", args, '{"error":"boom"}', failed=True) assert second.action == "warn" assert second.code == "repeated_exact_failure_warning" - assert second.count == 2 blocked = controller.before_call("web_search", args) assert blocked.action == "block" assert blocked.code == "repeated_exact_failure_block" - assert blocked.tool_name == "web_search" assert blocked.count == 2 def test_success_resets_exact_signature_failure_streak(): controller = ToolCallGuardrailController( - ToolCallGuardrailConfig(exact_failure_block_after=2, same_tool_failure_halt_after=99) + ToolCallGuardrailConfig(hard_stop_enabled=True, exact_failure_block_after=2, same_tool_failure_halt_after=99) ) args = {"query": "same"} @@ -73,9 +131,26 @@ def test_success_resets_exact_signature_failure_streak(): assert controller.before_call("web_search", args).action == "allow" -def test_same_tool_varying_args_failure_streak_warns_then_halts_independent_of_exact_streak(): +def test_same_tool_varying_args_warns_by_default_without_halting(): + controller = ToolCallGuardrailController( + ToolCallGuardrailConfig(same_tool_failure_warn_after=2, same_tool_failure_halt_after=3) + ) + + first = controller.after_call("terminal", {"command": "cmd-1"}, '{"exit_code":1}', failed=True) + second = controller.after_call("terminal", {"command": "cmd-2"}, '{"exit_code":1}', failed=True) + third = controller.after_call("terminal", {"command": "cmd-3"}, '{"exit_code":1}', failed=True) + fourth = controller.after_call("terminal", {"command": "cmd-4"}, '{"exit_code":1}', failed=True) + + assert first.action == "allow" + assert [second.action, third.action, fourth.action] == ["warn", "warn", "warn"] + assert {second.code, third.code, fourth.code} == {"same_tool_failure_warning"} + assert controller.halt_decision is None + + +def test_hard_stop_enabled_halts_same_tool_varying_args_failure_streak(): controller = ToolCallGuardrailController( ToolCallGuardrailConfig( + hard_stop_enabled=True, exact_failure_block_after=99, same_tool_failure_warn_after=2, same_tool_failure_halt_after=3, @@ -93,13 +168,34 @@ def test_same_tool_varying_args_failure_streak_warns_then_halts_independent_of_e assert third.count == 3 -def test_idempotent_no_progress_repeated_result_warns_then_blocks_future_repeat(): +def test_idempotent_no_progress_repeated_result_warns_without_blocking_by_default(): controller = ToolCallGuardrailController( ToolCallGuardrailConfig(no_progress_warn_after=2, no_progress_block_after=2) ) args = {"path": "/tmp/same.txt"} result = "same file contents" + for _ in range(4): + assert controller.before_call("read_file", args).action == "allow" + decision = controller.after_call("read_file", args, result, failed=False) + + assert decision.action == "warn" + assert decision.code == "idempotent_no_progress_warning" + assert controller.before_call("read_file", args).action == "allow" + assert controller.halt_decision is None + + +def test_hard_stop_enabled_blocks_idempotent_no_progress_future_repeat(): + controller = ToolCallGuardrailController( + ToolCallGuardrailConfig( + hard_stop_enabled=True, + no_progress_warn_after=2, + no_progress_block_after=2, + ) + ) + args = {"path": "/tmp/same.txt"} + result = "same file contents" + assert controller.before_call("read_file", args).action == "allow" assert controller.after_call("read_file", args, result, failed=False).action == "allow" assert controller.before_call("read_file", args).action == "allow" @@ -126,7 +222,7 @@ def test_mutating_or_unknown_tools_are_not_blocked_for_repeated_identical_succes def test_reset_for_turn_clears_bounded_guardrail_state(): controller = ToolCallGuardrailController( - ToolCallGuardrailConfig(exact_failure_block_after=2, no_progress_block_after=2) + ToolCallGuardrailConfig(hard_stop_enabled=True, exact_failure_block_after=2, no_progress_block_after=2) ) controller.after_call("web_search", {"query": "same"}, '{"error":"boom"}', failed=True) controller.after_call("web_search", {"query": "same"}, '{"error":"boom"}', failed=True) diff --git a/tests/run_agent/test_tool_call_guardrail_runtime.py b/tests/run_agent/test_tool_call_guardrail_runtime.py index 1b138b02e1c..3b15f4f1cc9 100644 --- a/tests/run_agent/test_tool_call_guardrail_runtime.py +++ b/tests/run_agent/test_tool_call_guardrail_runtime.py @@ -36,10 +36,11 @@ def _mock_response(content="Hello", finish_reason="stop", tool_calls=None): return SimpleNamespace(choices=[choice], model="test/model", usage=None) -def _make_agent(*tool_names: str, max_iterations: int = 10) -> AIAgent: +def _make_agent(*tool_names: str, max_iterations: int = 10, config: dict | None = None) -> AIAgent: with ( patch("run_agent.get_tool_definitions", return_value=_make_tool_defs(*tool_names)), patch("run_agent.check_toolset_requirements", return_value={}), + patch("hermes_cli.config.load_config", return_value=config or {}), patch("run_agent.OpenAI"), ): agent = AIAgent( @@ -69,7 +70,23 @@ def _seed_exact_failures(agent: AIAgent, tool_name: str, args: dict, count: int ) -def test_sequential_path_blocks_repeated_exact_failure_before_execution(): +def _hard_stop_config(**overrides) -> dict: + cfg = { + "tool_loop_guardrails": { + "warnings_enabled": True, + "hard_stop_enabled": True, + "hard_stop_after": { + "exact_failure": 2, + "same_tool_failure": 8, + "idempotent_no_progress": 5, + }, + } + } + cfg["tool_loop_guardrails"].update(overrides) + return cfg + + +def test_default_sequential_path_warns_repeated_exact_failure_without_blocking_execution(): agent = _make_agent("web_search") args = {"query": "same"} _seed_exact_failures(agent, "web_search", args) @@ -77,6 +94,32 @@ def test_sequential_path_blocks_repeated_exact_failure_before_execution(): progress = [] agent.tool_start_callback = lambda *a, **k: starts.append((a, k)) agent.tool_progress_callback = lambda *a, **k: progress.append((a, k)) + tc = _mock_tool_call("web_search", json.dumps(args), "c-soft") + msg = SimpleNamespace(content="", tool_calls=[tc]) + messages = [] + + with patch("run_agent.handle_function_call", return_value=json.dumps({"error": "boom"})) as mock_hfc: + agent._execute_tool_calls_sequential(msg, messages, "task-1") + + mock_hfc.assert_called_once() + assert len(starts) == 1 + assert any(event[0][0] == "tool.completed" for event in progress) + assert len(messages) == 1 + assert messages[0]["role"] == "tool" + assert messages[0]["tool_call_id"] == "c-soft" + assert "repeated_exact_failure_warning" in messages[0]["content"] + assert "repeated_exact_failure_block" not in messages[0]["content"] + assert agent._tool_guardrail_halt_decision is None + + +def test_config_enabled_hard_stop_blocks_repeated_exact_failure_before_execution(): + agent = _make_agent("web_search", config=_hard_stop_config()) + args = {"query": "same"} + _seed_exact_failures(agent, "web_search", args) + starts = [] + progress = [] + agent.tool_start_callback = lambda *a, **k: starts.append((a, k)) + agent.tool_progress_callback = lambda *a, **k: progress.append((a, k)) tc = _mock_tool_call("web_search", json.dumps(args), "c-block") msg = SimpleNamespace(content="", tool_calls=[tc]) messages = [] @@ -106,12 +149,12 @@ def test_sequential_after_call_appends_guidance_to_tool_result_without_extra_mes assert [m["role"] for m in messages] == ["tool"] assert messages[0]["tool_call_id"] == "c-warn" - assert "Tool guardrail" in messages[0]["content"] + assert "Tool loop warning" in messages[0]["content"] assert "repeated_exact_failure_warning" in messages[0]["content"] -def test_concurrent_path_does_not_submit_blocked_calls_and_preserves_result_order(): - agent = _make_agent("web_search") +def test_config_enabled_hard_stop_concurrent_path_does_not_submit_blocked_calls_and_preserves_result_order(): + agent = _make_agent("web_search", config=_hard_stop_config()) blocked_args = {"query": "blocked"} allowed_args = {"query": "allowed"} _seed_exact_failures(agent, "web_search", blocked_args) @@ -164,9 +207,39 @@ def test_plugin_pre_tool_block_wins_without_counting_as_toolguard_block(): assert agent._tool_guardrails.before_call("web_search", args).action == "allow" -def test_run_conversation_returns_controlled_guardrail_halt_without_top_level_error(): +def test_default_run_conversation_warns_without_guardrail_halt(): agent = _make_agent("web_search", max_iterations=10) same_args = {"query": "same"} + responses = [ + _mock_response( + content="", + finish_reason="tool_calls", + tool_calls=[_mock_tool_call("web_search", json.dumps(same_args), f"c{i}")], + ) + for i in range(1, 4) + ] + responses.append(_mock_response(content="done", finish_reason="stop", tool_calls=None)) + agent.client.chat.completions.create.side_effect = responses + + with ( + patch("run_agent.handle_function_call", return_value=json.dumps({"error": "boom"})) as mock_hfc, + patch.object(agent, "_persist_session"), + patch.object(agent, "_save_trajectory"), + patch.object(agent, "_cleanup_task_resources"), + ): + result = agent.run_conversation("search repeatedly") + + assert mock_hfc.call_count == 3 + assert result["turn_exit_reason"].startswith("text_response") + assert "guardrail" not in result + assert result["final_response"] == "done" + tool_contents = [m["content"] for m in result["messages"] if m.get("role") == "tool"] + assert any("repeated_exact_failure_warning" in content for content in tool_contents) + + +def test_config_enabled_hard_stop_run_conversation_returns_controlled_guardrail_halt_without_top_level_error(): + agent = _make_agent("web_search", max_iterations=10, config=_hard_stop_config()) + same_args = {"query": "same"} responses = [ _mock_response( content="", From 8fa44b17247efa8cae6b0f155e036e1bdf4d7da8 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 20:42:44 -0700 Subject: [PATCH 092/133] fix(guardrails): preserve display _detect_tool_failure semantics The initial guardrail PR consolidated failure classification by pointing display._detect_tool_failure at the new classify_tool_failure helper, which was strictly broader: it flagged any JSON result with "success": false / "failed": true / non-empty "error", plus plain-text "traceback" and "error:" prefixes. That would uptick the user-visible [error] tag on tools that return {"success": false} as a benign signal (memory fullness, todo state, etc.) and feed the failure-streak counter at the same time. Restore display._detect_tool_failure to its pre-PR semantics verbatim. Tighten classify_tool_failure (the guardrail's internal safety-fallback used only when callers don't pass failed=) to match _detect_tool_failure exactly, so the two never disagree. Production callers in run_agent.py already pass an explicit failed= derived from _detect_tool_failure, so the guardrail counter is driven by the same signal the CLI shows. --- agent/display.py | 26 ++++++++++++++++++++++++-- agent/tool_guardrails.py | 32 +++++++++++++------------------- 2 files changed, 37 insertions(+), 21 deletions(-) diff --git a/agent/display.py b/agent/display.py index 43b35ed3018..474595d76c0 100644 --- a/agent/display.py +++ b/agent/display.py @@ -14,7 +14,6 @@ from difflib import unified_diff from pathlib import Path from utils import safe_json_loads -from agent.tool_guardrails import classify_tool_failure # ANSI escape codes for coloring tool failure indicators _RED = "\033[31m" @@ -809,7 +808,30 @@ def _detect_tool_failure(tool_name: str, result: str | None) -> tuple[bool, str] like ``" [exit 1]"`` for terminal failures, or ``" [error]"`` for generic failures. On success, returns ``(False, "")``. """ - return classify_tool_failure(tool_name, result) + if result is None: + return False, "" + + if tool_name == "terminal": + data = safe_json_loads(result) + if isinstance(data, dict): + exit_code = data.get("exit_code") + if exit_code is not None and exit_code != 0: + return True, f" [exit {exit_code}]" + return False, "" + + # Memory-specific: distinguish "full" from real errors + if tool_name == "memory": + data = safe_json_loads(result) + if isinstance(data, dict): + if data.get("success") is False and "exceed the limit" in data.get("error", ""): + return True, " [full]" + + # Generic heuristic for non-terminal tools + lower = result[:500].lower() + if '"error"' in lower or '"failed"' in lower or result.startswith("Error"): + return True, " [error]" + + return False, "" def get_cute_tool_message( diff --git a/agent/tool_guardrails.py b/agent/tool_guardrails.py index b3237bc390b..3c85d782090 100644 --- a/agent/tool_guardrails.py +++ b/agent/tool_guardrails.py @@ -186,7 +186,14 @@ def canonical_tool_args(args: Mapping[str, Any]) -> str: def classify_tool_failure(tool_name: str, result: str | None) -> tuple[bool, str]: - """Classify a tool result using shared display/runtime semantics.""" + """Safety-fallback classifier used only when callers don't pass ``failed``. + + Mirrors ``agent.display._detect_tool_failure`` exactly so the guardrail + never disagrees with the CLI's user-visible ``[error]`` tag. Production + callers in ``run_agent.py`` always pass an explicit ``failed=`` derived + from ``_detect_tool_failure``; this function exists so standalone callers + (tests, tooling) still get consistent behavior. + """ if result is None: return False, "" @@ -196,31 +203,18 @@ def classify_tool_failure(tool_name: str, result: str | None) -> tuple[bool, str exit_code = data.get("exit_code") if exit_code is not None and exit_code != 0: return True, f" [exit {exit_code}]" - if data.get("success") is False or data.get("failed") is True: - return True, " [error]" - error = data.get("error") - if error is not None and error != "": - return True, " [error]" return False, "" - data = safe_json_loads(result) - if isinstance(data, dict): - if tool_name == "memory": - error = data.get("error", "") - if data.get("success") is False and isinstance(error, str) and "exceed the limit" in error: + if tool_name == "memory": + data = safe_json_loads(result) + if isinstance(data, dict): + if data.get("success") is False and "exceed the limit" in data.get("error", ""): return True, " [full]" - if data.get("success") is False or data.get("failed") is True: - return True, " [error]" - error = data.get("error") - if error is not None and error != "": - return True, " [error]" - return False, "" lower = result[:500].lower() - if "traceback" in lower or lower.startswith("error:"): - return True, " [error]" if '"error"' in lower or '"failed"' in lower or result.startswith("Error"): return True, " [error]" + return False, "" From e27b0b76517c903541af20d0bd606fa7b3c83005 Mon Sep 17 00:00:00 2001 From: Henkey Date: Thu, 30 Apr 2026 22:21:04 +0100 Subject: [PATCH 093/133] feat(acp): add steer and queue slash commands --- acp_adapter/server.py | 82 ++++++++++++++++++ acp_adapter/session.py | 3 + tests/acp_adapter/test_acp_commands.py | 112 +++++++++++++++++++++++++ 3 files changed, 197 insertions(+) create mode 100644 tests/acp_adapter/test_acp_commands.py diff --git a/acp_adapter/server.py b/acp_adapter/server.py index 862e9c58662..e69ff595586 100644 --- a/acp_adapter/server.py +++ b/acp_adapter/server.py @@ -164,6 +164,8 @@ class HermesACPAgent(acp.Agent): "context": "Show conversation context info", "reset": "Clear conversation history", "compact": "Compress conversation context", + "steer": "Inject guidance into the currently running agent turn", + "queue": "Queue a prompt to run after the current turn finishes", "version": "Show Hermes version", } @@ -193,6 +195,16 @@ class HermesACPAgent(acp.Agent): "name": "compact", "description": "Compress conversation context", }, + { + "name": "steer", + "description": "Inject guidance into the currently running agent turn", + "input_hint": "guidance for the active turn", + }, + { + "name": "queue", + "description": "Queue a prompt to run after the current turn finishes", + "input_hint": "prompt to run next", + }, { "name": "version", "description": "Show Hermes version", @@ -666,6 +678,23 @@ class HermesACPAgent(acp.Agent): await self._conn.session_update(session_id, update) return PromptResponse(stop_reason="end_turn") + # If Zed sends another regular prompt while the same ACP session is + # still running, queue it instead of racing two AIAgent loops against + # the same state.history. /steer and /queue are handled above and can + # land immediately. + with state.runtime_lock: + if state.is_running: + queued_text = user_text or "[Image attachment]" + state.queued_prompts.append(queued_text) + depth = len(state.queued_prompts) + if self._conn: + update = acp.update_agent_message_text( + f"Queued for the next turn. ({depth} queued)" + ) + await self._conn.session_update(session_id, update) + return PromptResponse(stop_reason="end_turn") + state.is_running = True + logger.info("Prompt on session %s: %s", session_id, user_text[:100]) conn = self._conn @@ -777,6 +806,8 @@ class HermesACPAgent(acp.Agent): result = await loop.run_in_executor(_executor, ctx.run, _run_agent) except Exception: logger.exception("Executor error for session %s", session_id) + with state.runtime_lock: + state.is_running = False return PromptResponse(stop_reason="end_turn") if result.get("messages"): @@ -802,6 +833,27 @@ class HermesACPAgent(acp.Agent): update = acp.update_agent_message_text(final_response) await conn.session_update(session_id, update) + # Mark this turn idle before draining queued work so recursive prompt() + # calls can acquire the session. Queued turns are intentionally run as + # normal follow-up user prompts, preserving role alternation and history. + with state.runtime_lock: + state.is_running = False + + while True: + with state.runtime_lock: + if not state.queued_prompts: + break + next_prompt = state.queued_prompts.pop(0) + if conn: + await conn.session_update( + session_id, + acp.update_user_message_text(next_prompt), + ) + await self.prompt( + prompt=[TextContentBlock(type="text", text=next_prompt)], + session_id=session_id, + ) + usage = None if any(result.get(key) is not None for key in ("prompt_tokens", "completion_tokens", "total_tokens")): usage = Usage( @@ -879,6 +931,8 @@ class HermesACPAgent(acp.Agent): "context": self._cmd_context, "reset": self._cmd_reset, "compact": self._cmd_compact, + "steer": self._cmd_steer, + "queue": self._cmd_queue, "version": self._cmd_version, }.get(cmd) @@ -1006,6 +1060,34 @@ class HermesACPAgent(acp.Agent): except Exception as e: return f"Compression failed: {e}" + def _cmd_steer(self, args: str, state: SessionState) -> str: + steer_text = args.strip() + if not steer_text: + return "Usage: /steer " + + if state.is_running and hasattr(state.agent, "steer"): + try: + if state.agent.steer(steer_text): + preview = steer_text[:80] + ("..." if len(steer_text) > 80 else "") + return f"⏩ Steer queued for the active turn: {preview}" + except Exception as exc: + logger.warning("ACP steer failed for session %s: %s", state.session_id, exc) + return f"⚠️ Steer failed: {exc}" + + with state.runtime_lock: + state.queued_prompts.append(steer_text) + depth = len(state.queued_prompts) + return f"No active turn — queued for the next turn. ({depth} queued)" + + def _cmd_queue(self, args: str, state: SessionState) -> str: + queued_text = args.strip() + if not queued_text: + return "Usage: /queue " + with state.runtime_lock: + state.queued_prompts.append(queued_text) + depth = len(state.queued_prompts) + return f"Queued for the next turn. ({depth} queued)" + def _cmd_version(self, args: str, state: SessionState) -> str: return f"Hermes Agent v{HERMES_VERSION}" diff --git a/acp_adapter/session.py b/acp_adapter/session.py index 72457300261..0b627aabe8f 100644 --- a/acp_adapter/session.py +++ b/acp_adapter/session.py @@ -145,6 +145,9 @@ class SessionState: model: str = "" history: List[Dict[str, Any]] = field(default_factory=list) cancel_event: Any = None # threading.Event + is_running: bool = False + queued_prompts: List[str] = field(default_factory=list) + runtime_lock: Any = field(default_factory=Lock) class SessionManager: diff --git a/tests/acp_adapter/test_acp_commands.py b/tests/acp_adapter/test_acp_commands.py new file mode 100644 index 00000000000..f8a0ad45eb3 --- /dev/null +++ b/tests/acp_adapter/test_acp_commands.py @@ -0,0 +1,112 @@ +from types import SimpleNamespace + +import pytest +from acp.schema import TextContentBlock + +from acp_adapter.server import HermesACPAgent +from acp_adapter.session import SessionManager + + +class FakeAgent: + def __init__(self): + self.model = "fake-model" + self.provider = "fake-provider" + self.enabled_toolsets = ["hermes-acp"] + self.disabled_toolsets = [] + self.tools = [] + self.valid_tool_names = set() + self.steers = [] + self.runs = [] + + def steer(self, text): + self.steers.append(text) + return True + + def run_conversation(self, *, user_message, conversation_history, task_id, **kwargs): + self.runs.append(user_message) + messages = list(conversation_history or []) + messages.append({"role": "user", "content": user_message}) + final = f"ran: {user_message}" + messages.append({"role": "assistant", "content": final}) + return {"final_response": final, "messages": messages} + + +class CaptureConn: + def __init__(self): + self.updates = [] + + async def session_update(self, *args, **kwargs): + if kwargs: + self.updates.append((kwargs.get("session_id"), kwargs.get("update"))) + else: + self.updates.append((args[0], args[1])) + + async def request_permission(self, *args, **kwargs): + return SimpleNamespace(outcome="allow") + + +class NoopDb: + def get_session(self, *_args, **_kwargs): + return None + + def create_session(self, *_args, **_kwargs): + return None + + def update_session(self, *_args, **_kwargs): + return None + + +def make_agent_and_state(): + fake = FakeAgent() + manager = SessionManager(agent_factory=lambda **kwargs: fake, db=NoopDb()) + acp_agent = HermesACPAgent(session_manager=manager) + state = manager.create_session(cwd=".") + conn = CaptureConn() + acp_agent.on_connect(conn) + return acp_agent, state, fake, conn + + +@pytest.mark.asyncio +async def test_acp_steer_slash_command_injects_into_running_agent(): + acp_agent, state, fake, _conn = make_agent_and_state() + state.is_running = True + + response = await acp_agent.prompt( + session_id=state.session_id, + prompt=[TextContentBlock(type="text", text="/steer prefer the simpler fix")], + ) + + assert response.stop_reason == "end_turn" + assert fake.steers == ["prefer the simpler fix"] + assert fake.runs == [] + + +@pytest.mark.asyncio +async def test_acp_queue_slash_command_adds_next_turn_without_running_now(): + acp_agent, state, fake, _conn = make_agent_and_state() + + response = await acp_agent.prompt( + session_id=state.session_id, + prompt=[TextContentBlock(type="text", text="/queue run the tests after this")], + ) + + assert response.stop_reason == "end_turn" + assert state.queued_prompts == ["run the tests after this"] + assert fake.runs == [] + + +@pytest.mark.asyncio +async def test_acp_prompt_drains_queued_turns_after_current_run(): + acp_agent, state, fake, conn = make_agent_and_state() + state.queued_prompts.append("then run tests") + + response = await acp_agent.prompt( + session_id=state.session_id, + prompt=[TextContentBlock(type="text", text="make the change")], + ) + + assert response.stop_reason == "end_turn" + assert fake.runs == ["make the change", "then run tests"] + assert state.queued_prompts == [] + agent_messages = [u for _sid, u in conn.updates if getattr(u, "session_update", None) == "agent_message_chunk"] + assert len(agent_messages) >= 2 From 78886365c2a04f3367028190b71c5b4a96433279 Mon Sep 17 00:00:00 2001 From: Henkey Date: Fri, 1 May 2026 00:09:15 +0100 Subject: [PATCH 094/133] fix(acp): replay interrupted prompts for steer --- acp_adapter/server.py | 25 +++++++++++++++++++++++++ acp_adapter/session.py | 2 ++ tests/acp_adapter/test_acp_commands.py | 18 ++++++++++++++++++ 3 files changed, 45 insertions(+) diff --git a/acp_adapter/server.py b/acp_adapter/server.py index e69ff595586..ab37c5c0be5 100644 --- a/acp_adapter/server.py +++ b/acp_adapter/server.py @@ -569,6 +569,9 @@ class HermesACPAgent(acp.Agent): async def cancel(self, session_id: str, **kwargs: Any) -> None: state = self.session_manager.get_session(session_id) if state and state.cancel_event: + with state.runtime_lock: + if state.is_running and state.current_prompt_text: + state.interrupted_prompt_text = state.current_prompt_text state.cancel_event.set() try: if getattr(state, "agent", None) and hasattr(state.agent, "interrupt"): @@ -666,6 +669,25 @@ class HermesACPAgent(acp.Agent): if not has_content: return PromptResponse(stop_reason="end_turn") + # Zed currently interrupts an active ACP request before delivering a + # follow-up slash command. If that follow-up is /steer, there may be no + # live AIAgent left to steer by the time this method runs. Salvage that + # UX by replaying the interrupted prompt with the steer text attached as + # explicit correction/guidance. + if isinstance(user_content, str) and user_text.startswith("/steer"): + steer_text = user_text.split(maxsplit=1)[1].strip() if len(user_text.split(maxsplit=1)) > 1 else "" + interrupted_prompt = "" + with state.runtime_lock: + if not state.is_running and steer_text and state.interrupted_prompt_text: + interrupted_prompt = state.interrupted_prompt_text + state.interrupted_prompt_text = "" + if interrupted_prompt: + user_text = ( + f"{interrupted_prompt}\n\n" + f"User correction/guidance after interrupt: {steer_text}" + ) + user_content = user_text + # Intercept slash commands — handle locally without calling the LLM. # Slash commands are text-only; if the client included images/resources, # send the whole multimodal prompt to the agent instead of treating it as @@ -694,6 +716,7 @@ class HermesACPAgent(acp.Agent): await self._conn.session_update(session_id, update) return PromptResponse(stop_reason="end_turn") state.is_running = True + state.current_prompt_text = user_text or "[Image attachment]" logger.info("Prompt on session %s: %s", session_id, user_text[:100]) @@ -808,6 +831,7 @@ class HermesACPAgent(acp.Agent): logger.exception("Executor error for session %s", session_id) with state.runtime_lock: state.is_running = False + state.current_prompt_text = "" return PromptResponse(stop_reason="end_turn") if result.get("messages"): @@ -838,6 +862,7 @@ class HermesACPAgent(acp.Agent): # normal follow-up user prompts, preserving role alternation and history. with state.runtime_lock: state.is_running = False + state.current_prompt_text = "" while True: with state.runtime_lock: diff --git a/acp_adapter/session.py b/acp_adapter/session.py index 0b627aabe8f..d1fb1a874e2 100644 --- a/acp_adapter/session.py +++ b/acp_adapter/session.py @@ -148,6 +148,8 @@ class SessionState: is_running: bool = False queued_prompts: List[str] = field(default_factory=list) runtime_lock: Any = field(default_factory=Lock) + current_prompt_text: str = "" + interrupted_prompt_text: str = "" class SessionManager: diff --git a/tests/acp_adapter/test_acp_commands.py b/tests/acp_adapter/test_acp_commands.py index f8a0ad45eb3..20082fe28a4 100644 --- a/tests/acp_adapter/test_acp_commands.py +++ b/tests/acp_adapter/test_acp_commands.py @@ -81,6 +81,24 @@ async def test_acp_steer_slash_command_injects_into_running_agent(): assert fake.runs == [] +@pytest.mark.asyncio +async def test_acp_steer_after_zed_interrupt_replays_interrupted_prompt_with_guidance(): + acp_agent, state, fake, _conn = make_agent_and_state() + state.interrupted_prompt_text = "write hi to a text file" + + response = await acp_agent.prompt( + session_id=state.session_id, + prompt=[TextContentBlock(type="text", text="/steer write HELLO instead")], + ) + + assert response.stop_reason == "end_turn" + assert fake.steers == [] + assert fake.runs == [ + "write hi to a text file\n\nUser correction/guidance after interrupt: write HELLO instead" + ] + assert state.interrupted_prompt_text == "" + + @pytest.mark.asyncio async def test_acp_queue_slash_command_adds_next_turn_without_running_now(): acp_agent, state, fake, _conn = make_agent_and_state() From ec1443b9f106bf0c4e83669d9abea8ecf934fb3d Mon Sep 17 00:00:00 2001 From: Henkey Date: Fri, 1 May 2026 00:51:31 +0100 Subject: [PATCH 095/133] fix(acp): normalize Windows cwd for WSL tool execution --- acp_adapter/session.py | 48 +++++++++++++++++++++---- tests/acp/test_session.py | 75 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+), 7 deletions(-) diff --git a/acp_adapter/session.py b/acp_adapter/session.py index d1fb1a874e2..d6dace66b4e 100644 --- a/acp_adapter/session.py +++ b/acp_adapter/session.py @@ -26,6 +26,33 @@ from typing import Any, Dict, List, Optional logger = logging.getLogger(__name__) +def _win_path_to_wsl(path: str) -> str | None: + """Convert a Windows drive path to its WSL /mnt//... equivalent.""" + match = re.match(r"^([A-Za-z]):[\\/](.*)$", path) + if not match: + return None + drive = match.group(1).lower() + tail = match.group(2).replace("\\", "/") + return f"/mnt/{drive}/{tail}" + + +def _translate_acp_cwd(cwd: str) -> str: + """Translate Windows ACP cwd values when Hermes itself is running in WSL. + + Windows ACP clients can launch ``hermes acp`` inside WSL while still sending + editor workspaces as Windows drive paths such as ``E:\\Projects``. Store + and execute against the WSL mount path so agents, tools, and persisted ACP + sessions all agree on the usable workspace. Native Linux/macOS keeps the + original cwd unchanged. + """ + from hermes_constants import is_wsl + + if not is_wsl(): + return cwd + translated = _win_path_to_wsl(str(cwd)) + return translated if translated is not None else cwd + + def _normalize_cwd_for_compare(cwd: str | None) -> str: raw = str(cwd or ".").strip() if not raw: @@ -34,11 +61,9 @@ def _normalize_cwd_for_compare(cwd: str | None) -> str: # Normalize Windows drive paths into the equivalent WSL mount form so # ACP history filters match the same workspace across Windows and WSL. - match = re.match(r"^([A-Za-z]):[\\/](.*)$", expanded) - if match: - drive = match.group(1).lower() - tail = match.group(2).replace("\\", "/") - expanded = f"/mnt/{drive}/{tail}" + translated = _win_path_to_wsl(expanded) + if translated is not None: + expanded = translated elif re.match(r"^/mnt/[A-Za-z]/", expanded): expanded = f"/mnt/{expanded[5].lower()}/{expanded[7:]}" @@ -96,12 +121,18 @@ def _acp_stderr_print(*args, **kwargs) -> None: def _register_task_cwd(task_id: str, cwd: str) -> None: - """Bind a task/session id to the editor's working directory for tools.""" + """Bind a task/session id to the editor's working directory for tools. + + Zed can launch Hermes from a Windows workspace while the ACP process runs + inside WSL. In that case ACP sends cwd as e.g. ``E:\\Projects\\POTI``; + local tools need the WSL mount equivalent or subprocess creation fails + before the command can run. + """ if not task_id: return try: from tools.terminal_tool import register_task_env_overrides - register_task_env_overrides(task_id, {"cwd": cwd}) + register_task_env_overrides(task_id, {"cwd": _translate_acp_cwd(cwd)}) except Exception: logger.debug("Failed to register ACP task cwd override", exc_info=True) @@ -180,6 +211,7 @@ class SessionManager: """Create a new session with a unique ID and a fresh AIAgent.""" import threading + cwd = _translate_acp_cwd(cwd) session_id = str(uuid.uuid4()) agent = self._make_agent(session_id=session_id, cwd=cwd) state = SessionState( @@ -222,6 +254,7 @@ class SessionManager: """Deep-copy a session's history into a new session.""" import threading + cwd = _translate_acp_cwd(cwd) original = self.get_session(session_id) # checks DB too if original is None: return None @@ -323,6 +356,7 @@ class SessionManager: def update_cwd(self, session_id: str, cwd: str) -> Optional[SessionState]: """Update the working directory for a session and its tool overrides.""" + cwd = _translate_acp_cwd(cwd) state = self.get_session(session_id) # checks DB too if state is None: return None diff --git a/tests/acp/test_session.py b/tests/acp/test_session.py index c86819f6df6..03d5f3f658c 100644 --- a/tests/acp/test_session.py +++ b/tests/acp/test_session.py @@ -8,6 +8,7 @@ from types import SimpleNamespace import pytest from unittest.mock import MagicMock, patch +from acp_adapter import session as acp_session from acp_adapter.session import SessionManager, SessionState from hermes_state import SessionDB @@ -42,6 +43,27 @@ class TestCreateSession: state = manager.create_session(cwd="/tmp/work") assert calls == [(state.session_id, "/tmp/work")] + + def test_register_task_cwd_translates_windows_drive_for_wsl_tools(self, monkeypatch): + captured = {} + + def fake_register_task_env_overrides(task_id, overrides): + captured["task_id"] = task_id + captured["overrides"] = overrides + + monkeypatch.setattr("hermes_constants._wsl_detected", True) + monkeypatch.setattr( + "tools.terminal_tool.register_task_env_overrides", + fake_register_task_env_overrides, + ) + + acp_session._register_task_cwd("session-1", r"E:\Projects\AI\paperclip") + + assert captured == { + "task_id": "session-1", + "overrides": {"cwd": "/mnt/e/Projects/AI/paperclip"}, + } + def test_session_ids_are_unique(self, manager): s1 = manager.create_session() s2 = manager.create_session() @@ -56,6 +78,59 @@ class TestCreateSession: assert manager.get_session("does-not-exist") is None + + +# --------------------------------------------------------------------------- +# WSL cwd translation +# --------------------------------------------------------------------------- + + +class TestWslCwdTranslation: + def test_translate_acp_cwd_converts_windows_drive_path_when_wsl(self, monkeypatch): + monkeypatch.setattr("hermes_constants._wsl_detected", True) + + assert acp_session._translate_acp_cwd(r"E:\Projects\AI\paperclip") == "/mnt/e/Projects/AI/paperclip" + + def test_translate_acp_cwd_handles_forward_slashes_when_wsl(self, monkeypatch): + monkeypatch.setattr("hermes_constants._wsl_detected", True) + + assert acp_session._translate_acp_cwd("D:/work/project") == "/mnt/d/work/project" + + def test_translate_acp_cwd_leaves_windows_drive_path_unchanged_off_wsl(self, monkeypatch): + monkeypatch.setattr("hermes_constants._wsl_detected", False) + + assert acp_session._translate_acp_cwd(r"E:\Projects\AI\paperclip") == r"E:\Projects\AI\paperclip" + + def test_translate_acp_cwd_leaves_posix_path_unchanged_on_wsl(self, monkeypatch): + monkeypatch.setattr("hermes_constants._wsl_detected", True) + + assert acp_session._translate_acp_cwd("/mnt/e/Projects/AI/paperclip") == "/mnt/e/Projects/AI/paperclip" + + def test_create_session_stores_translated_cwd_on_wsl(self, manager, monkeypatch): + monkeypatch.setattr("hermes_constants._wsl_detected", True) + + state = manager.create_session(cwd=r"E:\Projects\AI\paperclip") + + assert state.cwd == "/mnt/e/Projects/AI/paperclip" + + def test_fork_session_stores_translated_cwd_on_wsl(self, manager, monkeypatch): + monkeypatch.setattr("hermes_constants._wsl_detected", True) + original = manager.create_session(cwd="/tmp/base") + + forked = manager.fork_session(original.session_id, cwd=r"D:\work\project") + + assert forked is not None + assert forked.cwd == "/mnt/d/work/project" + + def test_update_cwd_stores_translated_cwd_on_wsl(self, manager, monkeypatch): + monkeypatch.setattr("hermes_constants._wsl_detected", True) + state = manager.create_session(cwd="/tmp/old") + + updated = manager.update_cwd(state.session_id, cwd=r"C:\Users\foo\project") + + assert updated is not None + assert updated.cwd == "/mnt/c/Users/foo/project" + # --------------------------------------------------------------------------- # fork # --------------------------------------------------------------------------- From fc78e708ed0c684c20987b23657208c76d45fc5a Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 22:44:41 -0700 Subject: [PATCH 096/133] fix(update): don't crash hermes update if skill config scan fails (#18257) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `hermes update` ran the config migration (11 → 17) successfully then crashed at `agent/skill_utils.py:340` during the post-migration skill-config prompt. User @FlockonUS reported this on Twitter. Root cause: `get_missing_skill_config_vars` in hermes_cli/config.py only guarded the import of `discover_all_skill_config_vars`, not the call. Any runtime exception inside the skill scan (malformed SKILL.md, unreadable external skill dir, etc.) propagated up through `migrate_config` and aborted `hermes update` after the version bump. Wrap the call in try/except so skill-config prompting — which is a post-migration nicety — can never block the migration itself. --- hermes_cli/config.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/hermes_cli/config.py b/hermes_cli/config.py index d392467676f..82498c81cc2 100644 --- a/hermes_cli/config.py +++ b/hermes_cli/config.py @@ -2437,7 +2437,17 @@ def get_missing_skill_config_vars() -> List[Dict[str, Any]]: except Exception: return [] - all_vars = discover_all_skill_config_vars() + try: + all_vars = discover_all_skill_config_vars() + except Exception as e: + # A malformed SKILL.md, unreadable external skill dir, or similar + # should never break `hermes update`. Skill-config prompting is a + # post-migration nicety, not a blocker. + import logging + logging.getLogger(__name__).debug( + "discover_all_skill_config_vars failed: %s", e + ) + return [] if not all_vars: return [] From 41fa1f1b5cf560c22a7e9adb06eb463d7122f9e0 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 22:45:14 -0700 Subject: [PATCH 097/133] fix(acp): run /steer as a regular prompt on idle sessions (#18258) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When a user types /steer on an ACP session that isn't actively running a turn (and there's no interrupted-prompt salvage available), _cmd_steer silently appended to state.queued_prompts and replied "No active turn — queued for the next turn". That looks identical to /queue output even though the user never typed /queue — @EddyLeeKhane reported this as "/steer never works, gets queued instead". Rewrite the payload to a plain user prompt before the slash-intercept fires, matching the gateway's idle-/steer fallthrough in gateway/run.py ~L4898. --- acp_adapter/server.py | 30 +++++++++++++++++++------- tests/acp_adapter/test_acp_commands.py | 20 +++++++++++++++++ 2 files changed, 42 insertions(+), 8 deletions(-) diff --git a/acp_adapter/server.py b/acp_adapter/server.py index ab37c5c0be5..39eff2f2b50 100644 --- a/acp_adapter/server.py +++ b/acp_adapter/server.py @@ -669,24 +669,38 @@ class HermesACPAgent(acp.Agent): if not has_content: return PromptResponse(stop_reason="end_turn") - # Zed currently interrupts an active ACP request before delivering a - # follow-up slash command. If that follow-up is /steer, there may be no - # live AIAgent left to steer by the time this method runs. Salvage that - # UX by replaying the interrupted prompt with the steer text attached as - # explicit correction/guidance. + # /steer on an idle session has no in-flight tool call to inject into. + # Rewrite it so the payload runs as a normal user prompt, matching the + # gateway's behavior (gateway/run.py ~L4898). Two sub-cases: + # 1. Zed-interrupt salvage — a prior prompt was cancelled by the + # client right before /steer arrived; replay it with the steer + # text attached as explicit correction/guidance so the user's + # in-flight work isn't lost. + # 2. Plain idle — no prior work to salvage; just run the steer + # payload as a regular prompt. Without this, _cmd_steer would + # silently append to state.queued_prompts and respond with + # "No active turn — queued for the next turn", which looks like + # /queue even though the user never typed /queue. if isinstance(user_content, str) and user_text.startswith("/steer"): steer_text = user_text.split(maxsplit=1)[1].strip() if len(user_text.split(maxsplit=1)) > 1 else "" interrupted_prompt = "" + rewrite_idle = False with state.runtime_lock: - if not state.is_running and steer_text and state.interrupted_prompt_text: - interrupted_prompt = state.interrupted_prompt_text - state.interrupted_prompt_text = "" + if not state.is_running and steer_text: + if state.interrupted_prompt_text: + interrupted_prompt = state.interrupted_prompt_text + state.interrupted_prompt_text = "" + else: + rewrite_idle = True if interrupted_prompt: user_text = ( f"{interrupted_prompt}\n\n" f"User correction/guidance after interrupt: {steer_text}" ) user_content = user_text + elif rewrite_idle: + user_text = steer_text + user_content = steer_text # Intercept slash commands — handle locally without calling the LLM. # Slash commands are text-only; if the client included images/resources, diff --git a/tests/acp_adapter/test_acp_commands.py b/tests/acp_adapter/test_acp_commands.py index 20082fe28a4..664e1822733 100644 --- a/tests/acp_adapter/test_acp_commands.py +++ b/tests/acp_adapter/test_acp_commands.py @@ -99,6 +99,26 @@ async def test_acp_steer_after_zed_interrupt_replays_interrupted_prompt_with_gui assert state.interrupted_prompt_text == "" +@pytest.mark.asyncio +async def test_acp_steer_on_idle_session_runs_as_regular_prompt(): + # /steer on an idle session (no running turn, nothing to salvage) should + # run the steer payload as a normal user prompt — NOT silently append it + # to state.queued_prompts. Without this, users on Zed / other ACP clients + # see their /steer turn into "queued for the next turn" when they never + # typed /queue. Matches gateway/run.py ~L4898 idle-/steer behavior. + acp_agent, state, fake, _conn = make_agent_and_state() + + response = await acp_agent.prompt( + session_id=state.session_id, + prompt=[TextContentBlock(type="text", text="/steer summarize the README")], + ) + + assert response.stop_reason == "end_turn" + assert fake.steers == [] + assert fake.runs == ["summarize the README"] + assert state.queued_prompts == [] + + @pytest.mark.asyncio async def test_acp_queue_slash_command_adds_next_turn_without_running_now(): acp_agent, state, fake, _conn = make_agent_and_state() From f0dc919f92c5327cf8033e06c039126f1288e89c Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:03:54 -0700 Subject: [PATCH 098/133] fix(compression): include system prompt + tool schemas in token estimates (#18265) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The user-visible /compress banner and the post-compression last_prompt_tokens writeback both counted only the raw message transcript (chars/4). With a 15KB system prompt and 30 tool schemas (~26KB), a 4-message transcript that looks like ~45 tokens to the transcript-only estimator is really ~10.5K tokens of request pressure — a 234x gap. Two user-facing consequences: - Banner shows 'Compressing … (~45 tokens)…' while compression is actually firing on 10K+ tokens of real pressure, confusing users about why compression triggered (reported by @codecovenant on X; #6217). - Post-compression last_prompt_tokens writeback omits tool schemas, so the next should_compress() check compares real usage against a stale underestimate — compression triggers late, potentially past the model's context limit on small-context models (#14695). Swap estimate_messages_tokens_rough() for estimate_request_tokens_rough() at every user-visible banner and at the post-compression writeback. estimate_request_tokens_rough() already existed for exactly this purpose and includes system prompt + tool schemas. Touched call sites: - run_agent.py: post-compression last_prompt_tokens writeback, post-tool call should_compress() fallback when provider usage is missing - cli.py: /compress banner + summary - gateway/run.py: gateway /compress banner + summary - tui_gateway/server.py: TUI /compress status + summary - acp_adapter/server.py: ACP /compact before/after Left intentionally alone: - Session-hygiene fallback and the 'no agent' /status path in gateway/run.py — no agent instance is in scope to query for system prompt/tools, and the existing 30-50% overestimate wobble on hygiene is safety-accepted. - Verbose-mode 'Request size' logging — informational only, already counts system prompt via api_messages[0]. Also relabels the feedback line from 'Rough transcript estimate' to 'Approx request size' so the metric label matches what it actually measures. Credits: diagnoses from @devilardis (#14695) and @Jackten (#6217); user report @codecovenant on X (2026-04-30). Closes #14695 Closes #6217 --- acp_adapter/server.py | 18 +++++++++++--- agent/manual_compression_feedback.py | 10 ++++---- cli.py | 20 +++++++++++++--- gateway/run.py | 17 ++++++++++--- run_agent.py | 19 +++++++++++---- tests/acp/test_server.py | 3 ++- tests/cli/test_manual_compress.py | 20 +++++++++------- tests/gateway/test_compress_command.py | 28 ++++++++++++++-------- tui_gateway/server.py | 33 ++++++++++++++++++++++---- 9 files changed, 126 insertions(+), 42 deletions(-) diff --git a/acp_adapter/server.py b/acp_adapter/server.py index 39eff2f2b50..f8dade72af4 100644 --- a/acp_adapter/server.py +++ b/acp_adapter/server.py @@ -1068,10 +1068,16 @@ class HermesACPAgent(acp.Agent): if not hasattr(agent, "_compress_context"): return "Context compression not available for this agent." - from agent.model_metadata import estimate_messages_tokens_rough + from agent.model_metadata import estimate_request_tokens_rough original_count = len(state.history) - approx_tokens = estimate_messages_tokens_rough(state.history) + # Include system prompt + tool schemas so the figure reflects real + # request pressure, not a transcript-only underestimate (#6217). + _sys_prompt = getattr(agent, "_cached_system_prompt", "") or "" + _tools = getattr(agent, "tools", None) or None + approx_tokens = estimate_request_tokens_rough( + state.history, system_prompt=_sys_prompt, tools=_tools + ) original_session_db = getattr(agent, "_session_db", None) try: @@ -1091,7 +1097,13 @@ class HermesACPAgent(acp.Agent): self.session_manager.save_session(state.session_id) new_count = len(state.history) - new_tokens = estimate_messages_tokens_rough(state.history) + _sys_prompt_after = getattr(agent, "_cached_system_prompt", "") or _sys_prompt + _tools_after = getattr(agent, "tools", None) or _tools + new_tokens = estimate_request_tokens_rough( + state.history, + system_prompt=_sys_prompt_after, + tools=_tools_after, + ) return ( f"Context compressed: {original_count} -> {new_count} messages\n" f"~{approx_tokens:,} -> ~{new_tokens:,} tokens" diff --git a/agent/manual_compression_feedback.py b/agent/manual_compression_feedback.py index 8f2d5e5d520..32b00f7cf4b 100644 --- a/agent/manual_compression_feedback.py +++ b/agent/manual_compression_feedback.py @@ -20,25 +20,25 @@ def summarize_manual_compression( headline = f"No changes from compression: {before_count} messages" if after_tokens == before_tokens: token_line = ( - f"Rough transcript estimate: ~{before_tokens:,} tokens (unchanged)" + f"Approx request size: ~{before_tokens:,} tokens (unchanged)" ) else: token_line = ( - f"Rough transcript estimate: ~{before_tokens:,} → " + f"Approx request size: ~{before_tokens:,} → " f"~{after_tokens:,} tokens" ) else: headline = f"Compressed: {before_count} → {after_count} messages" token_line = ( - f"Rough transcript estimate: ~{before_tokens:,} → " + f"Approx request size: ~{before_tokens:,} → " f"~{after_tokens:,} tokens" ) note = None if not noop and after_count < before_count and after_tokens > before_tokens: note = ( - "Note: fewer messages can still raise this rough transcript estimate " - "when compression rewrites the transcript into denser summaries." + "Note: fewer messages can still raise this estimate when " + "compression rewrites the transcript into denser summaries." ) return { diff --git a/cli.py b/cli.py index bef1d87ba5a..dbbf83f2c04 100644 --- a/cli.py +++ b/cli.py @@ -7343,10 +7343,20 @@ class HermesCLI: original_count = len(self.conversation_history) with self._busy_command("Compressing context..."): try: - from agent.model_metadata import estimate_messages_tokens_rough + from agent.model_metadata import estimate_request_tokens_rough from agent.manual_compression_feedback import summarize_manual_compression original_history = list(self.conversation_history) - approx_tokens = estimate_messages_tokens_rough(original_history) + # Include system prompt + tool schemas in the estimate — + # a transcript-only number understates real request pressure + # and can even appear to grow after compression because a + # dense handoff summary replaces many short turns (#6217). + _sys_prompt = getattr(self.agent, "_cached_system_prompt", "") or "" + _tools = getattr(self.agent, "tools", None) or None + approx_tokens = estimate_request_tokens_rough( + original_history, + system_prompt=_sys_prompt, + tools=_tools, + ) if focus_topic: print(f"🗜️ Compressing {original_count} messages (~{approx_tokens:,} tokens), " f"focus: \"{focus_topic}\"...") @@ -7378,7 +7388,11 @@ class HermesCLI: ): self.session_id = self.agent.session_id self._pending_title = None - new_tokens = estimate_messages_tokens_rough(self.conversation_history) + new_tokens = estimate_request_tokens_rough( + self.conversation_history, + system_prompt=_sys_prompt, + tools=_tools, + ) summary = summarize_manual_compression( original_history, self.conversation_history, diff --git a/gateway/run.py b/gateway/run.py index 8c2c6478cba..90faf9a745c 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -8512,7 +8512,7 @@ class GatewayRunner: try: from run_agent import AIAgent from agent.manual_compression_feedback import summarize_manual_compression - from agent.model_metadata import estimate_messages_tokens_rough + from agent.model_metadata import estimate_request_tokens_rough session_key = self._session_key_for_source(source) model, runtime_kwargs = self._resolve_session_agent_runtime( @@ -8527,7 +8527,6 @@ class GatewayRunner: for m in history if m.get("role") in ("user", "assistant") and m.get("content") ] - approx_tokens = estimate_messages_tokens_rough(msgs) tmp_agent = AIAgent( **runtime_kwargs, @@ -8541,6 +8540,16 @@ class GatewayRunner: try: tmp_agent._print_fn = lambda *a, **kw: None + # Estimate with system prompt + tool schemas included so the + # figure reflects real request pressure, not a transcript-only + # underestimate (#6217). Must be computed after tmp_agent is + # built so _cached_system_prompt/tools are populated. + _sys_prompt = getattr(tmp_agent, "_cached_system_prompt", "") or "" + _tools = getattr(tmp_agent, "tools", None) or None + approx_tokens = estimate_request_tokens_rough( + msgs, system_prompt=_sys_prompt, tools=_tools + ) + compressor = tmp_agent.context_compressor if not compressor.has_content_to_compress(msgs): return "Nothing to compress yet (the transcript is still all protected context)." @@ -8565,7 +8574,9 @@ class GatewayRunner: self.session_store.update_session( session_entry.session_key, last_prompt_tokens=0 ) - new_tokens = estimate_messages_tokens_rough(compressed) + new_tokens = estimate_request_tokens_rough( + compressed, system_prompt=_sys_prompt, tools=_tools + ) summary = summarize_manual_compression( msgs, compressed, diff --git a/run_agent.py b/run_agent.py index 0fe6e4a8263..4ea0fafef8c 100644 --- a/run_agent.py +++ b/run_agent.py @@ -9101,9 +9101,14 @@ class AIAgent: # Update token estimate after compaction so pressure calculations # use the post-compression count, not the stale pre-compression one. - _compressed_est = ( - estimate_tokens_rough(new_system_prompt) - + estimate_messages_tokens_rough(compressed) + # Use estimate_request_tokens_rough() so tool schemas are included — + # with 50+ tools enabled, schemas alone can add 20-30K tokens, and + # omitting them delays the next compression cycle far past the + # configured threshold (issue #14695). + _compressed_est = estimate_request_tokens_rough( + compressed, + system_prompt=new_system_prompt or "", + tools=self.tools or None, ) self.context_compressor.last_prompt_tokens = _compressed_est self.context_compressor.last_completion_tokens = 0 @@ -13223,7 +13228,13 @@ class AIAgent: # causing premature compression. (#12026) _real_tokens = _compressor.last_prompt_tokens else: - _real_tokens = estimate_messages_tokens_rough(messages) + # Include tool schemas — with 50+ tools enabled + # these add 20-30K tokens the messages-only + # estimate misses, which can skip compression + # past the configured threshold (#14695). + _real_tokens = estimate_request_tokens_rough( + messages, tools=self.tools or None + ) if self.compression_enabled and _compressor.should_compress(_real_tokens): self._safe_print(" ⟳ compacting context…") diff --git a/tests/acp/test_server.py b/tests/acp/test_server.py index 6628f0da269..35aafc603ed 100644 --- a/tests/acp/test_server.py +++ b/tests/acp/test_server.py @@ -730,6 +730,7 @@ class TestSlashCommands: ] state.agent.compression_enabled = True state.agent._cached_system_prompt = "system" + state.agent.tools = None original_session_db = object() state.agent._session_db = original_session_db @@ -746,7 +747,7 @@ class TestSlashCommands: with ( patch.object(agent.session_manager, "save_session") as mock_save, patch( - "agent.model_metadata.estimate_messages_tokens_rough", + "agent.model_metadata.estimate_request_tokens_rough", side_effect=[40, 12], ), ): diff --git a/tests/cli/test_manual_compress.py b/tests/cli/test_manual_compress.py index 9144c94b105..afbde073306 100644 --- a/tests/cli/test_manual_compress.py +++ b/tests/cli/test_manual_compress.py @@ -21,20 +21,21 @@ def test_manual_compress_reports_noop_without_success_banner(capsys): shell.agent = MagicMock() shell.agent.compression_enabled = True shell.agent._cached_system_prompt = "" + shell.agent.tools = None shell.agent.session_id = shell.session_id # no-op compression: no split shell.agent._compress_context.return_value = (list(history), "") - def _estimate(messages): + def _estimate(messages, **_kwargs): assert messages == history return 100 - with patch("agent.model_metadata.estimate_messages_tokens_rough", side_effect=_estimate): + with patch("agent.model_metadata.estimate_request_tokens_rough", side_effect=_estimate): shell._manual_compress() output = capsys.readouterr().out assert "No changes from compression" in output assert "✅ Compressed" not in output - assert "Rough transcript estimate: ~100 tokens (unchanged)" in output + assert "Approx request size: ~100 tokens (unchanged)" in output def test_manual_compress_explains_when_token_estimate_rises(capsys): @@ -49,22 +50,23 @@ def test_manual_compress_explains_when_token_estimate_rises(capsys): shell.agent = MagicMock() shell.agent.compression_enabled = True shell.agent._cached_system_prompt = "" + shell.agent.tools = None shell.agent.session_id = shell.session_id # no-op: no split shell.agent._compress_context.return_value = (compressed, "") - def _estimate(messages): + def _estimate(messages, **_kwargs): if messages == history: return 100 if messages == compressed: return 120 raise AssertionError(f"unexpected transcript: {messages!r}") - with patch("agent.model_metadata.estimate_messages_tokens_rough", side_effect=_estimate): + with patch("agent.model_metadata.estimate_request_tokens_rough", side_effect=_estimate): shell._manual_compress() output = capsys.readouterr().out assert "✅ Compressed: 4 → 3 messages" in output - assert "Rough transcript estimate: ~100 → ~120 tokens" in output + assert "Approx request size: ~100 → ~120 tokens" in output assert "denser summaries" in output @@ -89,6 +91,7 @@ def test_manual_compress_syncs_session_id_after_split(): shell.agent = MagicMock() shell.agent.compression_enabled = True shell.agent._cached_system_prompt = "" + shell.agent.tools = None # Simulate _compress_context mutating agent.session_id as a side effect. def _fake_compress(*args, **kwargs): shell.agent.session_id = new_child_id @@ -97,7 +100,7 @@ def test_manual_compress_syncs_session_id_after_split(): shell.agent.session_id = old_id # starts in sync shell._pending_title = "stale title" - with patch("agent.model_metadata.estimate_messages_tokens_rough", return_value=100): + with patch("agent.model_metadata.estimate_request_tokens_rough", return_value=100): shell._manual_compress() # CLI session_id must now point at the continuation child, not the parent. @@ -118,11 +121,12 @@ def test_manual_compress_no_sync_when_session_id_unchanged(): shell.agent = MagicMock() shell.agent.compression_enabled = True shell.agent._cached_system_prompt = "" + shell.agent.tools = None shell.agent.session_id = shell.session_id shell.agent._compress_context.return_value = (list(history), "") shell._pending_title = "keep me" - with patch("agent.model_metadata.estimate_messages_tokens_rough", return_value=100): + with patch("agent.model_metadata.estimate_request_tokens_rough", return_value=100): shell._manual_compress() # No split → pending title untouched. diff --git a/tests/gateway/test_compress_command.py b/tests/gateway/test_compress_command.py index 21ff777f6aa..e09e40a0e92 100644 --- a/tests/gateway/test_compress_command.py +++ b/tests/gateway/test_compress_command.py @@ -64,11 +64,13 @@ async def test_compress_command_reports_noop_without_success_banner(): agent_instance = MagicMock() agent_instance.shutdown_memory_provider = MagicMock() agent_instance.close = MagicMock() + agent_instance._cached_system_prompt = "" + agent_instance.tools = None agent_instance.context_compressor.has_content_to_compress.return_value = True agent_instance.session_id = "sess-1" agent_instance._compress_context.return_value = (list(history), "") - def _estimate(messages): + def _estimate(messages, **_kwargs): assert messages == history return 100 @@ -76,13 +78,13 @@ async def test_compress_command_reports_noop_without_success_banner(): patch("gateway.run._resolve_runtime_agent_kwargs", return_value={"api_key": "test-key"}), patch("gateway.run._resolve_gateway_model", return_value="test-model"), patch("run_agent.AIAgent", return_value=agent_instance), - patch("agent.model_metadata.estimate_messages_tokens_rough", side_effect=_estimate), + patch("agent.model_metadata.estimate_request_tokens_rough", side_effect=_estimate), ): result = await runner._handle_compress_command(_make_event()) assert "No changes from compression" in result assert "Compressed:" not in result - assert "Rough transcript estimate: ~100 tokens (unchanged)" in result + assert "Approx request size: ~100 tokens (unchanged)" in result agent_instance.shutdown_memory_provider.assert_called_once() agent_instance.close.assert_called_once() @@ -99,11 +101,13 @@ async def test_compress_command_explains_when_token_estimate_rises(): agent_instance = MagicMock() agent_instance.shutdown_memory_provider = MagicMock() agent_instance.close = MagicMock() + agent_instance._cached_system_prompt = "" + agent_instance.tools = None agent_instance.context_compressor.has_content_to_compress.return_value = True agent_instance.session_id = "sess-1" agent_instance._compress_context.return_value = (compressed, "") - def _estimate(messages): + def _estimate(messages, **_kwargs): if messages == history: return 100 if messages == compressed: @@ -114,12 +118,12 @@ async def test_compress_command_explains_when_token_estimate_rises(): patch("gateway.run._resolve_runtime_agent_kwargs", return_value={"api_key": "test-key"}), patch("gateway.run._resolve_gateway_model", return_value="test-model"), patch("run_agent.AIAgent", return_value=agent_instance), - patch("agent.model_metadata.estimate_messages_tokens_rough", side_effect=_estimate), + patch("agent.model_metadata.estimate_request_tokens_rough", side_effect=_estimate), ): result = await runner._handle_compress_command(_make_event()) assert "Compressed: 4 → 3 messages" in result - assert "Rough transcript estimate: ~100 → ~120 tokens" in result + assert "Approx request size: ~100 → ~120 tokens" in result assert "denser summaries" in result agent_instance.shutdown_memory_provider.assert_called_once() agent_instance.close.assert_called_once() @@ -143,6 +147,8 @@ async def test_compress_command_appends_warning_when_summary_generation_fails(): agent_instance = MagicMock() agent_instance.shutdown_memory_provider = MagicMock() agent_instance.close = MagicMock() + agent_instance._cached_system_prompt = "" + agent_instance.tools = None agent_instance.context_compressor.has_content_to_compress.return_value = True # Simulate summary-generation failure: fallback flag set, dropped count # populated, error string captured. @@ -154,7 +160,7 @@ async def test_compress_command_appends_warning_when_summary_generation_fails(): agent_instance.session_id = "sess-1" agent_instance._compress_context.return_value = (compressed, "") - def _estimate(messages): + def _estimate(messages, **_kwargs): if messages == history: return 100 if messages == compressed: @@ -165,7 +171,7 @@ async def test_compress_command_appends_warning_when_summary_generation_fails(): patch("gateway.run._resolve_runtime_agent_kwargs", return_value={"api_key": "***"}), patch("gateway.run._resolve_gateway_model", return_value="test-model"), patch("run_agent.AIAgent", return_value=agent_instance), - patch("agent.model_metadata.estimate_messages_tokens_rough", side_effect=_estimate), + patch("agent.model_metadata.estimate_request_tokens_rough", side_effect=_estimate), ): result = await runner._handle_compress_command(_make_event()) @@ -200,6 +206,8 @@ async def test_compress_command_surfaces_aux_model_failure_even_when_recovered() agent_instance = MagicMock() agent_instance.shutdown_memory_provider = MagicMock() agent_instance.close = MagicMock() + agent_instance._cached_system_prompt = "" + agent_instance.tools = None agent_instance.context_compressor.has_content_to_compress.return_value = True # Fallback placeholder was NOT used — recovery succeeded. agent_instance.context_compressor._last_summary_fallback_used = False @@ -215,7 +223,7 @@ async def test_compress_command_surfaces_aux_model_failure_even_when_recovered() agent_instance.session_id = "sess-1" agent_instance._compress_context.return_value = (compressed, "") - def _estimate(messages): + def _estimate(messages, **_kwargs): if messages == history: return 100 if messages == compressed: @@ -226,7 +234,7 @@ async def test_compress_command_surfaces_aux_model_failure_even_when_recovered() patch("gateway.run._resolve_runtime_agent_kwargs", return_value={"api_key": "***"}), patch("gateway.run._resolve_gateway_model", return_value="test-model"), patch("run_agent.AIAgent", return_value=agent_instance), - patch("agent.model_metadata.estimate_messages_tokens_rough", side_effect=_estimate), + patch("agent.model_metadata.estimate_request_tokens_rough", side_effect=_estimate), ): result = await runner._handle_compress_command(_make_event()) diff --git a/tui_gateway/server.py b/tui_gateway/server.py index fb8aaa81464..4a7f4785e61 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -1144,7 +1144,7 @@ def _compress_session_history( before_messages: list | None = None, history_version: int | None = None, ) -> tuple[int, dict]: - from agent.model_metadata import estimate_messages_tokens_rough + from agent.model_metadata import estimate_request_tokens_rough agent = session["agent"] # Snapshot history under the lock so the LLM-bound compression call @@ -1160,7 +1160,13 @@ def _compress_session_history( usage = _get_usage(agent) return 0, usage if approx_tokens is None: - approx_tokens = estimate_messages_tokens_rough(history) + # Include system prompt + tool schemas so the figure reflects real + # request pressure, not a transcript-only underestimate (#6217). + _sys_prompt = getattr(agent, "_cached_system_prompt", "") or "" + _tools = getattr(agent, "tools", None) or None + approx_tokens = estimate_request_tokens_rough( + history, system_prompt=_sys_prompt, tools=_tools + ) # Pass system_message=None so AIAgent._compress_context rebuilds the # system prompt cleanly via _build_system_prompt(None). Passing the # cached prompt (which already contains the agent identity block) @@ -2328,14 +2334,21 @@ def _(rid, params: dict) -> dict: focus_topic = str(params.get("focus_topic", "") or "").strip() try: from agent.manual_compression_feedback import summarize_manual_compression - from agent.model_metadata import estimate_messages_tokens_rough + from agent.model_metadata import estimate_request_tokens_rough with session["history_lock"]: before_messages = list(session.get("history", [])) history_version = int(session.get("history_version", 0)) before_count = len(before_messages) + _agent = session["agent"] + _sys_prompt = getattr(_agent, "_cached_system_prompt", "") or "" + _tools = getattr(_agent, "tools", None) or None before_tokens = ( - estimate_messages_tokens_rough(before_messages) if before_count else 0 + estimate_request_tokens_rough( + before_messages, system_prompt=_sys_prompt, tools=_tools + ) + if before_count + else 0 ) if before_count >= 4: @@ -2358,8 +2371,18 @@ def _(rid, params: dict) -> dict: with session["history_lock"]: messages = list(session.get("history", [])) after_count = len(messages) + # Re-read system prompt + tools after compression — _compress_context + # may have rebuilt the system prompt (_cached_system_prompt=None). + _sys_prompt_after = getattr(_agent, "_cached_system_prompt", "") or _sys_prompt + _tools_after = getattr(_agent, "tools", None) or _tools after_tokens = ( - estimate_messages_tokens_rough(messages) if after_count else 0 + estimate_request_tokens_rough( + messages, + system_prompt=_sys_prompt_after, + tools=_tools_after, + ) + if after_count + else 0 ) agent = session["agent"] _sync_session_key_after_compress(sid, session) From bfb704684ec64675650bc39fa0f731604b12aba2 Mon Sep 17 00:00:00 2001 From: IMHaoyan <657290301@qq.com> Date: Thu, 30 Apr 2026 22:49:55 -0700 Subject: [PATCH 099/133] fix(deepseek): use non-empty reasoning_content placeholder for V4 Pro thinking mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DeepSeek V4 Pro tightened thinking-mode validation and rejects empty-string reasoning_content with HTTP 400: The reasoning content in the thinking mode must be passed back to the API. run_agent.py injected "" at three fallback sites — the tool-call pad in _build_assistant_message and both injection branches of _copy_reasoning_content_for_api (cross-provider poison guard + unconditional thinking pad). All three now emit " " (single space), which satisfies the non-empty check on V4 Pro without leaking fabricated reasoning. Also upgrades stale empty-string placeholders on replay: sessions persisted before this change have reasoning_content="" pinned at creation time; when the active provider enforces thinking-mode echo, the replay path now rewrites "" -> " " so existing users don't 400 on their first V4 Pro turn after updating. Non-thinking providers still round-trip "" verbatim. Updates 9 existing assertions + adds 2 regression tests (stale-placeholder upgrade, non-thinking verbatim preservation). Refs #15250, #17400. Closes #17341. --- run_agent.py | 46 +++++++---- scripts/release.py | 1 + .../test_deepseek_reasoning_content_echo.py | 80 ++++++++++++++----- tests/run_agent/test_run_agent.py | 8 +- 4 files changed, 98 insertions(+), 37 deletions(-) diff --git a/run_agent.py b/run_agent.py index 4ea0fafef8c..26933994d44 100644 --- a/run_agent.py +++ b/run_agent.py @@ -8603,9 +8603,13 @@ class AIAgent: # message. Without it, replaying the persisted message causes # HTTP 400 ("The reasoning_content in the thinking mode must # be passed back to the API"). Include streamed reasoning - # text when captured; otherwise pad with empty string. - # Refs #15250, #17400. - msg["reasoning_content"] = reasoning_text or "" + # text when captured; otherwise pad with a single space — + # DeepSeek V4 Pro tightened validation and rejects empty + # string ("The reasoning content in the thinking mode must + # be passed back to the API"). A space satisfies non-empty + # checks everywhere without leaking fabricated reasoning. + # Refs #15250, #17400, #17341. + msg["reasoning_content"] = reasoning_text or " " # Additive fallback (refs #16844, #16884). Streaming-only providers # (glm, MiniMax, gpt-5.x via aigw, Anthropic via openai-compat shims) @@ -8760,11 +8764,20 @@ class AIAgent: return # 1. Explicit reasoning_content already set — preserve it verbatim - # (includes DeepSeek/Kimi's own empty-string placeholder written at - # creation time, and any valid reasoning content from the same provider). + # (includes DeepSeek/Kimi's own space-placeholder written at creation + # time, and any valid reasoning content from the same provider). + # + # Exception: sessions persisted BEFORE #17341 have empty-string + # placeholders pinned at creation time. DeepSeek V4 Pro rejects + # those with HTTP 400. When the active provider enforces the + # thinking-mode echo, upgrade "" → " " on replay so stale history + # doesn't 400 the user on the next turn. existing = source_msg.get("reasoning_content") if isinstance(existing, str): - api_msg["reasoning_content"] = existing + if existing == "" and self._needs_thinking_reasoning_pad(): + api_msg["reasoning_content"] = " " + else: + api_msg["reasoning_content"] = existing return needs_thinking_pad = self._needs_thinking_reasoning_pad() @@ -8776,8 +8789,10 @@ class AIAgent: # pins reasoning_content at creation time for tool-call turns, so the # shape (reasoning set, reasoning_content absent, tool_calls present) # is unreachable from same-provider DeepSeek history after this fix. - # Inject "" to satisfy the API without leaking another provider's - # chain of thought to DeepSeek/Kimi. + # Inject a single space to satisfy the API without leaking another + # provider's chain of thought to DeepSeek/Kimi. Space (not "") + # because DeepSeek V4 Pro rejects empty-string reasoning_content + # in thinking mode (refs #17341). normalized_reasoning = source_msg.get("reasoning") if ( needs_thinking_pad @@ -8785,7 +8800,7 @@ class AIAgent: and isinstance(normalized_reasoning, str) and normalized_reasoning ): - api_msg["reasoning_content"] = "" + api_msg["reasoning_content"] = " " return # 3. Healthy session: promote 'reasoning' field to 'reasoning_content' @@ -8798,12 +8813,15 @@ class AIAgent: return # 4. DeepSeek / Kimi thinking mode: all assistant messages need - # reasoning_content. Inject "" to satisfy the provider's requirement - # when no explicit reasoning content is present. Covers both - # tool-call turns (already-poisoned history with no reasoning at all) - # and plain text turns. + # reasoning_content. Inject a single space to satisfy the provider's + # requirement when no explicit reasoning content is present. Covers + # both tool-call turns (already-poisoned history with no reasoning + # at all) and plain text turns. Space (not "") because DeepSeek V4 + # Pro tightened validation and rejects empty string with HTTP 400 + # ("The reasoning content in the thinking mode must be passed back + # to the API"). Refs #17341. if needs_thinking_pad: - api_msg["reasoning_content"] = "" + api_msg["reasoning_content"] = " " return # 5. reasoning_content was present but not a string (e.g. None after diff --git a/scripts/release.py b/scripts/release.py index ee6a65d757d..56f407950dc 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -50,6 +50,7 @@ AUTHOR_MAP = { "rylen.anil@gmail.com": "rylena", "godnanijatin@gmail.com": "jatingodnani", "14046872+tmimmanuel@users.noreply.github.com": "tmimmanuel", + "657290301@qq.com": "IMHaoyan", "revar@users.noreply.github.com": "revaraver", # Matrix parity salvage batch (April 2026) "sr@samirusani": "samrusani", diff --git a/tests/run_agent/test_deepseek_reasoning_content_echo.py b/tests/run_agent/test_deepseek_reasoning_content_echo.py index d6e4e341098..0efdb2c5a18 100644 --- a/tests/run_agent/test_deepseek_reasoning_content_echo.py +++ b/tests/run_agent/test_deepseek_reasoning_content_echo.py @@ -10,15 +10,21 @@ field, DeepSeek rejects the next request with HTTP 400:: Fix covers three paths: 1. ``_build_assistant_message`` — new tool-call messages without raw - reasoning_content get ``""`` pinned at creation time so nothing gets + reasoning_content get ``" "`` pinned at creation time so nothing gets persisted poisoned. 2. ``_copy_reasoning_content_for_api`` — already-poisoned history replays - with ``reasoning_content=""`` injected defensively. + with ``reasoning_content=" "`` injected defensively. 3. Detection covers three signals: ``provider == "deepseek"``, ``"deepseek" in model``, and ``api.deepseek.com`` host match. The third catches custom-provider setups pointing at DeepSeek. -Refs #15250 / #15353. +The placeholder is a single space (not empty string) because DeepSeek V4 Pro +tightened validation and rejects empty-string reasoning_content with a +400 ("The reasoning content in the thinking mode must be passed back to +the API"). A space satisfies non-empty checks everywhere without leaking +fabricated reasoning. + +Refs #15250 / #15353 / #17341. """ from __future__ import annotations @@ -105,8 +111,8 @@ class TestNeedsDeepSeekToolReasoning: class TestCopyReasoningContentForApi: """_copy_reasoning_content_for_api pads reasoning_content for DeepSeek tool-calls.""" - def test_deepseek_tool_call_poisoned_history_gets_empty_string(self) -> None: - """Already-poisoned history (no reasoning_content, no reasoning) gets ''.""" + def test_deepseek_tool_call_poisoned_history_gets_space_placeholder(self) -> None: + """Already-poisoned history (no reasoning_content, no reasoning) gets ' '.""" agent = _make_agent(provider="deepseek", model="deepseek-v4-flash") source = { "role": "assistant", @@ -115,7 +121,7 @@ class TestCopyReasoningContentForApi: } api_msg: dict = {} agent._copy_reasoning_content_for_api(source, api_msg) - assert api_msg.get("reasoning_content") == "" + assert api_msg.get("reasoning_content") == " " def test_deepseek_assistant_no_tool_call_gets_padded(self) -> None: """DeepSeek thinking mode pads ALL assistant turns, even without tool_calls.""" @@ -123,7 +129,7 @@ class TestCopyReasoningContentForApi: source = {"role": "assistant", "content": "hello"} api_msg: dict = {} agent._copy_reasoning_content_for_api(source, api_msg) - assert api_msg.get("reasoning_content") == "" + assert api_msg.get("reasoning_content") == " " def test_deepseek_explicit_reasoning_content_preserved(self) -> None: """When reasoning_content is already set, it's copied verbatim.""" @@ -137,6 +143,42 @@ class TestCopyReasoningContentForApi: agent._copy_reasoning_content_for_api(source, api_msg) assert api_msg["reasoning_content"] == "real chain of thought" + def test_deepseek_stale_empty_placeholder_upgraded_to_space(self) -> None: + """Sessions persisted before #17341 have ``reasoning_content=""`` pinned + at creation time. DeepSeek V4 Pro rejects "" with HTTP 400. When the + active provider enforces the thinking-mode echo, the replay path + upgrades "" → " " so stale history doesn't break the next turn. + """ + agent = _make_agent(provider="deepseek", model="deepseek-v4-pro") + source = { + "role": "assistant", + "content": "", + "reasoning_content": "", + "tool_calls": [{"id": "c1", "function": {"name": "terminal"}}], + } + api_msg: dict = {} + agent._copy_reasoning_content_for_api(source, api_msg) + assert api_msg["reasoning_content"] == " " + + def test_non_thinking_provider_preserves_empty_reasoning_content_verbatim(self) -> None: + """The stale-placeholder upgrade ONLY fires when the active provider + enforces thinking-mode echo. On non-thinking providers, an empty + reasoning_content must still round-trip verbatim. + """ + agent = _make_agent( + provider="openrouter", + model="anthropic/claude-sonnet-4.6", + base_url="https://openrouter.ai/api/v1", + ) + source = { + "role": "assistant", + "content": "hi", + "reasoning_content": "", + } + api_msg: dict = {} + agent._copy_reasoning_content_for_api(source, api_msg) + assert api_msg["reasoning_content"] == "" + def test_deepseek_reasoning_field_promoted(self) -> None: """When only 'reasoning' is set, it gets promoted to reasoning_content.""" agent = _make_agent(provider="deepseek", model="deepseek-v4-flash") @@ -155,7 +197,7 @@ class TestCopyReasoningContentForApi: If the source turn has tool_calls AND a 'reasoning' field but NO 'reasoning_content' key, it's from a prior provider (the DeepSeek - build path pins reasoning_content at creation). Inject "" instead + build path pins reasoning_content at creation). Inject " " instead of forwarding the prior provider's chain of thought. """ agent = _make_agent(provider="deepseek", model="deepseek-v4-flash") @@ -167,7 +209,7 @@ class TestCopyReasoningContentForApi: } api_msg: dict = {} agent._copy_reasoning_content_for_api(source, api_msg) - assert api_msg["reasoning_content"] == "" + assert api_msg["reasoning_content"] == " " def test_kimi_poisoned_cross_provider_history_padded(self) -> None: """Kimi path of #15748 — same rule as DeepSeek.""" @@ -180,7 +222,7 @@ class TestCopyReasoningContentForApi: } api_msg: dict = {} agent._copy_reasoning_content_for_api(source, api_msg) - assert api_msg["reasoning_content"] == "" + assert api_msg["reasoning_content"] == " " def test_kimi_path_still_works(self) -> None: """Existing Kimi detection still pads reasoning_content.""" @@ -192,7 +234,7 @@ class TestCopyReasoningContentForApi: } api_msg: dict = {} agent._copy_reasoning_content_for_api(source, api_msg) - assert api_msg.get("reasoning_content") == "" + assert api_msg.get("reasoning_content") == " " def test_kimi_moonshot_base_url(self) -> None: agent = _make_agent( @@ -205,7 +247,7 @@ class TestCopyReasoningContentForApi: } api_msg: dict = {} agent._copy_reasoning_content_for_api(source, api_msg) - assert api_msg.get("reasoning_content") == "" + assert api_msg.get("reasoning_content") == " " def test_non_thinking_provider_not_padded(self) -> None: """Providers that don't require the echo are untouched.""" @@ -237,7 +279,7 @@ class TestCopyReasoningContentForApi: } api_msg: dict = {} agent._copy_reasoning_content_for_api(source, api_msg) - assert api_msg.get("reasoning_content") == "" + assert api_msg.get("reasoning_content") == " " def test_non_assistant_role_ignored(self) -> None: """User/tool messages are left alone.""" @@ -302,7 +344,7 @@ class TestBuildAssistantMessageDeepSeekReasoningContent: assert msg["reasoning_content"] == "DeepSeek model_extra reasoning" - def test_deepseek_tool_call_without_raw_reasoning_content_gets_empty_string(self) -> None: + def test_deepseek_tool_call_without_raw_reasoning_content_gets_space_placeholder(self) -> None: agent = _make_agent(provider="deepseek", model="deepseek-v4-flash") assistant_message = SimpleNamespace( content=None, @@ -324,7 +366,7 @@ class TestBuildAssistantMessageDeepSeekReasoningContent: msg = agent._build_assistant_message(assistant_message, "tool_calls") - assert msg["reasoning_content"] == "" + assert msg["reasoning_content"] == " " assert msg["tool_calls"][0]["id"] == "call_1" @@ -345,22 +387,22 @@ class TestBuildAssistantMessagePadsStrictProviders: [ pytest.param( "deepseek", "deepseek-v4-pro", "", - None, "", + None, " ", id="deepseek-attr-none", ), pytest.param( "deepseek", "deepseek-v4-pro", "", - _ATTR_ABSENT, "", + _ATTR_ABSENT, " ", id="deepseek-attr-absent", ), pytest.param( "kimi-coding", "kimi-k2.6", "", - None, "", + None, " ", id="kimi-attr-none", ), pytest.param( "custom", "kimi-k2", "https://api.moonshot.ai/v1", - _ATTR_ABSENT, "", + _ATTR_ABSENT, " ", id="moonshot-base-url", ), pytest.param( diff --git a/tests/run_agent/test_run_agent.py b/tests/run_agent/test_run_agent.py index 03cef83078f..55ce86e51af 100644 --- a/tests/run_agent/test_run_agent.py +++ b/tests/run_agent/test_run_agent.py @@ -1465,8 +1465,8 @@ class TestBuildAssistantMessage: This preserves ``_copy_reasoning_content_for_api``'s downstream tiers at replay time — cross-provider leak guard (#15748), - promote-from-``reasoning``, and DeepSeek/Kimi ""-pad — which - would all be bypassed if we eagerly wrote ``reasoning_content=""`` + promote-from-``reasoning``, and DeepSeek/Kimi " "-pad — which + would all be bypassed if we eagerly wrote ``reasoning_content=" "`` on every assistant turn regardless of provider. """ msg = _mock_assistant_msg(content="plain answer") @@ -4617,7 +4617,7 @@ class TestReasoningReplayForStrictProviders: agent.compression_enabled = False agent.save_trajectories = False - def test_kimi_tool_replay_includes_empty_reasoning_content(self, agent): + def test_kimi_tool_replay_includes_space_reasoning_content(self, agent): self._setup_agent(agent) agent.base_url = "https://api.kimi.com/coding/v1" agent._base_url_lower = agent.base_url.lower() @@ -4654,7 +4654,7 @@ class TestReasoningReplayForStrictProviders: assert replayed_assistant["role"] == "assistant" assert replayed_assistant["tool_calls"][0]["function"]["name"] == "terminal" assert "reasoning_content" in replayed_assistant - assert replayed_assistant["reasoning_content"] == "" + assert replayed_assistant["reasoning_content"] == " " def test_explicit_reasoning_content_beats_normalized_reasoning_on_replay(self, agent): self._setup_agent(agent) From e2eb561e8e1a069392b494811ea45be6779493cd Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:04:50 -0700 Subject: [PATCH 100/133] fix(curator): rewrite cron job skill refs after consolidation (#18253) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the curator consolidates skill X into umbrella Y, any cron job that listed X in its skills field would fail to load X at run time — the scheduler logs a warning and skips it, so the scheduled job runs without the instructions it was scheduled to follow. cron.jobs.rewrite_skill_refs(consolidated, pruned) now updates jobs in-place: consolidated names route to the umbrella target (dedup when umbrella is already present), pruned names are dropped. agent.curator._write_run_report calls it after classification, best-effort so a cron-side failure never breaks the curator itself. Results are recorded in run.json (counts.cron_jobs_rewritten + full cron_rewrites payload), a separate cron_rewrites.json for convenience when jobs were touched, and a section in REPORT.md. Reported by @tombielecki. --- agent/curator.py | 79 +++++++ cron/jobs.py | 118 +++++++++++ tests/agent/test_curator_reports.py | 164 +++++++++++++++ tests/cron/test_rewrite_skill_refs.py | 289 ++++++++++++++++++++++++++ 4 files changed, 650 insertions(+) create mode 100644 tests/cron/test_rewrite_skill_refs.py diff --git a/agent/curator.py b/agent/curator.py index 36384b726f8..5eefc5a98c1 100644 --- a/agent/curator.py +++ b/agent/curator.py @@ -767,6 +767,39 @@ def _write_run_report( consolidated = classification["consolidated"] pruned = classification["pruned"] + # Rewrite cron job skill references. When the curator consolidates + # skill X into umbrella Y, any cron job that lists X fails to load + # it at run time — the scheduler skips it and the job runs without + # the instructions it was scheduled to follow. Rewriting the + # references in-place keeps scheduled jobs working across + # consolidation passes. Best-effort: never let a cron-module issue + # break the curator. + cron_rewrites: Dict[str, Any] = {"rewrites": [], "jobs_updated": 0, "jobs_scanned": 0} + try: + consolidated_map = { + e["name"]: e["into"] + for e in consolidated + if isinstance(e, dict) and e.get("name") and e.get("into") + } + pruned_names = [ + e["name"] for e in pruned + if isinstance(e, dict) and e.get("name") + ] + if consolidated_map or pruned_names: + from cron.jobs import rewrite_skill_refs as _rewrite_cron_refs + cron_rewrites = _rewrite_cron_refs( + consolidated=consolidated_map, + pruned=pruned_names, + ) + except Exception as e: + logger.debug("Curator cron skill rewrite failed: %s", e, exc_info=True) + cron_rewrites = { + "rewrites": [], + "jobs_updated": 0, + "jobs_scanned": 0, + "error": str(e), + } + payload = { "started_at": started_at.isoformat(), "duration_seconds": round(elapsed_seconds, 2), @@ -782,6 +815,7 @@ def _write_run_report( "consolidated_this_run": len(consolidated), "pruned_this_run": len(pruned), "state_transitions": len(transitions), + "cron_jobs_rewritten": int(cron_rewrites.get("jobs_updated", 0)), "tool_calls_total": sum(tc_counts.values()), }, "tool_call_counts": tc_counts, @@ -791,6 +825,7 @@ def _write_run_report( "pruned_names": [p["name"] for p in pruned], "added": added, "state_transitions": transitions, + "cron_rewrites": cron_rewrites, "llm_final": llm_meta.get("final", ""), "llm_summary": llm_meta.get("summary", ""), "llm_error": llm_meta.get("error"), @@ -813,6 +848,17 @@ def _write_run_report( except Exception as e: logger.debug("Curator REPORT.md write failed: %s", e) + # cron_rewrites.json — only when at least one job was touched, to + # keep run dirs uncluttered for the common no-op case. + try: + if int(cron_rewrites.get("jobs_updated", 0)) > 0: + (run_dir / "cron_rewrites.json").write_text( + json.dumps(cron_rewrites, indent=2, ensure_ascii=False) + "\n", + encoding="utf-8", + ) + except Exception as e: + logger.debug("Curator cron_rewrites.json write failed: %s", e) + return run_dir @@ -943,6 +989,39 @@ def _render_report_markdown(p: Dict[str, Any]) -> str: lines.append(f"- `{t.get('name')}`: {t.get('from')} → {t.get('to')}") lines.append("") + # Cron job rewrites — show which scheduled jobs had their skill + # references updated so users can audit that the auto-rewrite did + # the right thing. Only present when at least one job changed. + cron_rw = p.get("cron_rewrites") or {} + cron_rewrites_list = cron_rw.get("rewrites") or [] + if cron_rewrites_list: + lines.append(f"### Cron job skill references rewritten ({len(cron_rewrites_list)})\n") + lines.append( + "_Cron jobs that referenced a consolidated or pruned skill were " + "updated in-place so they keep loading the right instructions " + "on their next run. See `cron_rewrites.json` for the full record._\n" + ) + SHOW = 25 + for entry in cron_rewrites_list[:SHOW]: + job_name = entry.get("job_name") or entry.get("job_id") or "?" + before = entry.get("before") or [] + after = entry.get("after") or [] + mapped = entry.get("mapped") or {} + dropped = entry.get("dropped") or [] + lines.append( + f"- `{job_name}`: `{', '.join(before)}` → `{', '.join(after) or '(none)'}`" + ) + for old, new in mapped.items(): + lines.append(f" - `{old}` → `{new}` (consolidated)") + for name in dropped: + lines.append(f" - `{name}` dropped (pruned)") + if len(cron_rewrites_list) > SHOW: + lines.append( + f"- … and {len(cron_rewrites_list) - SHOW} more " + "(see `cron_rewrites.json`)" + ) + lines.append("") + # Full LLM final response final = (p.get("llm_final") or "").strip() if final: diff --git a/cron/jobs.py b/cron/jobs.py index 6376260828c..2f572c6acbd 100644 --- a/cron/jobs.py +++ b/cron/jobs.py @@ -882,3 +882,121 @@ def save_job_output(job_id: str, output: str): raise return output_file + + +# ============================================================================= +# Skill reference rewriting (curator integration) +# ============================================================================= + +def rewrite_skill_refs( + consolidated: Optional[Dict[str, str]] = None, + pruned: Optional[List[str]] = None, +) -> Dict[str, Any]: + """Rewrite cron job skill references after a curator consolidation pass. + + When the curator consolidates a skill X into umbrella Y (or archives X + as pruned), any cron job that lists ``X`` in its ``skills`` field will + fail to load ``X`` at run time — the scheduler logs a warning and + skips the skill, so the job runs without the instructions it was + scheduled to follow. See cron/scheduler.py where ``skill_view`` is + called per skill name. + + This function repairs cron jobs in-place: + + - A skill listed in ``consolidated`` is replaced with its umbrella + target (the ``into`` value). If the umbrella is already in the + job's skill list, the stale name is dropped without duplication. + - A skill listed in ``pruned`` is dropped outright — there is no + forwarding target. + - Ordering and other skills in the list are preserved. + - The legacy ``skill`` field is realigned via ``_apply_skill_fields``. + + Args: + consolidated: mapping of ``old_skill_name -> umbrella_skill_name``. + pruned: list of skill names that were archived with no forwarding + target. + + Returns a report dict:: + + { + "rewrites": [ + { + "job_id": ..., + "job_name": ..., + "before": [...], + "after": [...], + "mapped": {"old": "new", ...}, + "dropped": ["old", ...], + }, + ... + ], + "jobs_updated": N, + "jobs_scanned": M, + } + + Best-effort: exceptions from loading/saving propagate to the caller so + tests can assert behaviour; the curator invocation site wraps this + call in a try/except so a failure here never breaks the curator. + """ + consolidated = dict(consolidated or {}) + pruned_set = set(pruned or []) + # A skill listed in both wins as "consolidated" — it has a target, + # which is the more useful of the two outcomes. + pruned_set -= set(consolidated.keys()) + + if not consolidated and not pruned_set: + return {"rewrites": [], "jobs_updated": 0, "jobs_scanned": 0} + + with _jobs_file_lock: + jobs = load_jobs() + rewrites: List[Dict[str, Any]] = [] + changed = False + + for job in jobs: + skills_before = _normalize_skill_list(job.get("skill"), job.get("skills")) + if not skills_before: + continue + + mapped: Dict[str, str] = {} + dropped: List[str] = [] + new_skills: List[str] = [] + + for name in skills_before: + if name in consolidated: + target = consolidated[name] + mapped[name] = target + if target and target not in new_skills: + new_skills.append(target) + elif name in pruned_set: + dropped.append(name) + else: + if name not in new_skills: + new_skills.append(name) + + if not mapped and not dropped: + continue + + job["skills"] = new_skills + job["skill"] = new_skills[0] if new_skills else None + changed = True + + rewrites.append({ + "job_id": job.get("id"), + "job_name": job.get("name") or job.get("id"), + "before": list(skills_before), + "after": list(new_skills), + "mapped": mapped, + "dropped": dropped, + }) + + if changed: + save_jobs(jobs) + logger.info( + "Curator rewrote skill references in %d cron job(s)", len(rewrites) + ) + + return { + "rewrites": rewrites, + "jobs_updated": len(rewrites), + "jobs_scanned": len(jobs), + } diff --git a/tests/agent/test_curator_reports.py b/tests/agent/test_curator_reports.py index 2848da31a0b..29896a950fd 100644 --- a/tests/agent/test_curator_reports.py +++ b/tests/agent/test_curator_reports.py @@ -270,3 +270,167 @@ def test_state_transitions_captured_in_report(curator_env): assert "State transitions" in md assert "getting-old" in md assert "active → stale" in md + + +# --------------------------------------------------------------------------- +# Cron job skill reference rewriting (curator ↔ cron integration) +# --------------------------------------------------------------------------- +# +# When the curator consolidates skill X into umbrella Y during a run, any +# cron job that listed X in its ``skills`` field would fail to load X at +# run time — the scheduler logs a warning and skips it, so the scheduled +# job runs without the instructions it was scheduled to follow. These +# tests verify that _write_run_report calls into cron.jobs to repair +# those references and records what it did in both run.json and +# cron_rewrites.json. + + +@pytest.fixture +def curator_env_with_cron(curator_env, monkeypatch): + """Extend curator_env with an initialized + repointed cron.jobs module.""" + home = curator_env["home"] + (home / "cron").mkdir(exist_ok=True) + (home / "cron" / "output").mkdir(exist_ok=True) + + import importlib + import cron.jobs as jobs_mod + importlib.reload(jobs_mod) + monkeypatch.setattr(jobs_mod, "HERMES_DIR", home) + monkeypatch.setattr(jobs_mod, "CRON_DIR", home / "cron") + monkeypatch.setattr(jobs_mod, "JOBS_FILE", home / "cron" / "jobs.json") + monkeypatch.setattr(jobs_mod, "OUTPUT_DIR", home / "cron" / "output") + + return {**curator_env, "jobs": jobs_mod} + + +def test_curator_rewrites_cron_skills_when_skill_consolidated(curator_env_with_cron): + """A skill consolidated into an umbrella should be rewritten in any + cron job's skills list; the rewrite should be visible in run.json + and cron_rewrites.json.""" + curator = curator_env_with_cron["curator"] + jobs = curator_env_with_cron["jobs"] + + # Create a cron job that depends on a soon-to-be-consolidated skill + job = jobs.create_job( + prompt="", + schedule="every 1h", + skills=["foo"], + name="foo-watcher", + ) + + # Simulate a curator pass that consolidated `foo` → `foo-umbrella` + before = [{"name": "foo", "state": "active", "pinned": False}] + after = [{"name": "foo-umbrella", "state": "active", "pinned": False}] + + run_dir = curator._write_run_report( + started_at=datetime.now(timezone.utc), + elapsed_seconds=3.0, + auto_counts={"checked": 1, "marked_stale": 0, "archived": 0, "reactivated": 0}, + auto_summary="no changes", + before_report=before, + before_names={"foo"}, + after_report=after, + llm_meta=_make_llm_meta( + final="Consolidated foo into foo-umbrella.", + tool_calls=[ + { + "name": "skill_manage", + "arguments": json.dumps({ + "action": "write_file", + "name": "foo-umbrella", + "file_path": "references/foo.md", + "file_content": "from foo", + }), + }, + ], + ), + ) + + # Cron job is rewritten on disk + loaded = jobs.get_job(job["id"]) + assert loaded["skills"] == ["foo-umbrella"] + assert loaded["skill"] == "foo-umbrella" + + # Rewrite is recorded in run.json + payload = json.loads((run_dir / "run.json").read_text()) + assert payload["cron_rewrites"]["jobs_updated"] == 1 + assert payload["counts"]["cron_jobs_rewritten"] == 1 + rewrites = payload["cron_rewrites"]["rewrites"] + assert len(rewrites) == 1 + assert rewrites[0]["mapped"] == {"foo": "foo-umbrella"} + + # Separate cron_rewrites.json is written for convenience + cron_file = run_dir / "cron_rewrites.json" + assert cron_file.exists() + detail = json.loads(cron_file.read_text()) + assert detail["jobs_updated"] == 1 + + # Markdown surfaces the change + md = (run_dir / "REPORT.md").read_text() + assert "Cron job skill references rewritten" in md + assert "foo-watcher" in md + assert "foo-umbrella" in md + + +def test_curator_drops_pruned_skill_from_cron_job(curator_env_with_cron): + """A pruned (no-umbrella) skill should be dropped from the cron + job's skill list entirely — there's no forwarding target.""" + curator = curator_env_with_cron["curator"] + jobs = curator_env_with_cron["jobs"] + + job = jobs.create_job( + prompt="", + schedule="every 1h", + skills=["keep", "stale-one"], + ) + + before = [{"name": "stale-one", "state": "active", "pinned": False}] + after: list = [] # stale-one was archived with no target + + run_dir = curator._write_run_report( + started_at=datetime.now(timezone.utc), + elapsed_seconds=1.0, + auto_counts={"checked": 1, "marked_stale": 0, "archived": 1, "reactivated": 0}, + auto_summary="1 archived", + before_report=before, + before_names={"stale-one"}, + after_report=after, + llm_meta=_make_llm_meta(), # no tool calls → classifier marks it pruned + ) + + loaded = jobs.get_job(job["id"]) + assert loaded["skills"] == ["keep"] + + payload = json.loads((run_dir / "run.json").read_text()) + assert payload["cron_rewrites"]["jobs_updated"] == 1 + rewrites = payload["cron_rewrites"]["rewrites"] + assert rewrites[0]["dropped"] == ["stale-one"] + + +def test_curator_report_has_no_cron_section_when_nothing_changes(curator_env_with_cron): + """When the curator run doesn't touch any skills, cron jobs are + untouched and cron_rewrites.json is not even written.""" + curator = curator_env_with_cron["curator"] + jobs = curator_env_with_cron["jobs"] + + jobs.create_job(prompt="", schedule="every 1h", skills=["foo"]) + + run_dir = curator._write_run_report( + started_at=datetime.now(timezone.utc), + elapsed_seconds=1.0, + auto_counts={"checked": 0, "marked_stale": 0, "archived": 0, "reactivated": 0}, + auto_summary="no changes", + before_report=[{"name": "foo", "state": "active", "pinned": False}], + before_names={"foo"}, + after_report=[{"name": "foo", "state": "active", "pinned": False}], + llm_meta=_make_llm_meta(), + ) + + # No rewrites → no separate file, no section in md + assert not (run_dir / "cron_rewrites.json").exists() + md = (run_dir / "REPORT.md").read_text() + assert "Cron job skill references rewritten" not in md + + payload = json.loads((run_dir / "run.json").read_text()) + assert payload["cron_rewrites"]["jobs_updated"] == 0 + assert payload["counts"]["cron_jobs_rewritten"] == 0 diff --git a/tests/cron/test_rewrite_skill_refs.py b/tests/cron/test_rewrite_skill_refs.py new file mode 100644 index 00000000000..6d2664ea158 --- /dev/null +++ b/tests/cron/test_rewrite_skill_refs.py @@ -0,0 +1,289 @@ +"""Tests for cron.jobs.rewrite_skill_refs — the curator integration that +keeps scheduled cron jobs pointing at the right skill names after a +consolidation / pruning pass. + +Bug this fixes: when the curator consolidates skill X into umbrella Y, +any cron job whose ``skills`` list contains X would silently fail to +load X at run time (the scheduler logs a warning and skips it), so the +job runs without the instructions it was scheduled to follow. +""" + +from __future__ import annotations + +import sys +from pathlib import Path + +import pytest + +# Ensure project root is importable +sys.path.insert(0, str(Path(__file__).parent.parent.parent)) + + +@pytest.fixture +def cron_env(tmp_path, monkeypatch): + """Isolated cron environment with temp HERMES_HOME.""" + hermes_home = tmp_path / ".hermes" + hermes_home.mkdir() + (hermes_home / "cron").mkdir() + (hermes_home / "cron" / "output").mkdir() + monkeypatch.setenv("HERMES_HOME", str(hermes_home)) + + import cron.jobs as jobs_mod + monkeypatch.setattr(jobs_mod, "HERMES_DIR", hermes_home) + monkeypatch.setattr(jobs_mod, "CRON_DIR", hermes_home / "cron") + monkeypatch.setattr(jobs_mod, "JOBS_FILE", hermes_home / "cron" / "jobs.json") + monkeypatch.setattr(jobs_mod, "OUTPUT_DIR", hermes_home / "cron" / "output") + + return hermes_home + + +class TestRewriteSkillRefsNoop: + """No jobs, no rewrites, no map — every combination of empty inputs.""" + + def test_empty_map_and_no_jobs(self, cron_env): + from cron.jobs import rewrite_skill_refs + + report = rewrite_skill_refs(consolidated={}, pruned=[]) + assert report == {"rewrites": [], "jobs_updated": 0, "jobs_scanned": 0} + + def test_jobs_exist_but_map_empty(self, cron_env): + from cron.jobs import create_job, rewrite_skill_refs + + create_job(prompt="", schedule="every 1h", skills=["foo"]) + report = rewrite_skill_refs(consolidated={}, pruned=[]) + assert report["jobs_updated"] == 0 + # Early return: we don't even scan when there's nothing to apply. + assert report["jobs_scanned"] == 0 + + def test_jobs_exist_but_no_match(self, cron_env): + from cron.jobs import create_job, get_job, rewrite_skill_refs + + job = create_job(prompt="", schedule="every 1h", skills=["foo"]) + report = rewrite_skill_refs( + consolidated={"unrelated": "umbrella"}, + pruned=["other"], + ) + assert report["jobs_updated"] == 0 + assert report["jobs_scanned"] == 1 + # Job untouched + loaded = get_job(job["id"]) + assert loaded["skills"] == ["foo"] + + +class TestRewriteSkillRefsConsolidation: + """Consolidated skills should be replaced with their umbrella target.""" + + def test_single_skill_replaced(self, cron_env): + from cron.jobs import create_job, get_job, rewrite_skill_refs + + job = create_job(prompt="", schedule="every 1h", skills=["legacy-skill"]) + report = rewrite_skill_refs( + consolidated={"legacy-skill": "umbrella-skill"}, + pruned=[], + ) + + assert report["jobs_updated"] == 1 + loaded = get_job(job["id"]) + assert loaded["skills"] == ["umbrella-skill"] + # Legacy ``skill`` field realigned + assert loaded["skill"] == "umbrella-skill" + + def test_multiple_skills_one_consolidated(self, cron_env): + from cron.jobs import create_job, get_job, rewrite_skill_refs + + job = create_job( + prompt="", + schedule="every 1h", + skills=["keep-a", "legacy", "keep-b"], + ) + rewrite_skill_refs(consolidated={"legacy": "umbrella"}, pruned=[]) + + loaded = get_job(job["id"]) + # Ordering preserved, legacy replaced in-place + assert loaded["skills"] == ["keep-a", "umbrella", "keep-b"] + + def test_umbrella_already_in_list_dedupes(self, cron_env): + from cron.jobs import create_job, get_job, rewrite_skill_refs + + # Job already loads the umbrella AND the legacy sub-skill + job = create_job( + prompt="", + schedule="every 1h", + skills=["umbrella", "legacy"], + ) + rewrite_skill_refs(consolidated={"legacy": "umbrella"}, pruned=[]) + + loaded = get_job(job["id"]) + # No duplicate — the umbrella stays exactly once + assert loaded["skills"] == ["umbrella"] + + def test_rewrite_report_records_mapping(self, cron_env): + from cron.jobs import create_job, rewrite_skill_refs + + job = create_job( + prompt="", + schedule="every 1h", + skills=["a", "b"], + name="my-job", + ) + report = rewrite_skill_refs( + consolidated={"a": "umbrella-a", "b": "umbrella-b"}, + pruned=[], + ) + + assert len(report["rewrites"]) == 1 + entry = report["rewrites"][0] + assert entry["job_id"] == job["id"] + assert entry["job_name"] == "my-job" + assert entry["before"] == ["a", "b"] + assert entry["after"] == ["umbrella-a", "umbrella-b"] + assert entry["mapped"] == {"a": "umbrella-a", "b": "umbrella-b"} + assert entry["dropped"] == [] + + +class TestRewriteSkillRefsPruning: + """Pruned skills should be dropped outright (no forwarding target).""" + + def test_pruned_skill_dropped(self, cron_env): + from cron.jobs import create_job, get_job, rewrite_skill_refs + + job = create_job( + prompt="", + schedule="every 1h", + skills=["keep", "stale"], + ) + report = rewrite_skill_refs(consolidated={}, pruned=["stale"]) + + assert report["jobs_updated"] == 1 + loaded = get_job(job["id"]) + assert loaded["skills"] == ["keep"] + assert loaded["skill"] == "keep" + + def test_all_skills_pruned_leaves_empty_list(self, cron_env): + from cron.jobs import create_job, get_job, rewrite_skill_refs + + job = create_job(prompt="", schedule="every 1h", skills=["gone"]) + rewrite_skill_refs(consolidated={}, pruned=["gone"]) + + loaded = get_job(job["id"]) + assert loaded["skills"] == [] + assert loaded["skill"] is None + + def test_pruned_report_records_drops(self, cron_env): + from cron.jobs import create_job, rewrite_skill_refs + + create_job(prompt="", schedule="every 1h", skills=["keep", "stale"]) + report = rewrite_skill_refs(consolidated={}, pruned=["stale"]) + + entry = report["rewrites"][0] + assert entry["dropped"] == ["stale"] + assert entry["mapped"] == {} + + +class TestRewriteSkillRefsMixed: + """Consolidation + pruning in the same pass.""" + + def test_mixed_consolidation_and_pruning(self, cron_env): + from cron.jobs import create_job, get_job, rewrite_skill_refs + + job = create_job( + prompt="", + schedule="every 1h", + skills=["keep", "legacy", "stale"], + ) + rewrite_skill_refs( + consolidated={"legacy": "umbrella"}, + pruned=["stale"], + ) + + loaded = get_job(job["id"]) + assert loaded["skills"] == ["keep", "umbrella"] + + def test_skill_in_both_maps_wins_as_consolidated(self, cron_env): + """Defensive: if a skill appears in both lists (shouldn't happen + in practice), prefer consolidation — it has a forwarding target, + which is the more useful outcome.""" + from cron.jobs import create_job, get_job, rewrite_skill_refs + + job = create_job(prompt="", schedule="every 1h", skills=["ambiguous"]) + rewrite_skill_refs( + consolidated={"ambiguous": "umbrella"}, + pruned=["ambiguous"], + ) + + loaded = get_job(job["id"]) + assert loaded["skills"] == ["umbrella"] + + +class TestRewriteSkillRefsMultipleJobs: + """Multiple jobs, some affected, some not.""" + + def test_only_affected_jobs_reported(self, cron_env): + from cron.jobs import create_job, get_job, rewrite_skill_refs + + j1 = create_job(prompt="", schedule="every 1h", skills=["legacy"]) + j2 = create_job(prompt="", schedule="every 1h", skills=["untouched"]) + j3 = create_job(prompt="", schedule="every 1h", skills=[]) + + report = rewrite_skill_refs( + consolidated={"legacy": "umbrella"}, + pruned=[], + ) + + assert report["jobs_updated"] == 1 + assert report["jobs_scanned"] == 3 + assert len(report["rewrites"]) == 1 + assert report["rewrites"][0]["job_id"] == j1["id"] + + # Untouched jobs stay put + assert get_job(j2["id"])["skills"] == ["untouched"] + assert get_job(j3["id"])["skills"] == [] + + def test_legacy_skill_field_also_rewritten(self, cron_env): + """Old jobs may have the legacy single-skill ``skill`` field + set instead of ``skills``. Both paths should be rewritten.""" + from cron.jobs import create_job, get_job, rewrite_skill_refs + + # Create via the legacy ``skill`` argument + job = create_job( + prompt="", + schedule="every 1h", + skill="legacy", + ) + rewrite_skill_refs(consolidated={"legacy": "umbrella"}, pruned=[]) + + loaded = get_job(job["id"]) + assert loaded["skills"] == ["umbrella"] + assert loaded["skill"] == "umbrella" + + +class TestRewriteSkillRefsPersistence: + """Rewrites persist to disk and survive a reload.""" + + def test_changes_persist_across_reload(self, cron_env): + import json + from cron.jobs import create_job, rewrite_skill_refs, JOBS_FILE + + create_job(prompt="", schedule="every 1h", skills=["legacy"]) + rewrite_skill_refs(consolidated={"legacy": "umbrella"}, pruned=[]) + + # Read raw file contents + data = json.loads(JOBS_FILE.read_text()) + assert data["jobs"][0]["skills"] == ["umbrella"] + assert data["jobs"][0]["skill"] == "umbrella" + + def test_noop_does_not_rewrite_file(self, cron_env): + from cron.jobs import create_job, rewrite_skill_refs, JOBS_FILE + + create_job(prompt="", schedule="every 1h", skills=["keep"]) + mtime_before = JOBS_FILE.stat().st_mtime_ns + + # Nothing in the map matches + report = rewrite_skill_refs( + consolidated={"unrelated": "umbrella"}, + pruned=["other"], + ) + + assert report["jobs_updated"] == 0 + # File untouched — no pointless disk write + assert JOBS_FILE.stat().st_mtime_ns == mtime_before From 4caad285a602b75c1da1c7d553864278d7aa723d Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:05:48 -0700 Subject: [PATCH 101/133] feat(gateway): auto-delete slash-command system notices after TTL (#18266) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds opt-in auto-deletion for slash-command reply messages like "New session started!", "Restarting gateway…", "Stopped.", and YOLO toggles. After the TTL elapses the gateway calls the adapter's delete_message; on platforms without a delete API (everything except Telegram today) the TTL is silently ignored and the message stays. Requested on Twitter by @charlesmcdowell — tool-call bubbles are useful real-time, but system notices clutter the thread once the agent finishes. Implementation: - EphemeralReply(str) sentinel in gateway/platforms/base.py. Subclasses str so existing 'X' in response / response.startswith(...) checks in tests and call sites keep working unchanged; isinstance() still distinguishes it for the send path. - _process_message_background and both busy-session bypass paths (in base.py) call _unwrap_ephemeral() on the handler return, send the unwrapped text, and schedule a detached delete task when the TTL > 0 AND the adapter class overrides delete_message. - display.ephemeral_system_ttl (default 0 = disabled) in DEFAULT_CONFIG. Handler can pass ttl_seconds explicitly to override. - Wrapped the highest-noise return sites: /new, /reset, /stop, /yolo on/off, /restart success + "already in progress". Draining notices and /help output left as plain strings — those are informational and users want to read them. Backward-compat: default TTL 0 → no scheduling, no behavior change for existing users. Platforms without delete_message silently no-op. --- gateway/platforms/base.py | 181 +++++++++++++- gateway/run.py | 31 +-- hermes_cli/config.py | 8 + tests/gateway/test_ephemeral_reply.py | 336 ++++++++++++++++++++++++++ 4 files changed, 530 insertions(+), 26 deletions(-) create mode 100644 tests/gateway/test_ephemeral_reply.py diff --git a/gateway/platforms/base.py b/gateway/platforms/base.py index 9f53042395a..ea02279706f 100644 --- a/gateway/platforms/base.py +++ b/gateway/platforms/base.py @@ -416,7 +416,7 @@ def is_host_excluded_by_no_proxy(hostname: str, no_proxy_value: str | None = Non from dataclasses import dataclass, field from datetime import datetime from pathlib import Path -from typing import Dict, List, Optional, Any, Callable, Awaitable, Tuple +from typing import Dict, List, Optional, Any, Callable, Awaitable, Tuple, Union from enum import Enum from pathlib import Path as _Path @@ -981,7 +981,7 @@ def coerce_plaintext_gateway_command(event: "MessageEvent") -> None: return -@dataclass +@dataclass class SendResult: """Result of sending a message.""" success: bool @@ -991,6 +991,45 @@ class SendResult: retryable: bool = False # True for transient connection errors — base will retry automatically +class EphemeralReply(str): + """System-notice reply that auto-deletes after a TTL. + + Slash-command handlers in ``gateway/run.py`` can return this wrapper + instead of a plain string to request that the reply message be deleted + after ``ttl_seconds`` on platforms that support ``delete_message``. + + Subclassing ``str`` keeps the wrapper transparent to anything that + treats handler return values as text (existing tests use ``in`` / + ``startswith`` / equality; the ``_process_message_background`` pipeline + extracts attachments from the string content). ``isinstance(r, + EphemeralReply)`` still distinguishes ephemeral replies from plain + strings so the send path can schedule deletion. + + Platforms that don't override :meth:`BasePlatformAdapter.delete_message` + silently ignore the TTL — the message is sent normally and left in + place. When ``ttl_seconds`` is ``None``, the pipeline uses the + configured ``display.ephemeral_system_ttl`` default. A default of ``0`` + disables auto-deletion globally, preserving prior behavior. + """ + + ttl_seconds: Optional[int] + + def __new__(cls, text: str, ttl_seconds: Optional[int] = None): + instance = super().__new__(cls, text) + instance.ttl_seconds = ttl_seconds + return instance + + @property + def text(self) -> str: + """Return the underlying text. + + Provided for call sites that want an explicit string conversion, + though ``str(reply)`` and using ``reply`` directly where a string + is expected both work identically. + """ + return str.__str__(self) + + def merge_pending_message_event( pending_messages: Dict[str, MessageEvent], session_key: str, @@ -1073,8 +1112,10 @@ _RETRYABLE_ERROR_PATTERNS = ( ) -# Type for message handlers -MessageHandler = Callable[[MessageEvent], Awaitable[Optional[str]]] +# Type for message handlers. Handlers may return a plain string (normal +# reply), an ``EphemeralReply`` to opt the reply into auto-deletion, or +# ``None`` when the response was already delivered (e.g. via streaming). +MessageHandler = Callable[[MessageEvent], Awaitable[Optional[Union[str, "EphemeralReply"]]]] def resolve_channel_prompt( @@ -1459,6 +1500,64 @@ class BasePlatformAdapter(ABC): """ return False + def _get_ephemeral_system_ttl_default(self) -> int: + """Read ``display.ephemeral_system_ttl`` from config. + + Returns the TTL in seconds to use when an :class:`EphemeralReply` + does not specify one explicitly. ``0`` (the default) disables + auto-deletion. Non-fatal if config is unreadable. + """ + try: + from hermes_cli.config import load_config as _load_config + except Exception: + return 0 + try: + cfg = _load_config() + except Exception: + return 0 + display = cfg.get("display", {}) if isinstance(cfg, dict) else {} + if not isinstance(display, dict): + return 0 + raw = display.get("ephemeral_system_ttl", 0) + try: + return int(raw) + except (TypeError, ValueError): + return 0 + + def _schedule_ephemeral_delete( + self, + chat_id: str, + message_id: str, + ttl_seconds: int, + ) -> None: + """Spawn a detached task that deletes ``message_id`` after ``ttl_seconds``. + + Best-effort — failures (gateway restart, permission denied, message + too old for Telegram's 48h window) are swallowed at debug level. + Does not block the caller. + """ + + async def _run_delete() -> None: + try: + await asyncio.sleep(max(1, int(ttl_seconds))) + await self.delete_message(chat_id=chat_id, message_id=message_id) + except asyncio.CancelledError: + raise + except Exception as e: + logger.debug( + "[%s] Ephemeral delete failed for %s/%s: %s", + self.name, chat_id, message_id, e, + ) + + coro = _run_delete() + try: + asyncio.create_task(coro) + except RuntimeError: + # No running loop (e.g. unit tests that never reach the async + # path). Close the coroutine cleanly so Python doesn't warn + # about it never being awaited, then drop silently. + coro.close() + async def send_slash_confirm( self, chat_id: str, @@ -2048,6 +2147,28 @@ class BasePlatformAdapter(ABC): lowered = error.lower() return "timed out" in lowered or "readtimeout" in lowered or "writetimeout" in lowered + def _unwrap_ephemeral(self, response: Any) -> Tuple[Optional[str], int]: + """Unwrap a handler response into (text, ttl_seconds). + + Accepts a plain string, ``None``, or an :class:`EphemeralReply`. + Returns ``(text, ttl)`` where ``ttl > 0`` means the caller should + schedule a deletion via :meth:`_schedule_ephemeral_delete` after + the send succeeds. ``ttl`` is forced to 0 when the adapter + doesn't override :meth:`delete_message` so non-supporting + platforms silently degrade to normal sends. + """ + if isinstance(response, EphemeralReply): + ttl = response.ttl_seconds + if ttl is None: + try: + ttl = int(self._get_ephemeral_system_ttl_default()) + except Exception: + ttl = 0 + if ttl and ttl > 0 and type(self).delete_message is BasePlatformAdapter.delete_message: + ttl = 0 + return response.text, int(ttl or 0) + return response, 0 + async def _send_with_retry( self, chat_id: str, @@ -2355,13 +2476,20 @@ class BasePlatformAdapter(ABC): release_guard=False, discard_pending=False, ) - if response: - await self._send_with_retry( + _text, _eph_ttl = self._unwrap_ephemeral(response) + if _text: + _r = await self._send_with_retry( chat_id=event.source.chat_id, - content=response, + content=_text, reply_to=event.message_id, metadata=thread_meta, ) + if _eph_ttl > 0 and _r.success and _r.message_id: + self._schedule_ephemeral_delete( + chat_id=event.source.chat_id, + message_id=_r.message_id, + ttl_seconds=_eph_ttl, + ) except Exception: # On failure, restore the original guard if one still exists so # we don't leave the session in a half-reset state. @@ -2441,13 +2569,20 @@ class BasePlatformAdapter(ABC): try: _thread_meta = {"thread_id": event.source.thread_id} if event.source.thread_id else None response = await self._message_handler(event) - if response: - await self._send_with_retry( + _text, _eph_ttl = self._unwrap_ephemeral(response) + if _text: + _r = await self._send_with_retry( chat_id=event.source.chat_id, - content=response, + content=_text, reply_to=event.message_id, metadata=_thread_meta, ) + if _eph_ttl > 0 and _r.success and _r.message_id: + self._schedule_ephemeral_delete( + chat_id=event.source.chat_id, + message_id=_r.message_id, + ttl_seconds=_eph_ttl, + ) except Exception as e: logger.error("[%s] Command '/%s' dispatch failed: %s", self.name, cmd, e, exc_info=True) return @@ -2553,7 +2688,16 @@ class BasePlatformAdapter(ABC): # Call the handler (this can take a while with tool calls) response = await self._message_handler(event) - + + # Slash-command handlers may return an EphemeralReply sentinel to + # request that their reply message auto-delete after a TTL (used + # for system notices like "✨ New session started!" that the user + # doesn't need to keep in the thread). Unwrap here so all the + # downstream extract_media / text-processing logic sees a plain + # string, and remember the TTL + platform capability so the + # post-send block can schedule the deletion. + response, _ephemeral_ttl = self._unwrap_ephemeral(response) + # Send response if any. A None/empty response is normal when # streaming already delivered the text (already_sent=True) or # when the message was queued behind an active agent. Log at @@ -2642,6 +2786,21 @@ class BasePlatformAdapter(ABC): ) _record_delivery(result) + # Schedule auto-deletion of system-notice replies. + # Detached so the handler returns immediately; errors + # (permission denied, message too old) are swallowed. + if ( + _ephemeral_ttl + and _ephemeral_ttl > 0 + and result.success + and result.message_id + ): + self._schedule_ephemeral_delete( + chat_id=event.source.chat_id, + message_id=result.message_id, + ttl_seconds=_ephemeral_ttl, + ) + # Human-like pacing delay between text and media human_delay = self._get_human_delay() diff --git a/gateway/run.py b/gateway/run.py index 90faf9a745c..d991ac4ff83 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -29,7 +29,7 @@ from collections import OrderedDict from contextvars import copy_context from pathlib import Path from datetime import datetime -from typing import Dict, Optional, Any, List +from typing import Dict, Optional, Any, List, Union # account_usage imports the OpenAI SDK chain (~230 ms). Only needed by # /usage; we still import it at module top in the gateway because test @@ -454,6 +454,7 @@ from gateway.session import ( from gateway.delivery import DeliveryRouter from gateway.platforms.base import ( BasePlatformAdapter, + EphemeralReply, MessageEvent, MessageType, merge_pending_message_event, @@ -4472,7 +4473,7 @@ class GatewayRunner: invalidation_reason="stop_command", ) logger.info("STOP for session %s — agent interrupted, session lock released", _quick_key) - return "⚡ Stopped. You can continue this session." + return EphemeralReply("⚡ Stopped. You can continue this session.") # /reset and /new must bypass the running-agent guard so they # actually dispatch as commands instead of being queued as user @@ -4677,7 +4678,7 @@ class GatewayRunner: # Force-clean the sentinel so the session is unlocked. self._release_running_agent_state(_quick_key) logger.info("HARD STOP (pending) for session %s — sentinel cleared", _quick_key) - return "⚡ Force-stopped. The agent was still starting — session unlocked." + return EphemeralReply("⚡ Force-stopped. The agent was still starting — session unlocked.") # Queue the message so it will be picked up after the # agent starts. adapter = self.adapters.get(source.platform) @@ -6353,7 +6354,7 @@ class GatewayRunner: return "\n".join(lines) - async def _handle_reset_command(self, event: MessageEvent) -> str: + async def _handle_reset_command(self, event: MessageEvent) -> Union[str, EphemeralReply]: """Handle /new or /reset command.""" source = event.source @@ -6464,8 +6465,8 @@ class GatewayRunner: _tip_line = "" if session_info: - return f"{header}\n\n{session_info}{_tip_line}" - return f"{header}{_tip_line}" + return EphemeralReply(f"{header}\n\n{session_info}{_tip_line}") + return EphemeralReply(f"{header}{_tip_line}") async def _handle_profile_command(self, event: MessageEvent) -> str: """Handle /profile — show active profile name and home directory.""" @@ -6713,7 +6714,7 @@ class GatewayRunner: return "\n".join(lines) - async def _handle_stop_command(self, event: MessageEvent) -> str: + async def _handle_stop_command(self, event: MessageEvent) -> Union[str, EphemeralReply]: """Handle /stop command - interrupt a running agent. When an agent is truly hung (blocked thread that never checks @@ -6738,7 +6739,7 @@ class GatewayRunner: invalidation_reason="stop_command_pending", ) logger.info("STOP (pending) for session %s — sentinel cleared", session_key) - return "⚡ Stopped. The agent hadn't started yet — you can continue this session." + return EphemeralReply("⚡ Stopped. The agent hadn't started yet — you can continue this session.") if agent: # Force-clean the session lock so a truly hung agent doesn't # keep it locked forever. @@ -6748,11 +6749,11 @@ class GatewayRunner: interrupt_reason=_INTERRUPT_REASON_STOP, invalidation_reason="stop_command_handler", ) - return "⚡ Stopped. You can continue this session." + return EphemeralReply("⚡ Stopped. You can continue this session.") else: return "No active task to stop." - async def _handle_restart_command(self, event: MessageEvent) -> str: + async def _handle_restart_command(self, event: MessageEvent) -> Union[str, EphemeralReply]: """Handle /restart command - drain active work, then restart the gateway.""" # Defensive idempotency check: if the previous gateway process # recorded this same /restart (same platform + update_id) and the new @@ -6778,7 +6779,7 @@ class GatewayRunner: count = self._running_agent_count() if count: return f"⏳ Draining {count} active agent(s) before restart..." - return "⏳ Gateway restart already in progress..." + return EphemeralReply("⏳ Gateway restart already in progress...") # Save the requester's routing info so the new gateway process can # notify them once it comes back online. @@ -6830,7 +6831,7 @@ class GatewayRunner: self.request_restart(detached=True, via_service=False) if active_agents: return f"⏳ Draining {active_agents} active agent(s) before restart..." - return "♻ Restarting gateway. If you aren't notified within 60 seconds, restart from the console with `hermes gateway restart`." + return EphemeralReply("♻ Restarting gateway. If you aren't notified within 60 seconds, restart from the console with `hermes gateway restart`.") def _is_stale_restart_redelivery(self, event: MessageEvent) -> bool: """Return True if this /restart is a Telegram re-delivery we already handled. @@ -8321,7 +8322,7 @@ class GatewayRunner: return f"⚡ ✓ Priority Processing: **{label}** (saved to config)\n_(takes effect on next message)_" return f"⚡ ✓ Priority Processing: **{label}** (this session only)" - async def _handle_yolo_command(self, event: MessageEvent) -> str: + async def _handle_yolo_command(self, event: MessageEvent) -> Union[str, EphemeralReply]: """Handle /yolo — toggle dangerous command approval bypass for this session only.""" from tools.approval import ( disable_session_yolo, @@ -8333,10 +8334,10 @@ class GatewayRunner: current = is_session_yolo_enabled(session_key) if current: disable_session_yolo(session_key) - return "⚠️ YOLO mode **OFF** for this session — dangerous commands will require approval." + return EphemeralReply("⚠️ YOLO mode **OFF** for this session — dangerous commands will require approval.") else: enable_session_yolo(session_key) - return "⚡ YOLO mode **ON** for this session — all commands auto-approved. Use with caution." + return EphemeralReply("⚡ YOLO mode **ON** for this session — all commands auto-approved. Use with caution.") async def _handle_verbose_command(self, event: MessageEvent) -> str: """Handle /verbose command — cycle tool progress display mode. diff --git a/hermes_cli/config.py b/hermes_cli/config.py index 82498c81cc2..df1a5943f7b 100644 --- a/hermes_cli/config.py +++ b/hermes_cli/config.py @@ -775,6 +775,14 @@ DEFAULT_CONFIG = { "tool_progress_command": False, # Enable /verbose command in messaging gateway "tool_progress_overrides": {}, # DEPRECATED — use display.platforms instead "tool_preview_length": 0, # Max chars for tool call previews (0 = no limit, show full paths/commands) + # Auto-delete system-notice replies (e.g. "✨ New session started!", + # "♻ Restarting gateway…", "⚡ Stopped…") after N seconds on platforms + # that support message deletion (currently Telegram; other platforms + # ignore and leave the message in place). Only affects slash-command + # replies wrapped with gateway.platforms.base.EphemeralReply — agent + # responses and content messages are never touched. Default 0 + # (disabled) preserves prior behavior. + "ephemeral_system_ttl": 0, "platforms": {}, # Per-platform display overrides: {"telegram": {"tool_progress": "all"}, "slack": {"tool_progress": "off"}} # Gateway runtime-metadata footer appended to the FINAL message of a turn # (disabled by default to keep replies minimal). When enabled, renders diff --git a/tests/gateway/test_ephemeral_reply.py b/tests/gateway/test_ephemeral_reply.py new file mode 100644 index 00000000000..41565e163b0 --- /dev/null +++ b/tests/gateway/test_ephemeral_reply.py @@ -0,0 +1,336 @@ +"""Tests for EphemeralReply — system-notice auto-delete in gateway adapters. + +Slash-command handlers in ``gateway/run.py`` can return an +``EphemeralReply`` wrapper to request auto-deletion of the reply message +after a TTL. The base adapter unwraps the sentinel before sending and +schedules a detached delete task when the platform supports +``delete_message``. + +Covered: + +1. ``_unwrap_ephemeral`` returns text + ttl for EphemeralReply, and + passes plain strings through unchanged. +2. TTL is zeroed on platforms that don't override ``delete_message`` + (silent degrade — message stays in place). +3. TTL is honored on platforms that DO override ``delete_message``. +4. ``_schedule_ephemeral_delete`` invokes ``delete_message`` after the + configured delay with the correct chat_id / message_id. +5. ``_process_message_background`` sends the unwrapped text (not the + sentinel object) and schedules deletion when appropriate. +6. The two busy-session bypass paths also unwrap + schedule. +""" + +import asyncio +from unittest.mock import AsyncMock, patch + +import pytest + +from gateway.config import Platform, PlatformConfig +from gateway.platforms.base import ( + BasePlatformAdapter, + EphemeralReply, + MessageEvent, + MessageType, + SendResult, +) +from gateway.session import SessionSource + + +class _NoDeleteAdapter(BasePlatformAdapter): + """Adapter that does NOT override delete_message (silent degrade).""" + + async def connect(self): + pass + + async def disconnect(self): + pass + + async def send(self, chat_id, content="", **kwargs): + return SendResult(success=True, message_id="m-1") + + async def get_chat_info(self, chat_id): + return {} + + +class _DeleteCapableAdapter(BasePlatformAdapter): + """Adapter that overrides delete_message (TTL honored).""" + + def __init__(self, *a, **kw): + super().__init__(*a, **kw) + self.deleted: list[tuple[str, str]] = [] + + async def connect(self): + pass + + async def disconnect(self): + pass + + async def send(self, chat_id, content="", **kwargs): + return SendResult(success=True, message_id="m-2") + + async def get_chat_info(self, chat_id): + return {} + + async def delete_message(self, chat_id: str, message_id: str) -> bool: + self.deleted.append((chat_id, message_id)) + return True + + +def _no_delete_adapter(): + return _NoDeleteAdapter( + PlatformConfig(enabled=True, token="t"), Platform.TELEGRAM + ) + + +def _delete_adapter(): + return _DeleteCapableAdapter( + PlatformConfig(enabled=True, token="t"), Platform.TELEGRAM + ) + + +def _make_event(text="/stop", chat_id="42"): + return MessageEvent( + text=text, + message_id="msg-1", + source=SessionSource( + platform=Platform.TELEGRAM, + chat_id=chat_id, + user_id="u-1", + ), + message_type=MessageType.TEXT, + ) + + +# --------------------------------------------------------------------------- +# _unwrap_ephemeral +# --------------------------------------------------------------------------- + + +def test_unwrap_plain_string_is_passthrough(): + adapter = _delete_adapter() + text, ttl = adapter._unwrap_ephemeral("hello") + assert text == "hello" + assert ttl == 0 + + +def test_unwrap_none_is_passthrough(): + adapter = _delete_adapter() + text, ttl = adapter._unwrap_ephemeral(None) + assert text is None + assert ttl == 0 + + +def test_unwrap_ephemeral_explicit_ttl_on_capable_adapter(): + adapter = _delete_adapter() + text, ttl = adapter._unwrap_ephemeral(EphemeralReply("bye", ttl_seconds=60)) + assert text == "bye" + assert ttl == 60 + + +def test_unwrap_ephemeral_zeros_ttl_on_incapable_adapter(): + """Platforms without delete_message should silently degrade to normal send.""" + adapter = _no_delete_adapter() + text, ttl = adapter._unwrap_ephemeral(EphemeralReply("bye", ttl_seconds=60)) + assert text == "bye" + assert ttl == 0 # forced to 0 — message will stay in place + + +def test_unwrap_ephemeral_default_ttl_from_config(): + adapter = _delete_adapter() + with patch.object(adapter, "_get_ephemeral_system_ttl_default", return_value=120): + text, ttl = adapter._unwrap_ephemeral(EphemeralReply("bye")) + assert text == "bye" + assert ttl == 120 + + +def test_unwrap_ephemeral_default_ttl_zero_disables(): + """Config default of 0 (the shipped default) means the feature is off.""" + adapter = _delete_adapter() + with patch.object(adapter, "_get_ephemeral_system_ttl_default", return_value=0): + text, ttl = adapter._unwrap_ephemeral(EphemeralReply("bye")) + assert text == "bye" + assert ttl == 0 + + +def test_unwrap_ephemeral_handles_unreadable_config(): + adapter = _delete_adapter() + with patch.object( + adapter, + "_get_ephemeral_system_ttl_default", + side_effect=RuntimeError("boom"), + ): + text, ttl = adapter._unwrap_ephemeral(EphemeralReply("bye")) + # Fall back to 0 rather than crashing the handler pipeline. + assert text == "bye" + assert ttl == 0 + + +# --------------------------------------------------------------------------- +# _schedule_ephemeral_delete +# --------------------------------------------------------------------------- + + +@pytest.mark.asyncio +async def test_schedule_ephemeral_delete_calls_delete_after_ttl(): + adapter = _delete_adapter() + # Use a very short TTL to keep the test fast — the implementation + # floors sleeps at 1s via ``max(1, int(ttl_seconds))``. Patch asyncio.sleep + # inside the module under test; the test body uses the real one for + # scheduler pumping. + import gateway.platforms.base as base_module + + sleeps: list[float] = [] + _real_sleep = base_module.asyncio.sleep + + async def _fake_sleep(duration): + sleeps.append(duration) + # Yield control so the rest of the task body can run. + await _real_sleep(0) + + with patch.object(base_module.asyncio, "sleep", _fake_sleep): + adapter._schedule_ephemeral_delete( + chat_id="42", message_id="m-2", ttl_seconds=5 + ) + # Let the spawned task run. + for _ in range(5): + await _real_sleep(0) + + # Only the ttl sleep shows up — the test pump uses the real sleep. + assert 5 in sleeps + assert adapter.deleted == [("42", "m-2")] + + +@pytest.mark.asyncio +async def test_schedule_ephemeral_delete_swallows_errors(): + adapter = _delete_adapter() + + async def _boom(*a, **kw): + raise RuntimeError("permission denied") + + adapter.delete_message = _boom # type: ignore[assignment] + with patch("gateway.platforms.base.asyncio.sleep", AsyncMock()): + adapter._schedule_ephemeral_delete( + chat_id="42", message_id="m-2", ttl_seconds=1 + ) + # No exception should propagate even though delete_message raised. + for _ in range(5): + await asyncio.sleep(0) + + +def test_schedule_ephemeral_delete_outside_event_loop_is_noop(): + """No running loop → no crash, silently drops the request.""" + adapter = _delete_adapter() + # No pytest.mark.asyncio → no loop. Must not raise. + adapter._schedule_ephemeral_delete( + chat_id="42", message_id="m-2", ttl_seconds=1 + ) + assert adapter.deleted == [] + + +# --------------------------------------------------------------------------- +# _process_message_background unwraps EphemeralReply before send +# --------------------------------------------------------------------------- + + +@pytest.mark.asyncio +async def test_process_message_unwraps_ephemeral_before_send(): + """The adapter must send the wrapper's .text, never the wrapper object.""" + adapter = _delete_adapter() + adapter._send_with_retry = AsyncMock( + return_value=SendResult(success=True, message_id="sent-1") + ) + + async def _handler(evt): + return EphemeralReply("⚡ Stopped.", ttl_seconds=5) + + adapter.set_message_handler(_handler) + + sleeps: list[float] = [] + + async def _fake_sleep(duration): + sleeps.append(duration) + + event = _make_event() + session_key = "agent:main:telegram:private:42" + with patch("gateway.platforms.base.asyncio.sleep", _fake_sleep), patch.object( + adapter, "_keep_typing", new=AsyncMock() + ): + await adapter._process_message_background(event, session_key) + # Pump until the detached delete task completes. + for _ in range(10): + await asyncio.sleep(0) + + # Sent text is the unwrapped string, NOT repr(EphemeralReply(...)) + adapter._send_with_retry.assert_called_once() + sent_text = adapter._send_with_retry.call_args.kwargs["content"] + assert sent_text == "⚡ Stopped." + # Auto-delete scheduled using the returned message_id + assert ("42", "sent-1") in adapter.deleted + + +@pytest.mark.asyncio +async def test_process_message_incapable_platform_does_not_schedule_delete(): + adapter = _no_delete_adapter() + adapter._send_with_retry = AsyncMock( + return_value=SendResult(success=True, message_id="sent-1") + ) + + async def _handler(evt): + return EphemeralReply("⚡ Stopped.", ttl_seconds=5) + + adapter.set_message_handler(_handler) + + # Spy on delete_message to confirm it is NOT invoked. + delete_calls: list = [] + + async def _spy_delete(chat_id, message_id): + delete_calls.append((chat_id, message_id)) + return False + + adapter.delete_message = _spy_delete # type: ignore[assignment] + + event = _make_event() + session_key = "agent:main:telegram:private:42" + with patch("gateway.platforms.base.asyncio.sleep", AsyncMock()), patch.object( + adapter, "_keep_typing", new=AsyncMock() + ): + await adapter._process_message_background(event, session_key) + for _ in range(10): + await asyncio.sleep(0) + + # Send happened with the unwrapped text... + adapter._send_with_retry.assert_called_once() + assert adapter._send_with_retry.call_args.kwargs["content"] == "⚡ Stopped." + # ...but delete was never scheduled because the capability check skipped + # the schedule call (TTL was zeroed in _unwrap_ephemeral). + # Note: the capability gate on _unwrap_ephemeral checks for + # ``type(adapter).delete_message is BasePlatformAdapter.delete_message``. + # Monkeypatching the instance does NOT change the class, so this test + # verifies the gate uses the class method to detect capability. + assert delete_calls == [] + + +@pytest.mark.asyncio +async def test_process_message_plain_string_behaves_unchanged(): + adapter = _delete_adapter() + adapter._send_with_retry = AsyncMock( + return_value=SendResult(success=True, message_id="sent-1") + ) + + async def _handler(evt): + return "plain reply" + + adapter.set_message_handler(_handler) + + event = _make_event() + session_key = "agent:main:telegram:private:42" + with patch("gateway.platforms.base.asyncio.sleep", AsyncMock()), patch.object( + adapter, "_keep_typing", new=AsyncMock() + ): + await adapter._process_message_background(event, session_key) + for _ in range(5): + await asyncio.sleep(0) + + adapter._send_with_retry.assert_called_once() + assert adapter._send_with_retry.call_args.kwargs["content"] == "plain reply" + assert adapter.deleted == [] # no auto-delete for plain replies From 50c046331dc722fa875fd290ce29b9cc5130fc08 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:06:32 -0700 Subject: [PATCH 102/133] feat(update): add --yes/-y flag to skip interactive prompts (#18261) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit hermes update had two interactive [Y/n] prompts with no bypass: 1. Config migration (after new env/config options are added) 2. Autostash restore (when uncommitted work was stashed before pull) hermes uninstall already has --yes/-y; mirrors that. Under --yes: - Config-migrate prompt → auto-yes, migrate_config(interactive=False) so new config fields are applied but API-key prompts are skipped (user runs 'hermes config migrate' later for those). Matches gateway-mode semantics. - Stash-restore prompt → auto-yes, git stash apply runs automatically. Closes the 'can I hermes update -y, No ! Fix' gap reported by @murelux. --- hermes_cli/main.py | 30 +++- tests/hermes_cli/test_update_yes_flag.py | 167 +++++++++++++++++++++++ 2 files changed, 190 insertions(+), 7 deletions(-) create mode 100644 tests/hermes_cli/test_update_yes_flag.py diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 79ef21eec7b..5598a1f3ff0 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -6673,6 +6673,7 @@ def _cmd_update_impl(args, gateway_mode: bool): if gateway_mode else None ) + assume_yes = bool(getattr(args, "yes", False)) print("⚕ Updating Hermes Agent...") print() @@ -6792,8 +6793,10 @@ def _cmd_update_impl(args, gateway_mode: bool): else: auto_stash_ref = _stash_local_changes_if_needed(git_cmd, PROJECT_ROOT) - prompt_for_restore = auto_stash_ref is not None and ( - gateway_mode or (sys.stdin.isatty() and sys.stdout.isatty()) + prompt_for_restore = ( + auto_stash_ref is not None + and not assume_yes + and (gateway_mode or (sys.stdin.isatty() and sys.stdout.isatty())) ) # Check if there are updates @@ -7054,7 +7057,10 @@ def _cmd_update_impl(args, gateway_mode: bool): print(f" ℹ️ {len(missing_config)} new config option(s) available") print() - if gateway_mode: + if assume_yes: + print(" ℹ --yes: auto-applying config migration (skipping API-key prompts).") + response = "y" + elif gateway_mode: response = ( _gateway_prompt( "Would you like to configure new options now? [Y/n]", "n" @@ -7080,14 +7086,17 @@ def _cmd_update_impl(args, gateway_mode: bool): if response in ("", "y", "yes"): print() - # In gateway mode, run auto-migrations only (no input() prompts - # for API keys which would hang the detached process). - results = migrate_config(interactive=not gateway_mode, quiet=False) + # In gateway mode OR under --yes, run auto-migrations only (no + # input() prompts for API keys which would hang the detached + # process / defeat the point of --yes). + results = migrate_config( + interactive=not (gateway_mode or assume_yes), quiet=False + ) if results["env_added"] or results["config_added"]: print() print("✓ Configuration updated!") - if gateway_mode and missing_env: + if (gateway_mode or assume_yes) and missing_env: print(" ℹ API keys require manual entry: hermes config migrate") else: print() @@ -9893,6 +9902,13 @@ Examples: default=False, help="Force a pre-update backup for this run (off by default; overrides updates.pre_update_backup)", ) + update_parser.add_argument( + "--yes", + "-y", + action="store_true", + default=False, + help="Assume yes for interactive prompts (config migration, stash restore). API-key entry is skipped; run 'hermes config migrate' separately for those.", + ) update_parser.set_defaults(func=cmd_update) # ========================================================================= diff --git a/tests/hermes_cli/test_update_yes_flag.py b/tests/hermes_cli/test_update_yes_flag.py new file mode 100644 index 00000000000..e36cc5142ef --- /dev/null +++ b/tests/hermes_cli/test_update_yes_flag.py @@ -0,0 +1,167 @@ +"""Tests for `hermes update --yes / -y` — assume yes for interactive prompts. + +Covers: + 1. argparse parses the flag + 2. Config-migration prompt is auto-answered (no input() call) and migrate_config + runs with interactive=False so API-key prompts are skipped + 3. Autostash restore prompt is auto-answered (prompt_for_restore == False, no + input() call) and the stash is applied automatically +""" + +import subprocess +from types import SimpleNamespace +from unittest.mock import patch + +from hermes_cli.main import cmd_update + + +def _make_run_side_effect( + branch="main", verify_ok=True, commit_count="1", dirty=False +): + """Minimal subprocess.run side_effect for the update flow.""" + + def side_effect(cmd, **kwargs): + joined = " ".join(str(c) for c in cmd) + + if "rev-parse" in joined and "--abbrev-ref" in joined: + return subprocess.CompletedProcess(cmd, 0, stdout=f"{branch}\n", stderr="") + if "rev-parse" in joined and "--verify" in joined: + return subprocess.CompletedProcess( + cmd, 0 if verify_ok else 128, stdout="", stderr="" + ) + if "rev-list" in joined: + return subprocess.CompletedProcess( + cmd, 0, stdout=f"{commit_count}\n", stderr="" + ) + # `git status --porcelain` for dirty-tree detection during autostash. + if "status" in joined and "--porcelain" in joined: + out = " M hermes_cli/main.py\n" if dirty else "" + return subprocess.CompletedProcess(cmd, 0, stdout=out, stderr="") + # `git stash list` — return a stash ref when dirty (so _stash_local_changes + # gets something to return). _stash_local_changes_if_needed is what we + # actually patch in tests that exercise restore, so this is a catch-all. + if "stash" in joined and "list" in joined: + return subprocess.CompletedProcess(cmd, 0, stdout="", stderr="") + return subprocess.CompletedProcess(cmd, 0, stdout="", stderr="") + + return side_effect + + +class TestUpdateYesConfigMigration: + """--yes auto-answers the config-migration prompt and skips API-key prompts.""" + + @patch("hermes_cli.config.migrate_config") + @patch("hermes_cli.config.check_config_version", return_value=(1, 2)) + @patch("hermes_cli.config.get_missing_config_fields", return_value=[]) + @patch("hermes_cli.config.get_missing_env_vars", return_value=["NEW_KEY"]) + @patch("shutil.which", return_value=None) + @patch("subprocess.run") + def test_yes_auto_migrates_without_input( + self, + mock_run, + _mock_which, + _mock_missing_env, + _mock_missing_cfg, + _mock_version, + mock_migrate, + capsys, + ): + mock_run.side_effect = _make_run_side_effect( + branch="main", verify_ok=True, commit_count="1" + ) + mock_migrate.return_value = {"env_added": [], "config_added": []} + + args = SimpleNamespace(yes=True) + + with patch("builtins.input") as mock_input: + cmd_update(args) + # Never prompted the user. + mock_input.assert_not_called() + + # migrate_config was invoked with interactive=False — API-key prompts + # are suppressed, matching gateway-mode semantics. + assert mock_migrate.call_count == 1 + _, kwargs = mock_migrate.call_args + assert kwargs.get("interactive") is False + + out = capsys.readouterr().out + assert "--yes: auto-applying config migration" in out + # The "Would you like to configure them now?" prompt text never appears. + assert "Would you like to configure them now?" not in out + + @patch("hermes_cli.config.migrate_config") + @patch("hermes_cli.config.check_config_version", return_value=(1, 2)) + @patch("hermes_cli.config.get_missing_config_fields", return_value=[]) + @patch("hermes_cli.config.get_missing_env_vars", return_value=["NEW_KEY"]) + @patch("shutil.which", return_value=None) + @patch("subprocess.run") + def test_no_yes_flag_still_prompts_in_tty( + self, + mock_run, + _mock_which, + _mock_missing_env, + _mock_missing_cfg, + _mock_version, + mock_migrate, + capsys, + ): + """Regression guard: without --yes, the TTY prompt path still fires.""" + mock_run.side_effect = _make_run_side_effect( + branch="main", verify_ok=True, commit_count="1" + ) + mock_migrate.return_value = {"env_added": [], "config_added": []} + + args = SimpleNamespace(yes=False) + + with patch("builtins.input", return_value="n") as mock_input, patch( + "hermes_cli.main.sys" + ) as mock_sys: + mock_sys.stdin.isatty.return_value = True + mock_sys.stdout.isatty.return_value = True + cmd_update(args) + # The user was actually prompted. + assert mock_input.called + prompts = [c.args[0] if c.args else "" for c in mock_input.call_args_list] + assert any("configure them now" in p for p in prompts) + + +class TestUpdateYesStashRestore: + """--yes auto-restores the pre-update autostash without prompting.""" + + @patch("hermes_cli.main._restore_stashed_changes") + @patch( + "hermes_cli.main._stash_local_changes_if_needed", + return_value="stash@{0}", + ) + @patch("hermes_cli.config.check_config_version", return_value=(1, 1)) + @patch("hermes_cli.config.get_missing_config_fields", return_value=[]) + @patch("hermes_cli.config.get_missing_env_vars", return_value=[]) + @patch("shutil.which", return_value=None) + @patch("subprocess.run") + def test_yes_restores_stash_without_prompting( + self, + mock_run, + _mock_which, + _mock_missing_env, + _mock_missing_cfg, + _mock_version, + _mock_stash, + mock_restore, + capsys, + ): + # Not on main → cmd_update switches to main → autostash fires. + mock_run.side_effect = _make_run_side_effect( + branch="feature-branch", verify_ok=True, commit_count="1", dirty=True + ) + + args = SimpleNamespace(yes=True) + + cmd_update(args) + + # _restore_stashed_changes was called, and called with prompt_user=False + # every time (so the user never sees "Restore local changes now?"). + assert mock_restore.called + for call in mock_restore.call_args_list: + assert call.kwargs.get("prompt_user") is False, ( + f"Expected prompt_user=False under --yes, got {call.kwargs}" + ) From 7c6c5619a7b85ef7ed873632e25a4a4745563866 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:08:22 -0700 Subject: [PATCH 103/133] docs(sidebar): collapse exploding skills tree to a single Skills node (#18259) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * docs(sidebar): collapse exploding skills tree to a single Skills node The Skills sub-tree in the left sidebar expanded to 200+ entries (22 bundled categories + 15 optional categories, every skill a page). That's most of the nav on a first visit — docs for the actual product get drowned in it. Collapse the sidebar to: Skills godmode (hand-written spotlight) google-workspace (hand-written spotlight) Bundled catalog (reference/skills-catalog — table of all bundled) Optional catalog (reference/optional-skills-catalog — table of all optional) Per-skill pages still generate and are still reachable at their URLs; they're linked from the two catalog tables and from the Skills overview page. They just don't appear in the left nav anymore. sidebars.ts goes from 649 lines to 247. generate-skill-docs.py loses the bundled/optional sidebar render helpers. Also picks up incidental generator output drift on current main (comfyui skill content refresh; 4 new skill pages for devops-kanban-orchestrator, devops-kanban-worker, productivity-here-now, productivity-shopify; two catalog refreshes). These are what the generator produces on main today — keeping them committed avoids the next docs build showing 'working tree dirty'. * docs(sidebar): drop godmode and google-workspace spotlight pages Keep the Skills sidebar node strictly principled: two catalog links, nothing else. There was no rule for which skills got spotlight pages and which got auto-generated pages — just that these two happened to be hand-written first. Both pages still build and are still reachable at /docs/user-guide/skills/godmode and /docs/user-guide/skills/google-workspace. They're linked from the catalog tables and the Skills overview page. Sidebar Skills node now: Skills ├── Bundled catalog └── Optional catalog --- .../docs/reference/optional-skills-catalog.md | 2 + website/docs/reference/skills-catalog.md | 4 +- .../bundled/creative/creative-comfyui.md | 656 ++++++++---------- .../devops/devops-kanban-orchestrator.md | 170 +++++ .../bundled/devops/devops-kanban-worker.md | 152 ++++ .../productivity/productivity-here-now.md | 231 ++++++ .../productivity/productivity-shopify.md | 376 ++++++++++ website/scripts/generate-skill-docs.py | 57 +- website/sidebars.ts | 408 +---------- 9 files changed, 1264 insertions(+), 792 deletions(-) create mode 100644 website/docs/user-guide/skills/bundled/devops/devops-kanban-orchestrator.md create mode 100644 website/docs/user-guide/skills/bundled/devops/devops-kanban-worker.md create mode 100644 website/docs/user-guide/skills/optional/productivity/productivity-here-now.md create mode 100644 website/docs/user-guide/skills/optional/productivity/productivity-shopify.md diff --git a/website/docs/reference/optional-skills-catalog.md b/website/docs/reference/optional-skills-catalog.md index 9d0f665b826..9a9188a5b15 100644 --- a/website/docs/reference/optional-skills-catalog.md +++ b/website/docs/reference/optional-skills-catalog.md @@ -129,7 +129,9 @@ hermes skills uninstall | Skill | Description | |-------|-------------| | [**canvas**](/docs/user-guide/skills/optional/productivity/productivity-canvas) | Canvas LMS integration — fetch enrolled courses and assignments using API token authentication. | +| [**here.now**](/docs/user-guide/skills/optional/productivity/productivity-here-now) | Publish static sites to {slug}.here.now and store private files in cloud Drives for agent-to-agent handoff. | | [**memento-flashcards**](/docs/user-guide/skills/optional/productivity/productivity-memento-flashcards) | Spaced-repetition flashcard system. Create cards from facts or text, chat with flashcards using free-text answers graded by the agent, generate quizzes from YouTube transcripts, review due cards with adaptive scheduling, and export/impor... | +| [**shopify**](/docs/user-guide/skills/optional/productivity/productivity-shopify) | Shopify Admin & Storefront GraphQL APIs via curl. Products, orders, customers, inventory, metafields. | | [**siyuan**](/docs/user-guide/skills/optional/productivity/productivity-siyuan) | SiYuan Note API for searching, reading, creating, and managing blocks and documents in a self-hosted knowledge base via curl. | | [**telephony**](/docs/user-guide/skills/optional/productivity/productivity-telephony) | Give Hermes phone capabilities without core tool changes. Provision and persist a Twilio number, send and receive SMS/MMS, make direct calls, and place AI-driven outbound calls through Bland.ai or Vapi. | diff --git a/website/docs/reference/skills-catalog.md b/website/docs/reference/skills-catalog.md index e438ff8a5c0..a5507304588 100644 --- a/website/docs/reference/skills-catalog.md +++ b/website/docs/reference/skills-catalog.md @@ -38,7 +38,7 @@ If a skill is missing from this list but present in the repo, the catalog is reg | [`baoyu-comic`](/docs/user-guide/skills/bundled/creative/creative-baoyu-comic) | Knowledge comics (知识漫画): educational, biography, tutorial. | `creative/baoyu-comic` | | [`baoyu-infographic`](/docs/user-guide/skills/bundled/creative/creative-baoyu-infographic) | Infographics: 21 layouts x 21 styles (信息图, 可视化). | `creative/baoyu-infographic` | | [`claude-design`](/docs/user-guide/skills/bundled/creative/creative-claude-design) | Design one-off HTML artifacts (landing, deck, prototype). | `creative/claude-design` | -| [`comfyui`](/docs/user-guide/skills/bundled/creative/creative-comfyui) | Generate images, video, and audio with ComfyUI — install, launch, manage nodes/models, run workflows with parameter injection. Uses the official comfy-cli for lifecycle and direct REST API for execution. | `creative/comfyui` | +| [`comfyui`](/docs/user-guide/skills/bundled/creative/creative-comfyui) | Generate images, video, and audio with ComfyUI — install, launch, manage nodes/models, run workflows with parameter injection. Uses the official comfy-cli for lifecycle and direct REST/WebSocket API for execution. | `creative/comfyui` | | [`ideation`](/docs/user-guide/skills/bundled/creative/creative-creative-ideation) | Generate project ideas via creative constraints. | `creative/creative-ideation` | | [`design-md`](/docs/user-guide/skills/bundled/creative/creative-design-md) | Author/validate/export Google's DESIGN.md token spec files. | `creative/design-md` | | [`excalidraw`](/docs/user-guide/skills/bundled/creative/creative-excalidraw) | Hand-drawn Excalidraw JSON diagrams (arch, flow, seq). | `creative/excalidraw` | @@ -62,6 +62,8 @@ If a skill is missing from this list but present in the repo, the catalog is reg | Skill | Description | Path | |-------|-------------|------| +| [`kanban-orchestrator`](/docs/user-guide/skills/bundled/devops/devops-kanban-orchestrator) | Decomposition playbook + specialist-roster conventions + anti-temptation rules for an orchestrator profile routing work through Kanban. The "don't do the work yourself" rule and the basic lifecycle are auto-injected into every kanban wor... | `devops/kanban-orchestrator` | +| [`kanban-worker`](/docs/user-guide/skills/bundled/devops/devops-kanban-worker) | Pitfalls, examples, and edge cases for Hermes Kanban workers. The lifecycle itself is auto-injected into every worker's system prompt as KANBAN_GUIDANCE (from agent/prompt_builder.py); this skill is what you load when you want deeper det... | `devops/kanban-worker` | | [`webhook-subscriptions`](/docs/user-guide/skills/bundled/devops/devops-webhook-subscriptions) | Webhook subscriptions: event-driven agent runs. | `devops/webhook-subscriptions` | ## dogfood diff --git a/website/docs/user-guide/skills/bundled/creative/creative-comfyui.md b/website/docs/user-guide/skills/bundled/creative/creative-comfyui.md index 7a79964c773..7877e174c7a 100644 --- a/website/docs/user-guide/skills/bundled/creative/creative-comfyui.md +++ b/website/docs/user-guide/skills/bundled/creative/creative-comfyui.md @@ -8,7 +8,7 @@ description: "Generate images, video, and audio with ComfyUI — install, launch # Comfyui -Generate images, video, and audio with ComfyUI — install, launch, manage nodes/models, run workflows with parameter injection. Uses the official comfy-cli for lifecycle and direct REST API for execution. +Generate images, video, and audio with ComfyUI — install, launch, manage nodes/models, run workflows with parameter injection. Uses the official comfy-cli for lifecycle and direct REST/WebSocket API for execution. ## Skill metadata @@ -16,11 +16,11 @@ Generate images, video, and audio with ComfyUI — install, launch, manage nodes |---|---| | Source | Bundled (installed by default) | | Path | `skills/creative/comfyui` | -| Version | `4.1.0` | +| Version | `5.0.0` | | Author | ['kshitijk4poor', 'alt-glitch'] | | License | MIT | | Platforms | macos, linux, windows | -| Tags | `comfyui`, `image-generation`, `stable-diffusion`, `flux`, `creative`, `generative-ai`, `video-generation` | +| Tags | `comfyui`, `image-generation`, `stable-diffusion`, `flux`, `sd3`, `wan-video`, `hunyuan-video`, `creative`, `generative-ai`, `video-generation` | | Related skills | [`stable-diffusion-image-generation`](/docs/user-guide/skills/optional/mlops/mlops-stable-diffusion), `image_gen` | ## Reference: full SKILL.md @@ -31,327 +31,333 @@ The following is the complete skill definition that Hermes loads when this skill # ComfyUI -Generate images, video, and audio through ComfyUI using the official `comfy-cli` for -setup/management and direct REST API calls for workflow execution. +Generate images, video, audio, and 3D content through ComfyUI using the +official `comfy-cli` for setup/lifecycle and direct REST/WebSocket API +for workflow execution. -**Reference files in this skill:** +## What's in this skill -- `references/official-cli.md` — comfy-cli command reference (install, launch, nodes, models) -- `references/rest-api.md` — ComfyUI REST API endpoints (local + cloud) -- `references/workflow-format.md` — workflow JSON format, common node types, parameter mapping +**Reference docs (`references/`):** -**Scripts in this skill:** +- `official-cli.md` — every `comfy ...` command, with flags +- `rest-api.md` — REST + WebSocket endpoints (local + cloud), payload schemas +- `workflow-format.md` — API-format JSON, common node types, param mapping -- `scripts/hardware_check.py` — detect GPU/VRAM/Apple Silicon, decide local vs Comfy Cloud -- `scripts/comfyui_setup.sh` — full setup automation (hardware check + install + launch + verify) -- `scripts/extract_schema.py` — reads workflow JSON, outputs which parameters are controllable -- `scripts/run_workflow.py` — injects user args, submits workflow, monitors progress, downloads outputs -- `scripts/check_deps.py` — checks if required custom nodes and models are installed +**Scripts (`scripts/`):** + +| Script | Purpose | +|--------|---------| +| `_common.py` | Shared HTTP, cloud routing, node catalogs (don't run directly) | +| `hardware_check.py` | Probe GPU/VRAM/disk → recommend local vs Comfy Cloud | +| `comfyui_setup.sh` | Hardware check + comfy-cli + ComfyUI install + launch + verify | +| `extract_schema.py` | Read a workflow → list controllable params + model deps | +| `check_deps.py` | Check workflow against running server → list missing nodes/models | +| `auto_fix_deps.py` | Run check_deps then `comfy node install` / `comfy model download` | +| `run_workflow.py` | Inject params, submit, monitor, download outputs (HTTP or WS) | +| `run_batch.py` | Submit a workflow N times with sweeps, parallel up to your tier | +| `ws_monitor.py` | Real-time WebSocket viewer for executing jobs (live progress) | +| `health_check.py` | Verification checklist runner — comfy-cli + server + models + smoke test | +| `fetch_logs.py` | Pull traceback / status messages for a given prompt_id | + +**Example workflows (`workflows/`):** SD 1.5, SDXL, Flux Dev, SDXL img2img, +SDXL inpaint, ESRGAN upscale, AnimateDiff video, Wan T2V. See +`workflows/README.md`. ## When to Use -- User asks to generate images with Stable Diffusion, SDXL, Flux, or other diffusion models -- User wants to run a specific ComfyUI workflow +- User asks to generate images with Stable Diffusion, SDXL, Flux, SD3, etc. +- User wants to run a specific ComfyUI workflow file - User wants to chain generative steps (txt2img → upscale → face restore) - User needs ControlNet, inpainting, img2img, or other advanced pipelines - User asks to manage ComfyUI queue, check models, or install custom nodes -- User wants video/audio generation via AnimateDiff, Hunyuan, AudioCraft, etc. +- User wants video/audio/3D generation via AnimateDiff, Hunyuan, Wan, AudioCraft, etc. ## Architecture: Two Layers ``` ┌─────────────────────────────────────────────────────┐ -│ Layer 1: comfy-cli (official) │ -│ Setup, lifecycle, nodes, models │ -│ comfy install / launch / stop / node / model │ +│ Layer 1: comfy-cli (official lifecycle tool) │ +│ Setup, server lifecycle, custom nodes, models │ +│ → comfy install / launch / stop / node / model │ └─────────────────────────┬───────────────────────────┘ │ ┌─────────────────────────▼───────────────────────────┐ -│ Layer 2: REST API + skill scripts │ +│ Layer 2: REST/WebSocket API + skill scripts │ │ Workflow execution, param injection, monitoring │ -│ POST /api/prompt, GET /api/view, WebSocket │ -│ scripts/run_workflow.py, extract_schema.py │ +│ POST /api/prompt, GET /api/view, WS /ws │ +│ → run_workflow.py, run_batch.py, ws_monitor.py │ └─────────────────────────────────────────────────────┘ ``` -**Why two layers?** The official CLI handles installation and server management excellently -but has minimal workflow execution support (just raw file submission, no param injection, -no structured output). The REST API fills that gap — the scripts in this skill handle the -param injection, execution monitoring, and output download that the CLI doesn't do. +**Why two layers?** The official CLI is excellent for installation and server +management but has minimal workflow execution support. The REST/WS API fills +that gap — the scripts handle param injection, execution monitoring, and +output download that the CLI doesn't do. ## Quick Start -### Detect Environment +### Detect environment ```bash # What's available? command -v comfy >/dev/null 2>&1 && echo "comfy-cli: installed" curl -s http://127.0.0.1:8188/system_stats 2>/dev/null && echo "server: running" -# Can this machine actually run ComfyUI locally? (GPU/VRAM/Apple Silicon check) +# Can this machine run ComfyUI locally? (GPU/VRAM/disk check) python3 scripts/hardware_check.py ``` -If nothing is installed, go to **Setup & Onboarding** below — but always run the -hardware check first, before picking an install path. -If the server is already running, skip to **Core Workflow**. +If nothing is installed, see **Setup & Onboarding** below — but always run the +hardware check first. + +### One-line health check + +```bash +python3 scripts/health_check.py +# → JSON: comfy_cli on PATH? server reachable? at least one checkpoint? smoke-test passes? +``` ## Core Workflow -### Step 1: Get a Workflow +### Step 1: Get a workflow JSON in API format -Users provide workflow JSON files. These come from: -- ComfyUI web editor → "Save (API Format)" button -- Community downloads (civitai, Reddit, Discord) -- The `scripts/` directory of this skill (example workflows) +Workflows must be in API format (each node has `class_type`). They come from: -**The workflow must be in API format** (node IDs as keys with `class_type`). -If user has editor format (has `nodes[]` and `links[]` at top level), they -need to re-export using "Save (API Format)" in the ComfyUI web editor. +- ComfyUI web UI → **Workflow → Export (API)** (newer UI) or + the legacy "Save (API Format)" button (older UI) +- This skill's `workflows/` directory (ready-to-run examples) +- Community downloads (civitai, Reddit, Discord) — usually editor format, + must be loaded into ComfyUI then re-exported -### Step 2: Understand What's Controllable +Editor format (top-level `nodes` and `links` arrays) is **not directly +executable**. The scripts detect this and tell you to re-export. + +### Step 2: See what's controllable ```bash +python3 scripts/extract_schema.py workflow_api.json --summary-only +# → {"parameter_count": 12, "has_negative_prompt": true, "has_seed": true, ...} + python3 scripts/extract_schema.py workflow_api.json +# → full schema with parameters, model deps, embedding refs ``` -Output (JSON): -```json -{ - "parameters": { - "prompt": {"node_id": "6", "field": "text", "type": "string", "value": "a cat"}, - "negative_prompt": {"node_id": "7", "field": "text", "type": "string", "value": "bad quality"}, - "seed": {"node_id": "3", "field": "seed", "type": "int", "value": 42}, - "steps": {"node_id": "3", "field": "steps", "type": "int", "value": 20}, - "width": {"node_id": "5", "field": "width", "type": "int", "value": 512}, - "height": {"node_id": "5", "field": "height", "type": "int", "value": 512} - } -} -``` +### Step 3: Run with parameters -### Step 3: Run with Parameters - -**Local:** ```bash +# Local (defaults to http://127.0.0.1:8188) python3 scripts/run_workflow.py \ --workflow workflow_api.json \ - --args '{"prompt": "a beautiful sunset over mountains", "seed": 123, "steps": 30}' \ + --args '{"prompt": "a beautiful sunset over mountains", "seed": -1, "steps": 30}' \ --output-dir ./outputs -``` -**Cloud:** -```bash +# Cloud (export API key once; uses correct /api routing automatically) +export COMFY_CLOUD_API_KEY="comfyui-..." python3 scripts/run_workflow.py \ --workflow workflow_api.json \ - --args '{"prompt": "a beautiful sunset", "seed": 123}' \ + --args '{"prompt": "..."}' \ --host https://cloud.comfy.org \ - --api-key "$COMFY_CLOUD_API_KEY" \ --output-dir ./outputs + +# Real-time progress via WebSocket (requires `pip install websocket-client`) +python3 scripts/run_workflow.py \ + --workflow flux_dev.json \ + --args '{"prompt": "..."}' \ + --ws + +# img2img / inpaint: pass --input-image to upload + reference automatically +python3 scripts/run_workflow.py \ + --workflow sdxl_img2img.json \ + --input-image image=./photo.png \ + --args '{"prompt": "make it watercolor", "denoise": 0.6}' + +# Batch / sweep: 8 random seeds, parallel up to cloud tier limit +python3 scripts/run_batch.py \ + --workflow sdxl.json \ + --args '{"prompt": "abstract"}' \ + --count 8 --randomize-seed --parallel 3 \ + --output-dir ./outputs/batch ``` -### Step 4: Present Results +`-1` for `seed` (or omitting it with `--randomize-seed`) generates a fresh +random seed per run. + +### Step 4: Present results + +The scripts emit JSON to stdout describing every output file: -The script outputs JSON with file paths: ```json { "status": "success", + "prompt_id": "abc-123", "outputs": [ - {"file": "./outputs/ComfyUI_00001_.png", "node_id": "9", "type": "image"} + {"file": "./outputs/sdxl_00001_.png", "node_id": "9", + "type": "image", "filename": "sdxl_00001_.png"} ] } ``` -Show images to the user via `vision_analyze` or return the file path directly. - ## Decision Tree | User says | Tool | Command | |-----------|------|---------| -| "install ComfyUI" | comfy-cli | `comfy install` | +| **Lifecycle (use comfy-cli)** | | | +| "install ComfyUI" | comfy-cli | `bash scripts/comfyui_setup.sh` | | "start ComfyUI" | comfy-cli | `comfy launch --background` | | "stop ComfyUI" | comfy-cli | `comfy stop` | | "install X node" | comfy-cli | `comfy node install ` | -| "download X model" | comfy-cli | `comfy model download --url ` | +| "download X model" | comfy-cli | `comfy model download --url --relative-path models/checkpoints` | | "list installed models" | comfy-cli | `comfy model list` | | "list installed nodes" | comfy-cli | `comfy node show installed` | -| "generate an image" | script | `run_workflow.py --args '{"prompt": "..."}'` | -| "use this image" (img2img) | REST | upload image, then run_workflow.py | -| "what can I change in this workflow?" | script | `extract_schema.py workflow.json` | -| "check if workflow deps are met" | script | `check_deps.py workflow.json` | -| "what's in the queue?" | REST | `curl http://HOST:8188/queue` | +| **Execution (use scripts)** | | | +| "is everything ready?" | script | `health_check.py` (optionally with `--workflow X --smoke-test`) | +| "what can I change in this workflow?" | script | `extract_schema.py W.json` | +| "check if W's deps are met" | script | `check_deps.py W.json` | +| "fix missing deps" | script | `auto_fix_deps.py W.json` | +| "generate an image" | script | `run_workflow.py --workflow W --args '{...}'` | +| "use this image" (img2img) | script | `run_workflow.py --input-image image=./x.png ...` | +| "8 variations with random seeds" | script | `run_batch.py --count 8 --randomize-seed ...` | +| "show me live progress" | script | `ws_monitor.py --prompt-id ` | +| "fetch the error from job X" | script | `fetch_logs.py ` | +| **Direct REST** | | | +| "what's in the queue?" | REST | `curl http://HOST:8188/queue` (local) or `--host https://cloud.comfy.org` | | "cancel that" | REST | `curl -X POST http://HOST:8188/interrupt` | | "free GPU memory" | REST | `curl -X POST http://HOST:8188/free` | ## Setup & Onboarding -When a user asks to set up ComfyUI, the FIRST thing to do is ask them whether -they want **Comfy Cloud** (hosted, zero install, API key) or **Local** (install -ComfyUI on their machine). Do NOT start running install commands or hardware +When a user asks to set up ComfyUI, **the FIRST thing to do is ask whether +they want Comfy Cloud (hosted, zero install, API key) or Local (install +ComfyUI on their machine)**. Don't start running install commands or hardware checks until they've answered. **Official docs:** https://docs.comfy.org/installation **CLI docs:** https://docs.comfy.org/comfy-cli/getting-started **Cloud docs:** https://docs.comfy.org/get_started/cloud +**Cloud API:** https://docs.comfy.org/development/cloud/overview ### Step 0: Ask Local vs Cloud (ALWAYS FIRST) -Present the tradeoff clearly and wait for the user to choose. Suggested script: +Suggested script: > "Do you want to run ComfyUI locally on your machine, or use Comfy Cloud? > -> - **Comfy Cloud** — hosted on RTX 6000 Pro GPUs, all models pre-installed, zero setup. Requires an API key (paid subscription). Best if you don't have a capable GPU or want to skip installation. +> - **Comfy Cloud** — hosted on RTX 6000 Pro GPUs, all common models pre-installed, +> zero setup. Requires an API key (paid subscription required to actually run +> workflows; free tier is read-only). Best if you don't have a capable GPU. > - **Local** — free, but your machine MUST meet the hardware requirements: -> - NVIDIA GPU with **≥6 GB VRAM** (≥8 GB recommended for SDXL, ≥12 GB for Flux/video), OR +> - NVIDIA GPU with **≥6 GB VRAM** (≥8 GB for SDXL, ≥12 GB for Flux/video), OR > - AMD GPU with ROCm support (Linux), OR -> - Apple Silicon Mac (M1 or newer) with **≥16 GB unified memory** (≥32 GB recommended). +> - Apple Silicon Mac (M1+) with **≥16 GB unified memory** (≥32 GB recommended). > - Intel Macs and machines with no GPU will NOT work — use Cloud instead. > > Which would you like?" -Route based on their answer: +Routing: -- **User picks Cloud** → skip to **Path A** (no hardware check needed). -- **User picks Local** → go to **Step 1: Hardware Check** to verify their machine actually meets the requirements, then pick an install path from Paths B-E based on the verdict. -- **User is unsure / asks for a recommendation** → run the hardware check anyway and let the verdict decide. +- **Cloud** → skip to **Path A**. +- **Local** → run hardware check first, then pick a path from Paths B–E based on the verdict. +- **Unsure** → run the hardware check and let the verdict decide. ### Step 1: Verify Hardware (ONLY if user chose local) ```bash python3 scripts/hardware_check.py --json +# Optional: also probe `torch` for actual CUDA/MPS: +python3 scripts/hardware_check.py --json --check-pytorch ``` -It detects OS, GPU (NVIDIA CUDA / AMD ROCm / Apple Silicon / Intel Arc), VRAM, -and unified/system RAM, then returns a verdict plus a suggested `comfy-cli` flag: +| Verdict | Meaning | Action | +|------------|---------------------------------------------------------------|--------| +| `ok` | ≥8 GB VRAM (discrete) OR ≥32 GB unified (Apple Silicon) | Local install — use `comfy_cli_flag` from report | +| `marginal` | SD1.5 works; SDXL tight; Flux/video unlikely | Local OK for light workflows, else **Path A (Cloud)** | +| `cloud` | No usable GPU, <6 GB VRAM, <16 GB Apple unified, Intel Mac, Rosetta Python | **Switch to Cloud** unless user explicitly forces local | -| Verdict | Meaning | Action | -|------------|-----------------------------------------------------------|-------------------------------------------------| -| `ok` | ≥8 GB VRAM (discrete) OR ≥32 GB unified (Apple Silicon) | Local install — use `comfy_cli_flag` from report | -| `marginal` | SD1.5 works; SDXL tight; Flux/video unlikely | Local OK for light workflows, else **Path A (Cloud)** | -| `cloud` | No usable GPU, <6 GB VRAM, <16 GB Apple unified, Intel Mac | **User chose local but their machine doesn't meet requirements** — surface the `notes` and ask if they want to switch to Cloud | +The script also surfaces `wsl: true` (WSL2 with NVIDIA passthrough) and +`rosetta: true` (x86_64 Python on Apple Silicon — must reinstall as ARM64). -Hardware thresholds the skill enforces: - -- **Discrete GPU minimum:** 6 GB VRAM. Below that, most modern models won't load. -- **Apple Silicon:** M1 or newer (ARM64). Intel Macs have no MPS backend — Cloud only. -- **Apple Silicon memory:** 16 GB unified minimum. 8 GB M1/M2 will swap/OOM on SDXL/Flux. -- **No accelerator at all:** CPU-only is listed as a comfy-cli option but a single SDXL - image takes 10+ minutes — treat it as unusable and route to Cloud. - -If verdict is `cloud` but the user explicitly wanted local, DO NOT proceed -silently. Show the `notes` array verbatim, explain which requirement they -don't meet, and ask whether they want to (a) switch to Cloud or (b) force -a local install anyway (marginal/cloud-verdict local installs will OOM or -be unusably slow on modern models). - -The report's `comfy_cli_flag` field gives you the exact flag for Step 2 below: -`--nvidia`, `--amd`, or `--m-series`. For Intel Arc, use Path E (manual install). - -Surface the `notes` array verbatim to the user so they understand why a -particular path was recommended. +If verdict is `cloud` but the user wants local, do not proceed silently. +Show the `notes` array verbatim and ask whether they want to (a) switch to +Cloud or (b) force a local install (will OOM or be unusably slow on modern models). ### Choosing an Installation Path -Use the hardware check result first. The table below is a fallback for when the user -has already told you their hardware or you need to narrow down between multiple -viable paths: +Use the hardware check first. The table below is the fallback for when the +user has already told you their hardware: | Situation | Recommended Path | -|-----------|-----------------| +|-----------|------------------| | `verdict: cloud` from hardware check | **Path A: Comfy Cloud** | -| No GPU / just want to try it | **Path A: Comfy Cloud** (zero setup) | -| Windows + NVIDIA GPU + non-technical | **Path B: ComfyUI Desktop** (one-click installer) | -| Windows + NVIDIA GPU + technical | **Path C: Portable** or **Path D: comfy-cli** | -| Linux + any GPU | **Path D: comfy-cli** (easiest) or Path E manual | -| macOS + Apple Silicon | **Path B: ComfyUI Desktop** or **Path D: comfy-cli** | -| Headless / server / CI | **Path D: comfy-cli** | +| No GPU / want to try without commitment | **Path A: Comfy Cloud** | +| Windows + NVIDIA + non-technical | **Path B: ComfyUI Desktop** | +| Windows + NVIDIA + technical | **Path C: Portable** or **Path D: comfy-cli** | +| Linux + any GPU | **Path D: comfy-cli** (easiest) | +| macOS + Apple Silicon | **Path B: Desktop** or **Path D: comfy-cli** | +| Headless / server / CI / agents | **Path D: comfy-cli** | -For the fully automated path (hardware check → install → launch), just run: +For the fully automated path (hardware check → install → launch → verify): ```bash bash scripts/comfyui_setup.sh +# Or with overrides: +bash scripts/comfyui_setup.sh --m-series --port=8190 --workspace=/data/comfy ``` -It runs `hardware_check.py` internally, refuses to install locally when the verdict -is `cloud`, picks the right `comfy-cli` flag otherwise, then installs and launches. +It runs `hardware_check.py` internally, refuses to install locally when the +verdict is `cloud` (unless `--force-cloud-override`), picks the right +`comfy-cli` flag, and prefers `pipx`/`uvx` over global `pip` to avoid polluting +system Python. --- ### Path A: Comfy Cloud (No Local Install) -For users without a capable GPU or who want zero setup. -Powered by RTX 6000 Pro GPUs, all models pre-installed. +For users without a capable GPU or who want zero setup. Hosted on RTX 6000 Pro. **Docs:** https://docs.comfy.org/get_started/cloud -1. Go to https://comfy.org/cloud and sign up -2. Get an API key at https://platform.comfy.org/login - - Click `+ New` in API Keys section → Generate - - Save immediately (only visible once) +1. Sign up at https://comfy.org/cloud +2. Generate an API key at https://platform.comfy.org/login 3. Set the key: ```bash export COMFY_CLOUD_API_KEY="comfyui-xxxxxxxxxxxx" ``` -4. Run workflows via the script or web UI: +4. Run workflows: ```bash python3 scripts/run_workflow.py \ - --workflow workflow_api.json \ - --args '{"prompt": "a cat"}' \ + --workflow workflows/flux_dev_txt2img.json \ + --args '{"prompt": "..."}' \ --host https://cloud.comfy.org \ - --api-key "$COMFY_CLOUD_API_KEY" \ --output-dir ./outputs ``` **Pricing:** https://www.comfy.org/cloud/pricing -Subscription required. Concurrent limits: Free/Standard: 1 job, Creator: 3, Pro: 5. +**Concurrent jobs:** Free/Standard 1, Creator 3, Pro 5. Free tier +**cannot run workflows via API** — only browse models. Paid subscription +required for `/api/prompt`, `/api/upload/*`, `/api/view`, etc. --- -### Path B: ComfyUI Desktop (Windows/macOS) +### Path B: ComfyUI Desktop (Windows / macOS) One-click installer for non-technical users. Currently Beta. **Docs:** https://docs.comfy.org/installation/desktop - - **Windows (NVIDIA):** https://download.comfy.org/windows/nsis/x64 -- **macOS (Apple Silicon):** Available from https://comfy.org (download page) +- **macOS (Apple Silicon):** https://comfy.org -Steps: -1. Download and run installer -2. Select GPU type (NVIDIA recommended, or CPU mode) -3. Choose install location (SSD recommended, ~15GB needed) -4. Optionally migrate from existing ComfyUI Portable install -5. Desktop launches automatically — web UI opens in browser - -Desktop manages its own Python environment. For CLI access to the bundled env: -```bash -cd /ComfyUI -.venv/Scripts/activate # Windows -# or use the built-in terminal in the Desktop UI -``` - -**Limitations:** Desktop uses stable releases (may lag behind latest). -Linux not supported for Desktop — use comfy-cli or manual install. +Linux is **not supported** for Desktop — use Path D. --- ### Path C: ComfyUI Portable (Windows Only) -Standalone package with embedded Python. Extract and run. No install. - **Docs:** https://docs.comfy.org/installation/comfyui_portable_windows -1. Download from https://github.com/comfyanonymous/ComfyUI/releases - - Standard: Python 3.13 + CUDA 13.0 (modern NVIDIA GPUs) - - Alt: PyTorch CUDA 12.6 + Python 3.12 (NVIDIA 10 series and older) - - AMD (experimental) -2. Extract with 7-Zip -3. Run `run_nvidia_gpu.bat` (or `run_cpu.bat`) -4. Wait for "To see the GUI go to: http://127.0.0.1:8188" - -Update: run `update/update_comfyui.bat` (latest commit) or -`update/update_comfyui_stable.bat` (latest stable release). +Download from https://github.com/comfyanonymous/ComfyUI/releases, extract, +run `run_nvidia_gpu.bat`. Update via `update/update_comfyui_stable.bat`. --- @@ -360,22 +366,19 @@ Update: run `update/update_comfyui.bat` (latest commit) or The official CLI is the best path for headless/automated setups. **Docs:** https://docs.comfy.org/comfy-cli/getting-started -**Repo:** https://github.com/Comfy-Org/comfy-cli - -#### Prerequisites -- Python 3.10+ (3.13 recommended) -- pip (or conda/uv) -- GPU drivers installed (CUDA for NVIDIA, ROCm for AMD) #### Install comfy-cli ```bash -pip install comfy-cli -# or +# Recommended: +pipx install comfy-cli +# Or use uvx without installing: uvx --from comfy-cli comfy --help +# Or (if pipx/uvx unavailable): +pip install --user comfy-cli ``` -Disable analytics (avoids interactive prompt): +Disable analytics non-interactively: ```bash comfy --skip-prompt tracking disable ``` @@ -383,270 +386,225 @@ comfy --skip-prompt tracking disable #### Install ComfyUI ```bash -# Interactive (prompts for GPU type) -comfy install - -# Non-interactive variants: comfy --skip-prompt install --nvidia # NVIDIA (CUDA) comfy --skip-prompt install --amd # AMD (ROCm, Linux) comfy --skip-prompt install --m-series # Apple Silicon (MPS) comfy --skip-prompt install --cpu # CPU only (slow) - -# With faster dependency resolution: -comfy --skip-prompt install --nvidia --fast-deps +comfy --skip-prompt install --nvidia --fast-deps # uv-based dep resolution ``` -Default location: `~/comfy/ComfyUI` (Linux), `~/Documents/comfy/ComfyUI` (macOS/Win). -Override with: `comfy --workspace /custom/path install` +Default location: `~/comfy/ComfyUI` (Linux), `~/Documents/comfy/ComfyUI` +(macOS/Win). Override with `comfy --workspace /custom/path install`. -#### Launch Server +#### Launch / verify ```bash -comfy launch --background # background daemon on :8188 -comfy launch # foreground (see logs) -comfy launch -- --listen 0.0.0.0 # accessible on LAN -comfy launch -- --port 8190 # custom port -comfy launch -- --lowvram # low VRAM mode (6GB cards) -``` - -Verify server is running: -```bash -curl -s http://127.0.0.1:8188/system_stats | python3 -m json.tool -``` - -Stop background server: -```bash -comfy stop +comfy launch --background # background daemon on :8188 +comfy launch -- --listen 0.0.0.0 --port 8190 # LAN-accessible custom port +curl -s http://127.0.0.1:8188/system_stats # health check ``` --- -### Path E: Manual Install (Advanced / All Hardware) +### Path E: Manual Install (Advanced / Unsupported Hardware) -For full control or unsupported hardware (Ascend NPU, Cambricon MLU, Intel Arc). +For Ascend NPU, Cambricon MLU, Intel Arc, or other unsupported hardware. **Docs:** https://docs.comfy.org/installation/manual_install -**GitHub:** https://github.com/comfyanonymous/ComfyUI ```bash -# 1. Create environment -conda create -n comfyenv python=3.13 -conda activate comfyenv - -# 2. Clone git clone https://github.com/comfyanonymous/ComfyUI.git cd ComfyUI - -# 3. Install PyTorch (pick your hardware) -# NVIDIA: pip install torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cu130 -# AMD (ROCm 6.4): -pip install torch torchvision torchaudio --index-url https://download.pytorch.org/whl/rocm6.4 -# Apple Silicon: -pip install --pre torch torchvision torchaudio --index-url https://download.pytorch.org/whl/nightly/cpu -# Intel Arc: -pip install torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/xpu -# CPU only: -pip install torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cpu - -# 4. Install ComfyUI deps pip install -r requirements.txt - -# 5. Run python main.py -# With options: python main.py --listen 0.0.0.0 --port 8188 ``` --- ### Post-Install: Download Models -ComfyUI needs at least one checkpoint model to generate images. - -**Using comfy-cli:** ```bash -# SDXL (general purpose, ~6.5GB) +# SDXL (general purpose, ~6.5 GB) comfy model download \ --url "https://huggingface.co/stabilityai/stable-diffusion-xl-base-1.0/resolve/main/sd_xl_base_1.0.safetensors" \ --relative-path models/checkpoints -# SD 1.5 (lighter, ~4GB, good for low VRAM) +# SD 1.5 (lighter, ~4 GB, good for 6 GB cards) comfy model download \ --url "https://huggingface.co/stable-diffusion-v1-5/stable-diffusion-v1-5/resolve/main/v1-5-pruned-emaonly.safetensors" \ --relative-path models/checkpoints -# From CivitAI (may need API token): +# Flux Dev fp8 (smaller variant, ~12 GB) +comfy model download \ + --url "https://huggingface.co/Comfy-Org/flux1-dev/resolve/main/flux1-dev-fp8.safetensors" \ + --relative-path models/checkpoints + +# CivitAI (set token first): comfy model download \ --url "https://civitai.com/api/download/models/128713" \ --relative-path models/checkpoints \ --set-civitai-api-token "YOUR_TOKEN" - -# LoRA adapters: -comfy model download --url "" --relative-path models/loras ``` -**Manual download:** Place `.safetensors` / `.ckpt` files directly into the -`ComfyUI/models/checkpoints/` directory (or `loras/`, `vae/`, etc.). - -List installed models: -```bash -comfy model list -``` - ---- +List installed: `comfy model list`. ### Post-Install: Install Custom Nodes -Custom nodes extend ComfyUI's capabilities (upscaling, video, ControlNet, etc.). - ```bash -comfy node install comfyui-impact-pack # popular utility pack -comfy node install comfyui-animatediff-evolved # video generation -comfy node install comfyui-controlnet-aux # ControlNet preprocessors -comfy node install comfyui-essentials # common helpers -comfy node update all # update all nodes +comfy node install comfyui-impact-pack # popular utility pack +comfy node install comfyui-animatediff-evolved # video generation +comfy node install comfyui-controlnet-aux # ControlNet preprocessors +comfy node install comfyui-essentials # common helpers +comfy node update all +comfy node install-deps --workflow=workflow.json # install everything a workflow needs ``` -Check what's installed: -```bash -comfy node show installed -``` - -Install deps for a specific workflow: -```bash -comfy node install-deps --workflow=workflow_api.json -``` - ---- - -### Post-Install: Verify Setup +### Post-Install: Verify ```bash -# Check server is responsive -curl -s http://127.0.0.1:8188/system_stats | python3 -m json.tool +python3 scripts/health_check.py +# → comfy_cli on PATH? server reachable? checkpoints? smoke test? -# Check a workflow's dependencies -python3 scripts/check_deps.py workflow_api.json --host 127.0.0.1 --port 8188 +python3 scripts/check_deps.py my_workflow.json +# → are this workflow's nodes/models/embeddings installed? -# Test a generation python3 scripts/run_workflow.py \ - --workflow workflow_api.json \ - --args '{"prompt": "test image, high quality"}' \ + --workflow workflows/sd15_txt2img.json \ + --args '{"prompt": "test", "steps": 4}' \ --output-dir ./test-outputs ``` ## Image Upload (img2img / Inpainting) -Upload files directly via REST: +The simplest way is to use `--input-image` with `run_workflow.py`: ```bash -# Upload input image +python3 scripts/run_workflow.py \ + --workflow workflows/sdxl_img2img.json \ + --input-image image=./photo.png \ + --args '{"prompt": "make it cyberpunk", "denoise": 0.6}' +``` + +The flag uploads `photo.png`, then injects its server-side filename into +whatever schema parameter is named `image`. For inpainting, pass both: + +```bash +python3 scripts/run_workflow.py \ + --workflow workflows/sdxl_inpaint.json \ + --input-image image=./photo.png \ + --input-image mask_image=./mask.png \ + --args '{"prompt": "fill with flowers"}' +``` + +Manual upload via REST: +```bash curl -X POST "http://127.0.0.1:8188/upload/image" \ -F "image=@photo.png" -F "type=input" -F "overwrite=true" # Returns: {"name": "photo.png", "subfolder": "", "type": "input"} -# Upload mask for inpainting -curl -X POST "http://127.0.0.1:8188/upload/mask" \ - -F "image=@mask.png" -F "type=input" \ - -F 'original_ref={"filename":"photo.png","subfolder":"","type":"input"}' -``` - -Then reference the uploaded filename in workflow args: -```bash -python3 scripts/run_workflow.py --workflow inpaint.json \ - --args '{"image": "photo.png", "mask": "mask.png", "prompt": "fill with flowers"}' -``` - -## Cloud Execution - -Base URL: `https://cloud.comfy.org` -Auth: `X-API-Key` header - -```bash -# Submit workflow -python3 scripts/run_workflow.py \ - --workflow workflow_api.json \ - --args '{"prompt": "cyberpunk city"}' \ - --host https://cloud.comfy.org \ - --api-key "$COMFY_CLOUD_API_KEY" \ - --output-dir ./outputs \ - --timeout 300 - -# Upload image for cloud workflows +# Cloud equivalent: curl -X POST "https://cloud.comfy.org/api/upload/image" \ -H "X-API-Key: $COMFY_CLOUD_API_KEY" \ - -F "image=@input.png" -F "type=input" -F "overwrite=true" + -F "image=@photo.png" -F "type=input" -F "overwrite=true" ``` -Concurrent job limits: -| Tier | Concurrent Jobs | -|------|----------------| -| Free/Standard | 1 | -| Creator | 3 | -| Pro | 5 | +## Cloud Specifics -Extra submissions queue automatically. +- **Base URL:** `https://cloud.comfy.org` +- **Auth:** `X-API-Key` header (or `?token=KEY` for WebSocket) +- **API key:** set `$COMFY_CLOUD_API_KEY` once and the scripts pick it up automatically +- **Output download:** `/api/view` returns a 302 to a signed URL; the scripts + follow it and strip `X-API-Key` before fetching from the storage backend + (don't leak the API key to S3/CloudFront). +- **Endpoint differences from local ComfyUI:** + - `/api/object_info`, `/api/queue`, `/api/userdata` — **403 on free tier**; + paid only. + - `/history` is renamed to `/history_v2` on cloud (the scripts route + automatically). + - `/models/` is renamed to `/experiment/models/` on cloud + (the scripts route automatically). + - `clientId` in WebSocket is currently ignored — all connections for a + user receive the same broadcast. Filter by `prompt_id` client-side. + - `subfolder` is accepted on uploads but ignored — cloud has a flat namespace. +- **Concurrent jobs:** Free/Standard: 1, Creator: 3, Pro: 5. Extras queue + automatically. Use `run_batch.py --parallel N` to saturate your tier. ## Queue & System Management ```bash -# Check queue +# Local curl -s http://127.0.0.1:8188/queue | python3 -m json.tool - -# Clear pending queue -curl -X POST http://127.0.0.1:8188/queue -d '{"clear": true}' - -# Cancel running job -curl -X POST http://127.0.0.1:8188/interrupt - -# Free GPU memory (unload all models) -curl -X POST http://127.0.0.1:8188/free -H "Content-Type: application/json" \ +curl -X POST http://127.0.0.1:8188/queue -d '{"clear": true}' # cancel pending +curl -X POST http://127.0.0.1:8188/interrupt # cancel running +curl -X POST http://127.0.0.1:8188/free \ + -H "Content-Type: application/json" \ -d '{"unload_models": true, "free_memory": true}' -# System stats (VRAM, RAM, GPU info) -curl -s http://127.0.0.1:8188/system_stats | python3 -m json.tool +# Cloud — same paths under /api/, plus: +python3 scripts/fetch_logs.py --tail-queue --host https://cloud.comfy.org ``` ## Pitfalls -1. **API format required** — `comfy run` and the scripts only accept API-format workflow JSON. - If the user has editor format (from "Save" not "Save (API Format)"), they need to - re-export. Check: API format has `class_type` in each node object, editor format has - top-level `nodes` and `links` arrays. +1. **API format required** — every script and the `/api/prompt` endpoint expect + API-format workflow JSON. The scripts detect editor format (top-level + `nodes` and `links` arrays) and tell you to re-export via + "Workflow → Export (API)" (newer UI) or "Save (API Format)" (older UI). -2. **Server must be running** — All execution requires a live server. `comfy launch --background` - starts one. Check with `curl http://127.0.0.1:8188/system_stats`. +2. **Server must be running** — all execution requires a live server. + `comfy launch --background` starts one. Verify with + `curl http://127.0.0.1:8188/system_stats`. -3. **Model names are exact** — Case-sensitive, includes file extension. Use +3. **Model names are exact** — case-sensitive, includes file extension. + `check_deps.py` does fuzzy matching (with/without extension and folder + prefix), but the workflow itself must use the canonical name. Use `comfy model list` to discover what's installed. -4. **Missing custom nodes** — "class_type not found" means a required node isn't installed. - Run `check_deps.py` to find what's missing, then `comfy node install `. +4. **Missing custom nodes** — "class_type not found" means a required node + isn't installed. `check_deps.py` reports which package to install; + `auto_fix_deps.py` runs the install for you. -5. **Working directory** — `comfy-cli` auto-detects the ComfyUI workspace. If commands - fail with "no workspace found", use `comfy --workspace /path/to/ComfyUI ` - or `comfy set-default /path/to/ComfyUI`. +5. **Working directory** — `comfy-cli` auto-detects the ComfyUI workspace. + If commands fail with "no workspace found", use + `comfy --workspace /path/to/ComfyUI ` or + `comfy set-default /path/to/ComfyUI`. -6. **Cloud vs local output download** — Cloud `/api/view` returns a 302 redirect to a - signed URL. Always follow redirects (`curl -L`). The `run_workflow.py` script handles - this automatically. +6. **Cloud free-tier API limits** — `/api/prompt`, `/api/view`, `/api/upload/*`, + `/api/object_info` all return 403 on free accounts. `health_check.py` and + `check_deps.py` handle this gracefully and surface a clear message. -7. **Timeout for video/audio** — Long generations (video, high step counts) can take - minutes. Pass `--timeout 600` to `run_workflow.py`. Default is 120 seconds. +7. **Timeout for video/audio workflows** — auto-detected when an output node + is `VHS_VideoCombine`, `SaveVideo`, etc.; the default jumps from 300 s to + 900 s. Override explicitly with `--timeout 1800`. -8. **tracking prompt** — First run of `comfy` may prompt for analytics tracking consent. - Use `comfy --skip-prompt tracking disable` to skip it non-interactively. +8. **Path traversal in output filenames** — server-supplied filenames are + passed through `safe_path_join` to refuse anything escaping `--output-dir`. + Keep this protection on — workflows with custom save nodes can produce + arbitrary paths. -9. **comfy-cli invocation via uvx** — If comfy-cli is not installed globally, invoke with - `uvx --from comfy-cli comfy `. All examples in this skill use bare `comfy` - but prepend `uvx --from comfy-cli` if needed. +9. **Workflow JSON is arbitrary code** — custom nodes run Python, so + submitting an unknown workflow has the same trust profile as `eval`. + Inspect workflows from untrusted sources before running. + +10. **Auto-randomized seed** — pass `seed: -1` in `--args` (or use + `--randomize-seed` and omit the seed) to get a fresh seed per run. + The actual seed is logged to stderr. + +11. **`tracking` prompt** — first run of `comfy` may prompt for analytics. + Use `comfy --skip-prompt tracking disable` to skip non-interactively. + `comfyui_setup.sh` does this for you. ## Verification Checklist +Use `python3 scripts/health_check.py` to run the whole list at once. Manual: + - [ ] `hardware_check.py` verdict is `ok` OR the user explicitly chose Comfy Cloud -- [ ] `comfy` available on PATH (or `uvx --from comfy-cli comfy --help` works) -- [ ] `curl http://127.0.0.1:8188/system_stats` returns JSON -- [ ] `comfy model list` shows at least one checkpoint -- [ ] Workflow JSON is in API format (has `class_type` keys) -- [ ] `check_deps.py` reports no missing nodes/models -- [ ] Test run completes and outputs are saved +- [ ] `comfy --version` works (or `uvx --from comfy-cli comfy --help`) +- [ ] `curl http://HOST:PORT/system_stats` returns JSON +- [ ] `comfy model list` shows at least one checkpoint (local) OR + `/api/experiment/models/checkpoints` returns models (cloud) +- [ ] Workflow JSON is in API format +- [ ] `check_deps.py` reports `is_ready: true` (or only `node_check_skipped` + on cloud free tier) +- [ ] Test run with a small workflow completes; outputs land in `--output-dir` diff --git a/website/docs/user-guide/skills/bundled/devops/devops-kanban-orchestrator.md b/website/docs/user-guide/skills/bundled/devops/devops-kanban-orchestrator.md new file mode 100644 index 00000000000..22f4c416aa3 --- /dev/null +++ b/website/docs/user-guide/skills/bundled/devops/devops-kanban-orchestrator.md @@ -0,0 +1,170 @@ +--- +title: "Kanban Orchestrator" +sidebar_label: "Kanban Orchestrator" +description: "Decomposition playbook + specialist-roster conventions + anti-temptation rules for an orchestrator profile routing work through Kanban" +--- + +{/* This page is auto-generated from the skill's SKILL.md by website/scripts/generate-skill-docs.py. Edit the source SKILL.md, not this page. */} + +# Kanban Orchestrator + +Decomposition playbook + specialist-roster conventions + anti-temptation rules for an orchestrator profile routing work through Kanban. The "don't do the work yourself" rule and the basic lifecycle are auto-injected into every kanban worker's system prompt; this skill is the deeper playbook when you're specifically playing the orchestrator role. + +## Skill metadata + +| | | +|---|---| +| Source | Bundled (installed by default) | +| Path | `skills/devops/kanban-orchestrator` | +| Version | `2.0.0` | +| Tags | `kanban`, `multi-agent`, `orchestration`, `routing` | +| Related skills | [`kanban-worker`](/docs/user-guide/skills/bundled/devops/devops-kanban-worker) | + +## Reference: full SKILL.md + +:::info +The following is the complete skill definition that Hermes loads when this skill is triggered. This is what the agent sees as instructions when the skill is active. +::: + +# Kanban Orchestrator — Decomposition Playbook + +> The **core worker lifecycle** (including the `kanban_create` fan-out pattern and the "decompose, don't execute" rule) is auto-injected into every kanban process via the `KANBAN_GUIDANCE` system-prompt block. This skill is the deeper playbook when you're an orchestrator profile whose whole job is routing. + +## When to use the board (vs. just doing the work) + +Create Kanban tasks when any of these are true: + +1. **Multiple specialists are needed.** Research + analysis + writing is three profiles. +2. **The work should survive a crash or restart.** Long-running, recurring, or important. +3. **The user might want to interject.** Human-in-the-loop at any step. +4. **Multiple subtasks can run in parallel.** Fan-out for speed. +5. **Review / iteration is expected.** A reviewer profile loops on drafter output. +6. **The audit trail matters.** Board rows persist in SQLite forever. + +If *none* of those apply — it's a small one-shot reasoning task — use `delegate_task` instead or answer the user directly. + +## The anti-temptation rules + +Your job description says "route, don't execute." The rules that enforce that: + +- **Do not execute the work yourself.** Your restricted toolset usually doesn't even include terminal/file/code/web for implementation. If you find yourself "just fixing this quickly" — stop and create a task for the right specialist. +- **For any concrete task, create a Kanban task and assign it.** Every single time. +- **If no specialist fits, ask the user which profile to create.** Do not default to doing it yourself under "close enough." +- **Decompose, route, and summarize — that's the whole job.** + +## The standard specialist roster (convention) + +Unless the user's setup has customized profiles, assume these exist. Adjust to whatever the user actually has — ask if you're unsure. + +| Profile | Does | Typical workspace | +|---|---|---| +| `researcher` | Reads sources, gathers facts, writes findings | `scratch` | +| `analyst` | Synthesizes, ranks, de-dupes. Consumes multiple `researcher` outputs | `scratch` | +| `writer` | Drafts prose in the user's voice | `scratch` or `dir:` into their Obsidian vault | +| `reviewer` | Reads output, leaves findings, gates approval | `scratch` | +| `backend-eng` | Writes server-side code | `worktree` | +| `frontend-eng` | Writes client-side code | `worktree` | +| `ops` | Runs scripts, manages services, handles deployments | `dir:` into ops scripts repo | +| `pm` | Writes specs, acceptance criteria | `scratch` | + +## Decomposition playbook + +### Step 1 — Understand the goal + +Ask clarifying questions if the goal is ambiguous. Cheap to ask; expensive to spawn the wrong fleet. + +### Step 2 — Sketch the task graph + +Before creating anything, draft the graph out loud (in your response to the user). Example for "Analyze whether we should migrate to Postgres": + +``` +T1 researcher research: Postgres cost vs current +T2 researcher research: Postgres performance vs current +T3 analyst synthesize migration recommendation parents: T1, T2 +T4 writer draft decision memo parents: T3 +``` + +Show this to the user. Let them correct it before you create anything. + +### Step 3 — Create tasks and link + +```python +t1 = kanban_create( + title="research: Postgres cost vs current", + assignee="researcher", + body="Compare estimated infrastructure costs, migration costs, and ongoing ops costs over a 3-year window. Sources: AWS/GCP pricing, team time estimates, current Postgres bills from peers.", + tenant=os.environ.get("HERMES_TENANT"), +)["task_id"] + +t2 = kanban_create( + title="research: Postgres performance vs current", + assignee="researcher", + body="Compare query latency, throughput, and scaling characteristics at our expected data volume (~500GB, 10k QPS peak). Sources: benchmark papers, public case studies, pgbench results if easy.", +)["task_id"] + +t3 = kanban_create( + title="synthesize migration recommendation", + assignee="analyst", + body="Read the findings from T1 (cost) and T2 (performance). Produce a 1-page recommendation with explicit trade-offs and a go/no-go call.", + parents=[t1, t2], +)["task_id"] + +t4 = kanban_create( + title="draft decision memo", + assignee="writer", + body="Turn the analyst's recommendation into a 2-page memo for the CTO. Match the tone of previous decision memos in the team's knowledge base.", + parents=[t3], +)["task_id"] +``` + +`parents=[...]` gates promotion — children stay in `todo` until every parent reaches `done`, then auto-promote to `ready`. No manual coordination needed; the dispatcher and dependency engine handle it. + +### Step 4 — Complete your own task + +If you were spawned as a task yourself (e.g. `planner` profile was assigned `T0: "investigate Postgres migration"`), mark it done with a summary of what you created: + +```python +kanban_complete( + summary="decomposed into T1-T4: 2 researchers parallel, 1 analyst on their outputs, 1 writer on the recommendation", + metadata={ + "task_graph": { + "T1": {"assignee": "researcher", "parents": []}, + "T2": {"assignee": "researcher", "parents": []}, + "T3": {"assignee": "analyst", "parents": ["T1", "T2"]}, + "T4": {"assignee": "writer", "parents": ["T3"]}, + }, + }, +) +``` + +### Step 5 — Report back to the user + +Tell them what you created in plain prose: + +> I've queued 4 tasks: +> - **T1** (researcher): cost comparison +> - **T2** (researcher): performance comparison, in parallel with T1 +> - **T3** (analyst): synthesizes T1 + T2 into a recommendation +> - **T4** (writer): turns T3 into a CTO memo +> +> The dispatcher will pick up T1 and T2 now. T3 starts when both finish. You'll get a gateway ping when T4 completes. Use the dashboard or `hermes kanban tail ` to follow along. + +## Common patterns + +**Fan-out + fan-in (research → synthesize):** N `researcher` tasks with no parents, one `analyst` task with all of them as parents. + +**Pipeline with gates:** `pm → backend-eng → reviewer`. Each stage's `parents=[previous_task]`. Reviewer blocks or completes; if reviewer blocks, the operator unblocks with feedback and respawns. + +**Same-profile queue:** 50 tasks, all assigned to `translator`, no dependencies between them. Dispatcher serializes — translator processes them in priority order, accumulating experience in their own memory. + +**Human-in-the-loop:** Any task can `kanban_block()` to wait for input. Dispatcher respawns after `/unblock`. The comment thread carries the full context. + +## Pitfalls + +**Reassignment vs. new task.** If a reviewer blocks with "needs changes," create a NEW task linked from the reviewer's task — don't re-run the same task with a stern look. The new task is assigned to the original implementer profile. + +**Argument order for links.** `kanban_link(parent_id=..., child_id=...)` — parent first. Mixing them up demotes the wrong task to `todo`. + +**Don't pre-create the whole graph if the shape depends on intermediate findings.** If T3's structure depends on what T1 and T2 find, let T3 exist as a "synthesize findings" task whose own first step is to read parent handoffs and plan the rest. Orchestrators can spawn orchestrators. + +**Tenant inheritance.** If `HERMES_TENANT` is set in your env, pass `tenant=os.environ.get("HERMES_TENANT")` on every `kanban_create` call so child tasks stay in the same namespace. diff --git a/website/docs/user-guide/skills/bundled/devops/devops-kanban-worker.md b/website/docs/user-guide/skills/bundled/devops/devops-kanban-worker.md new file mode 100644 index 00000000000..3f7565ebf40 --- /dev/null +++ b/website/docs/user-guide/skills/bundled/devops/devops-kanban-worker.md @@ -0,0 +1,152 @@ +--- +title: "Kanban Worker — Pitfalls, examples, and edge cases for Hermes Kanban workers" +sidebar_label: "Kanban Worker" +description: "Pitfalls, examples, and edge cases for Hermes Kanban workers" +--- + +{/* This page is auto-generated from the skill's SKILL.md by website/scripts/generate-skill-docs.py. Edit the source SKILL.md, not this page. */} + +# Kanban Worker + +Pitfalls, examples, and edge cases for Hermes Kanban workers. The lifecycle itself is auto-injected into every worker's system prompt as KANBAN_GUIDANCE (from agent/prompt_builder.py); this skill is what you load when you want deeper detail on specific scenarios. + +## Skill metadata + +| | | +|---|---| +| Source | Bundled (installed by default) | +| Path | `skills/devops/kanban-worker` | +| Version | `2.0.0` | +| Tags | `kanban`, `multi-agent`, `collaboration`, `workflow`, `pitfalls` | +| Related skills | [`kanban-orchestrator`](/docs/user-guide/skills/bundled/devops/devops-kanban-orchestrator) | + +## Reference: full SKILL.md + +:::info +The following is the complete skill definition that Hermes loads when this skill is triggered. This is what the agent sees as instructions when the skill is active. +::: + +# Kanban Worker — Pitfalls and Examples + +> You're seeing this skill because the Hermes Kanban dispatcher spawned you as a worker with `--skills kanban-worker` — it's loaded automatically for every dispatched worker. The **lifecycle** (6 steps: orient → work → heartbeat → block/complete) also lives in the `KANBAN_GUIDANCE` block that's auto-injected into your system prompt. This skill is the deeper detail: good handoff shapes, retry diagnostics, edge cases. + +## Workspace handling + +Your workspace kind determines how you should behave inside `$HERMES_KANBAN_WORKSPACE`: + +| Kind | What it is | How to work | +|---|---|---| +| `scratch` | Fresh tmp dir, yours alone | Read/write freely; it gets GC'd when the task is archived. | +| `dir:` | Shared persistent directory | Other runs will read what you write. Treat it like long-lived state. Path is guaranteed absolute (the kernel rejects relative paths). | +| `worktree` | Git worktree at the resolved path | If `.git` doesn't exist, run `git worktree add ` from the main repo first, then cd and work normally. Commit work here. | + +## Tenant isolation + +If `$HERMES_TENANT` is set, the task belongs to a tenant namespace. When reading or writing persistent memory, prefix memory entries with the tenant so context doesn't leak across tenants: + +- Good: `business-a: Acme is our biggest customer` +- Bad (leaks): `Acme is our biggest customer` + +## Good summary + metadata shapes + +The `kanban_complete(summary=..., metadata=...)` handoff is how downstream workers read what you did. Patterns that work: + +**Coding task:** +```python +kanban_complete( + summary="shipped rate limiter — token bucket, keys on user_id with IP fallback, 14 tests pass", + metadata={ + "changed_files": ["rate_limiter.py", "tests/test_rate_limiter.py"], + "tests_run": 14, + "tests_passed": 14, + "decisions": ["user_id primary, IP fallback for unauthenticated requests"], + }, +) +``` + +**Research task:** +```python +kanban_complete( + summary="3 competing libraries reviewed; vLLM wins on throughput, SGLang on latency, Tensorrt-LLM on memory efficiency", + metadata={ + "sources_read": 12, + "recommendation": "vLLM", + "benchmarks": {"vllm": 1.0, "sglang": 0.87, "trtllm": 0.72}, + }, +) +``` + +**Review task:** +```python +kanban_complete( + summary="reviewed PR #123; 2 blocking issues found (SQL injection in /search, missing CSRF on /settings)", + metadata={ + "pr_number": 123, + "findings": [ + {"severity": "critical", "file": "api/search.py", "line": 42, "issue": "raw SQL concat"}, + {"severity": "high", "file": "api/settings.py", "issue": "missing CSRF middleware"}, + ], + "approved": False, + }, +) +``` + +Shape `metadata` so downstream parsers (reviewers, aggregators, schedulers) can use it without re-reading your prose. + +## Block reasons that get answered fast + +Bad: `"stuck"` — the human has no context. + +Good: one sentence naming the specific decision you need. Leave longer context as a comment instead. + +```python +kanban_comment( + task_id=os.environ["HERMES_KANBAN_TASK"], + body="Full context: I have user IPs from Cloudflare headers but some users are behind NATs with thousands of peers. Keying on IP alone causes false positives.", +) +kanban_block(reason="Rate limit key choice: IP (simple, NAT-unsafe) or user_id (requires auth, skips anonymous endpoints)?") +``` + +The block message is what appears in the dashboard / gateway notifier. The comment is the deeper context a human reads when they open the task. + +## Heartbeats worth sending + +Good heartbeats name progress: `"epoch 12/50, loss 0.31"`, `"scanned 1.2M/2.4M rows"`, `"uploaded 47/120 videos"`. + +Bad heartbeats: `"still working"`, empty notes, sub-second intervals. Every few minutes max; skip entirely for tasks under ~2 minutes. + +## Retry scenarios + +If you open the task and `kanban_show` returns `runs: [...]` with one or more closed runs, you're a retry. The prior runs' `outcome` / `summary` / `error` tell you what didn't work. Don't repeat that path. Typical retry diagnostics: + +- `outcome: "timed_out"` — the previous attempt hit `max_runtime_seconds`. You may need to chunk the work or shorten it. +- `outcome: "crashed"` — OOM or segfault. Reduce memory footprint. +- `outcome: "spawn_failed"` + `error: "..."` — usually a profile config issue (missing credential, bad PATH). Ask the human via `kanban_block` instead of retrying blindly. +- `outcome: "reclaimed"` + `summary: "task archived..."` — operator archived the task out from under the previous run; you probably shouldn't be running at all, check status carefully. +- `outcome: "blocked"` — a previous attempt blocked; the unblock comment should be in the thread by now. + +## Do NOT + +- Call `delegate_task` as a substitute for `kanban_create`. `delegate_task` is for short reasoning subtasks inside YOUR run; `kanban_create` is for cross-agent handoffs that outlive one API loop. +- Modify files outside `$HERMES_KANBAN_WORKSPACE` unless the task body says to. +- Create follow-up tasks assigned to yourself — assign to the right specialist. +- Complete a task you didn't actually finish. Block it instead. + +## Pitfalls + +**Task state can change between dispatch and your startup.** Between when the dispatcher claimed and when your process actually booted, the task may have been blocked, reassigned, or archived. Always `kanban_show` first. If it reports `blocked` or `archived`, stop — you shouldn't be running. + +**Workspace may have stale artifacts.** Especially `dir:` and `worktree` workspaces can have files from previous runs. Read the comment thread — it usually explains why you're running again and what state the workspace is in. + +**Don't rely on the CLI when the guidance is available.** The `kanban_*` tools work across all terminal backends (Docker, Modal, SSH). `hermes kanban ` from your terminal tool will fail in containerized backends because the CLI isn't installed there. When in doubt, use the tool. + +## CLI fallback (for scripting) + +Every tool has a CLI equivalent for human operators and scripts: +- `kanban_show` ↔ `hermes kanban show --json` +- `kanban_complete` ↔ `hermes kanban complete --summary "..." --metadata '{...}'` +- `kanban_block` ↔ `hermes kanban block "reason"` +- `kanban_create` ↔ `hermes kanban create "title" --assignee [--parent ]` +- etc. + +Use the tools from inside an agent; the CLI exists for the human at the terminal. diff --git a/website/docs/user-guide/skills/optional/productivity/productivity-here-now.md b/website/docs/user-guide/skills/optional/productivity/productivity-here-now.md new file mode 100644 index 00000000000..3a11925965b --- /dev/null +++ b/website/docs/user-guide/skills/optional/productivity/productivity-here-now.md @@ -0,0 +1,231 @@ +--- +title: "Here.Now — Publish static sites to {slug}" +sidebar_label: "Here.Now" +description: "Publish static sites to {slug}" +--- + +{/* This page is auto-generated from the skill's SKILL.md by website/scripts/generate-skill-docs.py. Edit the source SKILL.md, not this page. */} + +# Here.Now + +Publish static sites to {slug}.here.now and store private files in cloud Drives for agent-to-agent handoff. + +## Skill metadata + +| | | +|---|---| +| Source | Optional — install with `hermes skills install official/productivity/here-now` | +| Path | `optional-skills/productivity/here-now` | +| Version | `1.15.3` | +| Author | here.now | +| License | MIT | +| Platforms | macos, linux | +| Tags | `here.now`, `herenow`, `publish`, `deploy`, `hosting`, `static-site`, `web`, `share`, `URL`, `drive`, `storage` | + +## Reference: full SKILL.md + +:::info +The following is the complete skill definition that Hermes loads when this skill is triggered. This is what the agent sees as instructions when the skill is active. +::: + +# here.now + +here.now lets agents publish websites and store private files in cloud Drives. + +Use here.now for two jobs: + +- **Sites**: publish websites and files at `{slug}.here.now`. +- **Drives**: store private agent files in cloud folders. + +## Current docs + +**Before answering questions about here.now capabilities, features, or workflows, read the current docs:** + +→ **https://here.now/docs** + +Read the docs: + +- at the first here.now-related interaction in a conversation +- any time the user asks how to do something +- any time the user asks what is possible, supported, or recommended +- before telling the user a feature is unsupported + +Topics that require current docs (do not rely on local skill text alone): + +- Drives and Drive sharing +- custom domains +- payments and payment gating +- forking +- proxy routes and service variables +- handles and links +- limits and quotas +- SPA routing +- error handling and remediation +- feature availability + +**If docs and live API behavior disagree, trust the live API behavior.** + +If the docs fetch fails or times out, continue with the local skill and live API/script output. Prefer live API behavior for active operations. + +## Requirements + +- Required binaries: `curl`, `file`, `jq` +- Optional environment variable: `$HERENOW_API_KEY` +- Optional Drive token variable: `$HERENOW_DRIVE_TOKEN` +- Optional credentials file: `~/.herenow/credentials` +- Skill helper paths: + - `${HERMES_SKILL_DIR}/scripts/publish.sh` for publishing sites + - `${HERMES_SKILL_DIR}/scripts/drive.sh` for private Drive storage + +## Create a site + +```bash +PUBLISH="${HERMES_SKILL_DIR}/scripts/publish.sh" +bash "$PUBLISH" {file-or-dir} --client hermes +``` + +Outputs the live URL (e.g. `https://bright-canvas-a7k2.here.now/`). + +Under the hood this is a three-step flow: create/update -> upload files -> finalize. A site is not live until finalize succeeds. + +Without an API key this creates an **anonymous site** that expires in 24 hours. +With a saved API key, the site is permanent. + +**File structure:** For HTML sites, place `index.html` at the root of the directory you publish, not inside a subdirectory. The directory's contents become the site root. For example, publish `my-site/` where `my-site/index.html` exists — don't publish a parent folder that contains `my-site/`. + +You can also publish raw files without any HTML. Single files get a rich auto-viewer (images, PDF, video, audio). Multiple files get an auto-generated directory listing with folder navigation and an image gallery. + +## Update an existing site + +```bash +PUBLISH="${HERMES_SKILL_DIR}/scripts/publish.sh" +bash "$PUBLISH" {file-or-dir} --slug {slug} --client hermes +``` + +The script auto-loads the `claimToken` from `.herenow/state.json` when updating anonymous sites. Pass `--claim-token {token}` to override. + +Authenticated updates require a saved API key. + +## Use a Drive + +Use a Drive when the user wants private cloud storage for agent files: documents, context, memory, plans, assets, media, research, code, and anything else that should persist without being published as a website. + +Every signed-in account has a default Drive named `My Drive`. + +```bash +DRIVE="${HERMES_SKILL_DIR}/scripts/drive.sh" +bash "$DRIVE" default +bash "$DRIVE" ls "My Drive" +bash "$DRIVE" put "My Drive" notes/today.md --from ./notes/today.md +bash "$DRIVE" cat "My Drive" notes/today.md +bash "$DRIVE" share "My Drive" --perms write --prefix notes/ --ttl 7d +``` + +Use scoped Drive tokens for agent-to-agent handoff. If you receive a `herenow_drive` share block, use its `token` as `Authorization: Bearer ` against `api_base`, respect `pathPrefix` when present, and preserve ETags on writes. A `pathPrefix` of `null` means full-Drive access. If the skill is available, prefer `drive.sh`; otherwise call the listed API operations directly. + +## API key storage + +The publish script reads the API key from these sources (first match wins): + +1. `--api-key {key}` flag (CI/scripting only — avoid in interactive use) +2. `$HERENOW_API_KEY` environment variable +3. `~/.herenow/credentials` file (recommended for agents) + +To store a key, write it to the credentials file: + +```bash +mkdir -p ~/.herenow && echo "{API_KEY}" > ~/.herenow/credentials && chmod 600 ~/.herenow/credentials +``` + +**IMPORTANT**: After receiving an API key, save it immediately — run the command above yourself. Do not ask the user to run it manually. Avoid passing the key via CLI flags (e.g. `--api-key`) in interactive sessions; the credentials file is the preferred storage method. + +Never commit credentials or local state files (`~/.herenow/credentials`, `.herenow/state.json`) to source control. + +## Getting an API key + +To upgrade from anonymous (24h) to permanent sites: + +1. Ask the user for their email address. +2. Request a one-time sign-in code: + +```bash +curl -sS https://here.now/api/auth/agent/request-code \ + -H "content-type: application/json" \ + -d '{"email": "user@example.com"}' +``` + +3. Tell the user: "Check your inbox for a sign-in code from here.now and paste it here." +4. Verify the code and get the API key: + +```bash +curl -sS https://here.now/api/auth/agent/verify-code \ + -H "content-type: application/json" \ + -d '{"email":"user@example.com","code":"ABCD-2345"}' +``` + +5. Save the returned `apiKey` yourself (do not ask the user to do this): + +```bash +mkdir -p ~/.herenow && echo "{API_KEY}" > ~/.herenow/credentials && chmod 600 ~/.herenow/credentials +``` + +## State file + +After every site create/update, the script writes to `.herenow/state.json` in the working directory: + +```json +{ + "publishes": { + "bright-canvas-a7k2": { + "siteUrl": "https://bright-canvas-a7k2.here.now/", + "claimToken": "abc123", + "claimUrl": "https://here.now/claim?slug=bright-canvas-a7k2&token=abc123", + "expiresAt": "2026-02-18T01:00:00.000Z" + } + } +} +``` + +Before creating or updating sites, you may check this file to find prior slugs. +Treat `.herenow/state.json` as internal cache only. +Never present this local file path as a URL, and never use it as source of truth for auth mode, expiry, or claim URL. + +## What to tell the user + +For published sites: + +- Always share the `siteUrl` from the current script run. +- Read and follow `publish_result.*` lines from script stderr to determine auth mode. +- When `publish_result.auth_mode=authenticated`: tell the user the site is **permanent** and saved to their account. No claim URL is needed. +- When `publish_result.auth_mode=anonymous`: tell the user the site **expires in 24 hours**. Share the claim URL (if `publish_result.claim_url` is non-empty and starts with `https://`) so they can keep it permanently. Warn that claim tokens are only returned once and cannot be recovered. +- Never tell the user to inspect `.herenow/state.json` for claim URLs or auth status. + +For Drives: + +- Do not describe Drive files as public URLs. +- Tell the user Drive contents are private unless shared with a scoped token. +- When sharing access with another agent, prefer a scoped token with a narrow `pathPrefix` and short TTL. + +## publish.sh options + +| Flag | Description | +| ---------------------- | -------------------------------------------- | +| `--slug {slug}` | Update an existing site instead of creating | +| `--claim-token {token}`| Override claim token for anonymous updates | +| `--title {text}` | Viewer title (non-HTML sites) | +| `--description {text}` | Viewer description | +| `--ttl {seconds}` | Set expiry (authenticated only) | +| `--client {name}` | Agent name for attribution (e.g. `hermes`) | +| `--base-url {url}` | API base URL (default: `https://here.now`) | +| `--allow-nonherenow-base-url` | Allow sending auth to non-default `--base-url` | +| `--api-key {key}` | API key override (prefer credentials file) | +| `--spa` | Enable SPA routing (serve index.html for unknown paths) | +| `--forkable` | Allow others to fork this site | + +## Beyond publish.sh + +For Drive operations, use `drive.sh` or the Drive API. For broader account and site management — delete, metadata, passwords, payments, domains, handles, links, variables, proxy routes, forking, duplication, and more — see the current docs: + +→ **https://here.now/docs** + +Full docs: https://here.now/docs diff --git a/website/docs/user-guide/skills/optional/productivity/productivity-shopify.md b/website/docs/user-guide/skills/optional/productivity/productivity-shopify.md new file mode 100644 index 00000000000..c6d562b44a9 --- /dev/null +++ b/website/docs/user-guide/skills/optional/productivity/productivity-shopify.md @@ -0,0 +1,376 @@ +--- +title: "Shopify — Shopify Admin & Storefront GraphQL APIs via curl" +sidebar_label: "Shopify" +description: "Shopify Admin & Storefront GraphQL APIs via curl" +--- + +{/* This page is auto-generated from the skill's SKILL.md by website/scripts/generate-skill-docs.py. Edit the source SKILL.md, not this page. */} + +# Shopify + +Shopify Admin & Storefront GraphQL APIs via curl. Products, orders, customers, inventory, metafields. + +## Skill metadata + +| | | +|---|---| +| Source | Optional — install with `hermes skills install official/productivity/shopify` | +| Path | `optional-skills/productivity/shopify` | +| Version | `1.0.0` | +| Author | community | +| License | MIT | +| Tags | `Shopify`, `E-commerce`, `Commerce`, `API`, `GraphQL` | +| Related skills | [`airtable`](/docs/user-guide/skills/bundled/productivity/productivity-airtable), [`xurl`](/docs/user-guide/skills/bundled/social-media/social-media-xurl) | + +## Reference: full SKILL.md + +:::info +The following is the complete skill definition that Hermes loads when this skill is triggered. This is what the agent sees as instructions when the skill is active. +::: + +# Shopify — Admin & Storefront GraphQL APIs + +Work with Shopify stores directly through `curl`: list products, manage inventory, pull orders, update customers, read metafields. No SDK, no app framework — just the GraphQL endpoint and a custom-app access token. + +The REST Admin API is legacy since 2024-04 and only receives security fixes. **Use GraphQL Admin** for all admin work. Use **Storefront GraphQL** for read-only customer-facing queries (products, collections, cart). + +## Prerequisites + +1. In Shopify admin: **Settings → Apps and sales channels → Develop apps → Create an app**. +2. Click **Configure Admin API scopes**, select what you need (examples below), save. +3. **Install app** → the Admin API access token appears ONCE. Copy it immediately — Shopify will never show it again. Tokens start with `shpat_`. +4. Save to `~/.hermes/.env`: + ``` + SHOPIFY_ACCESS_TOKEN=shpat_xxxxxxxxxxxxxxxxxxxx + SHOPIFY_STORE_DOMAIN=my-store.myshopify.com + SHOPIFY_API_VERSION=2026-01 + ``` + +> **Heads up:** As of January 1, 2026, new "legacy custom apps" created in the Shopify admin are gone. New setups should use the **Dev Dashboard** (`shopify.dev/docs/apps/build/dev-dashboard`). Existing admin-created apps keep working. If the user's shop has no existing custom app and it's after 2026-01-01, direct them to Dev Dashboard instead of the admin flow. + +Common scopes by task: +- Products / collections: `read_products`, `write_products` +- Inventory: `read_inventory`, `write_inventory`, `read_locations` +- Orders: `read_orders`, `write_orders` (30 most recent without `read_all_orders`) +- Customers: `read_customers`, `write_customers` +- Draft orders: `read_draft_orders`, `write_draft_orders` +- Fulfillments: `read_fulfillments`, `write_fulfillments` +- Metafields / metaobjects: covered by the matching resource scopes + +## API Basics + +- **Endpoint:** `https://$SHOPIFY_STORE_DOMAIN/admin/api/$SHOPIFY_API_VERSION/graphql.json` +- **Auth header:** `X-Shopify-Access-Token: $SHOPIFY_ACCESS_TOKEN` (NOT `Authorization: Bearer`) +- **Method:** always `POST`, always `Content-Type: application/json`, body is `{"query": "...", "variables": {...}}` +- **HTTP 200 does not mean success.** GraphQL returns errors in a top-level `errors` array and per-field `userErrors`. Always check both. +- **IDs are GID strings:** `gid://shopify/Product/10079467700516`, `gid://shopify/Variant/...`, `gid://shopify/Order/...`. Pass these verbatim — don't strip the prefix. +- **Rate limit:** calculated via query cost (leaky bucket). Each response has `extensions.cost` with `requestedQueryCost`, `actualQueryCost`, `throttleStatus.{currentlyAvailable, maximumAvailable, restoreRate}`. Back off when `currentlyAvailable` drops below your next query's cost. Standard shops = 100 points bucket, 50/s restore; Plus = 1000/100. + +Base curl pattern (reusable): + +```bash +shop_gql() { + local query="$1" + local variables="${2:-{}}" + curl -sS -X POST \ + "https://${SHOPIFY_STORE_DOMAIN}/admin/api/${SHOPIFY_API_VERSION:-2026-01}/graphql.json" \ + -H "Content-Type: application/json" \ + -H "X-Shopify-Access-Token: ${SHOPIFY_ACCESS_TOKEN}" \ + --data "$(jq -nc --arg q "$query" --argjson v "$variables" '{query: $q, variables: $v}')" +} +``` + +Pipe through `jq` for readable output. `-sS` keeps errors visible but hides the progress bar. + +## Discovery + +### Shop info + current API version +```bash +shop_gql '{ shop { name myshopifyDomain primaryDomain { url } currencyCode plan { displayName } } }' | jq +``` + +### List all supported API versions +```bash +shop_gql '{ publicApiVersions { handle supported } }' | jq '.data.publicApiVersions[] | select(.supported)' +``` + +## Products + +### Search products (first 20 matching query) +```bash +shop_gql ' +query($q: String!) { + products(first: 20, query: $q) { + edges { node { id title handle status totalInventory variants(first: 5) { edges { node { id sku price inventoryQuantity } } } } } + pageInfo { hasNextPage endCursor } + } +}' '{"q":"hoodie status:active"}' | jq +``` + +Query syntax supports `title:`, `sku:`, `vendor:`, `product_type:`, `status:active`, `tag:`, `created_at:>2025-01-01`. Full grammar: https://shopify.dev/docs/api/usage/search-syntax + +### Paginate products (cursor) +```bash +shop_gql ' +query($cursor: String) { + products(first: 100, after: $cursor) { + edges { cursor node { id handle } } + pageInfo { hasNextPage endCursor } + } +}' '{"cursor":null}' +# subsequent calls: pass the previous endCursor +``` + +### Get a product with variants + metafields +```bash +shop_gql ' +query($id: ID!) { + product(id: $id) { + id title handle descriptionHtml tags status + variants(first: 20) { edges { node { id sku price compareAtPrice inventoryQuantity selectedOptions { name value } } } } + metafields(first: 20) { edges { node { namespace key type value } } } + } +}' '{"id":"gid://shopify/Product/10079467700516"}' | jq +``` + +### Create a product with one variant +```bash +shop_gql ' +mutation($input: ProductCreateInput!) { + productCreate(product: $input) { + product { id handle } + userErrors { field message } + } +}' '{"input":{"title":"Test Hoodie","status":"DRAFT","vendor":"Hermes","productType":"Apparel","tags":["test"]}}' +``` + +Variants now have their own mutations in recent versions: + +```bash +# Add variants after creating the product +shop_gql ' +mutation($productId: ID!, $variants: [ProductVariantsBulkInput!]!) { + productVariantsBulkCreate(productId: $productId, variants: $variants) { + productVariants { id sku price } + userErrors { field message } + } +}' '{"productId":"gid://shopify/Product/...","variants":[{"optionValues":[{"optionName":"Size","name":"M"}],"price":"49.00","inventoryItem":{"sku":"HD-M","tracked":true}}]}' +``` + +### Update price / SKU +```bash +shop_gql ' +mutation($productId: ID!, $variants: [ProductVariantsBulkInput!]!) { + productVariantsBulkUpdate(productId: $productId, variants: $variants) { + productVariants { id sku price } + userErrors { field message } + } +}' '{"productId":"gid://shopify/Product/...","variants":[{"id":"gid://shopify/ProductVariant/...","price":"55.00"}]}' +``` + +## Orders + +### List recent orders (last 30 by default without `read_all_orders`) +```bash +shop_gql ' +{ + orders(first: 20, reverse: true, query: "financial_status:paid") { + edges { node { + id name createdAt displayFinancialStatus displayFulfillmentStatus + totalPriceSet { shopMoney { amount currencyCode } } + customer { id displayName email } + lineItems(first: 10) { edges { node { title quantity sku } } } + } } + } +}' | jq +``` + +Useful order query filters: `financial_status:paid|pending|refunded`, `fulfillment_status:unfulfilled|fulfilled`, `created_at:>2025-01-01`, `tag:gift`, `email:foo@example.com`. + +### Fetch a single order with shipping address +```bash +shop_gql ' +query($id: ID!) { + order(id: $id) { + id name email + shippingAddress { name address1 address2 city province country zip phone } + lineItems(first: 50) { edges { node { title quantity variant { sku } originalUnitPriceSet { shopMoney { amount currencyCode } } } } } + transactions { id kind status amountSet { shopMoney { amount currencyCode } } } + } +}' '{"id":"gid://shopify/Order/...."}' | jq +``` + +## Customers + +```bash +# Search +shop_gql ' +{ + customers(first: 10, query: "email:*@example.com") { + edges { node { id email displayName numberOfOrders amountSpent { amount currencyCode } } } + } +}' + +# Create +shop_gql ' +mutation($input: CustomerInput!) { + customerCreate(input: $input) { + customer { id email } + userErrors { field message } + } +}' '{"input":{"email":"test@example.com","firstName":"Test","lastName":"User","tags":["api-created"]}}' +``` + +## Inventory + +Inventory lives on **inventory items** tied to variants, quantities tracked per **location**. + +```bash +# Get inventory for a variant across all locations +shop_gql ' +query($id: ID!) { + productVariant(id: $id) { + id sku + inventoryItem { + id tracked + inventoryLevels(first: 10) { + edges { node { location { id name } quantities(names: ["available","on_hand","committed"]) { name quantity } } } + } + } + } +}' '{"id":"gid://shopify/ProductVariant/..."}' +``` + +Adjust stock (delta) — uses `inventoryAdjustQuantities`: + +```bash +shop_gql ' +mutation($input: InventoryAdjustQuantitiesInput!) { + inventoryAdjustQuantities(input: $input) { + inventoryAdjustmentGroup { reason changes { name delta } } + userErrors { field message } + } +}' '{ + "input": { + "reason": "correction", + "name": "available", + "changes": [{"delta": 5, "inventoryItemId": "gid://shopify/InventoryItem/...", "locationId": "gid://shopify/Location/..."}] + } +}' +``` + +Set absolute stock (not delta) — `inventorySetQuantities`: + +```bash +shop_gql ' +mutation($input: InventorySetQuantitiesInput!) { + inventorySetQuantities(input: $input) { + inventoryAdjustmentGroup { id } + userErrors { field message } + } +}' '{"input":{"reason":"correction","name":"available","ignoreCompareQuantity":true,"quantities":[{"inventoryItemId":"gid://shopify/InventoryItem/...","locationId":"gid://shopify/Location/...","quantity":100}]}}' +``` + +## Metafields & Metaobjects + +Metafields attach custom data to resources (products, customers, orders, shop). + +```bash +# Read +shop_gql ' +query($id: ID!) { + product(id: $id) { + metafields(first: 10, namespace: "custom") { + edges { node { key type value } } + } + } +}' '{"id":"gid://shopify/Product/..."}' + +# Write (works for any owner type) +shop_gql ' +mutation($metafields: [MetafieldsSetInput!]!) { + metafieldsSet(metafields: $metafields) { + metafields { id key namespace } + userErrors { field message code } + } +}' '{"metafields":[{"ownerId":"gid://shopify/Product/...","namespace":"custom","key":"care_instructions","type":"multi_line_text_field","value":"Wash cold. Tumble dry low."}]}' +``` + +## Storefront API (public read-only) + +Different endpoint, different token, used for customer-facing apps/hydrogen-style headless setups. Headers differ: + +- **Endpoint:** `https://$SHOPIFY_STORE_DOMAIN/api/$SHOPIFY_API_VERSION/graphql.json` +- **Auth header (public):** `X-Shopify-Storefront-Access-Token: ` — embeddable in browser +- **Auth header (private):** `Shopify-Storefront-Private-Token: ` — server-only + +```bash +curl -sS -X POST \ + "https://${SHOPIFY_STORE_DOMAIN}/api/${SHOPIFY_API_VERSION:-2026-01}/graphql.json" \ + -H "Content-Type: application/json" \ + -H "X-Shopify-Storefront-Access-Token: ${SHOPIFY_STOREFRONT_TOKEN}" \ + -d '{"query":"{ shop { name } products(first: 5) { edges { node { id title handle } } } }"}' | jq +``` + +## Bulk Operations + +For dumps larger than rate limits allow (full product catalog, all orders for a year): + +```bash +# 1. Start bulk query +shop_gql ' +mutation { + bulkOperationRunQuery(query: """ + { products { edges { node { id title handle variants { edges { node { sku price } } } } } } } + """) { + bulkOperation { id status } + userErrors { field message } + } +}' + +# 2. Poll status +shop_gql '{ currentBulkOperation { id status errorCode objectCount fileSize url partialDataUrl } }' + +# 3. When status=COMPLETED, download the JSONL file +curl -sS "$URL" > products.jsonl +``` + +Each JSONL line is a node, and nested connections are emitted as separate lines with `__parentId`. Reassemble client-side if needed. + +## Webhooks + +Subscribe to events so you don't have to poll: + +```bash +shop_gql ' +mutation($topic: WebhookSubscriptionTopic!, $sub: WebhookSubscriptionInput!) { + webhookSubscriptionCreate(topic: $topic, webhookSubscription: $sub) { + webhookSubscription { id topic endpoint { __typename ... on WebhookHttpEndpoint { callbackUrl } } } + userErrors { field message } + } +}' '{"topic":"ORDERS_CREATE","sub":{"callbackUrl":"https://example.com/webhook","format":"JSON"}}' +``` + +Verify incoming webhook HMAC using the app's client secret (not the access token): + +```bash +echo -n "$REQUEST_BODY" | openssl dgst -sha256 -hmac "$APP_SECRET" -binary | base64 +# Compare to X-Shopify-Hmac-Sha256 header +``` + +## Pitfalls + +- **REST endpoints still exist but are frozen.** Don't write new integrations against `/admin/api/.../products.json`. Use GraphQL. +- **Token format check.** Admin tokens start with `shpat_`. Storefront public tokens with `shpua_`. If you have one and the wrong header, every request returns 401 without a useful error body. +- **403 with a valid token = missing scope.** Shopify returns `{"errors":[{"message":"Access denied for ..."}]}`. Re-configure Admin API scopes on the app, then reinstall to regenerate the token. +- **`userErrors` is empty != success.** Also check `data..` is non-null. Some failures populate neither — inspect the whole response. +- **GID vs numeric ID.** Legacy REST gave numeric IDs; GraphQL wants full GID strings. To convert: `gid://shopify/Product/`. +- **Rate limit surprise.** A single `products(first: 250)` with deep nesting can cost 1000+ points and throttle immediately on a standard-plan shop. Start narrow, read `extensions.cost`, adjust. +- **Pagination order.** `products(first: N, reverse: true)` sorts by `id DESC`, not `created_at`. Use `sortKey: CREATED_AT, reverse: true` for "newest first." +- **`read_all_orders` for historical data.** Without it, `orders(...)` silently caps at the 60-day window. You won't get an error, just fewer results than expected. For Shopify Plus merchants with many orders, request this scope via the app's protected-data settings. +- **Currencies are strings.** Amounts come back as `"49.00"` not `49.0`. Don't `jq tonumber` blindly if you care about zero-padding. +- **Multi-currency Money fields** have `shopMoney` (store's currency) AND `presentmentMoney` (customer's). Pick one consistently. + +## Safety + +Mutations in Shopify are real — they create products, charge refunds, cancel orders, ship fulfillments. Before running `productDelete`, `orderCancel`, `refundCreate`, or any bulk mutation: state clearly what the change is, on which shop, and confirm with the user. There is no staging clone of production data unless the user has a separate dev store. diff --git a/website/scripts/generate-skill-docs.py b/website/scripts/generate-skill-docs.py index 3e191b74fc9..c63769041cb 100755 --- a/website/scripts/generate-skill-docs.py +++ b/website/scripts/generate-skill-docs.py @@ -621,24 +621,25 @@ def build_sidebar_items(entries: list[tuple[dict[str, Any], dict[str, Any]]]) -> def write_sidebar(entries): - data = build_sidebar_items(entries) - # Render just the "Skills" block TS for inclusion. - def render_items(cats: list[dict]) -> str: - lines = [] - for c in cats: - lines.append(" {") - lines.append(" type: 'category',") - lines.append(f" label: '{c['label']}',") - lines.append(" collapsed: true,") - lines.append(" items: [") - for item in c["items"]: - lines.append(f" '{item}',") - lines.append(" ],") - lines.append(" },") - return "\n".join(lines) - - bundled_block = render_items(data["bundled_categories"]) - optional_block = render_items(data["optional_categories"]) + # The per-skill pages (`build_sidebar_items(entries)`) are still generated + # as standalone docs under `website/docs/user-guide/skills/{bundled,optional}/` + # and reachable via the catalog pages in Reference — but we intentionally + # do NOT explode them into the left sidebar. Two hundred-plus skill entries + # drown the actual product docs and make the site feel overwhelming to + # first-time visitors. + # + # Sidebar now shows: + # Skills + # ├── Bundled catalog → (link to reference/skills-catalog) + # └── Optional catalog → (link to reference/optional-skills-catalog) + # + # The catalog pages are auto-regenerated tables with a link to every skill. + # Individual skill pages (including the two formerly hand-written guides, + # godmode and google-workspace) are still reachable at their URLs and are + # linked from the catalog tables and from the Skills overview page — they + # just aren't promoted in the left sidebar, because there's no principled + # rule for which skills would get promoted and which wouldn't. + _ = build_sidebar_items(entries) # still called for any side effects / validation skills_subtree = ( " {\n" @@ -646,24 +647,8 @@ def write_sidebar(entries): " label: 'Skills',\n" " collapsed: true,\n" " items: [\n" - " 'user-guide/skills/godmode',\n" - " 'user-guide/skills/google-workspace',\n" - " {\n" - " type: 'category',\n" - " label: 'Bundled (by default)',\n" - " collapsed: true,\n" - " items: [\n" - + bundled_block - + "\n ],\n" - " },\n" - " {\n" - " type: 'category',\n" - " label: 'Optional (installable)',\n" - " collapsed: true,\n" - " items: [\n" - + optional_block - + "\n ],\n" - " },\n" + " 'reference/skills-catalog',\n" + " 'reference/optional-skills-catalog',\n" " ],\n" " },\n" ) diff --git a/website/sidebars.ts b/website/sidebars.ts index 59219b31027..8b8d8a54b8d 100644 --- a/website/sidebars.ts +++ b/website/sidebars.ts @@ -101,412 +101,8 @@ const sidebars: SidebarsConfig = { label: 'Skills', collapsed: true, items: [ - 'user-guide/skills/godmode', - 'user-guide/skills/google-workspace', - { - type: 'category', - label: 'Bundled (by default)', - collapsed: true, - items: [ - { - type: 'category', - label: 'apple', - collapsed: true, - items: [ - 'user-guide/skills/bundled/apple/apple-apple-notes', - 'user-guide/skills/bundled/apple/apple-apple-reminders', - 'user-guide/skills/bundled/apple/apple-findmy', - 'user-guide/skills/bundled/apple/apple-imessage', - ], - }, - { - type: 'category', - label: 'autonomous-ai-agents', - collapsed: true, - items: [ - 'user-guide/skills/bundled/autonomous-ai-agents/autonomous-ai-agents-claude-code', - 'user-guide/skills/bundled/autonomous-ai-agents/autonomous-ai-agents-codex', - 'user-guide/skills/bundled/autonomous-ai-agents/autonomous-ai-agents-hermes-agent', - 'user-guide/skills/bundled/autonomous-ai-agents/autonomous-ai-agents-opencode', - ], - }, - { - type: 'category', - label: 'creative', - collapsed: true, - items: [ - 'user-guide/skills/bundled/creative/creative-architecture-diagram', - 'user-guide/skills/bundled/creative/creative-ascii-art', - 'user-guide/skills/bundled/creative/creative-ascii-video', - 'user-guide/skills/bundled/creative/creative-baoyu-comic', - 'user-guide/skills/bundled/creative/creative-baoyu-infographic', - 'user-guide/skills/bundled/creative/creative-claude-design', - 'user-guide/skills/bundled/creative/creative-comfyui', - 'user-guide/skills/bundled/creative/creative-creative-ideation', - 'user-guide/skills/bundled/creative/creative-design-md', - 'user-guide/skills/bundled/creative/creative-excalidraw', - 'user-guide/skills/bundled/creative/creative-humanizer', - 'user-guide/skills/bundled/creative/creative-manim-video', - 'user-guide/skills/bundled/creative/creative-p5js', - 'user-guide/skills/bundled/creative/creative-pixel-art', - 'user-guide/skills/bundled/creative/creative-popular-web-designs', - 'user-guide/skills/bundled/creative/creative-pretext', - 'user-guide/skills/bundled/creative/creative-sketch', - 'user-guide/skills/bundled/creative/creative-songwriting-and-ai-music', - 'user-guide/skills/bundled/creative/creative-touchdesigner-mcp', - ], - }, - { - type: 'category', - label: 'data-science', - collapsed: true, - items: [ - 'user-guide/skills/bundled/data-science/data-science-jupyter-live-kernel', - ], - }, - { - type: 'category', - label: 'devops', - collapsed: true, - items: [ - 'user-guide/skills/bundled/devops/devops-webhook-subscriptions', - ], - }, - { - type: 'category', - label: 'dogfood', - collapsed: true, - items: [ - 'user-guide/skills/bundled/dogfood/dogfood-dogfood', - ], - }, - { - type: 'category', - label: 'email', - collapsed: true, - items: [ - 'user-guide/skills/bundled/email/email-himalaya', - ], - }, - { - type: 'category', - label: 'gaming', - collapsed: true, - items: [ - 'user-guide/skills/bundled/gaming/gaming-minecraft-modpack-server', - 'user-guide/skills/bundled/gaming/gaming-pokemon-player', - ], - }, - { - type: 'category', - label: 'github', - collapsed: true, - items: [ - 'user-guide/skills/bundled/github/github-codebase-inspection', - 'user-guide/skills/bundled/github/github-github-auth', - 'user-guide/skills/bundled/github/github-github-code-review', - 'user-guide/skills/bundled/github/github-github-issues', - 'user-guide/skills/bundled/github/github-github-pr-workflow', - 'user-guide/skills/bundled/github/github-github-repo-management', - ], - }, - { - type: 'category', - label: 'mcp', - collapsed: true, - items: [ - 'user-guide/skills/bundled/mcp/mcp-native-mcp', - ], - }, - { - type: 'category', - label: 'media', - collapsed: true, - items: [ - 'user-guide/skills/bundled/media/media-gif-search', - 'user-guide/skills/bundled/media/media-heartmula', - 'user-guide/skills/bundled/media/media-songsee', - 'user-guide/skills/bundled/media/media-spotify', - 'user-guide/skills/bundled/media/media-youtube-content', - ], - }, - { - type: 'category', - label: 'mlops', - collapsed: true, - items: [ - 'user-guide/skills/bundled/mlops/mlops-models-audiocraft', - 'user-guide/skills/bundled/mlops/mlops-training-axolotl', - 'user-guide/skills/bundled/mlops/mlops-research-dspy', - 'user-guide/skills/bundled/mlops/mlops-huggingface-hub', - 'user-guide/skills/bundled/mlops/mlops-inference-llama-cpp', - 'user-guide/skills/bundled/mlops/mlops-evaluation-lm-evaluation-harness', - 'user-guide/skills/bundled/mlops/mlops-inference-obliteratus', - 'user-guide/skills/bundled/mlops/mlops-inference-outlines', - 'user-guide/skills/bundled/mlops/mlops-models-segment-anything', - 'user-guide/skills/bundled/mlops/mlops-training-trl-fine-tuning', - 'user-guide/skills/bundled/mlops/mlops-training-unsloth', - 'user-guide/skills/bundled/mlops/mlops-inference-vllm', - 'user-guide/skills/bundled/mlops/mlops-evaluation-weights-and-biases', - ], - }, - { - type: 'category', - label: 'note-taking', - collapsed: true, - items: [ - 'user-guide/skills/bundled/note-taking/note-taking-obsidian', - ], - }, - { - type: 'category', - label: 'productivity', - collapsed: true, - items: [ - 'user-guide/skills/bundled/productivity/productivity-airtable', - 'user-guide/skills/bundled/productivity/productivity-google-workspace', - 'user-guide/skills/bundled/productivity/productivity-linear', - 'user-guide/skills/bundled/productivity/productivity-maps', - 'user-guide/skills/bundled/productivity/productivity-nano-pdf', - 'user-guide/skills/bundled/productivity/productivity-notion', - 'user-guide/skills/bundled/productivity/productivity-ocr-and-documents', - 'user-guide/skills/bundled/productivity/productivity-powerpoint', - ], - }, - { - type: 'category', - label: 'red-teaming', - collapsed: true, - items: [ - 'user-guide/skills/bundled/red-teaming/red-teaming-godmode', - ], - }, - { - type: 'category', - label: 'research', - collapsed: true, - items: [ - 'user-guide/skills/bundled/research/research-arxiv', - 'user-guide/skills/bundled/research/research-blogwatcher', - 'user-guide/skills/bundled/research/research-llm-wiki', - 'user-guide/skills/bundled/research/research-polymarket', - 'user-guide/skills/bundled/research/research-research-paper-writing', - ], - }, - { - type: 'category', - label: 'smart-home', - collapsed: true, - items: [ - 'user-guide/skills/bundled/smart-home/smart-home-openhue', - ], - }, - { - type: 'category', - label: 'social-media', - collapsed: true, - items: [ - 'user-guide/skills/bundled/social-media/social-media-xurl', - ], - }, - { - type: 'category', - label: 'software-development', - collapsed: true, - items: [ - 'user-guide/skills/bundled/software-development/software-development-debugging-hermes-tui-commands', - 'user-guide/skills/bundled/software-development/software-development-hermes-agent-skill-authoring', - 'user-guide/skills/bundled/software-development/software-development-node-inspect-debugger', - 'user-guide/skills/bundled/software-development/software-development-plan', - 'user-guide/skills/bundled/software-development/software-development-python-debugpy', - 'user-guide/skills/bundled/software-development/software-development-requesting-code-review', - 'user-guide/skills/bundled/software-development/software-development-spike', - 'user-guide/skills/bundled/software-development/software-development-subagent-driven-development', - 'user-guide/skills/bundled/software-development/software-development-systematic-debugging', - 'user-guide/skills/bundled/software-development/software-development-test-driven-development', - 'user-guide/skills/bundled/software-development/software-development-writing-plans', - ], - }, - { - type: 'category', - label: 'yuanbao', - collapsed: true, - items: [ - 'user-guide/skills/bundled/yuanbao/yuanbao-yuanbao', - ], - }, - ], - }, - { - type: 'category', - label: 'Optional (installable)', - collapsed: true, - items: [ - { - type: 'category', - label: 'autonomous-ai-agents', - collapsed: true, - items: [ - 'user-guide/skills/optional/autonomous-ai-agents/autonomous-ai-agents-blackbox', - 'user-guide/skills/optional/autonomous-ai-agents/autonomous-ai-agents-honcho', - ], - }, - { - type: 'category', - label: 'blockchain', - collapsed: true, - items: [ - 'user-guide/skills/optional/blockchain/blockchain-base', - 'user-guide/skills/optional/blockchain/blockchain-solana', - ], - }, - { - type: 'category', - label: 'communication', - collapsed: true, - items: [ - 'user-guide/skills/optional/communication/communication-one-three-one-rule', - ], - }, - { - type: 'category', - label: 'creative', - collapsed: true, - items: [ - 'user-guide/skills/optional/creative/creative-blender-mcp', - 'user-guide/skills/optional/creative/creative-concept-diagrams', - 'user-guide/skills/optional/creative/creative-meme-generation', - ], - }, - { - type: 'category', - label: 'devops', - collapsed: true, - items: [ - 'user-guide/skills/optional/devops/devops-cli', - 'user-guide/skills/optional/devops/devops-docker-management', - ], - }, - { - type: 'category', - label: 'dogfood', - collapsed: true, - items: [ - 'user-guide/skills/optional/dogfood/dogfood-adversarial-ux-test', - ], - }, - { - type: 'category', - label: 'email', - collapsed: true, - items: [ - 'user-guide/skills/optional/email/email-agentmail', - ], - }, - { - type: 'category', - label: 'health', - collapsed: true, - items: [ - 'user-guide/skills/optional/health/health-fitness-nutrition', - 'user-guide/skills/optional/health/health-neuroskill-bci', - ], - }, - { - type: 'category', - label: 'mcp', - collapsed: true, - items: [ - 'user-guide/skills/optional/mcp/mcp-fastmcp', - 'user-guide/skills/optional/mcp/mcp-mcporter', - ], - }, - { - type: 'category', - label: 'migration', - collapsed: true, - items: [ - 'user-guide/skills/optional/migration/migration-openclaw-migration', - ], - }, - { - type: 'category', - label: 'mlops', - collapsed: true, - items: [ - 'user-guide/skills/optional/mlops/mlops-accelerate', - 'user-guide/skills/optional/mlops/mlops-chroma', - 'user-guide/skills/optional/mlops/mlops-clip', - 'user-guide/skills/optional/mlops/mlops-faiss', - 'user-guide/skills/optional/mlops/mlops-flash-attention', - 'user-guide/skills/optional/mlops/mlops-guidance', - 'user-guide/skills/optional/mlops/mlops-hermes-atropos-environments', - 'user-guide/skills/optional/mlops/mlops-huggingface-tokenizers', - 'user-guide/skills/optional/mlops/mlops-instructor', - 'user-guide/skills/optional/mlops/mlops-lambda-labs', - 'user-guide/skills/optional/mlops/mlops-llava', - 'user-guide/skills/optional/mlops/mlops-modal', - 'user-guide/skills/optional/mlops/mlops-nemo-curator', - 'user-guide/skills/optional/mlops/mlops-peft', - 'user-guide/skills/optional/mlops/mlops-pinecone', - 'user-guide/skills/optional/mlops/mlops-pytorch-fsdp', - 'user-guide/skills/optional/mlops/mlops-pytorch-lightning', - 'user-guide/skills/optional/mlops/mlops-qdrant', - 'user-guide/skills/optional/mlops/mlops-saelens', - 'user-guide/skills/optional/mlops/mlops-simpo', - 'user-guide/skills/optional/mlops/mlops-slime', - 'user-guide/skills/optional/mlops/mlops-stable-diffusion', - 'user-guide/skills/optional/mlops/mlops-tensorrt-llm', - 'user-guide/skills/optional/mlops/mlops-torchtitan', - 'user-guide/skills/optional/mlops/mlops-whisper', - ], - }, - { - type: 'category', - label: 'productivity', - collapsed: true, - items: [ - 'user-guide/skills/optional/productivity/productivity-canvas', - 'user-guide/skills/optional/productivity/productivity-memento-flashcards', - 'user-guide/skills/optional/productivity/productivity-siyuan', - 'user-guide/skills/optional/productivity/productivity-telephony', - ], - }, - { - type: 'category', - label: 'research', - collapsed: true, - items: [ - 'user-guide/skills/optional/research/research-bioinformatics', - 'user-guide/skills/optional/research/research-domain-intel', - 'user-guide/skills/optional/research/research-drug-discovery', - 'user-guide/skills/optional/research/research-duckduckgo-search', - 'user-guide/skills/optional/research/research-gitnexus-explorer', - 'user-guide/skills/optional/research/research-parallel-cli', - 'user-guide/skills/optional/research/research-qmd', - 'user-guide/skills/optional/research/research-scrapling', - ], - }, - { - type: 'category', - label: 'security', - collapsed: true, - items: [ - 'user-guide/skills/optional/security/security-1password', - 'user-guide/skills/optional/security/security-oss-forensics', - 'user-guide/skills/optional/security/security-sherlock', - ], - }, - { - type: 'category', - label: 'web-development', - collapsed: true, - items: [ - 'user-guide/skills/optional/web-development/web-development-page-agent', - ], - }, - ], - }, + 'reference/skills-catalog', + 'reference/optional-skills-catalog', ], }, ], From 265bd59c1d9f8dea658f243b257d4fae3685af53 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:10:20 -0700 Subject: [PATCH 104/133] =?UTF-8?q?feat:=20/goal=20=E2=80=94=20persistent?= =?UTF-8?q?=20cross-turn=20goals=20(Ralph=20loop)=20(#18262)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a standing-goal slash command that keeps Hermes working toward a user-stated objective across turns until it is achieved, paused, or the turn budget runs out. Our take on the Ralph loop — cf. Codex CLI 0.128.0's /goal. After each turn, a lightweight auxiliary-model judge call asks 'is this goal satisfied by the assistant's last response?'. If not, and we're under the turn budget (default 20), Hermes feeds a continuation prompt back into the same session as a normal user message. Any real user message preempts the continuation loop automatically. Judge failures fail OPEN (continue) so a flaky judge never wedges progress — the turn budget is the real backstop. ### Commands - `/goal ` — set a standing goal (kicks off the first turn) - `/goal` or `/goal status` — show current state - `/goal pause` — pause the continuation loop - `/goal resume` — resume (resets turn counter) - `/goal clear` — drop the goal Works on both CLI and gateway platforms via the central CommandDef registry. ### Design invariants preserved - **Prompt cache**: continuation prompts are regular user-role messages appended to history. No system-prompt mutation, no toolset swap. - **Role alternation**: continuation is a user turn, never injected mid-tool-loop. - **Session persistence**: goal state lives in SessionDB.state_meta keyed by `goal:`, so `/resume` picks it up. - **Mid-run safety**: on the gateway, `/goal status|pause|clear` are allowed mid-run (control-plane only); setting a new goal requires `/stop` first so we don't race a second continuation prompt against the current turn. ### Files - `hermes_cli/goals.py` (new, 380 lines) — GoalManager + judge + state - `hermes_cli/commands.py` — CommandDef entry - `hermes_cli/config.py` — `goals.max_turns` default - `hermes_cli/web_server.py` — dashboard category merge - `cli.py` — /goal handler + post-turn continuation hook in process_loop - `gateway/run.py` — /goal handler + post-turn continuation hook wrapping _handle_message_with_agent - `tests/hermes_cli/test_goals.py` (new, 26 tests) — judge parsing, fail-open semantics, lifecycle, persistence, budget exhaustion - `website/docs/reference/slash-commands.md` — docs entry --- cli.py | 173 ++++++++ gateway/run.py | 240 +++++++++- hermes_cli/commands.py | 2 + hermes_cli/config.py | 18 +- hermes_cli/goals.py | 535 +++++++++++++++++++++++ hermes_cli/web_server.py | 1 + tests/hermes_cli/test_goals.py | 358 +++++++++++++++ website/docs/reference/slash-commands.md | 2 + 8 files changed, 1327 insertions(+), 2 deletions(-) create mode 100644 hermes_cli/goals.py create mode 100644 tests/hermes_cli/test_goals.py diff --git a/cli.py b/cli.py index dbbf83f2c04..9ff6b8708a6 100644 --- a/cli.py +++ b/cli.py @@ -6540,6 +6540,8 @@ class HermesCLI: # No active run — treat as a normal next-turn message. self._pending_input.put(payload) _cprint(f" No agent running; queued as next turn: {payload[:80]}{'...' if len(payload) > 80 else ''}") + elif canonical == "goal": + self._handle_goal_command(cmd_original) elif canonical == "skin": self._handle_skin_command(cmd_original) elif canonical == "voice": @@ -7020,6 +7022,166 @@ class HermesCLI: print(" status Show current browser mode") print() + # ──────────────────────────────────────────────────────────────── + # /goal — persistent cross-turn goals (Ralph-style loop) + # ──────────────────────────────────────────────────────────────── + def _get_goal_manager(self): + """Return the GoalManager bound to the current session_id. + + Cached on ``self._goal_manager`` and rebound lazily when + ``session_id`` changes (e.g. after /new or a compression-driven + session split). + """ + try: + from hermes_cli.goals import GoalManager + from hermes_cli.config import load_config + except Exception as exc: + logging.debug("goal manager unavailable: %s", exc) + return None + + sid = getattr(self, "session_id", None) or "" + if not sid: + return None + + existing = getattr(self, "_goal_manager", None) + if existing is not None and getattr(existing, "session_id", None) == sid: + return existing + + try: + cfg = load_config() or {} + goals_cfg = cfg.get("goals") or {} + max_turns = int(goals_cfg.get("max_turns", 20) or 20) + except Exception: + max_turns = 20 + + mgr = GoalManager(session_id=sid, default_max_turns=max_turns) + self._goal_manager = mgr + return mgr + + def _handle_goal_command(self, cmd: str) -> None: + """Dispatch /goal subcommands: set / status / pause / resume / clear.""" + parts = (cmd or "").strip().split(None, 1) + arg = parts[1].strip() if len(parts) > 1 else "" + + mgr = self._get_goal_manager() + if mgr is None: + _cprint(f" {_DIM}Goals unavailable (no active session).{_RST}") + return + + lower = arg.lower() + + # Bare /goal or /goal status → show current state + if not arg or lower == "status": + _cprint(f" {mgr.status_line()}") + return + + if lower == "pause": + state = mgr.pause(reason="user-paused") + if state is None: + _cprint(f" {_DIM}No goal set.{_RST}") + else: + _cprint(f" ⏸ Goal paused: {state.goal}") + return + + if lower == "resume": + state = mgr.resume() + if state is None: + _cprint(f" {_DIM}No goal to resume.{_RST}") + else: + _cprint(f" ▶ Goal resumed: {state.goal}") + _cprint( + f" {_DIM}Send any message (or press Enter on an empty prompt " + f"is a no-op; type 'continue' to kick it off).{_RST}" + ) + return + + if lower in ("clear", "stop", "done"): + had = mgr.has_goal() + mgr.clear() + if had: + _cprint(" ✓ Goal cleared.") + else: + _cprint(f" {_DIM}No active goal.{_RST}") + return + + # Otherwise treat the arg as the goal text. + try: + state = mgr.set(arg) + except ValueError as exc: + _cprint(f" Invalid goal: {exc}") + return + + _cprint(f" ⊙ Goal set ({state.max_turns}-turn budget): {state.goal}") + _cprint( + f" {_DIM}After each turn, a judge model will check if the goal is done. " + f"Hermes keeps working until it is, you pause/clear it, or the budget is " + f"exhausted. Use /goal status, /goal pause, /goal resume, /goal clear.{_RST}" + ) + # Kick the loop off immediately so the user doesn't have to send a + # separate message after setting the goal. + try: + self._pending_input.put(state.goal) + except Exception: + pass + + def _maybe_continue_goal_after_turn(self) -> None: + """Hook run after every CLI turn. Judges + maybe re-queues. + + Safe to call when no goal is set — returns quickly. + + Preemption is automatic: if a real user message is already in + ``_pending_input`` we skip judging (the user's new input takes + priority and we'll re-judge after that turn). If judge says done, + mark it done and tell the user. If judge says continue and we're + under budget, push the continuation prompt onto the queue. + """ + mgr = self._get_goal_manager() + if mgr is None or not mgr.is_active(): + return + + # If a real user message is already queued, don't inject a + # continuation prompt on top — let the user's turn go first. + try: + if getattr(self, "_pending_input", None) is not None \ + and not self._pending_input.empty(): + return + except Exception: + pass + + # Extract the agent's final response for this turn. + last_response = "" + try: + hist = self.conversation_history or [] + for msg in reversed(hist): + if msg.get("role") == "assistant": + content = msg.get("content", "") + if isinstance(content, list): + # Multimodal content — flatten text parts. + parts = [ + p.get("text", "") + for p in content + if isinstance(p, dict) and p.get("type") in ("text", "output_text") + ] + last_response = "\n".join(t for t in parts if t) + else: + last_response = str(content or "") + break + except Exception: + last_response = "" + + decision = mgr.evaluate_after_turn(last_response, user_initiated=True) + msg = decision.get("message") or "" + if msg: + _cprint(f" {msg}") + + if decision.get("should_continue"): + prompt = decision.get("continuation_prompt") + if prompt: + try: + self._pending_input.put(prompt) + except Exception as exc: + logging.debug("goal continuation enqueue failed: %s", exc) + def _handle_skin_command(self, cmd: str): """Handle /skin [name] — show or change the display skin.""" try: @@ -11358,6 +11520,17 @@ class HermesCLI: app.invalidate() # Refresh status line + # Goal continuation: if a standing goal is active, ask + # the judge whether the turn satisfied it. If not, and + # there's no real user message already queued, push the + # continuation prompt back into _pending_input so the + # next loop iteration picks it up naturally (and any + # user input that arrives in between still preempts). + try: + self._maybe_continue_goal_after_turn() + except Exception as _goal_exc: + logging.debug("goal continuation hook failed: %s", _goal_exc) + # Continuous voice: auto-restart recording after agent responds. # Dispatch to a daemon thread so play_beep (sd.wait) and # AudioRecorder.start (lock acquire) never block process_loop — diff --git a/gateway/run.py b/gateway/run.py index d991ac4ff83..de04099c3a3 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -4595,6 +4595,17 @@ class GatewayRunner: if _cmd_def_inner and _cmd_def_inner.name == "kanban": return await self._handle_kanban_command(event) + # /goal is safe mid-run for status/pause/clear (inspection and + # control-plane only — doesn't interrupt the running turn). + # Setting a new goal text mid-run is rejected with the same + # "wait or /stop" message as /model so we don't race a second + # continuation prompt against the current turn. + if _cmd_def_inner and _cmd_def_inner.name == "goal": + _goal_arg = (event.get_command_args() or "").strip().lower() + if not _goal_arg or _goal_arg in ("status", "pause", "resume", "clear", "stop", "done"): + return await self._handle_goal_command(event) + return "Agent is running — use /goal status / pause / clear mid-run, or /stop before setting a new goal." + # Session-level toggles that are safe to run mid-agent — # /yolo can unblock a pending approval prompt, /verbose cycles # the tool-progress display mode for the ongoing stream. @@ -4911,6 +4922,9 @@ class GatewayRunner: # at the end of this function so the rewritten text is sent # to the agent as a regular user turn. + if canonical == "goal": + return await self._handle_goal_command(event) + if canonical == "voice": return await self._handle_voice_command(event) @@ -5056,7 +5070,36 @@ class GatewayRunner: _run_generation = self._begin_session_run_generation(_quick_key) try: - return await self._handle_message_with_agent(event, source, _quick_key, _run_generation) + _agent_result = await self._handle_message_with_agent(event, source, _quick_key, _run_generation) + # Goal continuation: after the agent returns a final response + # for this turn, check any standing /goal — the judge will + # either mark it done, pause it (budget), or enqueue a + # continuation prompt back through the adapter FIFO so the + # next turn makes more progress. Wrapped in try/except so a + # broken judge never breaks normal message handling. + try: + _final_text = "" + if isinstance(_agent_result, dict): + _final_text = str(_agent_result.get("final_response") or "") + elif isinstance(_agent_result, str): + _final_text = _agent_result + # Skip for empty responses (interrupted / errored) — the + # judge would almost always say "continue" and we'd loop + # on error. Let the user drive the next turn. + if _final_text.strip(): + try: + session_entry = self.session_store.get_or_create_session(source) + except Exception: + session_entry = None + if session_entry is not None: + self._post_turn_goal_continuation( + session_entry=session_entry, + source=source, + final_response=_final_text, + ) + except Exception as _goal_exc: + logger.debug("goal continuation hook failed: %s", _goal_exc) + return _agent_result finally: # If _run_agent replaced the sentinel with a real agent and # then cleaned it up, this is a no-op. If we exited early @@ -7422,6 +7465,201 @@ class GatewayRunner: # Let the normal message handler process it return await self._handle_message(retry_event) + # ──────────────────────────────────────────────────────────────── + # /goal — persistent cross-turn goals (Ralph-style loop) + # ──────────────────────────────────────────────────────────────── + def _get_goal_manager_for_event(self, event: "MessageEvent"): + """Return a GoalManager bound to the session for this gateway event. + + Returns ``(manager, session_entry)`` or ``(None, None)`` if the + goals module can't be loaded. + """ + try: + from hermes_cli.goals import GoalManager + except Exception as exc: + logger.debug("goal manager unavailable: %s", exc) + return None, None + try: + session_entry = self.session_store.get_or_create_session(event.source) + except Exception as exc: + logger.debug("goal manager: session lookup failed: %s", exc) + return None, None + sid = getattr(session_entry, "session_id", None) or "" + if not sid: + return None, None + try: + goals_cfg = ( + (self.config or {}).get("goals", {}) + if isinstance(self.config, dict) + else getattr(self.config, "goals", {}) or {} + ) + max_turns = int(goals_cfg.get("max_turns", 20) or 20) + except Exception: + max_turns = 20 + return GoalManager(session_id=sid, default_max_turns=max_turns), session_entry + + async def _handle_goal_command(self, event: "MessageEvent") -> str: + """Handle /goal for gateway platforms. + + Subcommands: ``/goal`` / ``/goal status`` / ``/goal pause`` / + ``/goal resume`` / ``/goal clear``. Any other text becomes the + new goal. + + Setting a new goal queues the goal text as the next turn so the + agent starts working on it immediately — the post-turn + continuation hook then takes over from there. + """ + args = (event.get_command_args() or "").strip() + lower = args.lower() + + mgr, session_entry = self._get_goal_manager_for_event(event) + if mgr is None: + return "Goals unavailable on this session." + + if not args or lower == "status": + return mgr.status_line() + + if lower == "pause": + state = mgr.pause(reason="user-paused") + if state is None: + return "No goal set." + return f"⏸ Goal paused: {state.goal}" + + if lower == "resume": + state = mgr.resume() + if state is None: + return "No goal to resume." + return ( + f"▶ Goal resumed: {state.goal}\n" + "Send any message to continue, or wait — I'll take the next step on the next turn." + ) + + if lower in ("clear", "stop", "done"): + had = mgr.has_goal() + mgr.clear() + return "✓ Goal cleared." if had else "No active goal." + + # Otherwise — treat the remaining text as the new goal. + try: + state = mgr.set(args) + except ValueError as exc: + return f"Invalid goal: {exc}" + + # Queue the goal text as an immediate first turn so the agent + # starts making progress. The post-turn hook takes over after. + adapter = self.adapters.get(event.source.platform) if event.source else None + _quick_key = self._session_key_for_source(event.source) if event.source else None + if adapter and _quick_key: + try: + kickoff_event = MessageEvent( + text=state.goal, + message_type=MessageType.TEXT, + source=event.source, + message_id=event.message_id, + channel_prompt=event.channel_prompt, + ) + self._enqueue_fifo(_quick_key, kickoff_event, adapter) + except Exception as exc: + logger.debug("goal kickoff enqueue failed: %s", exc) + + return ( + f"⊙ Goal set ({state.max_turns}-turn budget): {state.goal}\n" + "I'll keep working until the goal is done, you pause/clear it, or the budget is exhausted.\n" + "Controls: /goal status · /goal pause · /goal resume · /goal clear" + ) + + def _post_turn_goal_continuation( + self, + *, + session_entry: Any, + source: Any, + final_response: str, + ) -> None: + """Run the goal judge after a gateway turn and, if still active, + enqueue a continuation prompt for the same session. + + Called from ``_handle_message_with_agent`` at turn boundary, AFTER + the response has been delivered. Safe when no goal is set. + + We use the adapter's pending-message / FIFO machinery so any real + user message that arrives simultaneously is handled by the same + queue and takes priority naturally. + """ + try: + from hermes_cli.goals import GoalManager + except Exception as exc: + logger.debug("goal continuation: goals module unavailable: %s", exc) + return + + sid = getattr(session_entry, "session_id", None) or "" + if not sid: + return + + try: + goals_cfg = ( + (self.config or {}).get("goals", {}) + if isinstance(self.config, dict) + else getattr(self.config, "goals", {}) or {} + ) + max_turns = int(goals_cfg.get("max_turns", 20) or 20) + except Exception: + max_turns = 20 + + mgr = GoalManager(session_id=sid, default_max_turns=max_turns) + if not mgr.is_active(): + return + + decision = mgr.evaluate_after_turn(final_response or "", user_initiated=True) + msg = decision.get("message") or "" + + # Send the status line back to the user so they see the judge's + # verdict. Fire-and-forget via the adapter. + if msg and source is not None: + try: + adapter = self.adapters.get(source.platform) + if adapter and hasattr(adapter, "send_message"): + import asyncio as _asyncio + coro = adapter.send_message(source, msg) + if _asyncio.iscoroutine(coro): + try: + loop = _asyncio.get_event_loop() + if loop.is_running(): + loop.create_task(coro) + else: + loop.run_until_complete(coro) + except RuntimeError: + # No event loop in this thread — schedule on the main one. + try: + _asyncio.run_coroutine_threadsafe(coro, self._loop) + except Exception: + pass + except Exception as exc: + logger.debug("goal continuation: status send failed: %s", exc) + + if not decision.get("should_continue"): + return + + prompt = decision.get("continuation_prompt") or "" + if not prompt or source is None: + return + + # Enqueue via the adapter's FIFO so a user message already in + # flight preempts the continuation naturally. + try: + adapter = self.adapters.get(source.platform) + _quick_key = self._session_key_for_source(source) + if adapter and _quick_key: + cont_event = MessageEvent( + text=prompt, + message_type=MessageType.TEXT, + source=source, + message_id=None, + channel_prompt=None, + ) + self._enqueue_fifo(_quick_key, cont_event, adapter) + except Exception as exc: + logger.debug("goal continuation: enqueue failed: %s", exc) + async def _handle_undo_command(self, event: MessageEvent) -> str: """Handle /undo command - remove the last user/assistant exchange.""" source = event.source diff --git a/hermes_cli/commands.py b/hermes_cli/commands.py index 2acffe331a4..ce2d9eaaa24 100644 --- a/hermes_cli/commands.py +++ b/hermes_cli/commands.py @@ -95,6 +95,8 @@ COMMAND_REGISTRY: list[CommandDef] = [ aliases=("q",), args_hint=""), CommandDef("steer", "Inject a message after the next tool call without interrupting", "Session", args_hint=""), + CommandDef("goal", "Set a standing goal Hermes works on across turns until achieved", "Session", + args_hint="[text | pause | resume | clear | status]"), CommandDef("status", "Show session info", "Session"), CommandDef("profile", "Show active profile name and home directory", "Info"), CommandDef("sethome", "Set this chat as the home channel", "Session", diff --git a/hermes_cli/config.py b/hermes_cli/config.py index df1a5943f7b..720405935b3 100644 --- a/hermes_cli/config.py +++ b/hermes_cli/config.py @@ -952,7 +952,23 @@ DEFAULT_CONFIG = { # injected at the start of every API call for few-shot priming. # Never saved to sessions, logs, or trajectories. "prefill_messages_file": "", - + + # Goals — persistent cross-turn goals (Ralph-style loop). + # After every turn, a lightweight judge call asks the auxiliary model + # whether the active /goal is satisfied by the assistant's last + # response. If not, Hermes feeds a continuation prompt back into the + # same session and keeps working until the goal is done, the turn + # budget is exhausted, or the user pauses/clears it. Judge failures + # fail OPEN (continue) so a flaky judge never wedges progress — the + # turn budget is the real backstop. + "goals": { + # Max continuation turns before Hermes auto-pauses the goal and + # asks the user to /goal resume. Protects against judge false + # negatives (goal actually done but judge says continue) and + # unbounded model spend on fuzzy / unachievable goals. + "max_turns": 20, + }, + # Skills — external skill directories for sharing skills across tools/agents. # Each path is expanded (~, ${VAR}) and resolved. Read-only — skill creation # always goes to ~/.hermes/skills/. diff --git a/hermes_cli/goals.py b/hermes_cli/goals.py new file mode 100644 index 00000000000..0f0f3abd9c7 --- /dev/null +++ b/hermes_cli/goals.py @@ -0,0 +1,535 @@ +"""Persistent session goals — the Ralph loop for Hermes. + +A goal is a free-form user objective that stays active across turns. After +each turn completes, a small judge call asks an auxiliary model "is this +goal satisfied by the assistant's last response?". If not, Hermes feeds a +continuation prompt back into the same session and keeps working until the +goal is done, turn budget is exhausted, the user pauses/clears it, or the +user sends a new message (which takes priority and pauses the goal loop). + +State is persisted in SessionDB's ``state_meta`` table keyed by +``goal:`` so ``/resume`` picks it up. + +Design notes / invariants: + +- The continuation prompt is just a normal user message appended to the + session via ``run_conversation``. No system-prompt mutation, no toolset + swap — prompt caching stays intact. +- Judge failures are fail-OPEN: ``continue``. A broken judge must not wedge + progress; the turn budget is the backstop. +- When a real user message arrives mid-loop it preempts the continuation + prompt and also pauses the goal loop for that turn (we still re-judge + after, so if the user's message happens to complete the goal the judge + will say ``done``). +- This module has zero hard dependency on ``cli.HermesCLI`` or the gateway + runner — both wire the same ``GoalManager`` in. + +Nothing in this module touches the agent's system prompt or toolset. +""" + +from __future__ import annotations + +import json +import logging +import re +import time +from dataclasses import dataclass, asdict +from typing import Any, Dict, Optional, Tuple + +logger = logging.getLogger(__name__) + + +# ────────────────────────────────────────────────────────────────────── +# Constants & defaults +# ────────────────────────────────────────────────────────────────────── + +DEFAULT_MAX_TURNS = 20 +DEFAULT_JUDGE_TIMEOUT = 30.0 +# Cap how much of the last response + recent messages we send to the judge. +_JUDGE_RESPONSE_SNIPPET_CHARS = 4000 + + +CONTINUATION_PROMPT_TEMPLATE = ( + "[Continuing toward your standing goal]\n" + "Goal: {goal}\n\n" + "Continue working toward this goal. Take the next concrete step. " + "If you believe the goal is complete, state so explicitly and stop. " + "If you are blocked and need input from the user, say so clearly and stop." +) + + +JUDGE_SYSTEM_PROMPT = ( + "You are a strict judge evaluating whether an autonomous agent has " + "achieved a user's stated goal. You receive the goal text and the " + "agent's most recent response. Your only job is to decide whether " + "the goal is fully satisfied based on that response.\n\n" + "A goal is DONE only when:\n" + "- The response explicitly confirms the goal was completed, OR\n" + "- The response clearly shows the final deliverable was produced, OR\n" + "- The response explains the goal is unachievable / blocked / needs " + "user input (treat this as DONE with reason describing the block).\n\n" + "Otherwise the goal is NOT done — CONTINUE.\n\n" + "Reply ONLY with a single JSON object on one line:\n" + '{\"done\": , \"reason\": \"\"}' +) + + +JUDGE_USER_PROMPT_TEMPLATE = ( + "Goal:\n{goal}\n\n" + "Agent's most recent response:\n{response}\n\n" + "Is the goal satisfied?" +) + + +# ────────────────────────────────────────────────────────────────────── +# Dataclass +# ────────────────────────────────────────────────────────────────────── + + +@dataclass +class GoalState: + """Serializable goal state stored per session.""" + + goal: str + status: str = "active" # active | paused | done | cleared + turns_used: int = 0 + max_turns: int = DEFAULT_MAX_TURNS + created_at: float = 0.0 + last_turn_at: float = 0.0 + last_verdict: Optional[str] = None # "done" | "continue" | "skipped" + last_reason: Optional[str] = None + paused_reason: Optional[str] = None # why we auto-paused (budget, etc.) + + def to_json(self) -> str: + return json.dumps(asdict(self), ensure_ascii=False) + + @classmethod + def from_json(cls, raw: str) -> "GoalState": + data = json.loads(raw) + return cls( + goal=data.get("goal", ""), + status=data.get("status", "active"), + turns_used=int(data.get("turns_used", 0) or 0), + max_turns=int(data.get("max_turns", DEFAULT_MAX_TURNS) or DEFAULT_MAX_TURNS), + created_at=float(data.get("created_at", 0.0) or 0.0), + last_turn_at=float(data.get("last_turn_at", 0.0) or 0.0), + last_verdict=data.get("last_verdict"), + last_reason=data.get("last_reason"), + paused_reason=data.get("paused_reason"), + ) + + +# ────────────────────────────────────────────────────────────────────── +# Persistence (SessionDB state_meta) +# ────────────────────────────────────────────────────────────────────── + + +def _meta_key(session_id: str) -> str: + return f"goal:{session_id}" + + +_DB_CACHE: Dict[str, Any] = {} + + +def _get_session_db() -> Optional[Any]: + """Return a SessionDB instance for the current HERMES_HOME. + + SessionDB has no built-in singleton, but opening a new connection per + /goal call would thrash the file. We cache one instance per + ``hermes_home`` path so profile switches still pick up the right DB. + Defensive against import/instantiation failures so tests and + non-standard launchers can still use the GoalManager. + """ + try: + from hermes_constants import get_hermes_home + from hermes_state import SessionDB + + home = str(get_hermes_home()) + except Exception as exc: # pragma: no cover + logger.debug("GoalManager: SessionDB bootstrap failed (%s)", exc) + return None + + cached = _DB_CACHE.get(home) + if cached is not None: + return cached + try: + db = SessionDB() + except Exception as exc: # pragma: no cover + logger.debug("GoalManager: SessionDB() raised (%s)", exc) + return None + _DB_CACHE[home] = db + return db + + +def load_goal(session_id: str) -> Optional[GoalState]: + """Load the goal for a session, or None if none exists.""" + if not session_id: + return None + db = _get_session_db() + if db is None: + return None + try: + raw = db.get_meta(_meta_key(session_id)) + except Exception as exc: + logger.debug("GoalManager: get_meta failed: %s", exc) + return None + if not raw: + return None + try: + return GoalState.from_json(raw) + except Exception as exc: + logger.warning("GoalManager: could not parse stored goal for %s: %s", session_id, exc) + return None + + +def save_goal(session_id: str, state: GoalState) -> None: + """Persist a goal to SessionDB. No-op if DB unavailable.""" + if not session_id: + return + db = _get_session_db() + if db is None: + return + try: + db.set_meta(_meta_key(session_id), state.to_json()) + except Exception as exc: + logger.debug("GoalManager: set_meta failed: %s", exc) + + +def clear_goal(session_id: str) -> None: + """Mark a goal cleared in the DB (preserved for audit, status=cleared).""" + state = load_goal(session_id) + if state is None: + return + state.status = "cleared" + save_goal(session_id, state) + + +# ────────────────────────────────────────────────────────────────────── +# Judge +# ────────────────────────────────────────────────────────────────────── + + +def _truncate(text: str, limit: int) -> str: + if not text: + return "" + if len(text) <= limit: + return text + return text[:limit] + "… [truncated]" + + +_JSON_OBJECT_RE = re.compile(r"\{.*?\}", re.DOTALL) + + +def _parse_judge_response(raw: str) -> Tuple[bool, str]: + """Parse the judge's reply. Fail-open to ``(False, "")``. + + Returns ``(done, reason)``. + """ + if not raw: + return False, "judge returned empty response" + + text = raw.strip() + + # Strip markdown code fences the model may wrap JSON in. + if text.startswith("```"): + text = text.strip("`") + # Peel off leading json/JSON/etc tag + nl = text.find("\n") + if nl != -1: + text = text[nl + 1:] + + # First try: parse the whole blob. + data: Optional[Dict[str, Any]] = None + try: + data = json.loads(text) + except Exception: + # Second try: pull the first JSON object out. + match = _JSON_OBJECT_RE.search(text) + if match: + try: + data = json.loads(match.group(0)) + except Exception: + data = None + + if not isinstance(data, dict): + return False, f"judge reply was not JSON: {_truncate(raw, 200)!r}" + + done_val = data.get("done") + if isinstance(done_val, str): + done = done_val.strip().lower() in ("true", "yes", "1", "done") + else: + done = bool(done_val) + reason = str(data.get("reason") or "").strip() + if not reason: + reason = "no reason provided" + return done, reason + + +def judge_goal( + goal: str, + last_response: str, + *, + timeout: float = DEFAULT_JUDGE_TIMEOUT, +) -> Tuple[str, str]: + """Ask the auxiliary model whether the goal is satisfied. + + Returns ``(verdict, reason)`` where verdict is ``"done"``, ``"continue"``, + or ``"skipped"`` (when the judge couldn't be reached). + + This is deliberately fail-open: any error returns ``("continue", "...")`` + so a broken judge doesn't wedge progress — the turn budget is the + backstop. + """ + if not goal.strip(): + return "skipped", "empty goal" + if not last_response.strip(): + # No substantive reply this turn — almost certainly not done yet. + return "continue", "empty response (nothing to evaluate)" + + try: + from agent.auxiliary_client import get_text_auxiliary_client + except Exception as exc: + logger.debug("goal judge: auxiliary client import failed: %s", exc) + return "continue", "auxiliary client unavailable" + + try: + client, model = get_text_auxiliary_client("goal_judge") + except Exception as exc: + logger.debug("goal judge: get_text_auxiliary_client failed: %s", exc) + return "continue", "auxiliary client unavailable" + + if client is None or not model: + return "continue", "no auxiliary client configured" + + prompt = JUDGE_USER_PROMPT_TEMPLATE.format( + goal=_truncate(goal, 2000), + response=_truncate(last_response, _JUDGE_RESPONSE_SNIPPET_CHARS), + ) + + try: + resp = client.chat.completions.create( + model=model, + messages=[ + {"role": "system", "content": JUDGE_SYSTEM_PROMPT}, + {"role": "user", "content": prompt}, + ], + temperature=0, + max_tokens=200, + timeout=timeout, + ) + except Exception as exc: + logger.info("goal judge: API call failed (%s) — falling through to continue", exc) + return "continue", f"judge error: {type(exc).__name__}" + + try: + raw = resp.choices[0].message.content or "" + except Exception: + raw = "" + + done, reason = _parse_judge_response(raw) + verdict = "done" if done else "continue" + logger.info("goal judge: verdict=%s reason=%s", verdict, _truncate(reason, 120)) + return verdict, reason + + +# ────────────────────────────────────────────────────────────────────── +# GoalManager — the orchestration surface CLI + gateway talk to +# ────────────────────────────────────────────────────────────────────── + + +class GoalManager: + """Per-session goal state + continuation decisions. + + The CLI and gateway each hold one ``GoalManager`` per live session. + + Methods: + + - ``set(goal)`` — start a new standing goal. + - ``clear()`` — remove the active goal. + - ``pause()`` / ``resume()`` — explicit user controls. + - ``status()`` — printable one-liner. + - ``evaluate_after_turn(last_response)`` — call the judge, update state, + and return a decision dict the caller uses to drive the next turn. + - ``next_continuation_prompt()`` — the canonical user-role message to + feed back into ``run_conversation``. + """ + + def __init__(self, session_id: str, *, default_max_turns: int = DEFAULT_MAX_TURNS): + self.session_id = session_id + self.default_max_turns = int(default_max_turns or DEFAULT_MAX_TURNS) + self._state: Optional[GoalState] = load_goal(session_id) + + # --- introspection ------------------------------------------------ + + @property + def state(self) -> Optional[GoalState]: + return self._state + + def is_active(self) -> bool: + return self._state is not None and self._state.status == "active" + + def has_goal(self) -> bool: + return self._state is not None and self._state.status in ("active", "paused") + + def status_line(self) -> str: + s = self._state + if s is None or s.status in ("cleared",): + return "No active goal. Set one with /goal ." + turns = f"{s.turns_used}/{s.max_turns} turns" + if s.status == "active": + return f"⊙ Goal (active, {turns}): {s.goal}" + if s.status == "paused": + extra = f" — {s.paused_reason}" if s.paused_reason else "" + return f"⏸ Goal (paused, {turns}{extra}): {s.goal}" + if s.status == "done": + return f"✓ Goal done ({turns}): {s.goal}" + return f"Goal ({s.status}, {turns}): {s.goal}" + + # --- mutation ----------------------------------------------------- + + def set(self, goal: str, *, max_turns: Optional[int] = None) -> GoalState: + goal = (goal or "").strip() + if not goal: + raise ValueError("goal text is empty") + state = GoalState( + goal=goal, + status="active", + turns_used=0, + max_turns=int(max_turns) if max_turns else self.default_max_turns, + created_at=time.time(), + last_turn_at=0.0, + ) + self._state = state + save_goal(self.session_id, state) + return state + + def pause(self, reason: str = "user-paused") -> Optional[GoalState]: + if not self._state: + return None + self._state.status = "paused" + self._state.paused_reason = reason + save_goal(self.session_id, self._state) + return self._state + + def resume(self, *, reset_budget: bool = True) -> Optional[GoalState]: + if not self._state: + return None + self._state.status = "active" + self._state.paused_reason = None + if reset_budget: + self._state.turns_used = 0 + save_goal(self.session_id, self._state) + return self._state + + def clear(self) -> None: + if self._state is None: + return + self._state.status = "cleared" + save_goal(self.session_id, self._state) + self._state = None + + def mark_done(self, reason: str) -> None: + if not self._state: + return + self._state.status = "done" + self._state.last_verdict = "done" + self._state.last_reason = reason + save_goal(self.session_id, self._state) + + # --- the main entry point called after every turn ----------------- + + def evaluate_after_turn( + self, + last_response: str, + *, + user_initiated: bool = True, + ) -> Dict[str, Any]: + """Run the judge and update state. Return a decision dict. + + ``user_initiated`` distinguishes a real user prompt (True) from a + continuation prompt we fed ourselves (False). Both increment + ``turns_used`` because both consume model budget. + + Decision keys: + - ``status``: current goal status after update + - ``should_continue``: bool — caller should fire another turn + - ``continuation_prompt``: str or None + - ``verdict``: "done" | "continue" | "skipped" | "inactive" + - ``reason``: str + - ``message``: user-visible one-liner to print/send + """ + state = self._state + if state is None or state.status != "active": + return { + "status": state.status if state else None, + "should_continue": False, + "continuation_prompt": None, + "verdict": "inactive", + "reason": "no active goal", + "message": "", + } + + # Count the turn that just finished. + state.turns_used += 1 + state.last_turn_at = time.time() + + verdict, reason = judge_goal(state.goal, last_response) + state.last_verdict = verdict + state.last_reason = reason + + if verdict == "done": + state.status = "done" + save_goal(self.session_id, state) + return { + "status": "done", + "should_continue": False, + "continuation_prompt": None, + "verdict": "done", + "reason": reason, + "message": f"✓ Goal achieved: {reason}", + } + + if state.turns_used >= state.max_turns: + state.status = "paused" + state.paused_reason = f"turn budget exhausted ({state.turns_used}/{state.max_turns})" + save_goal(self.session_id, state) + return { + "status": "paused", + "should_continue": False, + "continuation_prompt": None, + "verdict": "continue", + "reason": reason, + "message": ( + f"⏸ Goal paused — {state.turns_used}/{state.max_turns} turns used. " + "Use /goal resume to keep going, or /goal clear to stop." + ), + } + + save_goal(self.session_id, state) + return { + "status": "active", + "should_continue": True, + "continuation_prompt": self.next_continuation_prompt(), + "verdict": "continue", + "reason": reason, + "message": ( + f"↻ Continuing toward goal ({state.turns_used}/{state.max_turns}): {reason}" + ), + } + + def next_continuation_prompt(self) -> Optional[str]: + if not self._state or self._state.status != "active": + return None + return CONTINUATION_PROMPT_TEMPLATE.format(goal=self._state.goal) + + +__all__ = [ + "GoalState", + "GoalManager", + "CONTINUATION_PROMPT_TEMPLATE", + "DEFAULT_MAX_TURNS", + "load_goal", + "save_goal", + "clear_goal", + "judge_goal", +] diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py index 570a0a7a882..cbe9adb0660 100644 --- a/hermes_cli/web_server.py +++ b/hermes_cli/web_server.py @@ -345,6 +345,7 @@ _CATEGORY_MERGE: Dict[str, str] = { "dashboard": "display", "code_execution": "agent", "prompt_caching": "agent", + "goals": "agent", # Only `telegram.reactions` currently lives under telegram — fold it in # with the other messaging-platform config (discord) so it isn't an # orphan tab of one field. diff --git a/tests/hermes_cli/test_goals.py b/tests/hermes_cli/test_goals.py new file mode 100644 index 00000000000..a21c5f47498 --- /dev/null +++ b/tests/hermes_cli/test_goals.py @@ -0,0 +1,358 @@ +"""Tests for hermes_cli/goals.py — persistent cross-turn goals.""" + +from __future__ import annotations + +import json +from unittest.mock import patch, MagicMock + +import pytest + + +# ────────────────────────────────────────────────────────────────────── +# Fixtures +# ────────────────────────────────────────────────────────────────────── + + +@pytest.fixture +def hermes_home(tmp_path, monkeypatch): + """Isolated HERMES_HOME so SessionDB.state_meta writes don't clobber the real one.""" + from pathlib import Path + + home = tmp_path / ".hermes" + home.mkdir() + monkeypatch.setattr(Path, "home", lambda: tmp_path) + monkeypatch.setenv("HERMES_HOME", str(home)) + + # Bust the goal-module's DB cache for each test so it re-resolves HERMES_HOME. + from hermes_cli import goals + + goals._DB_CACHE.clear() + yield home + goals._DB_CACHE.clear() + + +# ────────────────────────────────────────────────────────────────────── +# _parse_judge_response +# ────────────────────────────────────────────────────────────────────── + + +class TestParseJudgeResponse: + def test_clean_json_done(self): + from hermes_cli.goals import _parse_judge_response + + done, reason = _parse_judge_response('{"done": true, "reason": "all good"}') + assert done is True + assert reason == "all good" + + def test_clean_json_continue(self): + from hermes_cli.goals import _parse_judge_response + + done, reason = _parse_judge_response('{"done": false, "reason": "more work needed"}') + assert done is False + assert reason == "more work needed" + + def test_json_in_markdown_fence(self): + from hermes_cli.goals import _parse_judge_response + + raw = '```json\n{"done": true, "reason": "done"}\n```' + done, reason = _parse_judge_response(raw) + assert done is True + assert "done" in reason + + def test_json_embedded_in_prose(self): + """Some models prefix reasoning before emitting JSON — we extract it.""" + from hermes_cli.goals import _parse_judge_response + + raw = 'Looking at this... the agent says X. Verdict: {"done": false, "reason": "partial"}' + done, reason = _parse_judge_response(raw) + assert done is False + assert reason == "partial" + + def test_string_done_values(self): + from hermes_cli.goals import _parse_judge_response + + for s in ("true", "yes", "done", "1"): + done, _ = _parse_judge_response(f'{{"done": "{s}", "reason": "r"}}') + assert done is True + for s in ("false", "no", "not yet"): + done, _ = _parse_judge_response(f'{{"done": "{s}", "reason": "r"}}') + assert done is False + + def test_malformed_json_fails_open(self): + """Non-JSON → not done, with error-ish reason (so judge_goal can map to continue).""" + from hermes_cli.goals import _parse_judge_response + + done, reason = _parse_judge_response("this is not json at all") + assert done is False + assert reason # non-empty + + def test_empty_response(self): + from hermes_cli.goals import _parse_judge_response + + done, reason = _parse_judge_response("") + assert done is False + assert reason + + +# ────────────────────────────────────────────────────────────────────── +# judge_goal — fail-open semantics +# ────────────────────────────────────────────────────────────────────── + + +class TestJudgeGoal: + def test_empty_goal_skipped(self): + from hermes_cli.goals import judge_goal + + verdict, _ = judge_goal("", "some response") + assert verdict == "skipped" + + def test_empty_response_continues(self): + from hermes_cli.goals import judge_goal + + verdict, _ = judge_goal("ship the thing", "") + assert verdict == "continue" + + def test_no_aux_client_continues(self): + """Fail-open: if no aux client, we must return continue, not skipped/done.""" + from hermes_cli import goals + + with patch( + "agent.auxiliary_client.get_text_auxiliary_client", + return_value=(None, None), + ): + verdict, _ = goals.judge_goal("my goal", "my response") + assert verdict == "continue" + + def test_api_error_continues(self): + """Judge exception → fail-open continue (don't wedge progress on judge bugs).""" + from hermes_cli import goals + + fake_client = MagicMock() + fake_client.chat.completions.create.side_effect = RuntimeError("boom") + with patch( + "agent.auxiliary_client.get_text_auxiliary_client", + return_value=(fake_client, "judge-model"), + ): + verdict, reason = goals.judge_goal("goal", "response") + assert verdict == "continue" + assert "judge error" in reason.lower() + + def test_judge_says_done(self): + from hermes_cli import goals + + fake_client = MagicMock() + fake_client.chat.completions.create.return_value = MagicMock( + choices=[ + MagicMock( + message=MagicMock(content='{"done": true, "reason": "achieved"}') + ) + ] + ) + with patch( + "agent.auxiliary_client.get_text_auxiliary_client", + return_value=(fake_client, "judge-model"), + ): + verdict, reason = goals.judge_goal("goal", "agent response") + assert verdict == "done" + assert reason == "achieved" + + def test_judge_says_continue(self): + from hermes_cli import goals + + fake_client = MagicMock() + fake_client.chat.completions.create.return_value = MagicMock( + choices=[ + MagicMock( + message=MagicMock(content='{"done": false, "reason": "not yet"}') + ) + ] + ) + with patch( + "agent.auxiliary_client.get_text_auxiliary_client", + return_value=(fake_client, "judge-model"), + ): + verdict, reason = goals.judge_goal("goal", "agent response") + assert verdict == "continue" + assert reason == "not yet" + + +# ────────────────────────────────────────────────────────────────────── +# GoalManager lifecycle + persistence +# ────────────────────────────────────────────────────────────────────── + + +class TestGoalManager: + def test_no_goal_initial(self, hermes_home): + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="test-sid-1") + assert mgr.state is None + assert not mgr.is_active() + assert not mgr.has_goal() + assert "No active goal" in mgr.status_line() + + def test_set_then_status(self, hermes_home): + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="test-sid-2", default_max_turns=5) + state = mgr.set("port the thing") + assert state.goal == "port the thing" + assert state.status == "active" + assert state.max_turns == 5 + assert state.turns_used == 0 + assert mgr.is_active() + assert "active" in mgr.status_line().lower() + assert "port the thing" in mgr.status_line() + + def test_set_rejects_empty(self, hermes_home): + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="test-sid-3") + with pytest.raises(ValueError): + mgr.set("") + with pytest.raises(ValueError): + mgr.set(" ") + + def test_pause_and_resume(self, hermes_home): + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="test-sid-4") + mgr.set("goal text") + mgr.pause(reason="user-paused") + assert mgr.state.status == "paused" + assert not mgr.is_active() + assert mgr.has_goal() + + mgr.resume() + assert mgr.state.status == "active" + assert mgr.is_active() + + def test_clear(self, hermes_home): + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="test-sid-5") + mgr.set("goal") + mgr.clear() + assert mgr.state is None + assert not mgr.is_active() + + def test_persistence_across_managers(self, hermes_home): + """Key invariant: a second manager on the same session sees the goal. + + This is what makes /resume work — each session rebinds its + GoalManager and picks up the saved state. + """ + from hermes_cli.goals import GoalManager + + mgr1 = GoalManager(session_id="persist-sid") + mgr1.set("do the thing") + + mgr2 = GoalManager(session_id="persist-sid") + assert mgr2.state is not None + assert mgr2.state.goal == "do the thing" + assert mgr2.is_active() + + def test_evaluate_after_turn_done(self, hermes_home): + """Judge says done → status=done, no continuation.""" + from hermes_cli import goals + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="eval-sid-1") + mgr.set("ship it") + + with patch.object(goals, "judge_goal", return_value=("done", "shipped")): + decision = mgr.evaluate_after_turn("I shipped the feature.") + + assert decision["verdict"] == "done" + assert decision["should_continue"] is False + assert decision["continuation_prompt"] is None + assert mgr.state.status == "done" + assert mgr.state.turns_used == 1 + + def test_evaluate_after_turn_continue_under_budget(self, hermes_home): + from hermes_cli import goals + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="eval-sid-2", default_max_turns=5) + mgr.set("a long goal") + + with patch.object(goals, "judge_goal", return_value=("continue", "more work")): + decision = mgr.evaluate_after_turn("made some progress") + + assert decision["verdict"] == "continue" + assert decision["should_continue"] is True + assert decision["continuation_prompt"] is not None + assert "a long goal" in decision["continuation_prompt"] + assert mgr.state.status == "active" + assert mgr.state.turns_used == 1 + + def test_evaluate_after_turn_budget_exhausted(self, hermes_home): + """When turn budget hits ceiling, auto-pause instead of continuing.""" + from hermes_cli import goals + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="eval-sid-3", default_max_turns=2) + mgr.set("hard goal") + + with patch.object(goals, "judge_goal", return_value=("continue", "not yet")): + d1 = mgr.evaluate_after_turn("step 1") + assert d1["should_continue"] is True + assert mgr.state.turns_used == 1 + assert mgr.state.status == "active" + + d2 = mgr.evaluate_after_turn("step 2") + # turns_used is now 2 which equals max_turns → paused + assert d2["should_continue"] is False + assert mgr.state.status == "paused" + assert mgr.state.turns_used == 2 + assert "budget" in (mgr.state.paused_reason or "").lower() + + def test_evaluate_after_turn_inactive(self, hermes_home): + """evaluate_after_turn is a no-op when goal isn't active.""" + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="eval-sid-4") + d = mgr.evaluate_after_turn("anything") + assert d["verdict"] == "inactive" + assert d["should_continue"] is False + + mgr.set("a goal") + mgr.pause() + d2 = mgr.evaluate_after_turn("anything") + assert d2["verdict"] == "inactive" + assert d2["should_continue"] is False + + def test_continuation_prompt_shape(self, hermes_home): + """The continuation prompt must include the goal text verbatim — + and must be safe to inject as a user-role message (prompt-cache + invariants: no system-prompt mutation).""" + from hermes_cli.goals import GoalManager + + mgr = GoalManager(session_id="cont-sid") + mgr.set("port goal command to hermes") + prompt = mgr.next_continuation_prompt() + assert prompt is not None + assert "port goal command to hermes" in prompt + assert prompt.strip() # non-empty + + +# ────────────────────────────────────────────────────────────────────── +# Smoke: CommandDef is wired +# ────────────────────────────────────────────────────────────────────── + + +def test_goal_command_in_registry(): + from hermes_cli.commands import resolve_command + + cmd = resolve_command("goal") + assert cmd is not None + assert cmd.name == "goal" + + +def test_goal_command_dispatches_in_cli_registry_helpers(): + """goal shows up in autocomplete / help categories alongside other Session cmds.""" + from hermes_cli.commands import COMMANDS, COMMANDS_BY_CATEGORY + + assert "/goal" in COMMANDS + session_cmds = COMMANDS_BY_CATEGORY.get("Session", {}) + assert "/goal" in session_cmds diff --git a/website/docs/reference/slash-commands.md b/website/docs/reference/slash-commands.md index 6cc37287cb2..e70a923a92f 100644 --- a/website/docs/reference/slash-commands.md +++ b/website/docs/reference/slash-commands.md @@ -34,6 +34,7 @@ Type `/` in the CLI to open the autocomplete menu. Built-in commands are case-in | `/stop` | Kill all running background processes | | `/queue ` (alias: `/q`) | Queue a prompt for the next turn (doesn't interrupt the current agent response). | | `/steer ` | Inject a mid-run note that arrives at the agent **after the next tool call** — no interrupt, no new user turn. The text is appended to the last tool result's content once the current tool completes, giving the agent new context without breaking the current tool-calling loop. Use this to nudge direction mid-task (e.g. "focus on the auth module" while the agent is running tests). | +| `/goal ` | Set a standing goal Hermes works toward across turns. After each turn an auxiliary model judges whether the goal is satisfied by the agent's last response; if not, Hermes automatically feeds a continuation prompt back into the same session and keeps working. Subcommands: `/goal` (status), `/goal status`, `/goal pause`, `/goal resume`, `/goal clear`. Budget defaults to 20 turns (`goals.max_turns` in `config.yaml`); any real user message preempts the continuation loop. Our take on the Ralph loop — state survives `/resume` because it's stored in `state_meta` keyed by session ID. | | `/resume [name]` | Resume a previously-named session | | `/redraw` | Force a full UI repaint (recovers from terminal drift after tmux resize, mouse selection artifacts, etc.) | | `/status` | Show session info | @@ -153,6 +154,7 @@ The messaging gateway supports the following built-in commands inside Telegram, | `/background ` | Run a prompt in a separate background session. Results are delivered back to the same chat when the task finishes. See [Messaging Background Sessions](/docs/user-guide/messaging/#background-sessions). | | `/queue ` (alias: `/q`) | Queue a prompt for the next turn without interrupting the current one. | | `/steer ` | Inject a message after the next tool call without interrupting — the model picks it up on its next iteration rather than as a new turn. | +| `/goal ` | Set a standing goal Hermes works toward across turns. A judge model checks after each turn whether the goal is satisfied; if not, Hermes auto-continues until it is, you pause/clear it, or the turn budget (default 20) is hit. Subcommands: `/goal status`, `/goal pause`, `/goal resume`, `/goal clear`. Safe to run mid-agent for status/pause/clear; setting a new goal requires `/stop` first. | | `/footer [on\|off\|status]` | Toggle the runtime-metadata footer on final replies (shows model, tool counts, timing). | | `/curator [status\|run\|pin\|archive]` | Background skill maintenance controls. | | `/reload-mcp` (alias: `/reload_mcp`) | Reload MCP servers from config. | From 1be3b74cfb456a2271f16068b08f72b83b37308d Mon Sep 17 00:00:00 2001 From: Mikey O'Brien Date: Sun, 19 Apr 2026 16:34:31 -0500 Subject: [PATCH 105/133] fix(gateway): honor MATRIX_HOME_ROOM in onboarding --- gateway/run.py | 20 +++++++++---- tests/gateway/test_home_target_env_var.py | 36 +++++++++++++++++++++++ 2 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 tests/gateway/test_home_target_env_var.py diff --git a/gateway/run.py b/gateway/run.py index de04099c3a3..5a2d0a14425 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -232,6 +232,16 @@ def _ensure_ssl_certs() -> None: os.environ["SSL_CERT_FILE"] = candidate return +def _home_target_env_var(platform_name: str) -> str: + """Return the configured home-target env var for a platform.""" + from cron.scheduler import _HOME_TARGET_ENV_VARS + + return _HOME_TARGET_ENV_VARS.get( + platform_name.lower(), + f"{platform_name.upper()}_HOME_CHANNEL", + ) + + _ensure_ssl_certs() # Add parent directory to path @@ -5801,7 +5811,7 @@ class GatewayRunner: # Skip for webhooks - they deliver directly to configured targets (github_comment, etc.) if not history and source.platform and source.platform != Platform.LOCAL and source.platform != Platform.WEBHOOK: platform_name = source.platform.value - env_key = f"{platform_name.upper()}_HOME_CHANNEL" + env_key = _home_target_env_var(platform_name) if not os.getenv(env_key): adapter = self.adapters.get(source.platform) if adapter: @@ -7691,16 +7701,16 @@ class GatewayRunner: platform_name = source.platform.value if source.platform else "unknown" chat_id = source.chat_id chat_name = source.chat_name or chat_id - - env_key = f"{platform_name.upper()}_HOME_CHANNEL" - + + env_key = _home_target_env_var(platform_name) + # Save to .env so it persists across restarts try: from hermes_cli.config import save_env_value save_env_value(env_key, str(chat_id)) except Exception as e: return f"Failed to save home channel: {e}" - + return ( f"✅ Home channel set to **{chat_name}** (ID: {chat_id}).\n" f"Cron jobs and cross-platform messages will be delivered here." diff --git a/tests/gateway/test_home_target_env_var.py b/tests/gateway/test_home_target_env_var.py new file mode 100644 index 00000000000..27a7e8919b4 --- /dev/null +++ b/tests/gateway/test_home_target_env_var.py @@ -0,0 +1,36 @@ +"""Regression tests for /sethome env-var resolution. + +The `/sethome` command writes to a platform's home-target env var. Two platforms +don't follow the `{PLATFORM}_HOME_CHANNEL` convention: matrix uses +`MATRIX_HOME_ROOM` and email uses `EMAIL_HOME_ADDRESS`. Before PR #12698 +`/sethome` hardcoded the `_HOME_CHANNEL` suffix, so Matrix and Email saves went +to env vars nothing read on startup — the home channel appeared to set +successfully but was lost on every new gateway session. +""" + +from gateway.run import _home_target_env_var + + +def test_matrix_home_target_env_var_uses_home_room(): + assert _home_target_env_var("matrix") == "MATRIX_HOME_ROOM" + + +def test_email_home_target_env_var_uses_home_address(): + assert _home_target_env_var("email") == "EMAIL_HOME_ADDRESS" + + +def test_telegram_home_target_env_var_uses_home_channel(): + assert _home_target_env_var("telegram") == "TELEGRAM_HOME_CHANNEL" + + +def test_discord_home_target_env_var_uses_home_channel(): + assert _home_target_env_var("discord") == "DISCORD_HOME_CHANNEL" + + +def test_unknown_platform_home_target_env_var_falls_back_to_home_channel(): + assert _home_target_env_var("custom") == "CUSTOM_HOME_CHANNEL" + + +def test_case_insensitive_platform_name(): + assert _home_target_env_var("MATRIX") == "MATRIX_HOME_ROOM" + assert _home_target_env_var("Email") == "EMAIL_HOME_ADDRESS" From 77dd6d54699f39ca7999196690f2db8e73d4db01 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:09:47 -0700 Subject: [PATCH 106/133] chore(release): add mikeyobrien to AUTHOR_MAP --- scripts/release.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/release.py b/scripts/release.py index 56f407950dc..39e6606b491 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -41,6 +41,7 @@ PYPROJECT_FILE = REPO_ROOT / "pyproject.toml" AUTHOR_MAP = { # teknium (multiple emails) "teknium1@gmail.com": "teknium1", + "m@mobrienv.dev": "mikeyobrien", "qiyin.zuo@pcitc.com": "qiyin-code", "leone.parise@gmail.com": "leoneparise", "teknium@nousresearch.com": "teknium1", From 9ca72a69a730e442ad6f14e5f2f51c8f2011dcb7 Mon Sep 17 00:00:00 2001 From: Hendrix Date: Thu, 30 Apr 2026 23:49:13 -0300 Subject: [PATCH 107/133] fix(moonshot): fill missing type before enum cleanup to handle anyOf branches without explicit type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When a schema node inside anyOf has enum values but no explicit 'type', Rule 3 (enum cleanup) ran before _fill_missing_type, so node_type was None and the enum was never cleaned. Moonshot then rejected the schema with 'enum value () does not match any type in [string]'. Fix: reorder operations — fill missing type first, strip nullable, then clean enum. This ensures enum cleanup always has a type to check. Also fixes test expectation: empty string in enum is now correctly stripped (Moonshot rejects it too). Closes #16875 --- agent/moonshot_schema.py | 41 +++++++- tests/agent/test_moonshot_schema.py | 146 +++++++++++++++++++++++++--- 2 files changed, 171 insertions(+), 16 deletions(-) diff --git a/agent/moonshot_schema.py b/agent/moonshot_schema.py index 08585bab4c7..391087a5311 100644 --- a/agent/moonshot_schema.py +++ b/agent/moonshot_schema.py @@ -81,15 +81,50 @@ def _repair_schema(node: Any, is_schema: bool = True) -> Any: return repaired # Rule 2: when anyOf is present, type belongs only on the children. + # Additionally, Moonshot rejects null-type branches inside anyOf + # (enum value () does not match any type in [string]). + # Collapse the anyOf to the first non-null branch and infer its type. if "anyOf" in repaired and isinstance(repaired["anyOf"], list): repaired.pop("type", None) + non_null = [b for b in repaired["anyOf"] + if isinstance(b, dict) and b.get("type") != "null"] + if non_null and len(non_null) < len(repaired["anyOf"]): + # Drop the anyOf wrapper — keep only the non-null branch. + # If there's a single non-null branch, promote it. + if len(non_null) == 1: + merge = {k: v for k, v in repaired.items() if k != "anyOf"} + merge.update(non_null[0]) + repaired = merge + else: + repaired["anyOf"] = non_null return repaired + # Moonshot also rejects non-standard keywords like ``nullable`` on + # parameter schemas — strip it. + repaired.pop("nullable", None) + # Rule 1: property schemas without type need one. $ref nodes are exempt # — their type comes from the referenced definition. - if "$ref" in repaired: - return repaired - return _fill_missing_type(repaired) + # Fill missing type BEFORE Rule 3 so enum cleanup can check the type. + if "$ref" not in repaired: + repaired = _fill_missing_type(repaired) + + # Rule 3: Moonshot rejects null/empty-string values inside enum arrays + # when the parent type is a scalar (string, integer, etc.). The error: + # "enum value () does not match any type in [string]" + # Strip null and empty-string from enum values, and if the enum becomes + # empty, drop it entirely. + if "enum" in repaired and isinstance(repaired["enum"], list): + node_type = repaired.get("type") + if node_type in ("string", "integer", "number", "boolean"): + cleaned = [v for v in repaired["enum"] + if v is not None and v != ""] + if cleaned: + repaired["enum"] = cleaned + else: + repaired.pop("enum") + + return repaired def _fill_missing_type(node: Dict[str, Any]) -> Dict[str, Any]: diff --git a/tests/agent/test_moonshot_schema.py b/tests/agent/test_moonshot_schema.py index da53806587e..6e8fdc81ba5 100644 --- a/tests/agent/test_moonshot_schema.py +++ b/tests/agent/test_moonshot_schema.py @@ -115,9 +115,15 @@ class TestMissingTypeFilled: class TestAnyOfParentType: - """Rule 2: type must not appear at the anyOf parent level.""" + """Rule 2: type must not appear at the anyOf parent level. - def test_parent_type_stripped_when_anyof_present(self): + When an anyOf contains a null-type branch, Moonshot rejects it. + The sanitizer collapses the anyOf: single non-null branch is promoted, + multiple non-null branches have null removed from the list. + """ + + def test_anyof_null_branch_collapsed_to_single_type(self): + """anyOf [string, null] → plain string (anyOf removed).""" params = { "type": "object", "properties": { @@ -132,25 +138,46 @@ class TestAnyOfParentType: } out = sanitize_moonshot_tool_parameters(params) from_format = out["properties"]["from_format"] - assert "type" not in from_format - assert "anyOf" in from_format + # null branch removed, anyOf collapsed to the single non-null type + assert "anyOf" not in from_format + assert from_format["type"] == "string" - def test_anyof_children_missing_type_get_filled(self): + def test_anyof_multiple_non_null_preserved(self): + """anyOf [string, integer] (no null) → kept as-is with parent type stripped.""" params = { "type": "object", "properties": { - "value": { + "mode": { "anyOf": [ {"type": "string"}, - {"description": "A typeless option"}, + {"type": "integer"}, ], }, }, } out = sanitize_moonshot_tool_parameters(params) - children = out["properties"]["value"]["anyOf"] - assert children[0]["type"] == "string" - assert "type" in children[1] + mode = out["properties"]["mode"] + assert "anyOf" in mode + assert "type" not in mode # parent type stripped + + def test_anyof_enum_with_null_collapsed(self): + """anyOf [{enum: [...], type: string}, {type: null}] → enum + type only.""" + params = { + "type": "object", + "properties": { + "db_type": { + "anyOf": [ + {"enum": ["mysql", "postgresql", ""]}, + {"type": "null"}, + ], + }, + }, + } + out = sanitize_moonshot_tool_parameters(params) + db_type = out["properties"]["db_type"] + assert "anyOf" not in db_type + assert db_type["type"] == "string" + assert db_type["enum"] == ["mysql", "postgresql"] # "" stripped by enum cleanup class TestTopLevelGuarantees: @@ -226,7 +253,7 @@ class TestRealWorldMCPShape: """End-to-end: a realistic MCP-style schema that used to 400 on Moonshot.""" def test_combined_rewrites(self): - # Shape: missing type on a property, anyOf with parent type, array + # Shape: missing type on a property, anyOf with parent type + null, array # items without type — all in one tool. params = { "type": "object", @@ -248,7 +275,100 @@ class TestRealWorldMCPShape: } out = sanitize_moonshot_tool_parameters(params) assert out["properties"]["query"]["type"] == "string" - assert "type" not in out["properties"]["filter"] - assert out["properties"]["filter"]["anyOf"][0]["type"] == "string" + # anyOf with null collapsed to plain type + assert "anyOf" not in out["properties"]["filter"] + assert out["properties"]["filter"]["type"] == "string" assert out["properties"]["tags"]["items"]["type"] == "string" assert out["required"] == ["query"] + + +class TestEnumNullStripping: + """Rule 3: Moonshot rejects null/empty-string inside enum arrays.""" + + def test_enum_null_value_stripped(self): + """enum containing Python None must have it removed for Moonshot.""" + params = { + "type": "object", + "properties": { + "db_type": { + "type": "string", + "enum": ["mysql", "postgresql", None], + }, + }, + } + out = sanitize_moonshot_tool_parameters(params) + db_type = out["properties"]["db_type"] + assert None not in db_type["enum"] + assert "mysql" in db_type["enum"] + assert "postgresql" in db_type["enum"] + + def test_enum_empty_string_stripped(self): + """enum containing empty string '' must have it removed for Moonshot.""" + params = { + "type": "object", + "properties": { + "db_type": { + "type": "string", + "enum": ["mysql", "postgresql", ""], + }, + }, + } + out = sanitize_moonshot_tool_parameters(params) + db_type = out["properties"]["db_type"] + assert "" not in db_type["enum"] + assert db_type["enum"] == ["mysql", "postgresql"] + + def test_enum_all_null_becomes_no_enum(self): + """enum that only had null/empty values is dropped entirely.""" + params = { + "type": "object", + "properties": { + "val": { + "type": "string", + "enum": [None, ""], + }, + }, + } + out = sanitize_moonshot_tool_parameters(params) + assert "enum" not in out["properties"]["val"] + + def test_dataslayer_db_type_after_mcp_normalize(self): + """Real-world: dataslayer db_type anyOf+enum after MCP normalization.""" + # This is the exact shape after _normalize_mcp_input_schema runs: + # anyOf collapsed, but enum still has null + empty string + params = { + "type": "object", + "properties": { + "datasource": {"type": "string"}, + "db_type": { + "enum": ["mysql", "mariadb", "postgresql", "sqlserver", "oracle", "", None], + "type": "string", + "nullable": True, + "default": None, + }, + }, + "required": ["datasource"], + } + out = sanitize_moonshot_tool_parameters(params) + db_type = out["properties"]["db_type"] + assert "nullable" not in db_type, "nullable keyword must be stripped" + assert None not in db_type["enum"] + assert "" not in db_type["enum"] + assert db_type["enum"] == ["mysql", "mariadb", "postgresql", "sqlserver", "oracle"] + assert db_type["type"] == "string" + + def test_enum_on_object_type_not_stripped(self): + """enum on non-scalar types (object) should NOT be touched.""" + params = { + "type": "object", + "properties": { + "config": { + "type": "object", + "properties": {}, + "enum": [{}, None], + }, + }, + } + out = sanitize_moonshot_tool_parameters(params) + # object-typed enum should pass through unchanged + assert "enum" in out["properties"]["config"] From 9cb5baeacfc7c026c6f228aebfc89959a5d2acc5 Mon Sep 17 00:00:00 2001 From: teknium1 <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:08:46 -0700 Subject: [PATCH 108/133] chore(release): map hendrixfreire for moonshot salvage --- scripts/release.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/release.py b/scripts/release.py index 39e6606b491..1c5dfa7d559 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -106,6 +106,8 @@ AUTHOR_MAP = { "web3blind@users.noreply.github.com": "web3blind", "julia@alexland.us": "alexg0bot", "christian@scheid.tech": "scheidti", + # Moonshot schema anyOf+enum salvage (May 2026) + "git@local.invalid": "hendrixfreire", "1060770+benjaminsehl@users.noreply.github.com": "benjaminsehl", "nerijusn76@gmail.com": "Nerijusas", "itonov@proton.me": "Ito-69", From 2af8b8ff3712c71620f32b1fa57e92289e6ca202 Mon Sep 17 00:00:00 2001 From: teknium1 <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:10:25 -0700 Subject: [PATCH 109/133] fix(moonshot): also strip nullable/enum after anyOf collapse MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The anyOf collapse in _repair_schema returned early, skipping the nullable-strip and enum-cleanup steps. When a schema had anyOf [{enum: [..., null, '']}, {type: null}] alongside a parent-level 'nullable: true', collapsing to the single non-null branch produced a merged node that still had both 'nullable' and the bad enum values — Moonshot would still 400 on it. Fix: fall through to Rules 1/3 when the collapse produces a single merged node; only return early for the multi-branch case (pure anyOf preservation) or when there was no null branch to remove. Adds a test that locks in the combined-case expectation. --- agent/moonshot_schema.py | 10 ++++++++-- tests/agent/test_moonshot_schema.py | 25 +++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/agent/moonshot_schema.py b/agent/moonshot_schema.py index 391087a5311..aeefd4a0cee 100644 --- a/agent/moonshot_schema.py +++ b/agent/moonshot_schema.py @@ -90,14 +90,20 @@ def _repair_schema(node: Any, is_schema: bool = True) -> Any: if isinstance(b, dict) and b.get("type") != "null"] if non_null and len(non_null) < len(repaired["anyOf"]): # Drop the anyOf wrapper — keep only the non-null branch. - # If there's a single non-null branch, promote it. + # If there's a single non-null branch, promote it and fall + # through to Rules 1/3 so nullable/enum cleanup still applies + # to the merged node. if len(non_null) == 1: merge = {k: v for k, v in repaired.items() if k != "anyOf"} merge.update(non_null[0]) repaired = merge else: repaired["anyOf"] = non_null - return repaired + return repaired + else: + # Nothing to collapse — parent type stripped, children already + # repaired by the recursive walk above. + return repaired # Moonshot also rejects non-standard keywords like ``nullable`` on # parameter schemas — strip it. diff --git a/tests/agent/test_moonshot_schema.py b/tests/agent/test_moonshot_schema.py index 6e8fdc81ba5..2ce2daa096a 100644 --- a/tests/agent/test_moonshot_schema.py +++ b/tests/agent/test_moonshot_schema.py @@ -372,3 +372,28 @@ class TestEnumNullStripping: out = sanitize_moonshot_tool_parameters(params) # object-typed enum should pass through unchanged assert "enum" in out["properties"]["config"] + + def test_anyof_collapse_still_runs_nullable_and_enum_cleanup(self): + """After anyOf collapses to a single non-null branch, the merged + node must still have ``nullable`` stripped and null/empty-string + values removed from enum — not skipped by the early anyOf return. + """ + params = { + "type": "object", + "properties": { + "db_type": { + "anyOf": [ + {"enum": ["mysql", "postgresql", "", None]}, + {"type": "null"}, + ], + "nullable": True, + }, + }, + } + out = sanitize_moonshot_tool_parameters(params) + db_type = out["properties"]["db_type"] + assert "anyOf" not in db_type + assert "nullable" not in db_type, "nullable must be stripped after anyOf collapse" + assert db_type["type"] == "string" + assert db_type["enum"] == ["mysql", "postgresql"], \ + "null/empty enum values must be stripped after anyOf collapse" From cf2b2d31ce77ba87c114c53966d7f7cc629cad9e Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:16:54 -0700 Subject: [PATCH 110/133] docs: add Persistent Goals (/goal) feature page (#18275) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds a proper feature page at user-guide/features/goals.md covering the /goal slash command — Hermes' take on the Ralph loop shipped in PR #18262. The slash-commands reference table had two table rows but no narrative doc walking through the judge model, fail-open semantics, turn budget, persistence, user-message preemption, or the aux-model config override. Adds a walkthrough example showing a multi-turn goal running to completion, covers the two judge failure modes with how to recover, and credits Codex CLI 0.128.0 / Eric Traut as prior art. Also cross-links both slash-commands.md rows to the new page so readers discovering /goal from the command reference can dive in. --- website/docs/reference/slash-commands.md | 4 +- website/docs/user-guide/features/goals.md | 165 ++++++++++++++++++++++ 2 files changed, 167 insertions(+), 2 deletions(-) create mode 100644 website/docs/user-guide/features/goals.md diff --git a/website/docs/reference/slash-commands.md b/website/docs/reference/slash-commands.md index e70a923a92f..ef566cd5ba4 100644 --- a/website/docs/reference/slash-commands.md +++ b/website/docs/reference/slash-commands.md @@ -34,7 +34,7 @@ Type `/` in the CLI to open the autocomplete menu. Built-in commands are case-in | `/stop` | Kill all running background processes | | `/queue ` (alias: `/q`) | Queue a prompt for the next turn (doesn't interrupt the current agent response). | | `/steer ` | Inject a mid-run note that arrives at the agent **after the next tool call** — no interrupt, no new user turn. The text is appended to the last tool result's content once the current tool completes, giving the agent new context without breaking the current tool-calling loop. Use this to nudge direction mid-task (e.g. "focus on the auth module" while the agent is running tests). | -| `/goal ` | Set a standing goal Hermes works toward across turns. After each turn an auxiliary model judges whether the goal is satisfied by the agent's last response; if not, Hermes automatically feeds a continuation prompt back into the same session and keeps working. Subcommands: `/goal` (status), `/goal status`, `/goal pause`, `/goal resume`, `/goal clear`. Budget defaults to 20 turns (`goals.max_turns` in `config.yaml`); any real user message preempts the continuation loop. Our take on the Ralph loop — state survives `/resume` because it's stored in `state_meta` keyed by session ID. | +| `/goal ` | Set a standing goal Hermes works toward across turns — our take on the Ralph loop. After each turn an auxiliary judge model decides whether the goal is done; if not, Hermes auto-continues. Subcommands: `/goal status`, `/goal pause`, `/goal resume`, `/goal clear`. Budget defaults to 20 turns (`goals.max_turns`); any real user message preempts the continuation loop, and state survives `/resume`. See [Persistent Goals](/docs/user-guide/features/goals) for the full walkthrough. | | `/resume [name]` | Resume a previously-named session | | `/redraw` | Force a full UI repaint (recovers from terminal drift after tmux resize, mouse selection artifacts, etc.) | | `/status` | Show session info | @@ -154,7 +154,7 @@ The messaging gateway supports the following built-in commands inside Telegram, | `/background ` | Run a prompt in a separate background session. Results are delivered back to the same chat when the task finishes. See [Messaging Background Sessions](/docs/user-guide/messaging/#background-sessions). | | `/queue ` (alias: `/q`) | Queue a prompt for the next turn without interrupting the current one. | | `/steer ` | Inject a message after the next tool call without interrupting — the model picks it up on its next iteration rather than as a new turn. | -| `/goal ` | Set a standing goal Hermes works toward across turns. A judge model checks after each turn whether the goal is satisfied; if not, Hermes auto-continues until it is, you pause/clear it, or the turn budget (default 20) is hit. Subcommands: `/goal status`, `/goal pause`, `/goal resume`, `/goal clear`. Safe to run mid-agent for status/pause/clear; setting a new goal requires `/stop` first. | +| `/goal ` | Set a standing goal Hermes works toward across turns — our take on the Ralph loop. A judge model checks after each turn; if not done, Hermes auto-continues until it is, you pause/clear it, or the turn budget (default 20) is hit. Subcommands: `/goal status`, `/goal pause`, `/goal resume`, `/goal clear`. Safe to run mid-agent for status/pause/clear; setting a new goal requires `/stop` first. See [Persistent Goals](/docs/user-guide/features/goals). | | `/footer [on\|off\|status]` | Toggle the runtime-metadata footer on final replies (shows model, tool counts, timing). | | `/curator [status\|run\|pin\|archive]` | Background skill maintenance controls. | | `/reload-mcp` (alias: `/reload_mcp`) | Reload MCP servers from config. | diff --git a/website/docs/user-guide/features/goals.md b/website/docs/user-guide/features/goals.md new file mode 100644 index 00000000000..f8c613ca7fa --- /dev/null +++ b/website/docs/user-guide/features/goals.md @@ -0,0 +1,165 @@ +--- +sidebar_position: 16 +title: "Persistent Goals (`/goal`)" +description: "Set a standing goal and let Hermes keep working across turns until it's done. Our take on the Ralph loop." +--- + +# Persistent Goals (`/goal`) + +`/goal` gives Hermes a standing objective that survives across turns. After every turn a lightweight judge model checks whether the goal is satisfied by the assistant's last response. If not, Hermes automatically feeds a continuation prompt back into the same session and keeps working — until the goal is achieved, you pause or clear it, or the turn budget runs out. + +It's our take on the **Ralph loop**, directly inspired by [Codex CLI 0.128.0's `/goal`](https://github.com/openai/codex) by Eric Traut (OpenAI). The core idea — keep a goal alive across turns and don't stop until it's achieved — is theirs. The implementation here is independent and adapted to Hermes' architecture. + +## When to use it + +Use `/goal` for tasks where you want Hermes to iterate on its own without you re-prompting every turn: + +- "Fix every lint error in `src/` and verify `ruff check` passes" +- "Port feature X from repo Y, including tests, and get CI green" +- "Investigate why session IDs sometimes drift on mid-run compression and write up a report" +- "Build a small CLI to rename files by their EXIF dates, then test it against the photos/ folder" + +Tasks where the agent does one turn and stops don't need `/goal`. Tasks where *you'd otherwise have to say "keep going" three times* are where this shines. + +## Quick start + +``` +/goal Fix every failing test in tests/hermes_cli/ and make sure scripts/run_tests.sh passes for that directory +``` + +What you'll see: + +1. **Goal accepted** — `⊙ Goal set (20-turn budget): ` +2. **Turn 1 runs** — Hermes starts working as if you'd sent the goal as a normal message. +3. **Judge runs** — after the turn, the judge model decides `done` or `continue`. +4. **Loop fires if needed** — if `continue`, you'll see `↻ Continuing toward goal (1/20): ` and Hermes takes the next step automatically. +5. **Terminates** — eventually you see either `✓ Goal achieved: ` or `⏸ Goal paused — N/20 turns used`. + +## Commands + +| Command | What it does | +|---|---| +| `/goal ` | Set (or replace) the standing goal. Kicks off the first turn immediately so you don't need to send a separate message. | +| `/goal` or `/goal status` | Show the current goal, its status, and turns used. | +| `/goal pause` | Stop the auto-continuation loop without clearing the goal. | +| `/goal resume` | Resume the loop (resets the turn counter back to zero). | +| `/goal clear` | Drop the goal entirely. | + +Works identically on the CLI and every gateway platform (Telegram, Discord, Slack, Matrix, Signal, WhatsApp, SMS, iMessage, Webhook, API server, and the web dashboard). + +## Behavior details + +### The judge + +After every turn, Hermes calls an auxiliary model with: + +- The standing goal text +- The agent's most recent final response (last ~4 KB of text) +- A system prompt telling the judge to reply with strict JSON: `{"done": , "reason": ""}` + +The judge is deliberately conservative: it marks a goal `done` only when the response **explicitly** confirms the goal is complete, when the final deliverable is clearly produced, or when the goal is unachievable/blocked (treated as DONE with a block reason so we don't burn budget on impossible tasks). + +### Fail-open semantics + +If the judge errors (network blip, malformed response, unavailable aux client), Hermes treats the verdict as `continue` — a broken judge never wedges progress. The **turn budget** is the real backstop. + +### Turn budget + +Default is 20 continuation turns (`goals.max_turns` in `config.yaml`). When the budget is hit, Hermes auto-pauses and tells you exactly how to proceed: + +``` +⏸ Goal paused — 20/20 turns used. Use /goal resume to keep going, or /goal clear to stop. +``` + +`/goal resume` resets the counter to zero, so you can keep going in measured chunks. + +### User messages always preempt + +Any real message you send while a goal is active takes priority over the continuation loop. On the CLI your message lands in `_pending_input` ahead of the queued continuation; on the gateway it goes through the adapter FIFO the same way. The judge runs again after your turn — so if your message happens to complete the goal, the judge will catch it and stop. + +### Mid-run safety (gateway) + +While an agent is already running, `/goal status`, `/goal pause`, and `/goal clear` are safe to run — they only touch control-plane state and don't interrupt the current turn. Setting a **new** goal mid-run (`/goal `) is rejected with a message telling you to `/stop` first, so the old continuation can't race the new one. + +### Persistence + +Goal state lives in `SessionDB.state_meta` keyed by `goal:`. That means `/resume` picks up right where you left off — set a goal, close your laptop, come back tomorrow, `/resume`, and the goal is still standing exactly as you left it (active, paused, or done). + +### Prompt cache + +The continuation prompt is a plain user-role message appended to history. It does **not** mutate the system prompt, swap toolsets, or touch the conversation in any way that invalidates Hermes' prompt cache. Running a 20-turn goal costs the same cache-wise as 20 turns of normal conversation. + +## Configuration + +Add to `~/.hermes/config.yaml`: + +```yaml +goals: + # Max continuation turns before Hermes auto-pauses and asks you to + # /goal resume. Default 20. Lower this if you want tighter loops; + # raise it for long-running refactors. + max_turns: 20 +``` + +### Choosing the judge model + +The judge uses the `goal_judge` auxiliary task. By default it resolves to your main model (see [Auxiliary Models](/docs/user-guide/configuration#auxiliary-models)). If you want to route the judge to a cheap fast model to keep costs down, add an override: + +```yaml +auxiliary: + goal_judge: + provider: openrouter + model: google/gemini-3-flash-preview +``` + +The judge call is small (~200 output tokens) and runs once per turn, so a cheap fast model is usually the right call. + +## Example walkthrough + +``` +You: /goal Create four files /tmp/note_{1..4}.txt, one per turn, each containing its number as text + + ⊙ Goal set (20-turn budget): Create four files /tmp/note_{1..4}.txt, one per turn, each containing its number as text + +Hermes: Creating /tmp/note_1.txt now. + 💻 echo "1" > /tmp/note_1.txt (0.1s) + I've created /tmp/note_1.txt with the content "1". I'll continue with the remaining files on the next turn as you specified. + + ↻ Continuing toward goal (1/20): Only 1 of 4 files has been created; 3 files remain. + +Hermes: [Continuing toward your standing goal] + 💻 echo "2" > /tmp/note_2.txt (0.1s) + Created /tmp/note_2.txt. Two more to go. + + ↻ Continuing toward goal (2/20): 2 of 4 files created; 2 remain. + +Hermes: [Continuing toward your standing goal] + 💻 echo "3" > /tmp/note_3.txt (0.1s) + Created /tmp/note_3.txt. + + ↻ Continuing toward goal (3/20): 3 of 4 files created; 1 remains. + +Hermes: [Continuing toward your standing goal] + 💻 echo "4" > /tmp/note_4.txt (0.1s) + All four files have been created: /tmp/note_1.txt through /tmp/note_4.txt, each containing its number. + + ✓ Goal achieved: All four files were created with the specified content, completing the goal. + +You: _ +``` + +Four turns, one `/goal` invocation, zero "keep going" prompts from you. + +## When the judge gets it wrong + +No judge is perfect. Two failure modes to watch for: + +**False negative — judge says continue when the goal is actually done.** The turn budget catches this. You'll see `⏸ Goal paused` and can `/goal clear` or just send a new message. + +**False positive — judge says done when work remains.** You'll see `✓ Goal achieved` but you know better. Send a follow-up message to continue, or re-set the goal more precisely: `/goal `. The judge's system prompt is deliberately conservative to make false positives rarer than false negatives. + +If you find a judge verdict unconvincing, the reason text in the `↻ Continuing toward goal` or `✓ Goal achieved` line tells you exactly what the judge saw. That's usually enough to diagnose whether the goal text was ambiguous or the model's response was. + +## Attribution + +`/goal` is Hermes' take on the **Ralph loop** pattern. The user-facing design — keep a goal alive across turns, don't stop until it's achieved, with create/pause/resume/clear controls — was popularised and shipped in [Codex CLI 0.128.0](https://github.com/openai/codex) by Eric Traut on OpenAI's Codex team. Our implementation is independent (central `CommandDef` registry, `SessionDB.state_meta` persistence, auxiliary-client judge, adapter-FIFO continuation on the gateway side) but the idea is theirs. Credit where credit's due. From c6eebfc25a5779668ae2fefe27f5d85a82055ab3 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:17:14 -0700 Subject: [PATCH 111/133] docs: publish llms.txt and llms-full.txt for agent-friendly ingestion (#18276) Two machine-readable entry points to the Hermes Agent docs: /llms.txt curated index of every doc page, one link per page with short descriptions. ~17 KB, safe to load into an LLM context window. /llms-full.txt every page under website/docs/ concatenated as markdown. ~1.8 MB. For one-shot ingestion by coding agents and RAG pipelines. Both files are also served from /docs/llms.txt and /docs/llms-full.txt (Docusaurus serves website/static/ under baseUrl=/docs/). Some agents and IDE plugins probe the classic site-root path; the deploy workflow now copies both files to _site root so either URL works. Conforms to the emerging llmstxt.org spec: H1 project name, blockquote summary, short install command, GitHub link, then curated sections mirroring the docs-site navigation (Getting Started, Using Hermes, Features, Messaging, Integrations, Guides, Developer Guide, Reference). Generated by website/scripts/generate-llms-txt.py. Wired into prebuild.mjs so every 'npm run build' and 'npm run start' refreshes the files alongside the existing skills.json extraction. Both outputs are gitignored (same precedent as src/data/skills.json). Descriptions in llms.txt are pulled from each page's frontmatter, so they stay current automatically. All ~80 section slugs are validated against the filesystem at generation time; an invalid slug would fail the prebuild. --- .github/workflows/deploy-site.yml | 10 + website/.gitignore | 2 + website/docs/index.md | 9 + website/scripts/generate-llms-txt.py | 304 +++++++++++++++++++++++++++ website/scripts/prebuild.mjs | 64 ++++-- 5 files changed, 367 insertions(+), 22 deletions(-) create mode 100644 website/scripts/generate-llms-txt.py diff --git a/.github/workflows/deploy-site.yml b/.github/workflows/deploy-site.yml index 67f557badc2..8df74c0509e 100644 --- a/.github/workflows/deploy-site.yml +++ b/.github/workflows/deploy-site.yml @@ -76,6 +76,16 @@ jobs: run: | mkdir -p _site/docs cp -r website/build/* _site/docs/ + # llms.txt / llms-full.txt are also published at the site root + # (https://hermes-agent.nousresearch.com/llms.txt) because some + # agents and IDE plugins probe the classic root-level path rather + # than /docs/llms.txt. Same file, two URLs, one source of truth. + if [ -f website/build/llms.txt ]; then + cp website/build/llms.txt _site/llms.txt + fi + if [ -f website/build/llms-full.txt ]; then + cp website/build/llms-full.txt _site/llms-full.txt + fi - name: Upload artifact uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 diff --git a/website/.gitignore b/website/.gitignore index 1ab506d4838..c8dd1071c02 100644 --- a/website/.gitignore +++ b/website/.gitignore @@ -8,6 +8,8 @@ .docusaurus .cache-loader src/data/skills.json +static/llms.txt +static/llms-full.txt # Misc .DS_Store diff --git a/website/docs/index.md b/website/docs/index.md index de7ef698bf1..17a2ac8cc25 100644 --- a/website/docs/index.md +++ b/website/docs/index.md @@ -55,3 +55,12 @@ It's not a coding copilot tethered to an IDE or a chatbot wrapper around a singl - **Full web control** — Search, extract, browse, vision, image generation, TTS - **MCP support** — Connect to any MCP server for extended tool capabilities - **Research-ready** — Batch processing, trajectory export, RL training with Atropos. Built by [Nous Research](https://nousresearch.com) — the lab behind Hermes, Nomos, and Psyche models + +## For LLMs and coding agents + +Machine-readable entry points to this documentation: + +- **[`/llms.txt`](/llms.txt)** — curated index of every doc page with short descriptions. ~17 KB, safe to load into an LLM context. +- **[`/llms-full.txt`](/llms-full.txt)** — every doc page concatenated into a single markdown file for one-shot ingestion. ~1.8 MB. + +Both files also resolve at `/docs/llms.txt` and `/docs/llms-full.txt`. Generated fresh on every deploy. diff --git a/website/scripts/generate-llms-txt.py b/website/scripts/generate-llms-txt.py new file mode 100644 index 00000000000..dd24eb1f2db --- /dev/null +++ b/website/scripts/generate-llms-txt.py @@ -0,0 +1,304 @@ +#!/usr/bin/env python3 +"""Generate llms.txt and llms-full.txt for the Hermes docs site. + +Outputs: + website/static/llms.txt — short curated index of the docs, one link per page, + grouped by section. Conforms to https://llmstxt.org. + website/static/llms-full.txt — every `.md` file under `website/docs/` concatenated, + with `# ` headings and `<!-- source: … -->` + comments separating files. + +Both publish at: + https://hermes-agent.nousresearch.com/docs/llms.txt + https://hermes-agent.nousresearch.com/docs/llms-full.txt + +The `/docs/` prefix is not a mistake — Docusaurus serves `website/static/` +at the `docs/` base path. Clients and IDE plugins that probe the classic +`/llms.txt` root will miss these. Document the canonical URLs in the docs +index and in the repo README. + +Called from `website/scripts/prebuild.mjs` on every `npm run start` / +`npm run build` so the output stays in sync with the docs tree. +""" + +from __future__ import annotations + +import re +from pathlib import Path + +SCRIPT_DIR = Path(__file__).resolve().parent +WEBSITE = SCRIPT_DIR.parent +DOCS = WEBSITE / "docs" +STATIC = WEBSITE / "static" + +SITE_BASE = "https://hermes-agent.nousresearch.com/docs" + +# Curated sections for llms.txt — mirrors the product story, not the filesystem. +# Each entry: (docs-relative path without .md, display title, optional short desc). +# `None` desc → pulled from frontmatter `description:` field. +SECTIONS: list[tuple[str, list[tuple[str, str, str | None]]]] = [ + ("Getting Started", [ + ("getting-started/installation", "Installation", None), + ("getting-started/quickstart", "Quickstart", None), + ("getting-started/learning-path", "Learning Path", None), + ("getting-started/updating", "Updating", None), + ("getting-started/termux", "Termux (Android)", None), + ("getting-started/nix-setup", "Nix Setup", None), + ]), + ("Using Hermes", [ + ("user-guide/cli", "CLI", None), + ("user-guide/tui", "TUI (Ink terminal UI)", None), + ("user-guide/configuration", "Configuration", None), + ("user-guide/configuring-models", "Configuring Models", None), + ("user-guide/sessions", "Sessions", None), + ("user-guide/profiles", "Profiles", None), + ("user-guide/git-worktrees", "Git Worktrees", None), + ("user-guide/docker", "Docker Backend", None), + ("user-guide/security", "Security", None), + ("user-guide/checkpoints-and-rollback", "Checkpoints & Rollback", None), + ]), + ("Core Features", [ + ("user-guide/features/overview", "Features Overview", None), + ("user-guide/features/tools", "Tools", None), + ("user-guide/features/skills", "Skills System", None), + ("user-guide/features/curator", "Curator", None), + ("user-guide/features/memory", "Memory", None), + ("user-guide/features/memory-providers", "Memory Providers", None), + ("user-guide/features/context-files", "Context Files", None), + ("user-guide/features/context-references", "Context References", None), + ("user-guide/features/personality", "Personality & SOUL.md", None), + ("user-guide/features/plugins", "Plugins", None), + ("user-guide/features/built-in-plugins", "Built-in Plugins", None), + ]), + ("Automation", [ + ("user-guide/features/cron", "Cron Jobs", None), + ("user-guide/features/delegation", "Delegation", None), + ("user-guide/features/kanban", "Kanban Multi-Agent", None), + ("user-guide/features/kanban-tutorial", "Kanban Tutorial", None), + ("user-guide/features/code-execution", "Code Execution", None), + ("user-guide/features/hooks", "Hooks", None), + ("user-guide/features/batch-processing", "Batch Processing", None), + ]), + ("Media & Web", [ + ("user-guide/features/voice-mode", "Voice Mode", None), + ("user-guide/features/browser", "Browser", None), + ("user-guide/features/vision", "Vision", None), + ("user-guide/features/image-generation", "Image Generation", None), + ("user-guide/features/tts", "Text-to-Speech", None), + ]), + ("Messaging Platforms", [ + ("user-guide/messaging/index", "Overview", None), + ("user-guide/messaging/telegram", "Telegram", None), + ("user-guide/messaging/discord", "Discord", None), + ("user-guide/messaging/slack", "Slack", None), + ("user-guide/messaging/whatsapp", "WhatsApp", None), + ("user-guide/messaging/signal", "Signal", None), + ("user-guide/messaging/email", "Email", None), + ("user-guide/messaging/sms", "SMS", None), + ("user-guide/messaging/matrix", "Matrix", None), + ("user-guide/messaging/mattermost", "Mattermost", None), + ("user-guide/messaging/homeassistant", "Home Assistant", None), + ("user-guide/messaging/webhooks", "Webhooks", None), + ]), + ("Integrations", [ + ("integrations/index", "Integrations Overview", None), + ("integrations/providers", "Providers", None), + ("user-guide/features/mcp", "MCP (Model Context Protocol)", None), + ("user-guide/features/acp", "ACP (Agent Context Protocol)", None), + ("user-guide/features/api-server", "API Server", None), + ("user-guide/features/honcho", "Honcho Memory", None), + ("user-guide/features/provider-routing", "Provider Routing", None), + ("user-guide/features/fallback-providers", "Fallback Providers", None), + ("user-guide/features/credential-pools", "Credential Pools", None), + ]), + ("Guides & Tutorials", [ + ("guides/tips", "Tips & Best Practices", None), + ("guides/local-llm-on-mac", "Local LLMs on Mac", None), + ("guides/daily-briefing-bot", "Daily Briefing Bot", None), + ("guides/team-telegram-assistant", "Team Telegram Assistant", None), + ("guides/python-library", "Use Hermes as a Python Library", None), + ("guides/use-mcp-with-hermes", "Use MCP with Hermes", None), + ("guides/use-voice-mode-with-hermes", "Use Voice Mode with Hermes", None), + ("guides/use-soul-with-hermes", "Use SOUL.md with Hermes", None), + ("guides/build-a-hermes-plugin", "Build a Hermes Plugin", None), + ("guides/automate-with-cron", "Automate with Cron", None), + ("guides/work-with-skills", "Work with Skills", None), + ("guides/delegation-patterns", "Delegation Patterns", None), + ("guides/github-pr-review-agent", "GitHub PR Review Agent", None), + ]), + ("Developer Guide", [ + ("developer-guide/contributing", "Contributing", None), + ("developer-guide/architecture", "Architecture", None), + ("developer-guide/agent-loop", "Agent Loop", None), + ("developer-guide/prompt-assembly", "Prompt Assembly", None), + ("developer-guide/context-compression-and-caching", "Context Compression & Caching", None), + ("developer-guide/gateway-internals", "Gateway Internals", None), + ("developer-guide/session-storage", "Session Storage", None), + ("developer-guide/provider-runtime", "Provider Runtime", None), + ("developer-guide/adding-tools", "Adding Tools", None), + ("developer-guide/adding-providers", "Adding Providers", None), + ("developer-guide/adding-platform-adapters", "Adding Platform Adapters", None), + ("developer-guide/creating-skills", "Creating Skills", None), + ("developer-guide/extending-the-cli", "Extending the CLI", None), + ]), + ("Reference", [ + ("reference/cli-commands", "CLI Commands", None), + ("reference/slash-commands", "Slash Commands", None), + ("reference/profile-commands", "Profile Commands", None), + ("reference/environment-variables", "Environment Variables", None), + ("reference/tools-reference", "Tools Reference", None), + ("reference/toolsets-reference", "Toolsets Reference", None), + ("reference/mcp-config-reference", "MCP Config Reference", None), + ("reference/model-catalog", "Model Catalog", None), + ("reference/skills-catalog", "Bundled Skills Catalog", "Table of all ~90 skills bundled with Hermes"), + ("reference/optional-skills-catalog", "Optional Skills Catalog", "Table of ~60 additional installable skills"), + ("reference/faq", "FAQ & Troubleshooting", None), + ]), +] + + +FRONTMATTER_RE = re.compile(r"^---\s*\n(.*?)\n---\s*\n", re.DOTALL) +DESC_RE = re.compile(r"^description:\s*[\"'](.+?)[\"']\s*$", re.MULTILINE) +TITLE_RE = re.compile(r"^title:\s*[\"'](.+?)[\"']\s*$", re.MULTILINE) + + +def read_frontmatter(path: Path) -> tuple[dict[str, str], str]: + """Return ({title, description}, body-markdown) for a doc file.""" + text = path.read_text(encoding="utf-8") + m = FRONTMATTER_RE.match(text) + meta: dict[str, str] = {} + body = text + if m: + fm = m.group(1) + body = text[m.end():] + dm = DESC_RE.search(fm) + if dm: + meta["description"] = dm.group(1) + tm = TITLE_RE.search(fm) + if tm: + meta["title"] = tm.group(1) + return meta, body + + +def resolve_desc(slug: str, provided: str | None) -> str: + """Resolve short description for llms.txt entry.""" + if provided: + return provided + path = DOCS / f"{slug}.md" + if not path.exists(): + path = DOCS / slug / "index.md" + if not path.exists(): + return "" + meta, _ = read_frontmatter(path) + return meta.get("description", "") + + +def emit_llms_index() -> str: + """Build the short llms.txt index.""" + lines: list[str] = [] + lines.append("# Hermes Agent") + lines.append("") + lines.append( + "> The self-improving AI agent built by Nous Research. A terminal-native " + "autonomous coding and task agent with persistent memory, agent-created skills, " + "and a messaging gateway that lives on 15+ platforms (Telegram, Discord, Slack, " + "SMS, Matrix, ...). Runs on local, Docker, SSH, Daytona, Modal, or Singularity " + "backends. Works with Nous Portal, OpenRouter, OpenAI, Anthropic, Google, or any " + "OpenAI-compatible endpoint." + ) + lines.append("") + lines.append( + "Install: `curl -fsSL https://raw.githubusercontent.com/NousResearch/" + "hermes-agent/main/scripts/install.sh | bash` " + "(Linux, macOS, WSL2, Termux)" + ) + lines.append("") + lines.append("Repo: https://github.com/NousResearch/hermes-agent") + lines.append("") + + for section, items in SECTIONS: + lines.append(f"## {section}") + lines.append("") + for slug, title, desc_override in items: + desc = resolve_desc(slug, desc_override) + url = f"{SITE_BASE}/{slug}" + if desc: + lines.append(f"- [{title}]({url}): {desc}") + else: + lines.append(f"- [{title}]({url})") + lines.append("") + return "\n".join(lines).rstrip() + "\n" + + +def emit_llms_full() -> str: + """Concatenate every doc under website/docs/ into a single markdown file. + + Order: mirrors the curated SECTIONS list first (so the most important + pages are front-loaded for agents that truncate on token budget), then + appends any remaining .md files sorted by path. + """ + seen: set[Path] = set() + chunks: list[str] = [ + "# Hermes Agent — Full Documentation\n", + ( + "This file is the entire Hermes Agent documentation concatenated for LLM " + "context ingestion. Section order reflects docs-site navigation: Getting " + "Started, Using Hermes, Features, Messaging, Integrations, Guides, " + "Developer Guide, Reference, then everything else.\n" + ), + "Canonical site: https://hermes-agent.nousresearch.com/docs\n", + "Short index: https://hermes-agent.nousresearch.com/docs/llms.txt\n", + "\n---\n\n", + ] + + def emit_file(rel: str) -> None: + path = DOCS / f"{rel}.md" + if not path.exists(): + path = DOCS / rel / "index.md" + if not path.exists() or path in seen: + return + seen.add(path) + meta, body = read_frontmatter(path) + title = meta.get("title") or rel + chunks.append(f"<!-- source: website/docs/{path.relative_to(DOCS)} -->\n") + chunks.append(f"# {title}\n\n") + chunks.append(body.rstrip() + "\n\n---\n\n") + + # Curated order first + for _, items in SECTIONS: + for slug, _t, _d in items: + emit_file(slug) + + # Everything else (sorted, skipping already emitted and auto-gen skill pages + # — those are covered by the two catalog reference pages, emitting every + # individual skill would add ~1.4 MB of largely duplicative material). + for path in sorted(DOCS.rglob("*.md")): + if path in seen: + continue + rel = path.relative_to(DOCS) + parts = rel.parts + if len(parts) >= 3 and parts[0] == "user-guide" and parts[1] == "skills" \ + and parts[2] in ("bundled", "optional"): + continue + seen.add(path) + meta, body = read_frontmatter(path) + title = meta.get("title") or str(rel) + chunks.append(f"<!-- source: website/docs/{rel} -->\n") + chunks.append(f"# {title}\n\n") + chunks.append(body.rstrip() + "\n\n---\n\n") + + return "".join(chunks).rstrip() + "\n" + + +def main() -> None: + STATIC.mkdir(exist_ok=True) + index = emit_llms_index() + full = emit_llms_full() + (STATIC / "llms.txt").write_text(index, encoding="utf-8") + (STATIC / "llms-full.txt").write_text(full, encoding="utf-8") + print(f"Wrote {STATIC / 'llms.txt'} ({len(index):,} bytes)") + print(f"Wrote {STATIC / 'llms-full.txt'} ({len(full):,} bytes)") + + +if __name__ == "__main__": + main() diff --git a/website/scripts/prebuild.mjs b/website/scripts/prebuild.mjs index f129d745ffd..d9a5dcdeac3 100644 --- a/website/scripts/prebuild.mjs +++ b/website/scripts/prebuild.mjs @@ -1,14 +1,18 @@ #!/usr/bin/env node -// Runs website/scripts/extract-skills.py before docusaurus build/start so -// that website/src/data/skills.json (imported by src/pages/skills/index.tsx) -// exists without contributors needing to remember to run the Python script -// manually. CI workflows still run the extraction explicitly, which is a -// no-op duplicate but matches their historical behaviour. +// Runs website/scripts/extract-skills.py and generate-llms-txt.py before +// docusaurus build/start so that: +// - website/src/data/skills.json (imported by src/pages/skills/index.tsx) +// - website/static/llms.txt (agent-friendly short docs index) +// - website/static/llms-full.txt (full docs concat for LLM context) +// all exist without contributors remembering to run Python scripts manually. +// CI workflows still run the extraction explicitly, which is a no-op duplicate +// but matches their historical behaviour. // // If python3 or its deps (pyyaml) aren't available on the local machine, we // fall back to writing an empty skills.json so `npm run build` still -// succeeds — the Skills Hub page just shows an empty state. CI always has -// the deps installed, so production deploys get real data. +// succeeds — the Skills Hub page just shows an empty state, and llms.txt +// generation is skipped. CI always has the deps installed, so production +// deploys get real data. import { spawnSync } from "node:child_process"; import { mkdirSync, writeFileSync, existsSync } from "node:fs"; @@ -18,6 +22,7 @@ import { fileURLToPath } from "node:url"; const scriptDir = dirname(fileURLToPath(import.meta.url)); const websiteDir = resolve(scriptDir, ".."); const extractScript = join(scriptDir, "extract-skills.py"); +const llmsScript = join(scriptDir, "generate-llms-txt.py"); const outputFile = join(websiteDir, "src", "data", "skills.json"); function writeEmptyFallback(reason) { @@ -29,22 +34,37 @@ function writeEmptyFallback(reason) { ); } +function runPython(script, label) { + if (!existsSync(script)) { + console.warn(`[prebuild] ${label} skipped (script missing)`); + return false; + } + const r = spawnSync("python3", [script], { stdio: "inherit", cwd: websiteDir }); + if (r.error && r.error.code === "ENOENT") { + console.warn(`[prebuild] ${label} skipped (python3 not found)`); + return false; + } + if (r.status !== 0) { + console.warn(`[prebuild] ${label} exited with status ${r.status}`); + return false; + } + return true; +} + +// 1) skills.json — required for the Skills Hub page. if (!existsSync(extractScript)) { writeEmptyFallback("extract script missing"); - process.exit(0); +} else { + const r = spawnSync("python3", [extractScript], { + stdio: "inherit", + cwd: websiteDir, + }); + if (r.error && r.error.code === "ENOENT") { + writeEmptyFallback("python3 not found"); + } else if (r.status !== 0) { + writeEmptyFallback(`extract-skills.py exited with status ${r.status}`); + } } -const result = spawnSync("python3", [extractScript], { - stdio: "inherit", - cwd: websiteDir, -}); - -if (result.error && result.error.code === "ENOENT") { - writeEmptyFallback("python3 not found"); - process.exit(0); -} - -if (result.status !== 0) { - writeEmptyFallback(`extract-skills.py exited with status ${result.status}`); - process.exit(0); -} +// 2) llms.txt + llms-full.txt — agent-friendly docs entrypoints. Non-fatal. +runPython(llmsScript, "generate-llms-txt.py"); From dfe512c58db60910676d6b9c6725f72bb8f39590 Mon Sep 17 00:00:00 2001 From: web-dev0521 <jasonpette1783@gmail.com> Date: Thu, 30 Apr 2026 23:17:56 -0700 Subject: [PATCH 112/133] fix(paths): route achievements plugin + profile-tui through HERMES_HOME MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Four callsites hardcoded Path.home() / '.hermes' with no HERMES_HOME check, breaking Docker deployments and profile isolation (hermes -p): - plugins/hermes-achievements/dashboard/plugin_api.py: state_path(), snapshot_path(), checkpoint_path() bare-literal paths - scripts/profile-tui.py: DEFAULT_STATE_DB and DEFAULT_LOG defaults ignored HERMES_HOME - hermes_cli/slack_cli.py: except-Exception fallback for slack-manifest.json dump - optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py: --target argparse default Use get_hermes_home() (with an ImportError shim for the standalone scripts) or 'os.environ.get("HERMES_HOME") or str(Path.home()/".hermes")' where importing hermes_constants is impractical. E2E-verified: with HERMES_HOME=/tmp/x all three achievements paths and both profile-tui defaults route under /tmp/x. Salvaged from #18068 (original scope was broader mechanical cleanup claiming 23 callsites were buggy; most were already respecting HERMES_HOME via os.environ.get(key, default) — only these 4 had no env check at all). Credit: @web-dev0521. --- hermes_cli/slack_cli.py | 3 ++- .../scripts/openclaw_to_hermes.py | 2 +- .../hermes-achievements/dashboard/plugin_api.py | 14 +++++++++++--- scripts/profile-tui.py | 12 ++++++++++-- scripts/release.py | 1 + 5 files changed, 25 insertions(+), 7 deletions(-) diff --git a/hermes_cli/slack_cli.py b/hermes_cli/slack_cli.py index d76f8a6e060..ca00588ed16 100644 --- a/hermes_cli/slack_cli.py +++ b/hermes_cli/slack_cli.py @@ -18,6 +18,7 @@ for reinstall when scopes/commands change. from __future__ import annotations import json +import os import sys from pathlib import Path @@ -128,7 +129,7 @@ def slack_manifest_command(args) -> int: target = Path(get_hermes_home()) / "slack-manifest.json" except Exception: - target = Path.home() / ".hermes" / "slack-manifest.json" + target = Path(os.environ.get("HERMES_HOME") or str(Path.home() / ".hermes")) / "slack-manifest.json" else: target = Path(write_target).expanduser() target.parent.mkdir(parents=True, exist_ok=True) diff --git a/optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py b/optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py index 6882c005775..6ebb1d75400 100644 --- a/optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py +++ b/optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py @@ -2960,7 +2960,7 @@ class Migrator: def parse_args() -> argparse.Namespace: parser = argparse.ArgumentParser(description="Migrate OpenClaw user state into Hermes Agent.") parser.add_argument("--source", default=str(Path.home() / ".openclaw"), help="OpenClaw home directory") - parser.add_argument("--target", default=str(Path.home() / ".hermes"), help="Hermes home directory") + parser.add_argument("--target", default=os.environ.get("HERMES_HOME") or str(Path.home() / ".hermes"), help="Hermes home directory") parser.add_argument( "--workspace-target", help="Optional workspace root where the workspace instructions file should be copied", diff --git a/plugins/hermes-achievements/dashboard/plugin_api.py b/plugins/hermes-achievements/dashboard/plugin_api.py index 678d49fb615..b419efc6c27 100644 --- a/plugins/hermes-achievements/dashboard/plugin_api.py +++ b/plugins/hermes-achievements/dashboard/plugin_api.py @@ -12,6 +12,14 @@ import time from pathlib import Path from typing import Any, Dict, List, Optional, Set +try: + from hermes_constants import get_hermes_home +except ImportError: + import os as _os + def get_hermes_home() -> Path: # type: ignore[misc] + val = (_os.environ.get("HERMES_HOME") or "").strip() + return Path(val) if val else Path.home() / ".hermes" + try: from fastapi import APIRouter except Exception: # Allows local unit tests without dashboard dependencies. @@ -135,15 +143,15 @@ ACHIEVEMENTS: List[Dict[str, Any]] = [ def state_path() -> Path: - return Path.home() / ".hermes" / "plugins" / "hermes-achievements" / "state.json" + return get_hermes_home() / "plugins" / "hermes-achievements" / "state.json" def snapshot_path() -> Path: - return Path.home() / ".hermes" / "plugins" / "hermes-achievements" / "scan_snapshot.json" + return get_hermes_home() / "plugins" / "hermes-achievements" / "scan_snapshot.json" def checkpoint_path() -> Path: - return Path.home() / ".hermes" / "plugins" / "hermes-achievements" / "scan_checkpoint.json" + return get_hermes_home() / "plugins" / "hermes-achievements" / "scan_checkpoint.json" def load_state() -> Dict[str, Any]: diff --git a/scripts/profile-tui.py b/scripts/profile-tui.py index 18cbbc74d76..87b2d6c1d5d 100755 --- a/scripts/profile-tui.py +++ b/scripts/profile-tui.py @@ -35,10 +35,18 @@ import time from pathlib import Path from typing import Any +_PROJECT_ROOT = Path(__file__).resolve().parent.parent +sys.path.insert(0, str(_PROJECT_ROOT)) +try: + from hermes_constants import get_hermes_home +except ImportError: + def get_hermes_home() -> Path: # type: ignore[misc] + val = (os.environ.get("HERMES_HOME") or "").strip() + return Path(val) if val else Path.home() / ".hermes" DEFAULT_TUI_DIR = Path(os.environ.get("HERMES_TUI_DIR", "/home/bb/hermes-agent/ui-tui")) -DEFAULT_LOG = Path(os.environ.get("HERMES_PERF_LOG", str(Path.home() / ".hermes" / "perf.log"))) -DEFAULT_STATE_DB = Path.home() / ".hermes" / "state.db" +DEFAULT_LOG = Path(os.environ.get("HERMES_PERF_LOG", str(get_hermes_home() / "perf.log"))) +DEFAULT_STATE_DB = get_hermes_home() / "state.db" # Keystroke escape sequences. Matches what xterm/VT220 send when the # terminal has bracketed-paste disabled and the key-repeat handler fires. diff --git a/scripts/release.py b/scripts/release.py index 1c5dfa7d559..412205e7bfd 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -506,6 +506,7 @@ AUTHOR_MAP = { "hubin_ll@qq.com": "LLQWQ", "memosr_email@gmail.com": "memosr", "jperlow@gmail.com": "perlowja", + "jasonpette1783@gmail.com": "web-dev0521", "tangyuanjc@JCdeAIfenshendeMac-mini.local": "tangyuanjc", "harryplusplus@gmail.com": "harryplusplus", "anthhub@163.com": "anthhub", From a49f4c617da3ddcb37a2f438b083b960090ad42a Mon Sep 17 00:00:00 2001 From: Ben <ben@nousresearch.com> Date: Fri, 1 May 2026 16:29:46 +1000 Subject: [PATCH 113/133] fix: prevent tui rebuilding assets --- .dockerignore | 6 ++++++ Dockerfile | 26 ++++++++++++++++++-------- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/.dockerignore b/.dockerignore index 542c96700e3..41999f5ac6e 100644 --- a/.dockerignore +++ b/.dockerignore @@ -9,6 +9,12 @@ node_modules .venv **/.venv +# Built artifacts that are regenerated inside the image. Excluded so local +# rebuilds on the developer's machine don't invalidate the npm-install layer +# that now depends on the full ui-tui/packages/hermes-ink/ tree being present. +ui-tui/dist/ +ui-tui/packages/hermes-ink/dist/ + # CI/CD .github diff --git a/Dockerfile b/Dockerfile index 18177cc1aca..08a5b6a2754 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,10 +28,26 @@ WORKDIR /opt/hermes # ---------- Layer-cached dependency install ---------- # Copy only package manifests first so npm install + Playwright are cached # unless the lockfiles themselves change. +# +# ui-tui/packages/hermes-ink/ is copied IN FULL (not just its manifests) +# because it is referenced as a `file:` workspace dependency from +# ui-tui/package.json. Copying the tree up front lets npm resolve the +# workspace to real content instead of stopping at a bare package.json. COPY package.json package-lock.json ./ COPY web/package.json web/package-lock.json web/ COPY ui-tui/package.json ui-tui/package-lock.json ui-tui/ -COPY ui-tui/packages/hermes-ink/package.json ui-tui/packages/hermes-ink/package-lock.json ui-tui/packages/hermes-ink/ +COPY ui-tui/packages/hermes-ink/ ui-tui/packages/hermes-ink/ + +# `npm_config_install_links=false` forces npm to install `file:` deps as +# symlinks (the npm 10+ default) even on Debian's older bundled npm 9.x, +# which defaults to `install-links=true` and installs file deps as *copies*. +# The host-side package-lock.json is generated with a newer npm that uses +# symlinks, so an install-as-copy produces a hidden node_modules/.package-lock.json +# that permanently disagrees with the root lock on the @hermes/ink entry. +# That disagreement trips the TUI launcher's `_tui_need_npm_install()` +# check on every startup and triggers a runtime `npm install` that then +# fails with EACCES (node_modules/ is root-owned from build time). +ENV npm_config_install_links=false RUN npm install --prefer-offline --no-audit && \ npx playwright install --with-deps chromium --only-shell && \ @@ -45,13 +61,7 @@ COPY --chown=hermes:hermes . . # Build browser dashboard and terminal UI assets. RUN cd web && npm run build && \ - cd ../ui-tui && npm run build && \ - rm -rf node_modules/@hermes/ink && \ - rm -rf packages/hermes-ink/node_modules && \ - cp -R packages/hermes-ink node_modules/@hermes/ink && \ - npm install --omit=dev --prefer-offline --no-audit --prefix node_modules/@hermes/ink && \ - rm -rf node_modules/@hermes/ink/node_modules/react && \ - node --input-type=module -e "await import('@hermes/ink')" + cd ../ui-tui && npm run build # ---------- Permissions ---------- # Make install dir world-readable so any HERMES_UID can read it at runtime. From a2a32688ca8ad13727e38df85f3f2820f5a31902 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Thu, 30 Apr 2026 23:56:59 -0700 Subject: [PATCH 114/133] docs(website): add User Stories and Use Cases collage page (#18282) Adds a new top-of-sidebar docs page at /docs/user-stories that is a masonry-style collage of 99 real user stories sourced from X/Twitter, GitHub issues/PRs, Reddit, Hacker News, YouTube, blogs (Medium, Substack, dev.to), podcasts, LinkedIn, GitHub Gists, and Product Hunt. Every tile links to the original post/issue/video/gist where someone described a specific use case: personal assistants, dev workflows, trading bots, research briefs, family WhatsApp agents, Kubernetes deployments, legal-domain self-hosted setups, and more. - docs/user-stories.mdx: MDX entry mounting the collage component - src/components/UserStoriesCollage: React component with category + source filters, CSS-columns masonry layout, per-category accent colors - src/data/userStories.json: source-of-truth dataset (force-added; the root .gitignore's unanchored 'data/' rule would otherwise swallow it, same reason skills.json is explicitly listed in website/.gitignore) - sidebars.ts: link added at the top of the docs sidebar --- website/docs/user-stories.mdx | 10 + website/sidebars.ts | 1 + .../components/UserStoriesCollage/index.tsx | 310 +++++ .../UserStoriesCollage/styles.module.css | 252 ++++ website/src/data/userStories.json | 1091 +++++++++++++++++ 5 files changed, 1664 insertions(+) create mode 100644 website/docs/user-stories.mdx create mode 100644 website/src/components/UserStoriesCollage/index.tsx create mode 100644 website/src/components/UserStoriesCollage/styles.module.css create mode 100644 website/src/data/userStories.json diff --git a/website/docs/user-stories.mdx b/website/docs/user-stories.mdx new file mode 100644 index 00000000000..6dc721dde81 --- /dev/null +++ b/website/docs/user-stories.mdx @@ -0,0 +1,10 @@ +--- +title: User Stories & Use Cases +description: Real stories from the Hermes Agent community — what people are actually building, scraped from X, GitHub, Reddit, Hacker News, YouTube, blogs, and podcasts. +hide_title: true +hide_table_of_contents: true +--- + +import UserStoriesCollage from '@site/src/components/UserStoriesCollage'; + +<UserStoriesCollage /> diff --git a/website/sidebars.ts b/website/sidebars.ts index 8b8d8a54b8d..e63fcdd3a3f 100644 --- a/website/sidebars.ts +++ b/website/sidebars.ts @@ -2,6 +2,7 @@ import type {SidebarsConfig} from '@docusaurus/plugin-content-docs'; const sidebars: SidebarsConfig = { docs: [ + 'user-stories', { type: 'category', label: 'Getting Started', diff --git a/website/src/components/UserStoriesCollage/index.tsx b/website/src/components/UserStoriesCollage/index.tsx new file mode 100644 index 00000000000..79e2564496b --- /dev/null +++ b/website/src/components/UserStoriesCollage/index.tsx @@ -0,0 +1,310 @@ +import React, { useMemo, useState } from 'react'; +import stories from '@site/src/data/userStories.json'; +import styles from './styles.module.css'; + +interface Story { + id: string; + source: string; + author: string; + url: string; + date: string; + category: string; + headline: string; + quote: string; + size: 'sm' | 'md' | 'lg'; +} + +const allStories = stories as Story[]; + +// Category → pretty label + accent colors (solid + soft fill + gradient top-strip) +const CATEGORIES: Record< + string, + { label: string; solid: string; soft: string; strip: string } +> = { + 'dev-workflow': { + label: 'Dev Workflow', + solid: '#60a5fa', + soft: 'rgba(96, 165, 250, 0.14)', + strip: 'linear-gradient(90deg, #3b82f6, #60a5fa, #a78bfa)', + }, + 'personal-assistant': { + label: 'Personal Assistant', + solid: '#34d399', + soft: 'rgba(52, 211, 153, 0.14)', + strip: 'linear-gradient(90deg, #10b981, #34d399, #a7f3d0)', + }, + 'content-creation': { + label: 'Content Creation', + solid: '#f472b6', + soft: 'rgba(244, 114, 182, 0.14)', + strip: 'linear-gradient(90deg, #ec4899, #f472b6, #fda4af)', + }, + 'business-ops': { + label: 'Business Ops', + solid: '#fb923c', + soft: 'rgba(251, 146, 60, 0.14)', + strip: 'linear-gradient(90deg, #f97316, #fb923c, #fcd34d)', + }, + trading: { + label: 'Trading & Markets', + solid: '#facc15', + soft: 'rgba(250, 204, 21, 0.16)', + strip: 'linear-gradient(90deg, #eab308, #facc15, #fde047)', + }, + research: { + label: 'Research', + solid: '#a78bfa', + soft: 'rgba(167, 139, 250, 0.14)', + strip: 'linear-gradient(90deg, #8b5cf6, #a78bfa, #c4b5fd)', + }, + creative: { + label: 'Creative', + solid: '#f87171', + soft: 'rgba(248, 113, 113, 0.14)', + strip: 'linear-gradient(90deg, #ef4444, #f87171, #fca5a5)', + }, + marketing: { + label: 'Marketing', + solid: '#e879f9', + soft: 'rgba(232, 121, 249, 0.14)', + strip: 'linear-gradient(90deg, #d946ef, #e879f9, #f0abfc)', + }, + integrations: { + label: 'Integrations', + solid: '#38bdf8', + soft: 'rgba(56, 189, 248, 0.14)', + strip: 'linear-gradient(90deg, #0ea5e9, #38bdf8, #7dd3fc)', + }, + enterprise: { + label: 'Enterprise', + solid: '#94a3b8', + soft: 'rgba(148, 163, 184, 0.16)', + strip: 'linear-gradient(90deg, #64748b, #94a3b8, #cbd5e1)', + }, + messaging: { + label: 'Messaging', + solid: '#22d3ee', + soft: 'rgba(34, 211, 238, 0.14)', + strip: 'linear-gradient(90deg, #06b6d4, #22d3ee, #67e8f9)', + }, + privacy: { + label: 'Privacy & Self-Hosted', + solid: '#4ade80', + soft: 'rgba(74, 222, 128, 0.14)', + strip: 'linear-gradient(90deg, #16a34a, #4ade80, #86efac)', + }, + 'cost-optimization': { + label: 'Cost Optimization', + solid: '#fbbf24', + soft: 'rgba(251, 191, 36, 0.16)', + strip: 'linear-gradient(90deg, #f59e0b, #fbbf24, #fde68a)', + }, + meta: { + label: 'Meta & Ecosystem', + solid: '#c084fc', + soft: 'rgba(192, 132, 252, 0.14)', + strip: 'linear-gradient(90deg, #a855f7, #c084fc, #d8b4fe)', + }, + general: { + label: 'General', + solid: '#9ca3af', + soft: 'rgba(156, 163, 175, 0.16)', + strip: 'linear-gradient(90deg, #6b7280, #9ca3af, #d1d5db)', + }, +}; + +// Source → compact label shown in the badge row +const SOURCE_LABELS: Record<string, string> = { + x: 'X · Twitter', + hn: 'Hacker News', + reddit: 'Reddit', + github: 'GitHub', + youtube: 'YouTube', + blog: 'Blog', + podcast: 'Podcast', + linkedin: 'LinkedIn', + gist: 'GitHub Gist', + producthunt: 'Product Hunt', +}; + +function sourceColor(source: string): string { + switch (source) { + case 'x': return '#1d9bf0'; + case 'hn': return '#ff6600'; + case 'reddit': return '#ff4500'; + case 'github': return '#8b949e'; + case 'youtube': return '#ff0033'; + case 'blog': return '#a78bfa'; + case 'podcast': return '#8b5cf6'; + case 'linkedin': return '#0a66c2'; + case 'gist': return '#8b949e'; + case 'producthunt': return '#da552f'; + default: return '#64748b'; + } +} + +export default function UserStoriesCollage(): JSX.Element { + const [activeCategory, setActiveCategory] = useState<string>('all'); + const [activeSource, setActiveSource] = useState<string>('all'); + + const categoryCounts = useMemo(() => { + const counts: Record<string, number> = {}; + for (const s of allStories) counts[s.category] = (counts[s.category] ?? 0) + 1; + return counts; + }, []); + + const sourceCounts = useMemo(() => { + const counts: Record<string, number> = {}; + for (const s of allStories) counts[s.source] = (counts[s.source] ?? 0) + 1; + return counts; + }, []); + + const visible = useMemo(() => { + return allStories.filter((s) => { + if (activeCategory !== 'all' && s.category !== activeCategory) return false; + if (activeSource !== 'all' && s.source !== activeSource) return false; + return true; + }); + }, [activeCategory, activeSource]); + + return ( + <div className={styles.wrap}> + <div className={styles.hero}> + <h1>User Stories & Use Cases</h1> + <p> + What the Hermes Agent community is actually building. Every tile + below links to a real post, issue, video, or gist where someone + describes how they use Hermes — scraped from X, GitHub, Reddit, + Hacker News, YouTube, blogs, and podcasts. + </p> + <div className={styles.meta}> + <span><strong>{allStories.length}</strong> stories</span> + <span><strong>{Object.keys(categoryCounts).length}</strong> categories</span> + <span><strong>{Object.keys(sourceCounts).length}</strong> sources</span> + </div> + </div> + + {/* Category filters */} + <div className={styles.filters}> + <button + type="button" + className={`${styles.filterBtn} ${activeCategory === 'all' ? styles.filterActive : ''}`} + onClick={() => setActiveCategory('all')} + > + All<span className={styles.filterCount}>{allStories.length}</span> + </button> + {Object.entries(CATEGORIES) + .filter(([key]) => categoryCounts[key]) + .sort((a, b) => (categoryCounts[b[0]] ?? 0) - (categoryCounts[a[0]] ?? 0)) + .map(([key, meta]) => ( + <button + key={key} + type="button" + className={`${styles.filterBtn} ${activeCategory === key ? styles.filterActive : ''}`} + onClick={() => setActiveCategory(key)} + style={ + activeCategory === key + ? { background: meta.solid, borderColor: meta.solid, color: '#0f172a' } + : undefined + } + > + {meta.label} + <span className={styles.filterCount}>{categoryCounts[key]}</span> + </button> + ))} + </div> + + {/* Source filters — smaller, secondary row */} + <div className={styles.filters} style={{ marginTop: '-0.75rem' }}> + <button + type="button" + className={`${styles.filterBtn} ${activeSource === 'all' ? styles.filterActive : ''}`} + onClick={() => setActiveSource('all')} + style={{ fontSize: '0.72rem' }} + > + All sources + </button> + {Object.entries(SOURCE_LABELS) + .filter(([key]) => sourceCounts[key]) + .map(([key, label]) => ( + <button + key={key} + type="button" + className={`${styles.filterBtn} ${activeSource === key ? styles.filterActive : ''}`} + onClick={() => setActiveSource(key)} + style={{ + fontSize: '0.72rem', + ...(activeSource === key + ? { background: sourceColor(key), borderColor: sourceColor(key), color: '#fff' } + : {}), + }} + > + {label} + <span className={styles.filterCount}>{sourceCounts[key]}</span> + </button> + ))} + </div> + + {/* Collage grid */} + {visible.length === 0 ? ( + <div className={styles.empty}>No stories match that filter.</div> + ) : ( + <div className={styles.grid}> + {visible.map((s) => { + const cat = CATEGORIES[s.category] ?? CATEGORIES.general; + const sizeClass = + s.size === 'lg' ? styles.tileLg : s.size === 'sm' ? styles.tileSm : styles.tileMd; + const srcColor = sourceColor(s.source); + return ( + <a + key={s.id} + className={`${styles.tile} ${sizeClass}`} + href={s.url} + target="_blank" + rel="noopener noreferrer" + style={ + { + '--tile-accent': cat.strip, + '--tile-accent-solid': cat.solid, + '--tile-accent-soft': cat.soft, + } as React.CSSProperties + } + > + <div className={styles.badgeRow}> + <span className={styles.sourceBadge}> + <span className={styles.sourceIcon} style={{ background: srcColor }} /> + {SOURCE_LABELS[s.source] ?? s.source} + </span> + <span className={styles.catTag}>{cat.label}</span> + </div> + <h3 className={styles.headline}>{s.headline}</h3> + <p className={styles.quote}>“{s.quote}”</p> + <span className={styles.author}> + {s.author} + {s.date ? <> · {s.date}</> : null} + </span> + <span className={styles.external} aria-hidden="true">↗</span> + </a> + ); + })} + </div> + )} + + <div className={styles.footer}> + Built something with Hermes?{' '} + <a + href="https://github.com/NousResearch/hermes-agent/edit/main/website/src/data/userStories.json" + target="_blank" + rel="noopener noreferrer" + > + Add your story to this page + </a>{' '} + by editing <code>userStories.json</code>, or post it in the{' '} + <a href="https://discord.gg/NousResearch" target="_blank" rel="noopener noreferrer"> + Nous Research Discord + </a>{' '} + and we'll pick it up. + </div> + </div> + ); +} diff --git a/website/src/components/UserStoriesCollage/styles.module.css b/website/src/components/UserStoriesCollage/styles.module.css new file mode 100644 index 00000000000..bc365e47b20 --- /dev/null +++ b/website/src/components/UserStoriesCollage/styles.module.css @@ -0,0 +1,252 @@ +/* User Stories collage — masonry grid with category-driven accents. */ + +.wrap { + max-width: 1280px; + margin: 0 auto; + padding: 0 0 4rem; +} + +.hero { + padding: 2.5rem 0 2rem; + text-align: center; +} +.hero h1 { + font-size: clamp(2rem, 4vw, 3.25rem); + margin-bottom: 0.75rem; + background: linear-gradient(120deg, #a78bfa 0%, #60a5fa 50%, #34d399 100%); + -webkit-background-clip: text; + background-clip: text; + -webkit-text-fill-color: transparent; +} +.hero p { + max-width: 680px; + margin: 0 auto; + color: var(--ifm-color-emphasis-700); + font-size: 1.05rem; + line-height: 1.6; +} + +.meta { + display: flex; + gap: 1.5rem; + justify-content: center; + margin-top: 1.25rem; + flex-wrap: wrap; + font-size: 0.85rem; + color: var(--ifm-color-emphasis-600); +} +.meta strong { + color: var(--ifm-color-emphasis-900); + font-weight: 600; +} + +/* Filter bar */ +.filters { + display: flex; + gap: 0.4rem; + flex-wrap: wrap; + justify-content: center; + margin: 1.75rem 0 2rem; + padding: 0 1rem; +} +.filterBtn { + padding: 0.35rem 0.85rem; + border-radius: 999px; + border: 1px solid var(--ifm-color-emphasis-300); + background: transparent; + color: var(--ifm-color-emphasis-800); + font-size: 0.8rem; + font-weight: 500; + cursor: pointer; + transition: all 0.18s ease; + white-space: nowrap; +} +.filterBtn:hover { + border-color: var(--ifm-color-emphasis-500); + color: var(--ifm-color-emphasis-1000); + transform: translateY(-1px); +} +.filterActive { + background: var(--ifm-color-emphasis-900); + color: var(--ifm-background-color); + border-color: var(--ifm-color-emphasis-900); +} +[data-theme='dark'] .filterActive { + background: #e2e8f0; + color: #0f172a; + border-color: #e2e8f0; +} +.filterCount { + margin-left: 0.35rem; + opacity: 0.5; + font-variant-numeric: tabular-nums; +} + +/* Masonry — use CSS columns for a true collage feel */ +.grid { + column-count: 4; + column-gap: 1rem; + padding: 0 1rem; +} +@media (max-width: 1200px) { .grid { column-count: 3; } } +@media (max-width: 850px) { .grid { column-count: 2; } } +@media (max-width: 560px) { .grid { column-count: 1; } } + +/* Tile */ +.tile { + break-inside: avoid; + margin-bottom: 1rem; + position: relative; + display: block; + padding: 1.1rem 1.2rem 1.15rem; + border-radius: 14px; + border: 1px solid var(--ifm-color-emphasis-200); + background: var(--ifm-card-background-color, var(--ifm-background-surface-color)); + color: inherit !important; + text-decoration: none !important; + overflow: hidden; + transition: transform 0.22s ease, box-shadow 0.22s ease, border-color 0.22s ease; +} +.tile::before { + /* Color accent strip */ + content: ''; + position: absolute; + top: 0; left: 0; right: 0; + height: 3px; + background: var(--tile-accent, linear-gradient(90deg, #a78bfa, #60a5fa)); + opacity: 0.9; +} +.tile::after { + /* Subtle hover glow */ + content: ''; + position: absolute; + inset: -1px; + border-radius: 14px; + box-shadow: 0 0 0 0 transparent; + pointer-events: none; + transition: box-shadow 0.22s ease; +} +.tile:hover { + transform: translateY(-3px); + border-color: var(--tile-accent-solid, var(--ifm-color-primary)); + box-shadow: 0 8px 24px -8px rgba(0, 0, 0, 0.25); +} +[data-theme='dark'] .tile:hover { + box-shadow: 0 10px 30px -12px rgba(120, 120, 200, 0.45); +} + +/* Size variants — big tiles get more visual weight */ +.tileSm { min-height: 130px; } +.tileMd { min-height: 180px; } +.tileLg { + min-height: 240px; + padding: 1.35rem 1.45rem 1.45rem; +} +.tileLg .headline { + font-size: 1.3rem; +} + +/* Tile body */ +.badgeRow { + display: flex; + justify-content: space-between; + align-items: center; + gap: 0.5rem; + margin-bottom: 0.75rem; + font-size: 0.7rem; + letter-spacing: 0.06em; + text-transform: uppercase; + color: var(--ifm-color-emphasis-600); +} +.sourceBadge { + display: inline-flex; + align-items: center; + gap: 0.35rem; + font-weight: 600; +} +.sourceIcon { + display: inline-block; + width: 14px; + height: 14px; + border-radius: 3px; + background: var(--tile-accent-solid, #a78bfa); + flex-shrink: 0; +} +.catTag { + display: inline-block; + padding: 0.15rem 0.55rem; + border-radius: 999px; + background: var(--tile-accent-soft, rgba(167, 139, 250, 0.12)); + color: var(--tile-accent-solid, #a78bfa); + font-weight: 600; + letter-spacing: 0.04em; +} + +.headline { + font-size: 1.02rem; + font-weight: 700; + line-height: 1.3; + margin: 0 0 0.5rem; + color: var(--ifm-color-emphasis-1000); +} + +.quote { + font-size: 0.875rem; + line-height: 1.55; + color: var(--ifm-color-emphasis-800); + margin: 0; + display: -webkit-box; + -webkit-line-clamp: 6; + -webkit-box-orient: vertical; + overflow: hidden; +} +.tileLg .quote { -webkit-line-clamp: 8; } +.tileSm .quote { -webkit-line-clamp: 4; } + +.author { + display: block; + margin-top: 0.7rem; + font-size: 0.78rem; + color: var(--ifm-color-emphasis-600); + font-weight: 500; +} + +.external { + position: absolute; + top: 0.9rem; + right: 0.9rem; + opacity: 0; + font-size: 0.85rem; + color: var(--tile-accent-solid, var(--ifm-color-primary)); + transition: opacity 0.2s ease, transform 0.2s ease; +} +.tile:hover .external { + opacity: 1; + transform: translate(2px, -2px); +} + +/* Footer */ +.footer { + margin: 3rem auto 0; + padding: 1.5rem; + text-align: center; + max-width: 720px; + border-radius: 14px; + background: var(--ifm-color-emphasis-100); + font-size: 0.95rem; + color: var(--ifm-color-emphasis-800); + line-height: 1.6; +} +.footer a { + color: var(--ifm-color-primary); + text-decoration: none; + font-weight: 600; +} +.footer a:hover { text-decoration: underline; } + +.empty { + padding: 3rem 1rem; + text-align: center; + color: var(--ifm-color-emphasis-600); + font-size: 0.95rem; +} diff --git a/website/src/data/userStories.json b/website/src/data/userStories.json new file mode 100644 index 00000000000..8fa087feded --- /dev/null +++ b/website/src/data/userStories.json @@ -0,0 +1,1091 @@ +[ + { + "id": "teknium-12-instances", + "source": "x", + "author": "@Teknium", + "url": "https://x.com/Teknium/status/2047869295686975529", + "date": "2026-04-25", + "category": "dev-workflow", + "headline": "12 Hermes instances every day, in parallel", + "quote": "I literally run 12 hermes agent instances every day in parallel to build Hermes Agent, and its now a top 100 GitHub repositories of all time. Our backend team uses it to monitor and investigate issues with our stack. Our post training team uses them to create new RL environments and benchmarks, investigate, inspect and sometimes directly manipulate the datasets.", + "size": "lg" + }, + { + "id": "alexcovo-movies", + "source": "x", + "author": "@alexcovo_eth", + "url": "https://x.com/alexcovo_eth/status/2046437996262539539", + "date": "2026-04-21", + "category": "creative", + "headline": "My Hermes agent makes movies now", + "quote": "My @NousResearch hermes-agent can make movies now using @browser_use skill. No API needed. No human intervention. I told it to set the mood, action, camera movement, dialog and overall story — it used Browser-Use and Seedance 2.0 to generate a video.", + "size": "md" + }, + { + "id": "exm-family-whatsapp", + "source": "x", + "author": "@EXM7777", + "url": "https://x.com/EXM7777/status/2049869015221510424", + "date": "2026-04-30", + "category": "personal-assistant", + "headline": "One Hermes for the whole family on WhatsApp", + "quote": "3 weeks ago I decided to setup an Hermes agent for my family (3 members), they all use it for different use cases, one $200 ChatGPT sub is more than enough. It unlocked a whole new world for them, just because it lives inside whatsapp and has magic proactive behaviors.", + "size": "md" + }, + { + "id": "gkisokay-autobuild", + "source": "x", + "author": "@gkisokay", + "url": "https://x.com/gkisokay/status/2044339964612362499", + "date": "2026-04-15", + "category": "dev-workflow", + "headline": "Multi-agent auto-build workflow (plan → code → QA → ship)", + "quote": "Day 8 of Building AGI for my Hermes Agent: Auto-Build saved me loads of time and tokens. Main agent (GPT-5.4) breaks a plan into phases, coder agent (MiniMax M2.7) implements, QA agent (local Qwen 35B A3B) tests. Plan → implement → test → fail → repair → ship.", + "size": "md" + }, + { + "id": "gkisokay-watchdog", + "source": "x", + "author": "@gkisokay", + "url": "https://x.com/gkisokay/status/2037924543311016432", + "date": "2026-03-28", + "category": "dev-workflow", + "headline": "Hermes as a watchdog for my other agent", + "quote": "POV: you use Hermes agent to fix your OpenClaw to save countless hours and credits every day. The setup that saved me hours every day: OpenClaw + Hermes watchdog.", + "size": "sm" + }, + { + "id": "gkisokay-research-brief", + "source": "x", + "author": "@gkisokay", + "url": "https://x.com/gkisokay/status/2050026869274395020", + "date": "2026-05-01", + "category": "research", + "headline": "Daily research brief across Discord, Slack, Notion & Obsidian", + "quote": "There's one Hermes use case for everyone — build a research agent. Mine watches the AI/agent space, picks out useful signals, writes briefs, suggests content angles, tracks what I ignore, and keeps improving its own workflow. Delivers daily via Discord, Slack, Notion, email, Obsidian, and local markdown.", + "size": "md" + }, + { + "id": "adiix-polymarket", + "source": "x", + "author": "@adiix_official", + "url": "https://x.com/adiix_official/status/2046702189469450616", + "date": "2026-04-21", + "category": "trading", + "headline": "Polymarket trading, 4 layers in parallel", + "quote": "Hermes changed how I trade on Polymarket. Before: I looked at Yes/No price and guessed. Now: I read 4 layers at once — order book, on-chain addresses, lag between news and price, position changes. Hermes monitors all 4 in parallel through its Polymarket module + News Skill.", + "size": "md" + }, + { + "id": "deronin-weather", + "source": "x", + "author": "@DeRonin_", + "url": "https://x.com/DeRonin_/status/2045087400607568378", + "date": "2026-04-17", + "category": "trading", + "headline": "$100 → $216 in 48h with a self-learning weather bot", + "quote": "I turned $100 into $216 in less than 48 hours with a self-learning weather trading bot. Hermes scans weather markets every 60 mins, compares 3 forecast sources per location, buys undervalued temperature buckets and flips for profit. Reviews what worked, writes its own strategy notes, adjusts next time.", + "size": "md" + }, + { + "id": "technmak-10-days", + "source": "x", + "author": "@techNmak", + "url": "https://x.com/techNmak/status/2041422554729267267", + "date": "2026-04-07", + "category": "dev-workflow", + "headline": "Day 10: it knows my codebase better than I do", + "quote": "10 days ago I installed an open-source agent. Today it knows my codebase better than I do. The first time I built a code review workflow, it was clunky. By the fifth time, the agent had internalized my preferences — which files to check first, what patterns to flag, how to format the output.", + "size": "md" + }, + { + "id": "saboo-monica", + "source": "x", + "author": "@Saboo_Shubham_", + "url": "https://x.com/Saboo_Shubham_/status/2049541356767576388", + "date": "2026-04-29", + "category": "content-creation", + "headline": "Monica that writes in my voice", + "quote": "I kept the OpenClaw squad running, but set up a second Monica on Hermes. Same Mac Mini. Monica had written a procedure for reading my published articles before drafting in my voice. An Agent with skills that grows with you.", + "size": "sm" + }, + { + "id": "ksimback-hermesatlas", + "source": "x", + "author": "@KSimback", + "url": "https://x.com/KSimback/status/2041937777508675611", + "date": "2026-04-08", + "category": "meta", + "headline": "Scraped the entire Hermes ecosystem (hermesatlas.com)", + "quote": "I was an early user of Hermes Agent and have been a power user ever since. Scraped every GitHub repo related to Hermes, filtered out unfinished, built an ecosystem map and published a website (hermesatlas.com) where you can see all projects organized by category with star ratings.", + "size": "md" + }, + { + "id": "codewithimanshu-higgsfield", + "source": "x", + "author": "@codewithimanshu", + "url": "https://x.com/codewithimanshu/status/2047507277259923696", + "date": "2026-04-24", + "category": "marketing", + "headline": "UGC ad studio on Hermes (4 minutes, zero prompt engineering)", + "quote": "Higgsfield Marketing Studio powered by Hermes Agent is doing the replacing this time. Paste product URL → Hermes scrapes the landing page, pulls winning ad hooks from Meta Ads Library + TikTok Creative Center in the exact niche, and writes the brief itself. Total time: ~4 minutes.", + "size": "md" + }, + { + "id": "danfiru-convergence", + "source": "x", + "author": "@danfiru", + "url": "https://x.com/danfiru/status/2036481605666218278", + "date": "2026-03-24", + "category": "dev-workflow", + "headline": "Built my own stack, then converged on Hermes", + "quote": "If you're choosing an agent framework: hermes. I built my own stack independently and we converged on the same architecture — background self-improvement, persistent memory, CLAUDE.md project context, reusable skills. Hermes ships it all out of the box. 300 PRs in a week.", + "size": "md" + }, + { + "id": "nickspisak-everything", + "source": "x", + "author": "@NickSpisak_", + "url": "https://x.com/NickSpisak_/status/2042709705991295221", + "date": "2026-04-10", + "category": "personal-assistant", + "headline": "Replaced everything with a single Hermes agent", + "quote": "Vibe after replacing everything with a Hermes agent: autoresearch, Karpathy LLM wiki second brain, skills creation, scheduled jobs, background monitoring, LLM model selection, Telegram/Discord support. A personal automation agent that lives on a server and talks to you through messaging apps or CLI.", + "size": "md" + }, + { + "id": "mvanhorn-business-ops", + "source": "x", + "author": "@mvanhorn", + "url": "https://x.com/mvanhorn/status/2045935785661349956", + "date": "2026-04-19", + "category": "business-ops", + "headline": "Client research, follow-ups, podcasts, leads — all on Hermes", + "quote": "Client research before calls saves 20–30 min every time. Meeting notes → follow-up drafts. Weekly podcast digest replaced 10+ hrs of listening with a 2hr Hermes workflow using Voxtral. Daily news briefings to Telegram/Discord. Content-ops pipeline (blogs, cold emails, lead scraping from YC, Twitter, Reddit). 24/7 assistant + watchdog.", + "size": "lg" + }, + { + "id": "mishig-jarvis", + "source": "x", + "author": "@mishig25", + "url": "https://x.com/mishig25/status/2044433805017014414", + "date": "2026-04-15", + "category": "personal-assistant", + "headline": "Jarvis at home in 2026", + "quote": "m2.7 + hermes agent: we really got jarvis at home in 2026 but strangely enough no one seems to care.", + "size": "sm" + }, + { + "id": "agentmail-inbox", + "source": "x", + "author": "@agentmail", + "url": "https://x.com/agentmail/status/2041605207704895810", + "date": "2026-04-07", + "category": "integrations", + "headline": "Give your Hermes its own email inbox", + "quote": "Here's how to give your Hermes agent its own email inbox. No SMTP/IMAP, no Google OAuth, just plug in AgentMail using MCP.", + "size": "sm" + }, + { + "id": "akashnet-inventory", + "source": "x", + "author": "@akashnet", + "url": "https://x.com/akashnet/status/2046622301395845264", + "date": "2026-04-21", + "category": "business-ops", + "headline": "Live inventory tracking on Hermes", + "quote": "With Hermes (built by @NousResearch) providing 40+ built-in tools, persistent memory, and subagent parallelization, the development experience is best-in-class. Built for operations like inventory tracking where context, memory, and real-time inputs are non-negotiable.", + "size": "md" + }, + { + "id": "alexfinn-employee", + "source": "x", + "author": "@AlexFinn", + "url": "https://x.com/AlexFinn/status/2049278028619121089", + "date": "2026-04-29", + "category": "general", + "headline": "An AI employee for my hardest tasks", + "quote": "Hermes Agent with ChatGPT 5.5 is literally magic. I've thrown some of my hardest tasks at this combo and the agent has been able to handle EVERYTHING. Time to set up your AI employee.", + "size": "sm" + }, + { + "id": "onlyterp-file-change", + "source": "x", + "author": "@OnlyTerp", + "url": "https://x.com/OnlyTerp/status/2047890882809016805", + "date": "2026-04-25", + "category": "dev-workflow", + "headline": "It sees a file change and auto-acts on it", + "quote": "Hermes is really good. The new updates where it sees a file change and auto acts on it. That shit is fire as fuck.", + "size": "sm" + }, + { + "id": "nathanwilbanks-297-streak", + "source": "x", + "author": "@NathanWilbanks_", + "url": "https://x.com/NathanWilbanks_/status/2047883176622620934", + "date": "2026-04-25", + "category": "business-ops", + "headline": "Day 297 of my streak: $100K of client work automated", + "quote": "I'm on day 297 of my streak: 900,000+ seconds of compute time automated, 5,000,000,000+ tokens generated, $100,000+ in client work value automated.", + "size": "md" + }, + { + "id": "hn-rnxrx-obsidian", + "source": "hn", + "author": "rnxrx (Hacker News)", + "url": "https://news.ycombinator.com/item?id=47786673", + "date": "2026-04", + "category": "personal-assistant", + "headline": "Obsidian, home automation, VPS server management — on a cheap VPS", + "quote": "Having a competent agent with constant state has been good for memorializing and organizing important info directly into Obsidian, planning, and working out bugs with my home automation setup. Also helpful dealing with several miscellaneous servers in the house. I have it running on a cheap VPS and it's fairly locked down.", + "size": "md" + }, + { + "id": "hn-vessel-browser", + "source": "hn", + "author": "unmodeledtyler (Quanta Intellect)", + "url": "https://news.ycombinator.com/item?id=47470156", + "date": "2026", + "category": "integrations", + "headline": "Vessel Browser: agent-native browser born at the Hermes hackathon", + "quote": "I recently participated in Nous Research's Hermes Agent Hackathon, which is where this project was born. Every tool out there assumes a human operator with automation bolted on. I wanted to flip that — make the agent the primary driver and give the human a supervisory role.", + "size": "md" + }, + { + "id": "hn-ethan-install-guide", + "source": "hn", + "author": "ethanjamescolez (Show HN)", + "url": "https://news.ycombinator.com/item?id=47865412", + "date": "2026", + "category": "meta", + "headline": "Show HN: an independent install guide", + "quote": "This is an independent Hermes Agent install guide I put together for the part that usually gets skipped after 'run this command.' One place that shows the environment choice first, then the official installer path — macOS, Linux, WSL2, and Termux.", + "size": "sm" + }, + { + "id": "reddit-hermify", + "source": "reddit", + "author": "r/vibecoding", + "url": "https://www.reddit.com/r/vibecoding/comments/1slhhj1/i_took_the_nousresearch_hermes_agent_and_built_a/", + "date": "2026", + "category": "meta", + "headline": "Hermify: managed hosting for Hermes", + "quote": "A few weeks ago I tried getting Hermes Agent running on a VPS. It worked, eventually, and is lowkey the most useful AI agent. So I built Hermify: easy managed hosting. You bring your API key + Telegram bot, we handle the hosting.", + "size": "sm" + }, + { + "id": "reddit-windows-wrapper", + "source": "reddit", + "author": "r/SideProject", + "url": "https://www.reddit.com/r/SideProject/comments/1sdaojm/i_took_the_nousresearch_hermes_agent_and_built_a/", + "date": "2026", + "category": "meta", + "headline": "Native Windows app wrapper for Hermes", + "quote": "The NousResearch team built Hermes Agent — an open-source agentic AI system with tools, skills, memory, and multi-platform messaging. It's good. So I built a native Windows app around it.", + "size": "sm" + }, + { + "id": "reddit-research-agent", + "source": "reddit", + "author": "r/hermesagent", + "url": "https://www.reddit.com/r/hermesagent/comments/1sd3bwf/had_my_research_agent_dig_into_what_people_are/", + "date": "2026", + "category": "research", + "headline": "I had my research agent dig into what people are building with Hermes", + "quote": "Had my (Hermes) research agent dig into what people are actually building with Hermes — turned up an ecosystem mosaic of trading bots, personal assistants, content pipelines and self-hosted everything.", + "size": "sm" + }, + { + "id": "rumjahn-everything", + "source": "blog", + "author": "Keith Rumjahn (Substack)", + "url": "https://rumjahn.substack.com/p/complete-guide-to-mastering-hermes", + "date": "2026-04-26", + "category": "personal-assistant", + "headline": "Apple Health, Threads analytics, Gmail, Calendar — in one CLI", + "quote": "Apple Health: Hermes wrote Python on the fly and found my sleep avg was 7.59 hrs. Threads Analytics: drop cookies in, pulled 34 posts of analytics in one command. Hermes is dramatically better than OpenClaw at browser automation. Gmail + Calendar OAuth via drag-drop JSON. Hermes = CEO, OpenClaw = Senior Engineer, both pointed at the same Obsidian vault on my NAS.", + "size": "lg" + }, + { + "id": "jsong-llm-wiki", + "source": "blog", + "author": "Jsong (Medium)", + "url": "https://medium.com/@jsong_49820/how-i-built-a-self-improving-llm-wiki-with-hermes-agent-and-why-im-not-using-obsidian-1e9a7fa438c1", + "date": "2026-04-16", + "category": "research", + "headline": "A self-improving LLM Wiki second brain", + "quote": "Built a personal knowledge base that compounds over time instead of rotting — maintained by an LLM, not by me. Stack: Hetzner VPS, Hermes Agent, Telegram bot as second brain, Karpathy's LLM Wiki pattern, public static site at wiki.ai-biz.app.", + "size": "md" + }, + { + "id": "julian-meet-teams", + "source": "blog", + "author": "Julian Goldie (Substack)", + "url": "https://juliangoldieseo1.substack.com/p/hermes-agent-v012-just-changed-ai", + "date": "2026-04-30", + "category": "business-ops", + "headline": "Auto-transcribe Meet calls, control from Teams, local models for client data", + "quote": "Auto-transcribe Google Meet calls — focus on conversation, not notes. Self-maintaining skill library. Control from Microsoft Teams. Local AI models via LM Studio — sensitive client data never leaves your machine. Native Spotify for voice-command music.", + "size": "md" + }, + { + "id": "anthony-inbox-cron", + "source": "blog", + "author": "Anthony Maio (Substack)", + "url": "https://anthonymaio.substack.com/p/getting-started-with-hermes-agent", + "date": "2026-03-30", + "category": "personal-assistant", + "headline": "'Every weekday at 9am, summarize my inbox and post to Slack'", + "quote": "An agent that grows with you — not marketing fluff; it literally writes markdown skill files when it solves hard problems. Natural-language cron: 'every weekday at 9am, summarize my inbox and post to Slack.'", + "size": "sm" + }, + { + "id": "kisztof-modal", + "source": "blog", + "author": "Krzysztof Słomka (Medium)", + "url": "https://kisztof.medium.com/hermes-agent-review-nous-researchs-self-improving-ai-agent-e72bc244435a", + "date": "2026-04-20", + "category": "dev-workflow", + "headline": "Telegram → Modal serverless. 40% faster on research tasks.", + "quote": "Chat via Telegram while execution runs on Modal serverless (cheap when idle). Run on a $5 VPS that stays up when the laptop closes. Pin to SSH backend inside a customer's VPC for consulting. Verified benchmark (TokenMix): self-created skills cut research-task time by ~40% vs. a fresh agent.", + "size": "md" + }, + { + "id": "0xmega-no-mac-mini", + "source": "blog", + "author": "Alex P. (Medium)", + "url": "https://medium.com/@0xmega/hermes-agent-the-complete-setup-guide-telegram-discord-vps-no-mac-mini-required-dda315a702d3", + "date": "2026-03-30", + "category": "cost-optimization", + "headline": "Under $20/mo total — no Mac Mini, no Opus", + "quote": "OpenClaw setup: Mac Mini M4 ($599) + Opus 4.6 = ~$80–150/mo. Hermes on VPS: under $20/mo total using Minimax M2.7. Example first task: 'check the top 5 trending GitHub repos right now and send me a summary.'", + "size": "md" + }, + { + "id": "derek-supabase-crm", + "source": "youtube", + "author": "Derek Cheung (YouTube)", + "url": "https://www.youtube.com/watch?v=W_ZgH0WPayo", + "date": "2026", + "category": "business-ops", + "headline": "24/7 assistant with a Supabase CRM, built in a demo", + "quote": "Less than a single ChatGPT Plus subscription for a 24/7 assistant with real data management. After several interactions, Hermes autonomously proposed a new 'Supabase MCP scripts' skill — created from its own reflection.", + "size": "md" + }, + { + "id": "gladiator-hackathon", + "source": "youtube", + "author": "exitcode42 (YouTube)", + "url": "https://www.youtube.com/watch?v=YqLcMmzl3Yg", + "date": "2026", + "category": "dev-workflow", + "headline": "GLADIATOR: 9 Hermes agents, two rival AI companies, one GitHub stars war", + "quote": "Two fully autonomous AI companies competing head-to-head to maximize GitHub stars. 9 Hermes agents split into rival companies. Hermes agents actually learn and improve — they wrote code, created skills, grew memory, committed to git. All on their own.", + "size": "md" + }, + { + "id": "worldofai-shadcn-manim", + "source": "youtube", + "author": "WorldofAI (YouTube)", + "url": "https://www.youtube.com/watch?v=cu2fgknmemA", + "date": "2026-04-07", + "category": "creative", + "headline": "shadcn finance dashboard + Manim explainer videos", + "quote": "Used /browse to add Obsidian as a skill, populated a vault with shadcn/ui packages, then asked Hermes to build a finance dashboard using them. Result: beautiful, modern dashboard in minutes. Also used a manim skill to convert complex technical concepts into animated videos.", + "size": "md" + }, + { + "id": "leon-amazon-titles", + "source": "youtube", + "author": "Leon van Zyl (YouTube)", + "url": "https://www.youtube.com/watch?v=jmtpYUOr7_U", + "date": "2026", + "category": "content-creation", + "headline": "Scraped Amazon without extra config; built a YouTube title skill", + "quote": "Successfully scraped Amazon (notoriously difficult) without additional config. Free speech-to-text via local Whisper, free TTS via Edge TTS. YouTube title generator skill produces five search-based, five browse-targeted, and five hybrid titles.", + "size": "md" + }, + { + "id": "betterstack-tweets", + "source": "youtube", + "author": "Better Stack (YouTube)", + "url": "https://www.youtube.com/watch?v=HdxtLpL9CC8", + "date": "2026", + "category": "content-creation", + "headline": "Tweets in my voice, pulled from past video scripts", + "quote": "Prompted Hermes to help write tweets based on past video scripts. Pointed it at a scripts folder; it analyzed my writing style, produced usable tweets, and saved preferences to memory automatically. Brand new session test: it recalled everything, including preferred emojis.", + "size": "md" + }, + { + "id": "metics-weekly-cron", + "source": "youtube", + "author": "Metics Media (YouTube)", + "url": "https://www.youtube.com/watch?v=CwPUOVUdApE", + "date": "2026", + "category": "content-creation", + "headline": "Weekly cron: top 3 trending AI tools for my next video", + "quote": "'Research the top trending AI tools right now and come back with the top three that would make for an interesting tutorial video. Create a new skill based on your approach and call it YouTube-video-research. Can you set up a weekly job that runs every Monday at 9:00 AM using that skill?'", + "size": "md" + }, + { + "id": "theo-hetzner", + "source": "youtube", + "author": "Théo Vigneres (YouTube)", + "url": "https://www.youtube.com/watch?v=tm4h8dG-xlI", + "date": "2026-03", + "category": "cost-optimization", + "headline": "Hetzner VPS at $10/mo, Claude Opus via OpenRouter", + "quote": "Personal AI that lives on a server with persistent memory. Remembers preferences, projects, and past problem-solving. Accessible via Terminal, Telegram, Discord, Slack, or WhatsApp. Set up on a $10/month Hetzner VPS with Claude Opus via OpenRouter.", + "size": "sm" + }, + { + "id": "yashica-linkedin", + "source": "youtube", + "author": "Yashica Jain (YouTube)", + "url": "https://www.youtube.com/watch?v=Mom3GVeiBR8", + "date": "2026", + "category": "content-creation", + "headline": "LinkedIn posts that remember my style", + "quote": "Every time you do something — for example, using Hermes to write a LinkedIn post — it uses that experience to create a new skill. Next time you ask it to generate a LinkedIn post, boom, you don't have to give it the same instructions.", + "size": "sm" + }, + { + "id": "greg-isenberg-termux", + "source": "podcast", + "author": "Greg Isenberg & Imran Muthuvappa (Startup Ideas Podcast)", + "url": "https://podcasts.apple.com/dk/podcast/hermes-agent-clearly-explained-and-how-to-use-it/id1593424985?i=1000762440356", + "date": "2026", + "category": "cost-optimization", + "headline": "90% token spend cut. Runs on a cheap Android via Termux.", + "quote": "Switching to Hermes with OpenRouter cut my token spend ~90% — from ~$130 per 5 days to ~$10 per 5 days. Hermes runs on a cheap Android phone via Termux + Termux API — unlocks SMS, sensors, and on-device social posting. Customization is a trap; output is the skill.", + "size": "md" + }, + { + "id": "tooluse-hermes-won", + "source": "podcast", + "author": "Tool Use — AI Conversations (Spotify)", + "url": "https://open.spotify.com/episode/7tF7zf5GKcxqe2Q2BRRNfn", + "date": "2026", + "category": "meta", + "headline": "Hermes Agent has won. Here's why.", + "quote": "Why Hermes Agent has emerged as the leading open-source AI agent that developers and builders are choosing — self-improving skills, three-layer memory architecture, real-world applications including video dubbing workflows.", + "size": "sm" + }, + { + "id": "firecrawl-integration", + "source": "linkedin", + "author": "Firecrawl", + "url": "https://www.linkedin.com/posts/firecrawl_hermes-agent-by-nous-research-can-now-scrape-activity-7445140884683395072-sm2d", + "date": "2026", + "category": "integrations", + "headline": "Firecrawl for scrape/search/browse", + "quote": "Hermes Agent by Nous Research can now scrape, search, and interact with the web using Firecrawl. Enable it during setup to give Hermes the ability.", + "size": "sm" + }, + { + "id": "vectorize-hindsight", + "source": "linkedin", + "author": "Vectorize.io", + "url": "https://www.linkedin.com/posts/vectorizeio_connect-your-nous-research-hermes-agent-to-activity-7447280348457107456-_Y7L", + "date": "2026", + "category": "integrations", + "headline": "Hindsight Cloud memory, connected", + "quote": "Connect your Nous Research Hermes Agent to Hindsight Cloud, the best-performing AI Agent memory, in a few easy steps!", + "size": "sm" + }, + { + "id": "andrew-gordon-5-apps", + "source": "linkedin", + "author": "Andrew W. Gordon", + "url": "https://www.linkedin.com/posts/andrewwgordon_hermes-agent-the-agent-that-grows-with-activity-7449351350800429056-Alw0", + "date": "2026", + "category": "dev-workflow", + "headline": "5 apps built and launched in a single day", + "quote": "I've switched to Nous-Research Hermes-Agent from previous Agents I've been experimenting with. Hermes is unique in that it self-learns. Within a single day, I built and launched five small applications.", + "size": "sm" + }, + { + "id": "davidondrej-browser-harness", + "source": "gist", + "author": "davidondrej (GitHub Gist)", + "url": "https://gist.github.com/davidondrej/6f158de34ce83c530526011054fde8d3", + "date": "2026", + "category": "integrations", + "headline": "Hermes + Browser Harness on a Hostinger VPS", + "quote": "Full copy-paste setup for Hermes Agent + Browser Harness on a Hostinger VPS. Register Browser Harness as a Hermes skill via symlink so Hermes can find and use it. Recommended model: anthropic/claude-opus-4.7 via OpenRouter.", + "size": "sm" + }, + { + "id": "nazt-mcp-hybrid", + "source": "gist", + "author": "nazt (GitHub Gist)", + "url": "https://gist.github.com/nazt/849e29cd25c148b6cebafdbcc38bb6cc", + "date": "2026", + "category": "integrations", + "headline": "Fat agent → thin tool provider via hermes mcp serve", + "quote": "hermes mcp serve turns Hermes from a monolithic agent into a composable capability layer — any MCP client can borrow Hermes's 15+ messaging platforms, SQLite FTS5 persistence, and 73-skill tool surface without running Hermes as the primary agent.", + "size": "md" + }, + { + "id": "gh-trevor-imessage", + "source": "github", + "author": "@trevorgordon981", + "url": "https://github.com/NousResearch/hermes-agent/issues/6430", + "date": "2026", + "category": "personal-assistant", + "headline": "Hermes over iMessage on my always-on Mac Studio", + "quote": "I run Hermes Agent as a personal AI assistant on a Mac Studio that is always on. My primary communication with other people happens through iMessage. I can message my assistant from my iPhone, iPad, Mac, or Apple Watch. Group chats with friends could include the assistant naturally.", + "size": "md" + }, + { + "id": "gh-xwm1234-factory", + "source": "github", + "author": "@Xwm1234", + "url": "https://github.com/NousResearch/hermes-agent/issues/11653", + "date": "2026", + "category": "business-ops", + "headline": "Task-centric memory for a printing factory", + "quote": "I run a printing factory and use Hermes daily. Long conversations were making the agent slow and forgetful. So I built a custom Skill called Task-Centric Memory — auto-categorizes tasks into domains (Printing, Stocks); completed tasks are compressed into summary cards.", + "size": "md" + }, + { + "id": "gh-juan-email-pipeline", + "source": "github", + "author": "@JuanDragin", + "url": "https://github.com/NousResearch/hermes-agent/issues/5563", + "date": "2026", + "category": "dev-workflow", + "headline": "8h/day on Opus: email pipeline with DBOS + Postgres + S3", + "quote": "I run it daily for production software development, orchestrating a 3-actor email processing pipeline with DBOS, PostgreSQL, S3, Gmail API. 8+ hours per day on Claude Opus for 3 weeks.", + "size": "md" + }, + { + "id": "gh-chrisr-horse-racing", + "source": "github", + "author": "@Chrisr6records", + "url": "https://github.com/NousResearch/hermes-agent/issues/4431", + "date": "2026", + "category": "personal-assistant", + "headline": "Horse-racing Telegram community bot", + "quote": "I run two Telegram groups through one gateway: a project group and a horse-racing community. Every session gets the same personality, system prompt, CLAUDE.md, and working directory — I want per-group specialization.", + "size": "sm" + }, + { + "id": "gh-arkka-legal", + "source": "github", + "author": "@arkka", + "url": "https://github.com/NousResearch/hermes-agent/issues/15562", + "date": "2026", + "category": "privacy", + "headline": "Legal-domain work on an edge GPU, 4B Gemma, no cloud APIs", + "quote": "I run Hermes self-hosted on a single edge-class GPU with a 4B Gemma model. I work with legal-domain material and internal systems I cannot ship to third-party APIs. Self-hosting the main loop is non-negotiable.", + "size": "md" + }, + { + "id": "gh-manoj-pi4", + "source": "github", + "author": "@manojmukkamala", + "url": "https://github.com/NousResearch/hermes-agent/issues/14197", + "date": "2026", + "category": "personal-assistant", + "headline": "Hermes running on a Pi 4 as my home server", + "quote": "I have Hermes running on a Pi4. It saves my preferences while working on tasks like modifying files. I want to use it as a central brain shared across all my devices.", + "size": "sm" + }, + { + "id": "gh-kovern-bedtime", + "source": "github", + "author": "@kovern", + "url": "https://github.com/NousResearch/hermes-agent/issues/17177", + "date": "2026", + "category": "personal-assistant", + "headline": "Bedtime stories for my daughter", + "quote": "Three days ago I asked Hermes to write a little tale for my daughter. A day later I asked again — very similar, same protagonist name.", + "size": "sm" + }, + { + "id": "gh-jgravelle-jmunch", + "source": "github", + "author": "@jgravelle", + "url": "https://github.com/NousResearch/hermes-agent/issues/10409", + "date": "2026", + "category": "integrations", + "headline": "jMunch MCP: 52 tools via tree-sitter for code intelligence", + "quote": "The jMunch MCP suite provides three MCP servers bringing token-efficient code intelligence (52 tools via tree-sitter), documentation retrieval, and tabular data analysis. Plug-and-play with Hermes's native MCP client.", + "size": "md" + }, + { + "id": "gh-edward-win", + "source": "github", + "author": "@EdwardWason", + "url": "https://github.com/NousResearch/hermes-agent/issues/11876", + "date": "2026", + "category": "meta", + "headline": "hermes-for-win: one-click Windows installer", + "quote": "As a Windows user I found getting Hermes running on Windows quite challenging. I created hermes-for-win, a one-click installation and deployment tool for Windows with auto-start via Task Scheduler.", + "size": "sm" + }, + { + "id": "gh-0xmrblue-computer-use", + "source": "github", + "author": "@0xMrBlueOps", + "url": "https://github.com/NousResearch/hermes-agent/issues/15876", + "date": "2026", + "category": "integrations", + "headline": "Desktop computer-use module: noVNC, screenshots, mouse/keyboard", + "quote": "I built an optional desktop computer-use module for Hermes: computer_use_tool.py plus a containerized desktop with persistent Chromium, mouse/keyboard control, and screenshots.", + "size": "sm" + }, + { + "id": "gh-bsxy-higress", + "source": "github", + "author": "@bsxyswsy6n", + "url": "https://github.com/NousResearch/hermes-agent/issues/8881", + "date": "2026", + "category": "enterprise", + "headline": "Hermes inside an MCP infrastructure behind Higress", + "quote": "We are deploying Hermes as part of an MCP infrastructure using Higress as the API Gateway. Currently Hermes only supports CLI mode, preventing management as a service in our mesh.", + "size": "sm" + }, + { + "id": "gh-pypl0-ombre", + "source": "github", + "author": "@pypl0", + "url": "https://github.com/NousResearch/hermes-agent/issues/17431", + "date": "2026", + "category": "enterprise", + "headline": "EU AI Act compliance via Ombre", + "quote": "Adding Ombre underneath creates a production-ready stack: tamper-proof audit, prompt-injection blocking, memory encryption at rest, hallucination detection, cost tracking, EU AI Act compliance exports.", + "size": "sm" + }, + { + "id": "gh-samdu-kubernetes", + "source": "github", + "author": "@samdu", + "url": "https://github.com/NousResearch/hermes-agent/issues/11248", + "date": "2026", + "category": "enterprise", + "headline": "Kubernetes pod-hop handoff across restarts", + "quote": "When the gateway pod restarts (toolbox redeploy) in-memory context is lost. Proposes pod-hop, letting a running gateway hand off to a standby on a shared PVC.", + "size": "sm" + }, + { + "id": "gh-prasad-vertex", + "source": "github", + "author": "@prasadus92", + "url": "https://github.com/NousResearch/hermes-agent/issues/13484", + "date": "2026", + "category": "enterprise", + "headline": "Vertex AI for GCP-standardized enterprises", + "quote": "Requesting native Vertex AI provider support for enterprise users who standardize on Google Cloud for AI workloads.", + "size": "sm" + }, + { + "id": "gh-yuga-line", + "source": "github", + "author": "@yuga-hashimoto", + "url": "https://github.com/NousResearch/hermes-agent/issues/8395", + "date": "2026", + "category": "messaging", + "headline": "LINE for 95M+ users in Japan", + "quote": "LINE is the dominant messaging platform in Japan and SE Asia (95M+ MAU in Japan). No way to use Hermes from LINE today, making it inaccessible to a large user base in that region.", + "size": "sm" + }, + { + "id": "gh-2024fatwolf-qq", + "source": "github", + "author": "@2024fatwolf55", + "url": "https://github.com/NousResearch/hermes-agent/issues/9166", + "date": "2026", + "category": "messaging", + "headline": "QQ Bot adapter for China", + "quote": "Add QQ Bot platform support enabling communication via China's most popular messaging platform. Fully implemented and tested a QQ Bot adapter (822 lines).", + "size": "sm" + }, + { + "id": "gh-haoqi-feishu", + "source": "github", + "author": "@haoqimeng1992", + "url": "https://github.com/NousResearch/hermes-agent/issues/10356", + "date": "2026", + "category": "messaging", + "headline": "Give Hermes hands inside Feishu (Lark)", + "quote": "Extending Hermes to full Feishu ecosystem coverage: Documents, Sheets, Bitable, Calendar, Tasks, Wiki, Contacts, Drive, Email. Giving Hermes hands to operate the entire Feishu workspace.", + "size": "sm" + }, + { + "id": "gh-oleg-multi-role", + "source": "github", + "author": "@OlegB333", + "url": "https://github.com/NousResearch/hermes-agent/issues/5143", + "date": "2026", + "category": "personal-assistant", + "headline": "One agent, many roles: nutritionist, developer, finance advisor", + "quote": "Users treat their AI agent as a unified personal assistant across life domains: health tracking, software dev, financial planning, language learning. Multi-role auto-routing with named roles.", + "size": "sm" + }, + { + "id": "gh-alexferrari-checkin", + "source": "github", + "author": "@alexferrari88", + "url": "https://github.com/NousResearch/hermes-agent/issues/9645", + "date": "2026", + "category": "personal-assistant", + "headline": "Proactive check-ins ('anything you want me to watch this afternoon?')", + "quote": "Some users want something more like a personal assistant: present, a bit more alive, and able to gently re-engage. 'Hey, anything you want me to keep an eye on this afternoon?'", + "size": "sm" + }, + { + "id": "gh-tcollins-audit", + "source": "github", + "author": "@tcollins024", + "url": "https://github.com/NousResearch/hermes-agent/issues/17619", + "date": "2026", + "category": "dev-workflow", + "headline": "Audited 129 of my own sessions across 23 days", + "quote": "Ran an external RCA script against my full local session history (129 sessions across 23 days) to audit Hermes compliance with its approval gate. 112 of 129 sessions contain at least one violation.", + "size": "md" + }, + { + "id": "gh-rohit-agentmemory", + "source": "github", + "author": "@rohitg00", + "url": "https://github.com/NousResearch/hermes-agent/issues/6715", + "date": "2026", + "category": "integrations", + "headline": "Cross-agent memory: Hermes + Claude Code + Cursor", + "quote": "Built a memory provider plugin connecting agentmemory to Hermes. Covers cross-agent memory (developer using Hermes plus Claude Code or Cursor) with hybrid BM25+vector+knowledge-graph search.", + "size": "sm" + }, + { + "id": "gh-iacker-discord-gate", + "source": "github", + "author": "@iacker", + "url": "https://github.com/NousResearch/hermes-agent/issues/13124", + "date": "2026", + "category": "messaging", + "headline": "DM-based approval gate for kid-facing Discord bots", + "quote": "Running Hermes on Discord in public channels, every outbound reply goes live instantly. For multi-user servers, persona testing, compliance, kid-facing bots — I want a human-in-the-loop gate.", + "size": "sm" + }, + { + "id": "gh-scotttrinh-vercel", + "source": "github", + "author": "@scotttrinh", + "url": "https://github.com/NousResearch/hermes-agent/pull/17445", + "date": "2026", + "category": "integrations", + "headline": "Vercel Sandbox as a Hermes backend", + "quote": "Adds Vercel Sandbox as a supported Hermes terminal backend alongside Local/Docker/Modal/SSH/Daytona/Singularity. Creates/manages cloud microVMs with snapshot-based filesystem persistence.", + "size": "sm" + }, + { + "id": "gh-shloms-touchdesigner", + "source": "github", + "author": "@SHL0MS", + "url": "https://github.com/NousResearch/hermes-agent/pull/16768", + "date": "2026", + "category": "creative", + "headline": "Generative visuals in TouchDesigner, via Hermes skill", + "quote": "Expands touchdesigner-mcp skill with extensive reference docs so Hermes can help build generative/interactive media projects in TouchDesigner.", + "size": "sm" + }, + { + "id": "gh-austin-latex", + "source": "github", + "author": "@austinpickett", + "url": "https://github.com/NousResearch/hermes-agent/pull/17175", + "date": "2026", + "category": "research", + "headline": "LaTeX math renders properly in the TUI", + "quote": "Adds LaTeX-to-Unicode rendering for math in the TUI markdown pipeline, so users working on math/ML content see proper formatting rather than raw LaTeX.", + "size": "sm" + }, + { + "id": "gh-declan-webchat", + "source": "github", + "author": "@declan2010", + "url": "https://github.com/NousResearch/hermes-agent/issues/4514", + "date": "2026", + "category": "integrations", + "headline": "Webchat: custom themed browser UI on MEMORY.md", + "quote": "I created a beautiful web interface for Hermes Agent that adds dark/light theme, persistent memory using MEMORY.md and USER.md, per-session chat history, status bar, responsive on mobile and desktop.", + "size": "sm" + }, + { + "id": "gh-romanescu-skillfactory", + "source": "github", + "author": "@Romanescu11", + "url": "https://github.com/NousResearch/hermes-agent/issues/1935", + "date": "2026", + "category": "dev-workflow", + "headline": "Skill Factory: silently watches workflows and writes SKILL.md + plugin.py", + "quote": "I built a community plugin for Hermes called Skill Factory. It silently watches your workflows during a session and automatically proposes and generates reusable skills (SKILL.md + plugin.py) from them.", + "size": "sm" + }, + { + "id": "gh-autholykos-ccd", + "source": "github", + "author": "@autholykos", + "url": "https://github.com/NousResearch/hermes-agent/issues/4837", + "date": "2026", + "category": "dev-workflow", + "headline": "CCD multi-agent pod on an M2 Ultra with Mem0 + Qdrant", + "quote": "CCD v1.0.0-alpha installed on M2 Ultra. A Nanto pod exists with profiles for each agent (raoh, juza, rei, ken). Mem0 memory backend on Qdrant. Native MCP integration would make CCD tools first-class.", + "size": "sm" + }, + { + "id": "gh-bichev-dashboard", + "source": "github", + "author": "@Bichev", + "url": "https://github.com/NousResearch/hermes-agent/issues/4379", + "date": "2026", + "category": "dev-workflow", + "headline": "73% of every API call is fixed overhead (I measured it)", + "quote": "I built a monitoring dashboard to profile token consumption on a Hermes v0.6.0 deployment running Telegram + WhatsApp + Cron gateways. After analyzing 6 request dumps, I found that 73% of every API call is fixed overhead.", + "size": "sm" + }, + { + "id": "gh-enigma-merxex", + "source": "github", + "author": "@enigma-zeroclaw", + "url": "https://github.com/NousResearch/hermes-agent/issues/13562", + "date": "2026", + "category": "integrations", + "headline": "Agent-to-agent commerce via Merxex", + "quote": "I'm building Merxex, an agent-to-agent commerce platform that lets agents buy and sell services/work seamlessly. Hermes agents could benefit from a native monetization layer.", + "size": "sm" + }, + { + "id": "gh-artile-zed", + "source": "github", + "author": "@artile", + "url": "https://github.com/NousResearch/hermes-agent/issues/16028", + "date": "2026", + "category": "integrations", + "headline": "Hermes in Zed editor via ACP Registry", + "quote": "Add Hermes Agent to the Agent Client Protocol (ACP) Registry so it can be automatically discovered and installed by editors like Zed.", + "size": "sm" + }, + { + "id": "gh-paultisl-tailscale", + "source": "github", + "author": "@PaulTisl", + "url": "https://github.com/NousResearch/hermes-agent/issues/9269", + "date": "2026", + "category": "privacy", + "headline": "Tailscale serve for secure remote access, no exposed ports", + "quote": "Users want secure remote access to the Hermes API server / Open WebUI without exposing ports publicly. Tailscale serve provides zero-config HTTPS tunneling over a private mesh.", + "size": "sm" + }, + { + "id": "gh-zednik-slides", + "source": "github", + "author": "@zednik-max", + "url": "https://github.com/NousResearch/hermes-agent/issues/15600", + "date": "2026", + "category": "business-ops", + "headline": "Create and edit Google Slides decks", + "quote": "Extending google-workspace skill to Google Slides so Hermes can create and edit presentations for users already in Google Workspace.", + "size": "sm" + }, + { + "id": "gh-m1chael-jmap", + "source": "github", + "author": "@m1chaeljmk", + "url": "https://github.com/NousResearch/hermes-agent/issues/11424", + "date": "2026", + "category": "integrations", + "headline": "JMAP email for Fastmail users", + "quote": "Requesting JMAP support in email integration for Fastmail users (more efficient than IMAP).", + "size": "sm" + }, + { + "id": "gh-isak-hunter", + "source": "github", + "author": "@isakcarlson5-del", + "url": "https://github.com/NousResearch/hermes-agent/issues/15818", + "date": "2026", + "category": "business-ops", + "headline": "Hunter.io email-finding for sales outreach", + "quote": "Surface Hunter.io (email lookup/verification) via Composio MCP for sales outreach workflows.", + "size": "sm" + }, + { + "id": "gh-oangelo-tasks", + "source": "github", + "author": "@oangelo", + "url": "https://github.com/NousResearch/hermes-agent/issues/9189", + "date": "2026", + "category": "personal-assistant", + "headline": "Google Tasks integration", + "quote": "Adding a Google Tasks tool so Hermes can create, update and list tasks as part of personal productivity.", + "size": "sm" + }, + { + "id": "gh-flyingcloud-migration", + "source": "github", + "author": "@flyingcloudliu-hub", + "url": "https://github.com/NousResearch/hermes-agent/issues/16134", + "date": "2026", + "category": "meta", + "headline": "Shadow-to-live migration from OpenClaw", + "quote": "A proposed migration path for users moving from OpenClaw to Hermes, covering shadow-mode runs before full cutover.", + "size": "sm" + }, + { + "id": "pfanis-companion", + "source": "x", + "author": "@pfanis", + "url": "https://x.com/pfanis/status/2043863599689457952", + "date": "2026-04-14", + "category": "personal-assistant", + "headline": "Sometimes Hermes Agent melts my heart", + "quote": "Sometimes Hermes Agent melts my heart @NousResearch.", + "size": "sm" + }, + { + "id": "krynsky-switched", + "source": "x", + "author": "@krynsky", + "url": "https://x.com/krynsky/status/2044089946018062614", + "date": "2026-04-14", + "category": "meta", + "headline": "Switched from OpenClaw, not looking back", + "quote": "I switched from OpenClaw to Hermes and not looking back. This was a major update with tons of goodies.", + "size": "sm" + }, + { + "id": "gkisokay-codex-watcher", + "source": "x", + "author": "@gkisokay", + "url": "https://x.com/gkisokay/status/2045048092341555639", + "date": "2026-04-17", + "category": "dev-workflow", + "headline": "Codex watches my Hermes agent-to-agent workflows live", + "quote": "Day 10 of Building AGI for my Hermes Agent: Codex saved the day as a runtime monitor for my agent-to-agent workflows. I used Codex with GPT-5.4 on extra-high to watch the workflow run, catch where it broke, and fix it live until it worked reliably.", + "size": "sm" + }, + { + "id": "anup-5vps", + "source": "blog", + "author": "Anup Karanjkar (Medium)", + "url": "https://medium.com/@anup.karanjkar08/how-to-run-hermes-agent-on-a-5-vps-the-self-evolving-agent-that-ate-last-weeks-trending-chart-cbe94a82d094", + "date": "2026", + "category": "cost-optimization", + "headline": "$5 VPS playbook — so the defaults don't eat your OpenRouter budget", + "quote": "Hosting the agent costs nothing. Running the agent the wrong way costs a fortune. Take the default setup at face value and you end up with a working agent and a $400 OpenRouter bill. I rebuilt my personal automation stack on Hermes.", + "size": "sm" + }, + { + "id": "gideon-trading-hetzner", + "source": "blog", + "author": "Gideon Ng (Medium)", + "url": "https://medium.com/@gideonfip/hermes-is-easier-than-openclaw-how-i-deployed-mine-on-hetzner-719faf08bc29", + "date": "2026", + "category": "trading", + "headline": "24/7 crosschain trading agent on Hetzner", + "quote": "After spending nearly a week struggling with OpenClaw, I built a new Hermes agent on a Hetzner VPS. I'm building a trading agent leveraging Hermes's persistent memory — inspired by @RHLSTHRM's 24/7 crosschain agent that gets market data from CoinGecko, swaps crosschain with LI.FI, and executes gasless transactions via Pimlico + EIP-7702.", + "size": "md" + }, + { + "id": "dev-arsh-natural-cron", + "source": "blog", + "author": "arshtechpro (dev.to)", + "url": "https://dev.to/arshtechpro/hermes-agent-a-self-improving-ai-agent-that-runs-anywhere-2b7d", + "date": "2026-03", + "category": "personal-assistant", + "headline": "'Every morning at 9am, check HN for AI news and DM me on Telegram'", + "quote": "Conversation continues across platforms (Telegram, Discord, Slack, WhatsApp, Signal, terminal). Real memory: two curated files MEMORY.md + USER.md, plus SQLite full-text search over all past sessions. Scheduled tasks via natural language — no crontab editing.", + "size": "md" + }, + { + "id": "ken-huang-production", + "source": "blog", + "author": "Ken Huang (Substack)", + "url": "https://kenhuangus.substack.com/p/chapter-10-production-deployment", + "date": "2026-04-27", + "category": "enterprise", + "headline": "Hermes as CLI/gateway-first — 13 platforms under one process", + "quote": "Hermes Agent: CLI/gateway-first — standalone agent for messaging platforms, schedules, and command line. Gateway multiplexes 13 platforms under one process.", + "size": "sm" + }, + { + "id": "wolfram-home-assistant-addon", + "source": "x", + "author": "@WolframRvnwlf", + "url": "https://x.com/WolframRvnwlf/status/2037583878009889013", + "date": "2026", + "category": "integrations", + "headline": "Home Assistant add-on: zero to agent in under 5 minutes", + "quote": "Takes you from zero to working Hermes agent in less than 5 minutes — a Home Assistant add-on for Hermes Agent.", + "size": "sm" + }, + { + "id": "michael-security-eval", + "source": "gist", + "author": "michaeloboyle (GitHub Gist)", + "url": "https://gist.github.com/michaeloboyle/10461598db36066e4c366413d5416f83", + "date": "2026", + "category": "privacy", + "headline": "Independent technical security eval: 5 defensive patterns", + "quote": "The genuine differentiator is the multi-platform messaging gateway — runs across Telegram, Discord, Slack, WhatsApp, Signal, WeChat, iMessage, and CLI simultaneously. Five defensive security patterns including OSV malware checking for MCP packages and credential stripping from output.", + "size": "sm" + }, + { + "id": "olaf-azure-patch", + "source": "gist", + "author": "olafgeibig (GitHub Gist)", + "url": "https://gist.github.com/olafgeibig/c51474131c2f5802a699dc7edfac04ad", + "date": "2026", + "category": "enterprise", + "headline": "Azure-compliant prompt patch so the safety filter doesn't kick in", + "quote": "Patch Hermes Agent prompts so the Azure safety filter does not kick in, letting enterprise Azure deployments avoid content-filter trips.", + "size": "sm" + }, + { + "id": "awesome-hermes", + "source": "github", + "author": "@0xNyk", + "url": "https://github.com/0xNyk/awesome-hermes-agent", + "date": "2026", + "category": "meta", + "headline": "awesome-hermes-agent: community-curated skills list", + "quote": "A curated list of skills, tools, integrations and resources for enhancing your Hermes Agent workflow — resources tied to the agentskills.io standard.", + "size": "sm" + }, + { + "id": "clawdi-builtwith", + "source": "producthunt", + "author": "Clawdi team (Product Hunt)", + "url": "https://www.producthunt.com/products/clawdi/built-with", + "date": "2026", + "category": "meta", + "headline": "'The best self-improving agent we've used'", + "quote": "Hermes is the best self-improving agent we've used — it gets smarter the longer you run it. The WhatsApp and Telegram integrations make it feel genuinely personal.", + "size": "sm" + }, + { + "id": "kristopher-codebase-memory", + "source": "blog", + "author": "Kristopher Dunham (Medium)", + "url": "https://medium.com/@creativeaininja/hermes-agent-the-open-source-ai-agent-that-actually-remembers-what-it-learned-yesterday-278441cd1870", + "date": "2026-04-14", + "category": "dev-workflow", + "headline": "Accumulates knowledge about my codebase over time", + "quote": "A long-running Hermes instance accumulates knowledge about your codebase, deployment quirks, preferred commit message format, working API call sequences for legacy integrations.", + "size": "sm" + }, + { + "id": "anand-telegram-topics", + "source": "blog", + "author": "Mr. Ånand (Substack)", + "url": "https://mranand.substack.com/p/inside-hermes-agent-how-a-self-improving", + "date": "2026-04", + "category": "personal-assistant", + "headline": "Private Telegram topics, each with its own skill bindings", + "quote": "Hermes extracts what worked from completed workflows, writes it as a reusable skill, and loads it for similar future problems. Private Telegram chat topics for isolated workflows with their own skill bindings.", + "size": "sm" + } +] From b7ad3f478f9bc24768f88e4339fc3e6e23d0292b Mon Sep 17 00:00:00 2001 From: UgwujaGeorge <ebukau84@gmail.com> Date: Fri, 1 May 2026 07:13:33 +0100 Subject: [PATCH 115/133] fix(yuanbao): enforce owner identity check on group slash commands The bot-owner identity check inside OwnerCommandMiddleware was commented out and replaced with a hardcoded `is_owner = True`, so any group member could trigger allowlisted privileged commands (/approve, /deny, /stop, /reset, /retry, /undo, /new, /background, /bg, /btw, /queue, /q) by sending the slash command without @-mentioning the bot. The most severe case is /approve: a non-owner could approve a dangerous tool call the bot was waiting on the owner to confirm. Re-enable the documented identity check (push.from_account == push.bot_owner_id) so only the configured owner can issue these commands. --- gateway/platforms/yuanbao.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/gateway/platforms/yuanbao.py b/gateway/platforms/yuanbao.py index 83cd6695657..f08f7266e19 100644 --- a/gateway/platforms/yuanbao.py +++ b/gateway/platforms/yuanbao.py @@ -1896,10 +1896,12 @@ class OwnerCommandMiddleware(InboundMiddleware): if cmd not in cls.ALLOWLIST: return None, None, False - # Sender identity check: bot owner <-> push.from_account == push.bot_owner_id - # owner_id = (push or {}).get("bot_owner_id") or "" - # is_owner = bool(owner_id) and owner_id == from_account - is_owner = True + # Sender identity check: bot owner <-> push.from_account == push.bot_owner_id. + # The allowlisted commands (/approve, /deny, /stop, /reset, ...) are + # privileged — leaking them to non-owners lets any group member approve + # a dangerous tool call, kill the owner's task, or wipe session state. + owner_id = str((push or {}).get("bot_owner_id") or "").strip() + is_owner = bool(owner_id) and owner_id == from_account return cmd, cmd_line, is_owner async def handle(self, ctx: InboundContext, next_fn) -> None: From 75e1339d4cdb32652e560eccc3930cc9264ac67b Mon Sep 17 00:00:00 2001 From: Siddharth Balyan <52913345+alt-glitch@users.noreply.github.com> Date: Fri, 1 May 2026 15:21:56 +0530 Subject: [PATCH 116/133] fix(telegram): send seed message after creating DM topics (#18334) Telegram's client does not display empty forum topics in the chat's topic list. After createForumTopic succeeds, send a short pin message into the new topic so it becomes immediately visible to the user. Only fires for newly created topics (no thread_id in config yet). Failure to send the seed is non-fatal (debug-logged, topic still works). --- gateway/platforms/telegram.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/gateway/platforms/telegram.py b/gateway/platforms/telegram.py index 3822cb72f84..cbee25393e3 100644 --- a/gateway/platforms/telegram.py +++ b/gateway/platforms/telegram.py @@ -761,6 +761,20 @@ class TelegramAdapter(BasePlatformAdapter): # Persist thread_id to config so we don't recreate on next restart self._persist_dm_topic_thread_id(int(chat_id), topic_name, thread_id) + # Send a seed message so the topic is visible in Telegram's client. + # Empty topics are hidden by the client UI until they contain a message. + try: + await self._bot.send_message( + chat_id=int(chat_id), + message_thread_id=thread_id, + text=f"\U0001f4cc {topic_name}", + ) + except Exception as seed_err: + logger.debug( + "[%s] Could not send seed message to topic '%s': %s", + self.name, topic_name, seed_err, + ) + async def connect(self) -> bool: """Connect to Telegram via polling or webhook. From a01c1f7305bda8ebc5cbcde22f2a80a0300a2ca1 Mon Sep 17 00:00:00 2001 From: Austin Pickett <pickett.austin@gmail.com> Date: Fri, 1 May 2026 07:33:54 -0400 Subject: [PATCH 117/133] fix: kanban button --- plugins/kanban/dashboard/dist/index.js | 42 +++++++++++-------------- plugins/kanban/dashboard/dist/style.css | 12 +++++-- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/plugins/kanban/dashboard/dist/index.js b/plugins/kanban/dashboard/dist/index.js index 2f6aab07cf7..1b37ef72d47 100644 --- a/plugins/kanban/dashboard/dist/index.js +++ b/plugins/kanban/dashboard/dist/index.js @@ -231,7 +231,7 @@ String(this.state.error && this.state.error.message || this.state.error)), h(Button, { onClick: () => this.setState({ error: null }), - className: "h-7 px-3 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Reload view"), ), ); @@ -599,11 +599,11 @@ h("div", { className: "flex-1" }), h(Button, { onClick: props.onNudgeDispatch, - className: "h-8 px-3 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Nudge dispatcher"), h(Button, { onClick: props.onRefresh, - className: "h-8 px-3 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Refresh"), ); } @@ -619,21 +619,21 @@ `${props.count} selected`), h(Button, { onClick: function () { props.onApply({ status: "ready" }); }, - className: "hermes-kanban-bulk-btn", + size: "sm", }, "→ ready"), h(Button, { onClick: function () { props.onApply({ status: "done" }, `Mark ${props.count} task(s) as done?`); }, - className: "hermes-kanban-bulk-btn", + size: "sm", }, "Complete"), h(Button, { onClick: function () { props.onApply({ archive: true }, `Archive ${props.count} task(s)?`); }, - className: "hermes-kanban-bulk-btn", + size: "sm", }, "Archive"), h("div", { className: "hermes-kanban-bulk-reassign" }, h(Select, { @@ -654,14 +654,13 @@ setAssignee(""); }, disabled: !assignee, - className: cn("hermes-kanban-bulk-btn", - !assignee ? "opacity-40 cursor-not-allowed" : ""), + size: "sm", }, "Apply"), ), h("div", { className: "flex-1" }), h(Button, { onClick: props.onClear, - className: "hermes-kanban-bulk-btn", + size: "sm", }, "Clear"), ); } @@ -993,11 +992,11 @@ h("div", { className: "flex gap-2" }, h(Button, { onClick: submit, - className: "h-7 px-2 text-xs border border-border hover:bg-foreground/10 cursor-pointer flex-1", + size: "sm", }, "Create"), h(Button, { onClick: props.onCancel, - className: "h-7 px-2 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Cancel"), ), ); @@ -1125,7 +1124,7 @@ }), h(Button, { onClick: handleComment, - className: "h-8 px-3 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Comment"), ) : null, ), @@ -1355,10 +1354,10 @@ className: "h-8 text-sm flex-1", }), h(Button, { onClick: save, - className: "h-7 px-2 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Save"), h(Button, { onClick: props.onCancel, - className: "h-7 px-2 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Cancel"), ); } @@ -1439,10 +1438,10 @@ editing ? h("div", { className: "flex gap-1" }, h(Button, { onClick: save, - className: "h-6 px-2 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Save"), h(Button, { onClick: function () { setEditing(false); setV(props.task.body || ""); }, - className: "h-6 px-2 text-xs border border-border hover:bg-foreground/10 cursor-pointer", + size: "sm", }, "Cancel"), ) : h("button", { @@ -1516,8 +1515,7 @@ props.onAddParent(newParent).then(function () { setNewParent(""); }); }, disabled: !newParent, - className: cn("h-7 px-2 text-xs border border-border cursor-pointer", - !newParent ? "opacity-40 cursor-not-allowed" : "hover:bg-foreground/10"), + size: "sm", }, "+ parent"), ), h("div", { className: "hermes-kanban-deps-row" }, @@ -1556,8 +1554,7 @@ props.onAddChild(newChild).then(function () { setNewChild(""); }); }, disabled: !newChild, - className: cn("h-7 px-2 text-xs border border-border cursor-pointer", - !newChild ? "opacity-40 cursor-not-allowed" : "hover:bg-foreground/10"), + size: "sm", }, "+ child"), ), ); @@ -1569,10 +1566,7 @@ return h(Button, { onClick: function () { if (enabled !== false) props.onPatch(patch, { confirm: confirmMsg }); }, disabled: enabled === false, - className: cn( - "h-7 px-2 text-xs border border-border cursor-pointer", - enabled === false ? "opacity-40 cursor-not-allowed" : "hover:bg-foreground/10", - ), + size: "sm", }, label); }; return h("div", { className: "hermes-kanban-actions" }, diff --git a/plugins/kanban/dashboard/dist/style.css b/plugins/kanban/dashboard/dist/style.css index 6ac7f5d4b44..74876aeff5f 100644 --- a/plugins/kanban/dashboard/dist/style.css +++ b/plugins/kanban/dashboard/dist/style.css @@ -251,6 +251,11 @@ border-radius: var(--radius-sm, 0.25rem); } +.hermes-kanban-inline-create > .flex.gap-2:last-child > button:first-of-type { + flex: 1; + min-width: 0; +} + /* ---- Drawer (task detail side panel) --------------------------------- */ .hermes-kanban-drawer-shade { @@ -460,14 +465,17 @@ font-size: 0.75rem; padding-right: 0.25rem; } -.hermes-kanban-bulk-btn { + +.hermes-kanban-bulk > button, +.hermes-kanban-bulk-reassign > button { height: 1.7rem !important; padding: 0 0.5rem !important; font-size: 0.7rem !important; border: 1px solid var(--color-border); cursor: pointer; } -.hermes-kanban-bulk-btn:hover { +.hermes-kanban-bulk > button:hover:not(:disabled), +.hermes-kanban-bulk-reassign > button:hover:not(:disabled) { background: color-mix(in srgb, var(--color-foreground) 8%, transparent); } .hermes-kanban-bulk-reassign { From c5b4c481656634ff919b214a037b830077d3bbd1 Mon Sep 17 00:00:00 2001 From: Siddharth Balyan <52913345+alt-glitch@users.noreply.github.com> Date: Fri, 1 May 2026 18:39:12 +0530 Subject: [PATCH 118/133] =?UTF-8?q?fix:=20lazy=20session=20creation=20?= =?UTF-8?q?=E2=80=94=20defer=20DB=20row=20until=20first=20message=20(#1837?= =?UTF-8?q?0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prevents ghost sessions from accumulating in state.db when the TUI/web dashboard is opened and closed without sending a message. Changes: - run_agent.py: Add _ensure_db_session() gate method, called at run_conversation() entry. Remove eager create_session() from __init__. Handle compression rotation flag correctly. - tui_gateway/server.py: Remove eager db.create_session() in _start_agent_build(). Add post-first-message pending_title re-apply. - hermes_state.py: Extract _insert_session_row() shared helper (DRY). Add prune_empty_ghost_sessions() for one-time migration. - cli.py: One-time ghost session prune on startup. Fix _pending_title to call _ensure_db_session() before set_session_title(). - hermes_cli/main.py: Guard TUI exit summary on message_count > 0. - tests: Update test_860_dedup to call _ensure_db_session() before direct _flush_messages_to_session_db() calls. Closes: ghost session clutter in hermes sessions list and web dashboard. --- cli.py | 32 ++++- hermes_cli/main.py | 2 + hermes_state.py | 57 ++++++--- run_agent.py | 68 +++++----- tests/run_agent/test_860_dedup.py | 2 + tui_gateway/server.py | 56 ++++----- uv.lock | 198 ++++++++++++++++++++++++++++-- 7 files changed, 322 insertions(+), 93 deletions(-) diff --git a/cli.py b/cli.py index 9ff6b8708a6..f0ba6fc991b 100644 --- a/cli.py +++ b/cli.py @@ -934,6 +934,20 @@ def _run_state_db_auto_maintenance(session_db) -> None: try: from hermes_cli.config import load_config as _load_full_config from hermes_constants import get_hermes_home as _get_hermes_home + _hermes_home_maint = _get_hermes_home() + + # One-time prune of empty TUI ghost sessions. + try: + if not session_db.get_meta("ghost_session_prune_v1"): + pruned = session_db.prune_empty_ghost_sessions( + sessions_dir=_hermes_home_maint / "sessions" + ) + session_db.set_meta("ghost_session_prune_v1", "1") + if pruned: + logger.info("Pruned %d empty TUI ghost sessions", pruned) + except Exception as _prune_exc: + logger.debug("Ghost session prune skipped: %s", _prune_exc) + cfg = (_load_full_config().get("sessions") or {}) if not cfg.get("auto_prune", False): return @@ -941,7 +955,7 @@ def _run_state_db_auto_maintenance(session_db) -> None: retention_days=int(cfg.get("retention_days", 90)), min_interval_hours=int(cfg.get("min_interval_hours", 24)), vacuum=bool(cfg.get("vacuum_after_prune", True)), - sessions_dir=_get_hermes_home() / "sessions", + sessions_dir=_hermes_home_maint / "sessions", ) except Exception as exc: logger.debug("state.db auto-maintenance skipped: %s", exc) @@ -3618,14 +3632,18 @@ class HermesCLI: tuple(runtime.get("args") or ()), ) - if self._pending_title and self._session_db: + # Force-create DB row on /title intent, then apply title. + if self._pending_title and self._session_db and self.agent: try: - self._session_db.set_session_title(self.session_id, self._pending_title) - _cprint(f" Session title applied: {self._pending_title}") - self._pending_title = None + self.agent._ensure_db_session() + if self.agent._session_db_created: + self._session_db.set_session_title(self.session_id, self._pending_title) + _cprint(f" Session title applied: {self._pending_title}") + self._pending_title = None + # else: row creation failed transiently — keep _pending_title for retry except (ValueError, Exception) as e: _cprint(f" Could not apply pending title: {e}") - self._pending_title = None + # Keep _pending_title so it can be retried after row creation succeeds return True except Exception as e: ChatConsole().print(f"[bold red]Failed to initialize agent: {e}[/]") @@ -4953,6 +4971,7 @@ class HermesCLI: if self._session_db: try: + self.agent._session_db_created = False self._session_db.create_session( session_id=self.session_id, source=os.environ.get("HERMES_SESSION_SOURCE", "cli"), @@ -4962,6 +4981,7 @@ class HermesCLI: "reasoning_config": self.reasoning_config, }, ) + self.agent._session_db_created = True except Exception: pass # Notify memory providers that session_id rotated to a fresh diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 5598a1f3ff0..72a958b573d 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -800,6 +800,8 @@ def _print_tui_exit_summary(session_id: Optional[str], active_session_file: Opti title = db.get_session_title(target) message_count = int(session.get("message_count") or 0) + if message_count == 0: + return # No real conversation — don't show resume info input_tokens = int(session.get("input_tokens") or 0) output_tokens = int(session.get("output_tokens") or 0) cache_read_tokens = int(session.get("cache_read_tokens") or 0) diff --git a/hermes_state.py b/hermes_state.py index b3e00b9ff65..2cfd13d6d59 100644 --- a/hermes_state.py +++ b/hermes_state.py @@ -514,7 +514,7 @@ class SessionDB: # Session lifecycle # ========================================================================= - def create_session( + def _insert_session_row( self, session_id: str, source: str, @@ -523,8 +523,8 @@ class SessionDB: system_prompt: str = None, user_id: str = None, parent_session_id: str = None, - ) -> str: - """Create a new session record. Returns the session_id.""" + ) -> None: + """Shared INSERT OR IGNORE for session rows.""" def _do(conn): conn.execute( """INSERT OR IGNORE INTO sessions (id, source, user_id, model, model_config, @@ -542,8 +542,11 @@ class SessionDB: ), ) self._execute_write(_do) - return session_id + def create_session(self, session_id: str, source: str, **kwargs) -> str: + """Create a new session record. Returns the session_id.""" + self._insert_session_row(session_id, source, **kwargs) + return session_id def end_session(self, session_id: str, end_reason: str) -> None: """Mark a session as ended. @@ -679,21 +682,41 @@ class SessionDB: session_id: str, source: str = "unknown", model: str = None, - ) -> None: - """Ensure a session row exists, creating it with minimal metadata if absent. + **kwargs, + ) -> str: + """Ensure a session row exists (INSERT OR IGNORE). Accepts optional kwargs.""" + self._insert_session_row(session_id, source, model=model, **kwargs) + return session_id + + def prune_empty_ghost_sessions(self, sessions_dir: "Optional[Path]" = None) -> int: + """Remove empty TUI ghost sessions (no messages, no title, >24hr old).""" + cutoff = time.time() - 86400 # Only sessions older than 24 hours - Used by _flush_messages_to_session_db to recover from a failed - create_session() call (e.g. transient SQLite lock at agent startup). - INSERT OR IGNORE is safe to call even when the row already exists. - """ def _do(conn): - conn.execute( - """INSERT OR IGNORE INTO sessions - (id, source, model, started_at) - VALUES (?, ?, ?, ?)""", - (session_id, source, model, time.time()), - ) - self._execute_write(_do) + rows = conn.execute(""" + SELECT id FROM sessions + WHERE source = 'tui' + AND title IS NULL + AND ended_at IS NOT NULL + AND started_at < ? + AND NOT EXISTS ( + SELECT 1 FROM messages WHERE messages.session_id = sessions.id + ) + """, (cutoff,)).fetchall() + ids = [r[0] if isinstance(r, (tuple, list)) else r["id"] for r in rows] + if ids: + placeholders = ",".join("?" * len(ids)) + conn.execute( + f"DELETE FROM sessions WHERE id IN ({placeholders})", ids + ) + return ids + + removed_ids = self._execute_write(_do) or [] + # Clean up any on-disk session files (belt-and-suspenders) + if sessions_dir and removed_ids: + for sid in removed_ids: + self._remove_session_files(sessions_dir, sid) + return len(removed_ids) def get_session(self, session_id: str) -> Optional[Dict[str, Any]]: """Get a session by ID.""" diff --git a/run_agent.py b/run_agent.py index 26933994d44..1d926050fc3 100644 --- a/run_agent.py +++ b/run_agent.py @@ -1632,30 +1632,12 @@ class AIAgent: self._session_db = session_db self._parent_session_id = parent_session_id self._last_flushed_db_idx = 0 # tracks DB-write cursor to prevent duplicate writes - if self._session_db: - try: - self._session_db.create_session( - session_id=self.session_id, - source=self.platform or os.environ.get("HERMES_SESSION_SOURCE", "cli"), - model=self.model, - model_config={ - "max_iterations": self.max_iterations, - "reasoning_config": reasoning_config, - "max_tokens": max_tokens, - }, - user_id=None, - parent_session_id=self._parent_session_id, - ) - except Exception as e: - # Transient SQLite lock contention (e.g. CLI and gateway writing - # concurrently) must NOT permanently disable session_search for - # this agent. Keep _session_db alive — subsequent message - # flushes and session_search calls will still work once the - # lock clears. The session row may be missing from the index - # for this run, but that is recoverable (flushes upsert rows). - logger.warning( - "Session DB create_session failed (session_search still available): %s", e - ) + self._session_db_created = False # DB row deferred to run_conversation() + self._session_init_model_config = { + "max_iterations": self.max_iterations, + "reasoning_config": reasoning_config, + "max_tokens": max_tokens, + } # In-memory todo list for task planning (one per agent/session) from tools.todo_tool import TodoStore @@ -2170,6 +2152,28 @@ class AIAgent: "is_anthropic_oauth": self._is_anthropic_oauth, }) + def _ensure_db_session(self) -> None: + """Create session DB row on first use. Disables _session_db on failure.""" + if self._session_db_created or not self._session_db: + return + try: + self._session_db.create_session( + session_id=self.session_id, + source=self.platform or os.environ.get("HERMES_SESSION_SOURCE", "cli"), + model=self.model, + model_config=self._session_init_model_config, + system_prompt=self._cached_system_prompt, + user_id=None, + parent_session_id=self._parent_session_id, + ) + self._session_db_created = True + except Exception as e: + # Transient failure (e.g. SQLite lock). Keep _session_db alive — + # _session_db_created stays False so next run_conversation() retries. + logger.warning( + "Session DB creation failed (will retry next turn): %s", e + ) + def reset_session_state(self): """Reset all session-scoped token counters to 0 for a fresh session. @@ -3719,14 +3723,9 @@ class AIAgent: return self._apply_persist_user_message_override(messages) try: - # If create_session() failed at startup (e.g. transient lock), the - # session row may not exist yet. ensure_session() uses INSERT OR - # IGNORE so it is a no-op when the row is already there. - self._session_db.ensure_session( - self.session_id, - source=self.platform or "cli", - model=self.model, - ) + # Retry row creation if the earlier attempt failed transiently. + if not self._session_db_created: + self._ensure_db_session() start_idx = len(conversation_history) if conversation_history else 0 flush_from = max(start_idx, self._last_flushed_db_idx) for msg in messages[flush_from:]: @@ -9056,12 +9055,15 @@ class AIAgent: self.session_id = f"{datetime.now().strftime('%Y%m%d_%H%M%S')}_{uuid.uuid4().hex[:6]}" # Update session_log_file to point to the new session's JSON file self.session_log_file = self.logs_dir / f"session_{self.session_id}.json" + self._session_db_created = False self._session_db.create_session( session_id=self.session_id, source=self.platform or os.environ.get("HERMES_SESSION_SOURCE", "cli"), model=self.model, + model_config=self._session_init_model_config, parent_session_id=old_session_id, ) + self._session_db_created = True # Auto-number the title for the continuation session if old_title: try: @@ -10351,6 +10353,8 @@ class AIAgent: # Installed once, transparent when streams are healthy, prevents crash on write. _install_safe_stdio() + self._ensure_db_session() + # Tag all log records on this thread with the session ID so # ``hermes logs --session <id>`` can filter a single conversation. from hermes_logging import set_session_context diff --git a/tests/run_agent/test_860_dedup.py b/tests/run_agent/test_860_dedup.py index 89f4c010b65..cf9b8e745ca 100644 --- a/tests/run_agent/test_860_dedup.py +++ b/tests/run_agent/test_860_dedup.py @@ -38,6 +38,8 @@ class TestFlushDeduplication: skip_context_files=True, skip_memory=True, ) + # Simulate lazy session creation (normally done by run_conversation) + agent._ensure_db_session() return agent def test_flush_writes_only_new_messages(self): diff --git a/tui_gateway/server.py b/tui_gateway/server.py index 523655d4b95..724fb542e67 100644 --- a/tui_gateway/server.py +++ b/tui_gateway/server.py @@ -280,7 +280,7 @@ def _notify_session_boundary(event_type: str, session_id: str | None) -> None: pass -def _finalize_session(session: dict | None) -> None: +def _finalize_session(session: dict | None, end_reason: str = "tui_close") -> None: """Best-effort finalize hook + memory commit for a session.""" if not session or session.get("_finalized"): return @@ -299,13 +299,24 @@ def _finalize_session(session: dict | None) -> None: except Exception: pass - session_id = getattr(agent, "session_id", None) or session.get("session_key") + session_key = session.get("session_key") + session_id = getattr(agent, "session_id", None) or session_key _notify_session_boundary("on_session_finalize", session_id) + # Mark session ended in DB so it doesn't linger as a ghost row in /resume. + # Adapted from #18283 (luyao618) and #18299 (Bartok9). + if session_key: + try: + db = _get_db() + if db is not None: + db.end_session(session_key, end_reason) + except Exception: + pass + def _shutdown_sessions() -> None: for session in list(_sessions.values()): - _finalize_session(session) + _finalize_session(session, end_reason="tui_shutdown") try: worker = session.get("slash_worker") if worker: @@ -539,32 +550,8 @@ def _start_agent_build(sid: str, session: dict) -> None: finally: _clear_session_context(tokens) - db = _get_db() - if db is not None: - db.create_session(key, source="tui", model=_resolve_model()) - pending_title = (current.get("pending_title") or "").strip() - if pending_title: - try: - title_applied = db.set_session_title(key, pending_title) - if title_applied: - current["pending_title"] = None - else: - existing_row = db.get_session(key) - existing_title = ((existing_row or {}).get("title") or "").strip() - if existing_title == pending_title: - current["pending_title"] = None - else: - logger.info( - "Pending title still queued for session %s (wanted=%r, current=%r)", - sid, - pending_title, - existing_title, - ) - except ValueError as e: - current["pending_title"] = None - logger.info("Dropping pending title for session %s: %s", sid, e) - except Exception: - logger.warning("Failed to apply pending title for session %s", sid, exc_info=True) + # Session DB row deferred to first run_conversation() call. + # pending_title applied post-first-message (see cli.exec handler). current["agent"] = agent try: @@ -2994,6 +2981,17 @@ def _run_prompt_submit(rid, sid: str, session: dict, text: Any) -> None: payload["rendered"] = rendered _emit("message.complete", sid, payload) + # Apply pending_title now that the DB row exists. + _pending = session.get("pending_title") + if _pending and status == "complete": + _pdb = _get_db() + if _pdb: + try: + if _pdb.set_session_title(session.get("session_key") or sid, _pending): + session["pending_title"] = None + except Exception: + pass # Best effort — auto-title will handle it below + if ( status == "complete" and isinstance(raw, str) diff --git a/uv.lock b/uv.lock index 93db335ce9a..6910c1ec75c 100644 --- a/uv.lock +++ b/uv.lock @@ -9,7 +9,7 @@ resolution-markers = [ ] [options] -exclude-newer = "2026-04-17T16:49:45.944715922Z" +exclude-newer = "0001-01-01T00:00:00Z" # This has no effect and is included for backwards compatibility when using relative exclude-newer values. exclude-newer-span = "P7D" [[package]] @@ -156,6 +156,19 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/1a/99/84ba7273339d0f3dfa57901b846489d2e5c2cd731470167757f1935fffbd/aiohttp_retry-2.9.1-py3-none-any.whl", hash = "sha256:66d2759d1921838256a05a3f80ad7e724936f083e35be5abb5e16eed6be6dc54", size = 9981, upload-time = "2024-11-06T10:44:52.917Z" }, ] +[[package]] +name = "aiohttp-socks" +version = "0.11.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "aiohttp" }, + { name = "python-socks" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/1f/cc/e5bbd54f76bd56291522251e47267b645dac76327b2657ade9545e30522c/aiohttp_socks-0.11.0.tar.gz", hash = "sha256:0afe51638527c79077e4bd6e57052c87c4824233d6e20bb061c53766421b10f0", size = 11196, upload-time = "2025-12-09T13:35:52.564Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/bf/7d/4b633d709b8901d59444d2e512b93e72fe62d2b492a040097c3f7ba017bb/aiohttp_socks-0.11.0-py3-none-any.whl", hash = "sha256:9aacce57c931b8fbf8f6d333cf3cafe4c35b971b35430309e167a35a8aab9ec1", size = 10556, upload-time = "2025-12-09T13:35:50.18Z" }, +] + [[package]] name = "aiosignal" version = "1.4.0" @@ -1759,6 +1772,77 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/6a/09/e21df6aef1e1ffc0c816f0522ddc3f6dcded766c3261813131c78a704470/gitpython-3.1.46-py3-none-any.whl", hash = "sha256:79812ed143d9d25b6d176a10bb511de0f9c67b1fa641d82097b0ab90398a2058", size = 208620, upload-time = "2026-01-01T15:37:30.574Z" }, ] +[[package]] +name = "google-api-core" +version = "2.30.3" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "google-auth" }, + { name = "googleapis-common-protos" }, + { name = "proto-plus" }, + { name = "protobuf" }, + { name = "requests" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/16/ce/502a57fb0ec752026d24df1280b162294b22a0afb98a326084f9a979138b/google_api_core-2.30.3.tar.gz", hash = "sha256:e601a37f148585319b26db36e219df68c5d07b6382cff2d580e83404e44d641b", size = 177001, upload-time = "2026-04-10T00:41:28.035Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/03/15/e56f351cf6ef1cfea58e6ac226a7318ed1deb2218c4b3cc9bd9e4b786c5a/google_api_core-2.30.3-py3-none-any.whl", hash = "sha256:a85761ba72c444dad5d611c2220633480b2b6be2521eca69cca2dbb3ffd6bfe8", size = 173274, upload-time = "2026-04-09T22:57:16.198Z" }, +] + +[[package]] +name = "google-api-python-client" +version = "2.194.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "google-api-core" }, + { name = "google-auth" }, + { name = "google-auth-httplib2" }, + { name = "httplib2" }, + { name = "uritemplate" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/60/ab/e83af0eb043e4ccc49571ca7a6a49984e9d00f4e9e6e6f1238d60bc84dce/google_api_python_client-2.194.0.tar.gz", hash = "sha256:db92647bd1a90f40b79c9618461553c2b20b6a43ce7395fa6de07132dc14f023", size = 14443469, upload-time = "2026-04-08T23:07:35.757Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b0/34/5a624e49f179aa5b0cb87b2ce8093960299030ff40423bfbde09360eb908/google_api_python_client-2.194.0-py3-none-any.whl", hash = "sha256:61eaaac3b8fc8fdf11c08af87abc3d1342d1b37319cc1b57405f86ef7697e717", size = 15016514, upload-time = "2026-04-08T23:07:33.093Z" }, +] + +[[package]] +name = "google-auth" +version = "2.49.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "cryptography" }, + { name = "pyasn1-modules" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/c6/fc/e925290a1ad95c975c459e2df070fac2b90954e13a0370ac505dff78cb99/google_auth-2.49.2.tar.gz", hash = "sha256:c1ae38500e73065dcae57355adb6278cf8b5c8e391994ae9cbadbcb9631ab409", size = 333958, upload-time = "2026-04-10T00:41:21.888Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/73/76/d241a5c927433420507215df6cac1b1fa4ac0ba7a794df42a84326c68da8/google_auth-2.49.2-py3-none-any.whl", hash = "sha256:c2720924dfc82dedb962c9f52cabb2ab16714fd0a6a707e40561d217574ed6d5", size = 240638, upload-time = "2026-04-10T00:41:14.501Z" }, +] + +[[package]] +name = "google-auth-httplib2" +version = "0.3.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "google-auth" }, + { name = "httplib2" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/ed/99/107612bef8d24b298bb5a7c8466f908ecda791d43f9466f5c3978f5b24c1/google_auth_httplib2-0.3.1.tar.gz", hash = "sha256:0af542e815784cb64159b4469aa5d71dd41069ba93effa006e1916b1dcd88e55", size = 11152, upload-time = "2026-03-30T22:50:26.766Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/97/e9/93afb14d23a949acaa3f4e7cc51a0024671174e116e35f42850764b99634/google_auth_httplib2-0.3.1-py3-none-any.whl", hash = "sha256:682356a90ef4ba3d06548c37e9112eea6fc00395a11b0303a644c1a86abc275c", size = 9534, upload-time = "2026-03-30T22:49:03.384Z" }, +] + +[[package]] +name = "google-auth-oauthlib" +version = "1.3.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "google-auth" }, + { name = "requests-oauthlib" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/a6/82/62482931dcbe5266a2680d0da17096f2aab983ecb320277d9556700ce00e/google_auth_oauthlib-1.3.1.tar.gz", hash = "sha256:14c22c7b3dd3d06dbe44264144409039465effdd1eef94f7ce3710e486cc4bfa", size = 21663, upload-time = "2026-03-30T22:49:56.408Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2a/e0/cb454a95f460903e39f101e950038ec24a072ca69d0a294a6df625cc1627/google_auth_oauthlib-1.3.1-py3-none-any.whl", hash = "sha256:1a139ef23f1318756805b0e95f655c238bffd29655329a2978218248da4ee7f8", size = 19247, upload-time = "2026-03-30T20:02:23.894Z" }, +] + [[package]] name = "googleapis-common-protos" version = "1.73.0" @@ -1870,10 +1954,11 @@ wheels = [ [[package]] name = "hermes-agent" -version = "0.11.0" +version = "0.12.0" source = { editable = "." } dependencies = [ { name = "anthropic" }, + { name = "croniter" }, { name = "edge-tts" }, { name = "exa-py" }, { name = "fal-client" }, @@ -1900,11 +1985,11 @@ acp = [ all = [ { name = "agent-client-protocol" }, { name = "aiohttp" }, + { name = "aiohttp-socks", marker = "sys_platform == 'linux'" }, { name = "aiosqlite", marker = "sys_platform == 'linux'" }, { name = "alibabacloud-dingtalk" }, { name = "asyncpg", marker = "sys_platform == 'linux'" }, { name = "boto3" }, - { name = "croniter" }, { name = "daytona" }, { name = "debugpy" }, { name = "dingtalk-stream" }, @@ -1912,6 +1997,9 @@ all = [ { name = "elevenlabs" }, { name = "fastapi" }, { name = "faster-whisper" }, + { name = "google-api-python-client" }, + { name = "google-auth-httplib2" }, + { name = "google-auth-oauthlib" }, { name = "honcho-ai" }, { name = "lark-oapi" }, { name = "markdown", marker = "sys_platform == 'linux'" }, @@ -1942,9 +2030,6 @@ bedrock = [ cli = [ { name = "simple-term-menu" }, ] -cron = [ - { name = "croniter" }, -] daytona = [ { name = "daytona" }, ] @@ -1966,6 +2051,11 @@ feishu = [ { name = "lark-oapi" }, { name = "qrcode" }, ] +google = [ + { name = "google-api-python-client" }, + { name = "google-auth-httplib2" }, + { name = "google-auth-oauthlib" }, +] homeassistant = [ { name = "aiohttp" }, ] @@ -1973,6 +2063,7 @@ honcho = [ { name = "honcho-ai" }, ] matrix = [ + { name = "aiohttp-socks" }, { name = "aiosqlite" }, { name = "asyncpg" }, { name = "markdown" }, @@ -2015,7 +2106,6 @@ sms = [ ] termux = [ { name = "agent-client-protocol" }, - { name = "croniter" }, { name = "honcho-ai" }, { name = "mcp" }, { name = "ptyprocess", marker = "sys_platform != 'win32'" }, @@ -2048,13 +2138,14 @@ requires-dist = [ { name = "aiohttp", marker = "extra == 'homeassistant'", specifier = ">=3.9.0,<4" }, { name = "aiohttp", marker = "extra == 'messaging'", specifier = ">=3.13.3,<4" }, { name = "aiohttp", marker = "extra == 'sms'", specifier = ">=3.9.0,<4" }, + { name = "aiohttp-socks", marker = "extra == 'matrix'", specifier = ">=0.10,<1" }, { name = "aiosqlite", marker = "extra == 'matrix'", specifier = ">=0.20" }, { name = "alibabacloud-dingtalk", marker = "extra == 'dingtalk'", specifier = ">=2.0.0" }, { name = "anthropic", specifier = ">=0.39.0,<1" }, { name = "asyncpg", marker = "extra == 'matrix'", specifier = ">=0.29" }, { name = "atroposlib", marker = "extra == 'rl'", git = "https://github.com/NousResearch/atropos.git?rev=c20c85256e5a45ad31edf8b7276e9c5ee1995a30" }, { name = "boto3", marker = "extra == 'bedrock'", specifier = ">=1.35.0,<2" }, - { name = "croniter", marker = "extra == 'cron'", specifier = ">=6.0.0,<7" }, + { name = "croniter", specifier = ">=6.0.0,<7" }, { name = "daytona", marker = "extra == 'daytona'", specifier = ">=0.148.0,<1" }, { name = "debugpy", marker = "extra == 'dev'", specifier = ">=1.8.0,<2" }, { name = "dingtalk-stream", marker = "extra == 'dingtalk'", specifier = ">=0.20,<1" }, @@ -2068,6 +2159,9 @@ requires-dist = [ { name = "faster-whisper", marker = "extra == 'voice'", specifier = ">=1.0.0,<2" }, { name = "fire", specifier = ">=0.7.1,<1" }, { name = "firecrawl-py", specifier = ">=4.16.0,<5" }, + { name = "google-api-python-client", marker = "extra == 'google'", specifier = ">=2.100,<3" }, + { name = "google-auth-httplib2", marker = "extra == 'google'", specifier = ">=0.2,<1" }, + { name = "google-auth-oauthlib", marker = "extra == 'google'", specifier = ">=1.0,<2" }, { name = "hermes-agent", extras = ["acp"], marker = "extra == 'all'" }, { name = "hermes-agent", extras = ["acp"], marker = "extra == 'termux'" }, { name = "hermes-agent", extras = ["bedrock"], marker = "extra == 'all'" }, @@ -2079,6 +2173,7 @@ requires-dist = [ { name = "hermes-agent", extras = ["dev"], marker = "extra == 'all'" }, { name = "hermes-agent", extras = ["dingtalk"], marker = "extra == 'all'" }, { name = "hermes-agent", extras = ["feishu"], marker = "extra == 'all'" }, + { name = "hermes-agent", extras = ["google"], marker = "extra == 'all'" }, { name = "hermes-agent", extras = ["homeassistant"], marker = "extra == 'all'" }, { name = "hermes-agent", extras = ["honcho"], marker = "extra == 'all'" }, { name = "hermes-agent", extras = ["honcho"], marker = "extra == 'termux'" }, @@ -2142,7 +2237,7 @@ requires-dist = [ { name = "wandb", marker = "extra == 'rl'", specifier = ">=0.15.0,<1" }, { name = "yc-bench", marker = "python_full_version >= '3.12' and extra == 'yc-bench'", git = "https://github.com/collinear-ai/yc-bench.git?rev=bfb0c88062450f46341bd9a5298903fc2e952a5c" }, ] -provides-extras = ["modal", "daytona", "vercel", "dev", "messaging", "cron", "slack", "matrix", "cli", "tts-premium", "voice", "pty", "honcho", "mcp", "homeassistant", "sms", "acp", "mistral", "bedrock", "termux", "dingtalk", "feishu", "web", "rl", "yc-bench", "all"] +provides-extras = ["modal", "daytona", "vercel", "dev", "messaging", "cron", "slack", "matrix", "cli", "tts-premium", "voice", "pty", "honcho", "mcp", "homeassistant", "sms", "acp", "mistral", "bedrock", "termux", "dingtalk", "feishu", "google", "web", "rl", "yc-bench", "all"] [[package]] name = "hf-transfer" @@ -2244,6 +2339,18 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/7e/f5/f66802a942d491edb555dd61e3a9961140fd64c90bce1eafd741609d334d/httpcore-1.0.9-py3-none-any.whl", hash = "sha256:2d400746a40668fc9dec9810239072b40b4484b640a8c38fd654a024c7a1bf55", size = 78784, upload-time = "2025-04-24T22:06:20.566Z" }, ] +[[package]] +name = "httplib2" +version = "0.31.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pyparsing" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/c1/1f/e86365613582c027dda5ddb64e1010e57a3d53e99ab8a72093fa13d565ec/httplib2-0.31.2.tar.gz", hash = "sha256:385e0869d7397484f4eab426197a4c020b606edd43372492337c0b4010ae5d24", size = 250800, upload-time = "2026-01-23T11:04:44.165Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2f/90/fd509079dfcab01102c0fdd87f3a9506894bc70afcf9e9785ef6b2b3aff6/httplib2-0.31.2-py3-none-any.whl", hash = "sha256:dbf0c2fa3862acf3c55c078ea9c0bc4481d7dc5117cae71be9514912cf9f8349", size = 91099, upload-time = "2026-01-23T11:04:42.78Z" }, +] + [[package]] name = "httptools" version = "0.7.1" @@ -3283,6 +3390,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/57/a7/b35835e278c18b85206834b3aa3abe68e77a98769c59233d1f6300284781/numpy-2.4.3-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:4b42639cdde6d24e732ff823a3fa5b701d8acad89c4142bc1d0bd6dc85200ba5", size = 12504685, upload-time = "2026-03-09T07:58:50.525Z" }, ] +[[package]] +name = "oauthlib" +version = "3.3.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/0b/5f/19930f824ffeb0ad4372da4812c50edbd1434f678c90c2733e1188edfc63/oauthlib-3.3.1.tar.gz", hash = "sha256:0f0f8aa759826a193cf66c12ea1af1637f87b9b4622d46e866952bb022e538c9", size = 185918, upload-time = "2025-06-19T22:48:08.269Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/be/9c/92789c596b8df838baa98fa71844d84283302f7604ed565dafe5a6b5041a/oauthlib-3.3.1-py3-none-any.whl", hash = "sha256:88119c938d2b8fb88561af5f6ee0eec8cc8d552b7bb1f712743136eb7523b7a1", size = 160065, upload-time = "2025-06-19T22:48:06.508Z" }, +] + [[package]] name = "obstore" version = "0.8.2" @@ -3861,6 +3977,18 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/5b/5a/bc7b4a4ef808fa59a816c17b20c4bef6884daebbdf627ff2a161da67da19/propcache-0.4.1-py3-none-any.whl", hash = "sha256:af2a6052aeb6cf17d3e46ee169099044fd8224cbaf75c76a2ef596e8163e2237", size = 13305, upload-time = "2025-10-08T19:49:00.792Z" }, ] +[[package]] +name = "proto-plus" +version = "1.27.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "protobuf" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/81/0d/94dfe80193e79d55258345901acd2917523d56e8381bc4dee7fd38e3868a/proto_plus-1.27.2.tar.gz", hash = "sha256:b2adde53adadf75737c44d3dcb0104fde65250dfc83ad59168b4aa3e574b6a24", size = 57204, upload-time = "2026-03-26T22:18:57.174Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/84/f3/1fba73eeffafc998a25d59703b63f8be4fe8a5cb12eaff7386a0ba0f7125/proto_plus-1.27.2-py3-none-any.whl", hash = "sha256:6432f75893d3b9e70b9c412f1d2f03f65b11fb164b793d14ae2ca01821d22718", size = 50450, upload-time = "2026-03-26T22:13:42.927Z" }, +] + [[package]] name = "protobuf" version = "6.33.5" @@ -3935,6 +4063,27 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/50/f2/c0e76a0b451ffdf0cf788932e182758eb7558953f4f27f1aff8e2518b653/pyarrow-23.0.1-cp314-cp314t-win_amd64.whl", hash = "sha256:527e8d899f14bd15b740cd5a54ad56b7f98044955373a17179d5956ddb93d9ce", size = 28365807, upload-time = "2026-02-16T10:14:03.892Z" }, ] +[[package]] +name = "pyasn1" +version = "0.6.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/5c/5f/6583902b6f79b399c9c40674ac384fd9cd77805f9e6205075f828ef11fb2/pyasn1-0.6.3.tar.gz", hash = "sha256:697a8ecd6d98891189184ca1fa05d1bb00e2f84b5977c481452050549c8a72cf", size = 148685, upload-time = "2026-03-17T01:06:53.382Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/5d/a0/7d793dce3fa811fe047d6ae2431c672364b462850c6235ae306c0efd025f/pyasn1-0.6.3-py3-none-any.whl", hash = "sha256:a80184d120f0864a52a073acc6fc642847d0be408e7c7252f31390c0f4eadcde", size = 83997, upload-time = "2026-03-17T01:06:52.036Z" }, +] + +[[package]] +name = "pyasn1-modules" +version = "0.4.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pyasn1" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/e9/e6/78ebbb10a8c8e4b61a59249394a4a594c1a7af95593dc933a349c8d00964/pyasn1_modules-0.4.2.tar.gz", hash = "sha256:677091de870a80aae844b1ca6134f54652fa2c8c5a52aa396440ac3106e941e6", size = 307892, upload-time = "2025-03-28T02:41:22.17Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/47/8d/d529b5d697919ba8c11ad626e835d4039be708a35b0d22de83a269a6682c/pyasn1_modules-0.4.2-py3-none-any.whl", hash = "sha256:29253a9207ce32b64c3ac6600edc75368f98473906e8fd1043bd6b5b1de2c14a", size = 181259, upload-time = "2025-03-28T02:41:19.028Z" }, +] + [[package]] name = "pycparser" version = "3.0" @@ -4275,6 +4424,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/79/93/f6729f10149305262194774d6c8b438c0b084740cf239f48ab97b4df02fa/python_olm-3.2.16-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:10a5e68a2f4b5a2bfa5fdb5dbfa22396a551730df6c4a572235acaa96e997d3f", size = 297000, upload-time = "2023-11-28T19:25:31.045Z" }, ] +[[package]] +name = "python-socks" +version = "2.8.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/36/0b/cd77011c1bc01b76404f7aba07fca18aca02a19c7626e329b40201217624/python_socks-2.8.1.tar.gz", hash = "sha256:698daa9616d46dddaffe65b87db222f2902177a2d2b2c0b9a9361df607ab3687", size = 38909, upload-time = "2026-02-16T05:24:00.745Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/15/fe/9a58cb6eec633ff6afae150ca53c16f8cc8b65862ccb3d088051efdfceb7/python_socks-2.8.1-py3-none-any.whl", hash = "sha256:28232739c4988064e725cdbcd15be194743dd23f1c910f784163365b9d7be035", size = 55087, upload-time = "2026-02-16T05:23:59.147Z" }, +] + [[package]] name = "python-telegram-bot" version = "22.6" @@ -4535,6 +4693,19 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/56/5d/c814546c2333ceea4ba42262d8c4d55763003e767fa169adc693bd524478/requests-2.33.0-py3-none-any.whl", hash = "sha256:3324635456fa185245e24865e810cecec7b4caf933d7eb133dcde67d48cee69b", size = 65017, upload-time = "2026-03-25T15:10:40.382Z" }, ] +[[package]] +name = "requests-oauthlib" +version = "2.0.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "oauthlib" }, + { name = "requests" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/42/f2/05f29bc3913aea15eb670be136045bf5c5bbf4b99ecb839da9b422bb2c85/requests-oauthlib-2.0.0.tar.gz", hash = "sha256:b3dffaebd884d8cd778494369603a9e7b58d29111bf6b41bdc2dcd87203af4e9", size = 55650, upload-time = "2024-03-22T20:32:29.939Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/3b/5d/63d4ae3b9daea098d5d6f5da83984853c1bbacd5dc826764b249fe119d24/requests_oauthlib-2.0.0-py2.py3-none-any.whl", hash = "sha256:7dd8a5c40426b779b0868c404bdef9768deccf22749cde15852df527e6269b36", size = 24179, upload-time = "2024-03-22T20:32:28.055Z" }, +] + [[package]] name = "requests-toolbelt" version = "1.0.0" @@ -5274,6 +5445,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/4c/a7/563b2d8fb7edc07320bf69ac6a7eedcd7a1a9d663a6bb90a4d9bd2eda5f7/unpaddedbase64-2.1.0-py3-none-any.whl", hash = "sha256:485eff129c30175d2cd6f0cd8d2310dff51e666f7f36175f738d75dfdbd0b1c6", size = 6083, upload-time = "2021-03-09T11:35:46.7Z" }, ] +[[package]] +name = "uritemplate" +version = "4.2.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/98/60/f174043244c5306c9988380d2cb10009f91563fc4b31293d27e17201af56/uritemplate-4.2.0.tar.gz", hash = "sha256:480c2ed180878955863323eea31b0ede668795de182617fef9c6ca09e6ec9d0e", size = 33267, upload-time = "2025-06-02T15:12:06.318Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a9/99/3ae339466c9183ea5b8ae87b34c0b897eda475d2aec2307cae60e5cd4f29/uritemplate-4.2.0-py3-none-any.whl", hash = "sha256:962201ba1c4edcab02e60f9a0d3821e82dfc5d2d6662a21abd533879bdb8a686", size = 11488, upload-time = "2025-06-02T15:12:03.405Z" }, +] + [[package]] name = "urllib3" version = "2.6.3" From 77c0bc6b13c8c3f849111c41f2e9233a13b3dcb2 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Fri, 1 May 2026 09:49:59 -0700 Subject: [PATCH 119/133] fix(curator): defer first run and add --dry-run preview (#18373) (#18389) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(curator): defer first run and add --dry-run preview (#18373) Curator was meant to run 7 days after install, not on the very first gateway tick. On a fresh install (no .curator_state), should_run_now() returned True immediately because last_run_at was None — so the gateway cron ticker fired Curator against a fresh skill library moments after 'hermes update'. Combined with the binary 'agent-created' provenance model (anything not bundled and not hub-installed), this consolidated hand-authored user workflow skills without consent. Changes: - should_run_now(): first observation seeds last_run_at='now' and returns False. The next real pass fires one full interval_hours later (7 days by default), matching the original design intent. - hermes curator run --dry-run: produces the same review report without applying automatic transitions OR permitting the LLM to call skill_manage / terminal mv. A DRY-RUN banner is prepended to the prompt and the caller skips apply_automatic_transitions. State is NOT advanced so a preview doesn't defer the next scheduled real pass. - hermes update: prints a one-liner on fresh installs pointing at --dry-run, pause, and the docs. Silent on steady state. - Docs: curator.md and cli-commands.md explain the deferred first-run behavior and warn that hand-written SKILL.md files share the 'agent-created' bucket, with guidance to pin or preview before the first pass. Tests: - test_first_run_defers replaces the old 'first run always eligible' assertion — same fixture, inverted expectation. - test_maybe_run_curator_defers_on_fresh_install covers the gateway tick path end-to-end. - Three new dry-run tests cover state-advance suppression, prompt banner injection, and apply_automatic_transitions skipping. Fixes #18373. * feat(curator): pre-run backup + rollback (#18373) Every real curator pass now snapshots ~/.hermes/skills/ into ~/.hermes/skills/.curator_backups/<utc-iso>/skills.tar.gz before calling apply_automatic_transitions or the LLM review. If a run consolidates or archives something the user didn't want touched, 'hermes curator rollback' restores the tree in one command. Dry-run is skipped — no mutation means no snapshot needed. Changes: - agent/curator_backup.py (new): tar.gz snapshot + safe rollback. The snapshot excludes .curator_backups/ (would recurse) and .hub/ (managed by the skills hub). Extract refuses absolute paths and .. components, and uses tarfile's filter='data' on Python 3.12+. Rollback takes a pre-rollback safety snapshot FIRST, stages the current tree into .rollback-staging-<ts>/ so the extract lands in an empty dir, and cleans the staging dir on success. A failed extract restores the staged contents. - agent/curator.py: run_curator_review() calls curator_backup. snapshot_skills(reason='pre-curator-run') before apply_automatic_ transitions. Best-effort — a failed snapshot logs at debug and the run continues (a transient disk issue shouldn't silently disable curator forever). - hermes_cli/curator.py: new 'hermes curator backup' and 'hermes curator rollback' subcommands. rollback supports --list, --id <ts>, -y. - hermes_cli/config.py: curator.backup.{enabled, keep} config block with sane defaults (enabled=true, keep=5). - Docs: curator.md gets a 'Backups and rollback' section; cli-commands .md table gets the new rows. Tests (new file tests/agent/test_curator_backup.py, 16 cases): - snapshot creates tarball + manifest with correct counts - snapshot excludes .curator_backups/ (recursion guard) and .hub/ - snapshot disabled via config returns None without creating anything - snapshot uniquifies ids within the same second (-01 suffix) - prune honors keep count, newest-first - list_backups + _resolve_backup cover newest-default and unknown-id - rollback restores a deleted skill with content intact - rollback is itself undoable — safety snapshot shows up in list_backups - rollback with no snapshots returns an error - rollback refuses tarballs with absolute paths or .. components - real curator runs take a 'pre-curator-run' snapshot; dry-runs do not All curator tests: 210 passing locally. --- agent/curator.py | 119 +++++- agent/curator_backup.py | 440 ++++++++++++++++++++ hermes_cli/config.py | 8 + hermes_cli/curator.py | 145 ++++++- hermes_cli/main.py | 52 +++ tests/agent/test_curator.py | 108 ++++- tests/agent/test_curator_backup.py | 316 ++++++++++++++ website/docs/reference/cli-commands.md | 9 + website/docs/user-guide/features/curator.md | 49 +++ 9 files changed, 1226 insertions(+), 20 deletions(-) create mode 100644 agent/curator_backup.py create mode 100644 tests/agent/test_curator_backup.py diff --git a/agent/curator.py b/agent/curator.py index 5eefc5a98c1..2eebe10ef54 100644 --- a/agent/curator.py +++ b/agent/curator.py @@ -184,7 +184,16 @@ def should_run_now(now: Optional[datetime] = None) -> bool: Gates: - curator.enabled == True - not paused - - last_run_at missing, OR older than interval_hours + - last_run_at present AND older than interval_hours + + First-run behavior: when there is no ``last_run_at`` (fresh install, or + install that predates the curator), we DO NOT run immediately. The + curator is designed to run after at least ``interval_hours`` (7 days by + default) of skill activity, not on the first background tick after + ``hermes update``. On first observation we seed ``last_run_at`` to "now" + and defer the first real pass by one full interval. Users who want to + run it sooner can always invoke ``hermes curator run`` (with or without + ``--dry-run``) explicitly — that path bypasses this gate. The idle check (min_idle_hours) is applied at the call site where we know whether an agent is actively running — here we only enforce the static @@ -198,7 +207,21 @@ def should_run_now(now: Optional[datetime] = None) -> bool: state = load_state() last = _parse_iso(state.get("last_run_at")) if last is None: - return True + # Never run before. Seed state so we wait a full interval before the + # first real pass. Report-only; do not auto-mutate the library the + # very first time a gateway ticks after an update. + if now is None: + now = datetime.now(timezone.utc) + try: + state["last_run_at"] = now.isoformat() + state["last_run_summary"] = ( + "deferred first run — curator seeded, will run after one " + "interval; use `hermes curator run --dry-run` to preview now" + ) + save_state(state) + except Exception as e: # pragma: no cover — best-effort persistence + logger.debug("Failed to seed curator last_run_at: %s", e) + return False if now is None: now = datetime.now(timezone.utc) @@ -259,6 +282,33 @@ def apply_automatic_transitions(now: Optional[datetime] = None) -> Dict[str, int # Review prompt for the forked agent # --------------------------------------------------------------------------- +CURATOR_DRY_RUN_BANNER = ( + "═══════════════════════════════════════════════════════════════\n" + "DRY-RUN — REPORT ONLY. DO NOT MUTATE THE SKILL LIBRARY.\n" + "═══════════════════════════════════════════════════════════════\n" + "\n" + "This is a PREVIEW pass. Follow every instruction below EXCEPT:\n" + "\n" + " • DO NOT call skill_manage with action=patch, create, delete, " + "write_file, or remove_file.\n" + " • DO NOT call terminal to mv skill directories into .archive/.\n" + " • DO NOT call terminal to mv, cp, rm, or rewrite any file under " + "~/.hermes/skills/.\n" + " • skills_list and skill_view are FINE — read as much as you need.\n" + "\n" + "Your output IS the deliverable. Produce the exact same " + "human-readable summary and structured YAML block you would " + "produce on a live run — but describe the actions you WOULD take, " + "not actions you took. A downstream reviewer will read the report " + "and decide whether to approve a live run with " + "`hermes curator run` (no flag).\n" + "\n" + "If you accidentally take a mutating action, say so explicitly in " + "the summary so the reviewer can revert it.\n" + "═══════════════════════════════════════════════════════════════" +) + + CURATOR_REVIEW_PROMPT = ( "You are running as Hermes' background skill CURATOR. This is an " "UMBRELLA-BUILDING consolidation pass, not a passive audit and not a " @@ -1072,6 +1122,7 @@ def _render_candidate_list() -> str: def run_curator_review( on_summary: Optional[Callable[[str], None]] = None, synchronous: bool = False, + dry_run: bool = False, ) -> Dict[str, Any]: """Execute a single curator review pass. @@ -1084,9 +1135,43 @@ def run_curator_review( If *synchronous* is True, the LLM review runs in the calling thread; the default is to spawn a daemon thread so the caller returns immediately. + + If *dry_run* is True, the automatic stale/archive transitions are SKIPPED + and the LLM review pass is instructed to produce a report only — no + skill_manage mutations, no terminal archive moves. The REPORT.md still + gets written and ``state.last_report_path`` still records it so users + can read what the curator WOULD have done. """ start = datetime.now(timezone.utc) - counts = apply_automatic_transitions(now=start) + if dry_run: + # Count candidates without mutating state. + try: + report = skill_usage.agent_created_report() + counts = { + "checked": len(report), + "marked_stale": 0, + "archived": 0, + "reactivated": 0, + } + except Exception: + counts = {"checked": 0, "marked_stale": 0, "archived": 0, "reactivated": 0} + else: + # Pre-mutation snapshot — best-effort, never blocks the run. A + # failed snapshot logs at debug and continues (the alternative is + # that a transient disk issue silently disables curator forever, + # which is worse). Users who want to require snapshots can disable + # curator entirely until they can fix disk space. + try: + from agent import curator_backup + snap = curator_backup.snapshot_skills(reason="pre-curator-run") + if snap is not None and on_summary: + try: + on_summary(f"curator: snapshot created ({snap.name})") + except Exception: + pass + except Exception as e: + logger.debug("Curator pre-run snapshot failed: %s", e, exc_info=True) + counts = apply_automatic_transitions(now=start) auto_summary_parts = [] if counts["marked_stale"]: @@ -1098,11 +1183,16 @@ def run_curator_review( auto_summary = ", ".join(auto_summary_parts) if auto_summary_parts else "no changes" # Persist state before the LLM pass so a crash mid-review still records - # the run and doesn't immediately re-trigger. + # the run and doesn't immediately re-trigger. In dry-run we do NOT bump + # last_run_at or run_count — a preview shouldn't push the next scheduled + # real pass out. We still record a summary so `hermes curator status` + # shows that a preview ran. state = load_state() - state["last_run_at"] = start.isoformat() - state["run_count"] = int(state.get("run_count", 0)) + 1 - state["last_run_summary"] = f"auto: {auto_summary}" + if not dry_run: + state["last_run_at"] = start.isoformat() + state["run_count"] = int(state.get("run_count", 0)) + 1 + prefix = "dry-run auto: " if dry_run else "auto: " + state["last_run_summary"] = f"{prefix}{auto_summary}" save_state(state) def _llm_pass(): @@ -1118,7 +1208,7 @@ def run_curator_review( try: candidate_list = _render_candidate_list() if "No agent-created skills" in candidate_list: - final_summary = f"auto: {auto_summary}; llm: skipped (no candidates)" + final_summary = f"{prefix}{auto_summary}; llm: skipped (no candidates)" llm_meta = { "final": "", "summary": "skipped (no candidates)", @@ -1128,14 +1218,21 @@ def run_curator_review( "error": None, } else: - prompt = f"{CURATOR_REVIEW_PROMPT}\n\n{candidate_list}" + if dry_run: + prompt = ( + f"{CURATOR_DRY_RUN_BANNER}\n\n" + f"{CURATOR_REVIEW_PROMPT}\n\n" + f"{candidate_list}" + ) + else: + prompt = f"{CURATOR_REVIEW_PROMPT}\n\n{candidate_list}" llm_meta = _run_llm_review(prompt) final_summary = ( - f"auto: {auto_summary}; llm: {llm_meta.get('summary', 'no change')}" + f"{prefix}{auto_summary}; llm: {llm_meta.get('summary', 'no change')}" ) except Exception as e: logger.debug("Curator LLM pass failed: %s", e, exc_info=True) - final_summary = f"auto: {auto_summary}; llm: error ({e})" + final_summary = f"{prefix}{auto_summary}; llm: error ({e})" llm_meta = { "final": "", "summary": f"error ({e})", diff --git a/agent/curator_backup.py b/agent/curator_backup.py new file mode 100644 index 00000000000..268de64f41c --- /dev/null +++ b/agent/curator_backup.py @@ -0,0 +1,440 @@ +"""Curator snapshot + rollback. + +A pre-run snapshot of ``~/.hermes/skills/`` (excluding ``.curator_backups/`` +itself) is taken before any mutating curator pass. Snapshots are tar.gz +files under ``~/.hermes/skills/.curator_backups/<utc-iso>/`` with a +companion ``manifest.json`` describing the snapshot (reason, time, size, +counted skill files). Rollback picks a snapshot, moves the current +``skills/`` tree aside into another snapshot so even the rollback itself +is undoable, then extracts the chosen snapshot into place. + +The snapshot does NOT include: + - ``.curator_backups/`` (would recurse) + - ``.hub/`` (hub-installed skills — managed by the hub, not us) + +It DOES include: + - all SKILL.md files + their directories (``scripts/``, ``references/``, + ``templates/``, ``assets/``) + - ``.usage.json`` (usage telemetry — needed to rehydrate state cleanly) + - ``.archive/`` (so rollback restores previously-archived skills too) + - ``.curator_state`` (so rolling back also restores the last-run-at + pointer — otherwise the curator would immediately re-fire on the next + tick) + - ``.bundled_manifest`` (so protection markers stay consistent) +""" + +from __future__ import annotations + +import json +import logging +import os +import re +import shutil +import tarfile +import tempfile +import time +from datetime import datetime, timezone +from pathlib import Path +from typing import Any, Dict, List, Optional, Tuple + +from hermes_constants import get_hermes_home + +logger = logging.getLogger(__name__) + + +DEFAULT_KEEP = 5 + +# Entries under skills/ that should NEVER be rolled up into a snapshot. +# .hub/ is managed by the skills hub; rolling it back would break lockfile +# invariants. .curator_backups is the backup dir itself — recursion bomb. +_EXCLUDE_TOP_LEVEL = {".curator_backups", ".hub"} + +# Snapshot id regex: UTC ISO with colons replaced by dashes so the filename +# is portable (Windows-safe). An optional ``-NN`` suffix handles two +# snapshots landing in the same wallclock second. +_ID_RE = re.compile(r"^\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}Z(-\d{2})?$") + + +def _backups_dir() -> Path: + return get_hermes_home() / "skills" / ".curator_backups" + + +def _skills_dir() -> Path: + return get_hermes_home() / "skills" + + +def _utc_id(now: Optional[datetime] = None) -> str: + """UTC ISO-ish filesystem-safe timestamp: ``2026-05-01T13-05-42Z``.""" + if now is None: + now = datetime.now(timezone.utc) + # isoformat → "2026-05-01T13:05:42.123456+00:00"; strip subseconds and tz. + s = now.replace(microsecond=0).isoformat() + if s.endswith("+00:00"): + s = s[:-6] + return s.replace(":", "-") + "Z" + + +def _load_config() -> Dict[str, Any]: + try: + from hermes_cli.config import load_config + cfg = load_config() + except Exception as e: + logger.debug("Failed to load config for curator backup: %s", e) + return {} + if not isinstance(cfg, dict): + return {} + cur = cfg.get("curator") or {} + if not isinstance(cur, dict): + return {} + bk = cur.get("backup") or {} + return bk if isinstance(bk, dict) else {} + + +def is_enabled() -> bool: + """Default ON — the whole point of the backup is safety by default.""" + return bool(_load_config().get("enabled", True)) + + +def get_keep() -> int: + cfg = _load_config() + try: + n = int(cfg.get("keep", DEFAULT_KEEP)) + except (TypeError, ValueError): + n = DEFAULT_KEEP + return max(1, n) + + +# --------------------------------------------------------------------------- +# Snapshot +# --------------------------------------------------------------------------- + +def _count_skill_files(base: Path) -> int: + try: + return sum(1 for _ in base.rglob("SKILL.md")) + except OSError: + return 0 + + +def _write_manifest(dest: Path, reason: str, archive_path: Path, + skills_counted: int) -> None: + manifest = { + "id": dest.name, + "reason": reason, + "created_at": datetime.now(timezone.utc).isoformat(), + "archive": archive_path.name, + "archive_bytes": archive_path.stat().st_size, + "skill_files": skills_counted, + } + (dest / "manifest.json").write_text( + json.dumps(manifest, indent=2, sort_keys=True), encoding="utf-8" + ) + + +def snapshot_skills(reason: str = "manual") -> Optional[Path]: + """Create a tar.gz snapshot of ``~/.hermes/skills/`` and prune old ones. + + Returns the snapshot directory path, or ``None`` if the snapshot was + skipped (backup disabled, skills dir missing, or an IO error occurred — + in which case we log at debug and return None so the curator never + aborts a pass because of a backup failure). + """ + if not is_enabled(): + logger.debug("Curator backup disabled by config; skipping snapshot") + return None + + skills = _skills_dir() + if not skills.exists(): + logger.debug("No ~/.hermes/skills/ directory — nothing to back up") + return None + + backups = _backups_dir() + try: + backups.mkdir(parents=True, exist_ok=True) + except OSError as e: + logger.debug("Failed to create backups dir %s: %s", backups, e) + return None + + # Uniquify: if a snapshot with the same second already exists (can + # happen if two curator runs fire in the same second), append a short + # counter. Avoids clobbering and avoids timestamp collisions. + base_id = _utc_id() + snap_id = base_id + counter = 1 + while (backups / snap_id).exists(): + snap_id = f"{base_id}-{counter:02d}" + counter += 1 + + dest = backups / snap_id + try: + dest.mkdir(parents=True, exist_ok=False) + except OSError as e: + logger.debug("Failed to create snapshot dir %s: %s", dest, e) + return None + + archive = dest / "skills.tar.gz" + try: + # Stream into the tarball — no tempdir copy needed. + with tarfile.open(archive, "w:gz", compresslevel=6) as tf: + for entry in sorted(skills.iterdir()): + if entry.name in _EXCLUDE_TOP_LEVEL: + continue + # arcname: store paths relative to skills/ so extraction + # drops cleanly back into the skills dir. + tf.add(str(entry), arcname=entry.name, recursive=True) + _write_manifest(dest, reason, archive, _count_skill_files(skills)) + except (OSError, tarfile.TarError) as e: + logger.debug("Curator snapshot failed: %s", e, exc_info=True) + # Clean up partial snapshot + try: + shutil.rmtree(dest, ignore_errors=True) + except OSError: + pass + return None + + _prune_old(keep=get_keep()) + logger.info("Curator snapshot created: %s (%s)", snap_id, reason) + return dest + + +def _prune_old(keep: int) -> List[str]: + """Delete regular snapshots beyond the newest *keep*. Returns deleted + ids. Staging dirs (``.rollback-staging-*``) are implementation detail + and pruned independently on every call.""" + backups = _backups_dir() + if not backups.exists(): + return [] + entries: List[Tuple[str, Path]] = [] + stale_staging: List[Path] = [] + for child in backups.iterdir(): + if not child.is_dir(): + continue + if child.name.startswith(".rollback-staging-"): + # Staging dirs are only supposed to exist briefly during a + # rollback. If we find one here (e.g. from a crashed rollback), + # clean it up opportunistically. + stale_staging.append(child) + continue + if _ID_RE.match(child.name): + entries.append((child.name, child)) + # Newest first (lexicographic works because the id is UTC ISO). + entries.sort(key=lambda t: t[0], reverse=True) + deleted: List[str] = [] + for _, path in entries[keep:]: + try: + shutil.rmtree(path) + deleted.append(path.name) + except OSError as e: + logger.debug("Failed to prune %s: %s", path, e) + for path in stale_staging: + try: + shutil.rmtree(path) + except OSError as e: + logger.debug("Failed to clean stale staging dir %s: %s", path, e) + return deleted + + +# --------------------------------------------------------------------------- +# List + rollback +# --------------------------------------------------------------------------- + +def _read_manifest(snap_dir: Path) -> Dict[str, Any]: + mf = snap_dir / "manifest.json" + if not mf.exists(): + return {} + try: + return json.loads(mf.read_text(encoding="utf-8")) + except (OSError, json.JSONDecodeError): + return {} + + +def list_backups() -> List[Dict[str, Any]]: + """Return all restorable snapshots, newest first. Only entries with a + real ``skills.tar.gz`` tarball are listed — transient + ``.rollback-staging-*`` directories created mid-rollback are + implementation detail and not shown.""" + backups = _backups_dir() + if not backups.exists(): + return [] + out: List[Dict[str, Any]] = [] + for child in sorted(backups.iterdir(), reverse=True): + if not child.is_dir(): + continue + if not _ID_RE.match(child.name): + continue + if not (child / "skills.tar.gz").exists(): + continue + mf = _read_manifest(child) + mf.setdefault("id", child.name) + mf.setdefault("path", str(child)) + if "archive_bytes" not in mf: + arc = child / "skills.tar.gz" + try: + mf["archive_bytes"] = arc.stat().st_size + except OSError: + mf["archive_bytes"] = 0 + out.append(mf) + return out + + +def _resolve_backup(backup_id: Optional[str]) -> Optional[Path]: + """Return the path of the requested backup, or the newest one if + *backup_id* is None. Returns None if no match.""" + backups = _backups_dir() + if not backups.exists(): + return None + if backup_id: + target = backups / backup_id + if ( + target.is_dir() + and _ID_RE.match(backup_id) + and (target / "skills.tar.gz").exists() + ): + return target + return None + candidates = [ + c for c in sorted(backups.iterdir(), reverse=True) + if c.is_dir() and _ID_RE.match(c.name) and (c / "skills.tar.gz").exists() + ] + return candidates[0] if candidates else None + + +def rollback(backup_id: Optional[str] = None) -> Tuple[bool, str, Optional[Path]]: + """Restore ``~/.hermes/skills/`` from a snapshot. + + Strategy: + 1. Resolve the target snapshot (explicit id or newest regular). + 2. Take a safety snapshot of the CURRENT skills tree under + ``.curator_backups/pre-rollback-<ts>/`` so the rollback itself is + undoable. + 3. Move all current top-level entries (except ``.curator_backups`` + and ``.hub``) into a tempdir. + 4. Extract the chosen snapshot into ``~/.hermes/skills/``. + 5. On failure during 4, move the tempdir contents back (best-effort) + and return failure. + + Returns ``(ok, message, snapshot_path)``. + """ + target = _resolve_backup(backup_id) + if target is None: + return ( + False, + f"no matching backup found" + + (f" for id '{backup_id}'" if backup_id else "") + + " (use `hermes curator rollback --list` to see available snapshots)", + None, + ) + archive = target / "skills.tar.gz" + if not archive.exists(): + return (False, f"snapshot {target.name} has no skills.tar.gz — corrupted?", None) + + skills = _skills_dir() + skills.mkdir(parents=True, exist_ok=True) + backups = _backups_dir() + backups.mkdir(parents=True, exist_ok=True) + + # Step 2: safety snapshot of current state FIRST. If this fails we bail + # out before touching anything — otherwise a failed extract could leave + # the user with no skills. + try: + snapshot_skills(reason=f"pre-rollback to {target.name}") + except Exception as e: + return (False, f"pre-rollback safety snapshot failed: {e}", None) + + # Additionally move current entries into an internal staging dir so + # the extract happens into an empty skills tree (predictable result). + # This dir is implementation detail — not listed as a restorable + # backup. The safety snapshot above is the user-facing undo handle. + staged = backups / f".rollback-staging-{_utc_id()}" + try: + staged.mkdir(parents=True, exist_ok=False) + except OSError as e: + return (False, f"failed to create staging dir: {e}", None) + + moved: List[Tuple[Path, Path]] = [] + try: + for entry in list(skills.iterdir()): + if entry.name in _EXCLUDE_TOP_LEVEL: + continue + dest = staged / entry.name + shutil.move(str(entry), str(dest)) + moved.append((entry, dest)) + except OSError as e: + # Best-effort rollback of the move + for orig, dest in moved: + try: + shutil.move(str(dest), str(orig)) + except OSError: + pass + try: + shutil.rmtree(staged, ignore_errors=True) + except OSError: + pass + return (False, f"failed to stage current skills: {e}", None) + + # Step 4: extract the snapshot into skills/ + try: + with tarfile.open(archive, "r:gz") as tf: + # Python 3.12+ supports filter='data' for safer extraction. + # Fall back to the unfiltered call for older interpreters but + # still reject absolute paths and .. components defensively. + for member in tf.getmembers(): + name = member.name + if name.startswith("/") or ".." in Path(name).parts: + raise tarfile.TarError( + f"refusing to extract unsafe path: {name!r}" + ) + try: + tf.extractall(str(skills), filter="data") # type: ignore[call-arg] + except TypeError: + # Python < 3.12 — no filter kwarg + tf.extractall(str(skills)) + except (OSError, tarfile.TarError) as e: + # Best-effort recover: move staged contents back + for orig, dest in moved: + try: + shutil.move(str(dest), str(orig)) + except OSError: + pass + try: + shutil.rmtree(staged, ignore_errors=True) + except OSError: + pass + return (False, f"snapshot extract failed (state restored): {e}", None) + + # Extract succeeded — the staging dir has served its purpose. The + # user's undo handle is the safety snapshot tarball we took earlier. + try: + shutil.rmtree(staged, ignore_errors=True) + except OSError: + pass + + logger.info("Curator rollback: restored from %s", target.name) + return (True, f"restored from snapshot {target.name}", target) + + +# --------------------------------------------------------------------------- +# Human-readable summary for CLI +# --------------------------------------------------------------------------- + +def format_size(n: int) -> str: + for unit in ("B", "KB", "MB", "GB"): + if n < 1024 or unit == "GB": + return f"{n:.1f} {unit}" if unit != "B" else f"{n} B" + n /= 1024 + return f"{n:.1f} GB" + + +def summarize_backups() -> str: + rows = list_backups() + if not rows: + return "No curator snapshots yet." + lines = [f"{'id':<24} {'reason':<40} {'skills':>6} {'size':>8}"] + lines.append("─" * len(lines[0])) + for r in rows: + lines.append( + f"{r.get('id','?'):<24} " + f"{(r.get('reason','?') or '?')[:40]:<40} " + f"{r.get('skill_files', 0):>6} " + f"{format_size(int(r.get('archive_bytes', 0))):>8}" + ) + return "\n".join(lines) diff --git a/hermes_cli/config.py b/hermes_cli/config.py index 720405935b3..fe989619bb9 100644 --- a/hermes_cli/config.py +++ b/hermes_cli/config.py @@ -1022,6 +1022,14 @@ DEFAULT_CONFIG = { # Archive a skill (move to skills/.archive/) after this many days # without use. Archived skills are recoverable — no auto-deletion. "archive_after_days": 90, + # Pre-run backup: before every real curator pass (dry-run is + # skipped), snapshot ~/.hermes/skills/ into + # ~/.hermes/skills/.curator_backups/<utc-iso>/skills.tar.gz so the + # user can roll back with `hermes curator rollback`. + "backup": { + "enabled": True, + "keep": 5, # retain last N regular snapshots + }, }, # Honcho AI-native memory -- reads ~/.honcho/config.json as single source of truth. diff --git a/hermes_cli/curator.py b/hermes_cli/curator.py index bd2c8d65cc2..b6646d7299d 100644 --- a/hermes_cli/curator.py +++ b/hermes_cli/curator.py @@ -160,7 +160,11 @@ def _cmd_run(args) -> int: print("curator: disabled via config; enable with `curator.enabled: true`") return 1 - print("curator: running review pass...") + dry = bool(getattr(args, "dry_run", False)) + if dry: + print("curator: running DRY-RUN (report only, no mutations)...") + else: + print("curator: running review pass...") def _on_summary(msg: str) -> None: print(msg) @@ -168,17 +172,29 @@ def _cmd_run(args) -> int: result = curator.run_curator_review( on_summary=_on_summary, synchronous=bool(args.synchronous), + dry_run=dry, ) auto = result.get("auto_transitions", {}) if auto: - print( - f"auto: checked={auto.get('checked', 0)} " - f"stale={auto.get('marked_stale', 0)} " - f"archived={auto.get('archived', 0)} " - f"reactivated={auto.get('reactivated', 0)}" - ) + if dry: + print( + f"auto (preview): {auto.get('checked', 0)} candidate skill(s) " + "— no transitions applied in dry-run" + ) + else: + print( + f"auto: checked={auto.get('checked', 0)} " + f"stale={auto.get('marked_stale', 0)} " + f"archived={auto.get('archived', 0)} " + f"reactivated={auto.get('reactivated', 0)}" + ) if not args.synchronous: print("llm pass running in background — check `hermes curator status` later") + if dry: + print( + "dry-run: no changes applied. When the report lands, read it with " + "`hermes curator status` and run `hermes curator run` (no flag) to apply." + ) return 0 @@ -229,6 +245,86 @@ def _cmd_restore(args) -> int: return 0 if ok else 1 +def _cmd_backup(args) -> int: + """Take a manual snapshot of the skills tree. Same mechanism as the + automatic pre-run snapshot, just user-initiated.""" + from agent import curator_backup + if not curator_backup.is_enabled(): + print( + "curator: backups are disabled via config " + "(`curator.backup.enabled: false`); re-enable to snapshot" + ) + return 1 + reason = getattr(args, "reason", None) or "manual" + snap = curator_backup.snapshot_skills(reason=reason) + if snap is None: + print("curator: snapshot failed — check logs (backup disabled or IO error)") + return 1 + print(f"curator: snapshot created at ~/.hermes/skills/.curator_backups/{snap.name}") + return 0 + + +def _cmd_rollback(args) -> int: + """Restore the skills tree from a snapshot. Defaults to newest. + + ``--list`` prints available snapshots and exits. ``--id <stamp>`` picks + a specific one. Without ``-y``, prompts for confirmation. A safety + snapshot of the current tree is always taken first, so rollbacks are + themselves undoable. + """ + from agent import curator_backup + + if getattr(args, "list", False): + print(curator_backup.summarize_backups()) + return 0 + + backup_id = getattr(args, "backup_id", None) + target_path = curator_backup._resolve_backup(backup_id) + if target_path is None: + rows = curator_backup.list_backups() + if not rows: + print( + "curator: no snapshots exist yet. Take one with " + "`hermes curator backup` or wait for the next curator run." + ) + else: + print( + f"curator: no snapshot matching " + f"{'id ' + repr(backup_id) if backup_id else 'your query'}." + ) + print("Available:") + print(curator_backup.summarize_backups()) + return 1 + + manifest = curator_backup._read_manifest(target_path) + print(f"Rollback target: {target_path.name}") + if manifest: + print(f" reason: {manifest.get('reason', '?')}") + print(f" created_at: {manifest.get('created_at', '?')}") + print(f" skill files: {manifest.get('skill_files', '?')}") + print( + "\nThis will replace the current ~/.hermes/skills/ tree (a safety " + "snapshot of the current state is taken first so this is undoable)." + ) + + if not getattr(args, "yes", False): + try: + ans = input("Proceed? [y/N] ").strip().lower() + except (EOFError, KeyboardInterrupt): + print("\ncancelled") + return 1 + if ans not in ("y", "yes"): + print("cancelled") + return 1 + + ok, msg, _ = curator_backup.rollback(backup_id=target_path.name) + if ok: + print(f"curator: {msg}") + return 0 + print(f"curator: rollback failed — {msg}") + return 1 + + # --------------------------------------------------------------------------- # argparse wiring (called from hermes_cli.main) # --------------------------------------------------------------------------- @@ -250,6 +346,11 @@ def register_cli(parent: argparse.ArgumentParser) -> None: "--sync", "--synchronous", dest="synchronous", action="store_true", help="Wait for the LLM review pass to finish (default: background thread)", ) + p_run.add_argument( + "--dry-run", dest="dry_run", action="store_true", + help="Report only — no state changes, no archives, no consolidation " + "(use this to preview what curator would do)", + ) p_run.set_defaults(func=_cmd_run) p_pause = subs.add_parser("pause", help="Pause the curator until resumed") @@ -270,6 +371,36 @@ def register_cli(parent: argparse.ArgumentParser) -> None: p_restore.add_argument("skill", help="Skill name") p_restore.set_defaults(func=_cmd_restore) + p_backup = subs.add_parser( + "backup", + help="Take a manual tar.gz snapshot of ~/.hermes/skills/ " + "(curator also does this automatically before every real run)", + ) + p_backup.add_argument( + "--reason", default=None, + help="Free-text label stored in manifest.json (default: 'manual')", + ) + p_backup.set_defaults(func=_cmd_backup) + + p_rollback = subs.add_parser( + "rollback", + help="Restore ~/.hermes/skills/ from a curator snapshot " + "(defaults to the newest)", + ) + p_rollback.add_argument( + "--list", action="store_true", + help="List available snapshots and exit without restoring", + ) + p_rollback.add_argument( + "--id", dest="backup_id", default=None, + help="Snapshot id to restore (see `--list`); default: newest", + ) + p_rollback.add_argument( + "-y", "--yes", action="store_true", + help="Skip confirmation prompt", + ) + p_rollback.set_defaults(func=_cmd_rollback) + def cli_main(argv=None) -> int: """Standalone entry (also usable by hermes_cli.main fallthrough).""" diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 72a958b573d..92e932dab6d 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -5433,6 +5433,45 @@ def _find_stale_dashboard_pids() -> list[int]: return dashboard_pids +def _print_curator_first_run_notice() -> None: + """Print a short heads-up about the skill curator after `hermes update`. + + Only fires when the curator is enabled AND has no recorded run yet, which + is exactly the window where the gateway ticker used to fire Curator + against a fresh skill library immediately after an update. We defer the + first real pass by one ``interval_hours``; this notice tells the user how + to preview or disable before then. Silent on steady state. + """ + try: + from agent import curator + except Exception: + return + try: + if not curator.is_enabled(): + return + state = curator.load_state() + except Exception: + return + if state.get("last_run_at"): + # Curator has run before (real or already seeded) — no notice needed. + return + try: + hours = curator.get_interval_hours() + except Exception: + hours = 24 * 7 + days = max(1, hours // 24) + print() + print("ℹ Skill curator") + print( + f" Background skill maintenance is enabled. First pass is deferred " + f"~{days}d after installation; only agent-created skills are in " + f"scope and nothing is ever auto-deleted (archive is recoverable)." + ) + print(" Preview now: hermes curator run --dry-run") + print(" Pause it: hermes curator pause") + print(" Docs: https://hermes-agent.nousresearch.com/docs/user-guide/features/curator") + + def _kill_stale_dashboard_processes( reason: str = "the running backend no longer matches the updated frontend", ) -> None: @@ -5670,6 +5709,10 @@ def _update_via_zip(args): print() print("✓ Update complete!") + try: + _print_curator_first_run_notice() + except Exception as e: + logger.debug("Curator first-run notice failed: %s", e) _kill_stale_dashboard_processes() @@ -7109,6 +7152,15 @@ def _cmd_update_impl(args, gateway_mode: bool): print() print("✓ Update complete!") + # Curator first-run heads-up. Only prints when curator is enabled AND + # has never run — i.e. the window where the ticker would otherwise + # have fired against a fresh skill library. Kept silent on steady + # state so we don't nag. + try: + _print_curator_first_run_notice() + except Exception as e: + logger.debug("Curator first-run notice failed: %s", e) + # Repair RHEL-family root installs where /usr/local/bin isn't on PATH # for non-login interactive shells. No-op on every other platform. try: diff --git a/tests/agent/test_curator.py b/tests/agent/test_curator.py index 78971a74d2c..aba866445c9 100644 --- a/tests/agent/test_curator.py +++ b/tests/agent/test_curator.py @@ -86,9 +86,22 @@ def test_curator_config_overrides(curator_env, monkeypatch): # should_run_now # --------------------------------------------------------------------------- -def test_first_run_always_eligible(curator_env): +def test_first_run_defers(curator_env): + """The FIRST observation of the curator (fresh install, no state file) + must NOT trigger an immediate run. The curator is designed to run after + a full ``interval_hours`` of skill activity, not on the first background + tick after installation. Fixes #18373. + """ c = curator_env["curator"] - assert c.should_run_now() is True + # No state file — should defer and seed last_run_at. + assert c.should_run_now() is False + state = c.load_state() + assert state.get("last_run_at") is not None, ( + "first observation should seed last_run_at so the interval clock " + "starts ticking instead of firing immediately next tick" + ) + # A second immediate call still returns False (seeded, not yet stale). + assert c.should_run_now() is False def test_recent_run_blocks(curator_env): @@ -265,6 +278,77 @@ def test_run_review_records_state(curator_env): assert state["last_run_summary"] is not None +def test_dry_run_does_not_advance_state(curator_env, monkeypatch): + """Dry-run previews must not bump last_run_at or run_count. A preview + shouldn't defer the next scheduled real pass or look like a real run in + `hermes curator status`. Fixes #18373. + """ + c = curator_env["curator"] + skills_dir = curator_env["home"] / "skills" + _write_skill(skills_dir, "a") + + # Stub the LLM so the test doesn't need a provider. + monkeypatch.setattr( + c, "_run_llm_review", + lambda prompt: { + "final": "", "summary": "dry preview", "model": "", "provider": "", + "tool_calls": [], "error": None, + }, + ) + + c.run_curator_review(synchronous=True, dry_run=True) + state = c.load_state() + assert state.get("last_run_at") is None, "dry-run must not seed last_run_at" + assert state.get("run_count", 0) == 0, "dry-run must not bump run_count" + assert "dry-run" in (state.get("last_run_summary") or ""), ( + "dry-run summary should be labeled so status output is unambiguous" + ) + + +def test_dry_run_injects_report_only_banner(curator_env, monkeypatch): + """The dry-run prompt must carry a banner instructing the LLM not to + call any mutating tool. This is defense in depth — the caller also + skips automatic transitions — but the LLM prompt is the only guard + against the model calling skill_manage directly.""" + c = curator_env["curator"] + skills_dir = curator_env["home"] / "skills" + _write_skill(skills_dir, "a") + + captured = {} + def _stub(prompt): + captured["prompt"] = prompt + return {"final": "", "summary": "s", "model": "", "provider": "", + "tool_calls": [], "error": None} + monkeypatch.setattr(c, "_run_llm_review", _stub) + + c.run_curator_review(synchronous=True, dry_run=True) + assert "DRY-RUN" in captured["prompt"] + assert "DO NOT" in captured["prompt"] + + +def test_dry_run_skips_automatic_transitions(curator_env, monkeypatch): + """Dry-run must not call apply_automatic_transitions — the auto pass + archives skills deterministically, and a preview must not touch the + filesystem.""" + c = curator_env["curator"] + skills_dir = curator_env["home"] / "skills" + _write_skill(skills_dir, "a") + + called = {"n": 0} + def _explode(*_a, **_kw): + called["n"] += 1 + return {"checked": 0, "marked_stale": 0, "archived": 0, "reactivated": 0} + monkeypatch.setattr(c, "apply_automatic_transitions", _explode) + monkeypatch.setattr( + c, "_run_llm_review", + lambda p: {"final": "", "summary": "s", "model": "", "provider": "", + "tool_calls": [], "error": None}, + ) + + c.run_curator_review(synchronous=True, dry_run=True) + assert called["n"] == 0, "dry-run must skip apply_automatic_transitions" + + def test_run_review_synchronous_invokes_llm_stub(curator_env, monkeypatch): c = curator_env["curator"] skills_dir = curator_env["home"] / "skills" @@ -327,12 +411,32 @@ def test_maybe_run_curator_runs_when_eligible(curator_env, monkeypatch): c = curator_env["curator"] skills_dir = curator_env["home"] / "skills" _write_skill(skills_dir, "a") + # Seed last_run_at far in the past so the interval gate opens — the + # "no state" path intentionally defers the first run now (#18373). + long_ago = datetime.now(timezone.utc) - timedelta(hours=c.get_interval_hours() * 2) + c.save_state({"last_run_at": long_ago.isoformat(), "paused": False}) # Force idle over threshold result = c.maybe_run_curator(idle_for_seconds=99999.0) assert result is not None assert "started_at" in result +def test_maybe_run_curator_defers_on_fresh_install(curator_env): + """Fresh install (no curator state file) must NOT fire the curator on + the first gateway tick. The first observation seeds last_run_at and + returns None. Fixes #18373.""" + c = curator_env["curator"] + skills_dir = curator_env["home"] / "skills" + _write_skill(skills_dir, "a") + # Infinite idle — the only thing that should block the run is the new + # deferred-first-run gate. + result = c.maybe_run_curator(idle_for_seconds=99999.0) + assert result is None + # And the next tick still defers (we seeded last_run_at to "now"). + result2 = c.maybe_run_curator(idle_for_seconds=99999.0) + assert result2 is None + + def test_maybe_run_curator_swallows_exceptions(curator_env, monkeypatch): c = curator_env["curator"] diff --git a/tests/agent/test_curator_backup.py b/tests/agent/test_curator_backup.py new file mode 100644 index 00000000000..1d906ed7456 --- /dev/null +++ b/tests/agent/test_curator_backup.py @@ -0,0 +1,316 @@ +"""Tests for agent/curator_backup.py — snapshot + rollback of the skills tree.""" + +from __future__ import annotations + +import importlib +import json +import os +import sys +import tarfile +import tempfile +from pathlib import Path + +import pytest + + +@pytest.fixture +def backup_env(monkeypatch, tmp_path): + """Isolate HERMES_HOME + reload modules so every test starts clean.""" + home = tmp_path / ".hermes" + home.mkdir() + (home / "skills").mkdir() + monkeypatch.setenv("HERMES_HOME", str(home)) + monkeypatch.setattr(Path, "home", lambda: tmp_path) + + # Reload so get_hermes_home picks up the env var fresh. + import hermes_constants + importlib.reload(hermes_constants) + from agent import curator_backup + importlib.reload(curator_backup) + return {"home": home, "skills": home / "skills", "cb": curator_backup} + + +def _write_skill(skills_dir: Path, name: str, body: str = "body") -> Path: + d = skills_dir / name + d.mkdir(parents=True, exist_ok=True) + (d / "SKILL.md").write_text( + f"---\nname: {name}\ndescription: t\nversion: 1.0\n---\n\n{body}\n", + encoding="utf-8", + ) + return d + + +# --------------------------------------------------------------------------- +# snapshot_skills +# --------------------------------------------------------------------------- + +def test_snapshot_creates_tarball_and_manifest(backup_env): + cb = backup_env["cb"] + _write_skill(backup_env["skills"], "alpha") + _write_skill(backup_env["skills"], "beta") + + snap = cb.snapshot_skills(reason="test") + assert snap is not None, "snapshot should succeed with a populated skills dir" + assert (snap / "skills.tar.gz").exists() + manifest = json.loads((snap / "manifest.json").read_text()) + assert manifest["reason"] == "test" + assert manifest["skill_files"] == 2 + assert manifest["archive_bytes"] > 0 + + +def test_snapshot_excludes_backups_dir_itself(backup_env): + """The backup must NOT contain .curator_backups/ — that would recurse + with every subsequent snapshot and balloon disk usage.""" + cb = backup_env["cb"] + _write_skill(backup_env["skills"], "alpha") + snap1 = cb.snapshot_skills(reason="first") + assert snap1 is not None + snap2 = cb.snapshot_skills(reason="second") + assert snap2 is not None + with tarfile.open(snap2 / "skills.tar.gz") as tf: + names = tf.getnames() + assert not any(n.startswith(".curator_backups") for n in names), ( + "second snapshot must not contain the first snapshot recursively" + ) + + +def test_snapshot_excludes_hub_dir(backup_env): + """.hub/ is managed by the skills hub. Rolling it back would break + lockfile invariants, so the snapshot omits it entirely.""" + cb = backup_env["cb"] + hub = backup_env["skills"] / ".hub" + hub.mkdir() + (hub / "lock.json").write_text("{}") + _write_skill(backup_env["skills"], "alpha") + snap = cb.snapshot_skills(reason="t") + assert snap is not None + with tarfile.open(snap / "skills.tar.gz") as tf: + names = tf.getnames() + assert not any(n.startswith(".hub") for n in names) + + +def test_snapshot_disabled_returns_none(backup_env, monkeypatch): + cb = backup_env["cb"] + monkeypatch.setattr(cb, "is_enabled", lambda: False) + _write_skill(backup_env["skills"], "alpha") + assert cb.snapshot_skills() is None + # And no backup dir should have been created + assert not (backup_env["skills"] / ".curator_backups").exists() + + +def test_snapshot_uniquifies_when_same_second(backup_env, monkeypatch): + """Two snapshots in the same wallclock second must not clobber each + other. The module appends a counter to the second snapshot's id.""" + cb = backup_env["cb"] + _write_skill(backup_env["skills"], "alpha") + frozen = "2026-05-01T12-00-00Z" + monkeypatch.setattr(cb, "_utc_id", lambda now=None: frozen) + s1 = cb.snapshot_skills(reason="a") + s2 = cb.snapshot_skills(reason="b") + assert s1 is not None and s2 is not None + assert s1.name == frozen + assert s2.name == f"{frozen}-01" + + +def test_snapshot_prunes_to_keep_count(backup_env, monkeypatch): + cb = backup_env["cb"] + _write_skill(backup_env["skills"], "alpha") + monkeypatch.setattr(cb, "get_keep", lambda: 3) + + # Create 5 snapshots with monotonically increasing fake ids + ids = [f"2026-05-0{i}T00-00-00Z" for i in range(1, 6)] + for i, fid in enumerate(ids): + monkeypatch.setattr(cb, "_utc_id", lambda now=None, _f=fid: _f) + cb.snapshot_skills(reason=f"n{i}") + + remaining = sorted(p.name for p in (backup_env["skills"] / ".curator_backups").iterdir()) + # Newest 3 kept (lex order == date order for this id format) + assert remaining == ids[2:], f"expected newest 3, got {remaining}" + + +# --------------------------------------------------------------------------- +# list_backups / _resolve_backup +# --------------------------------------------------------------------------- + +def test_list_backups_empty(backup_env): + cb = backup_env["cb"] + assert cb.list_backups() == [] + + +def test_list_backups_returns_manifest_data(backup_env): + cb = backup_env["cb"] + _write_skill(backup_env["skills"], "alpha") + cb.snapshot_skills(reason="m1") + rows = cb.list_backups() + assert len(rows) == 1 + assert rows[0]["reason"] == "m1" + assert rows[0]["skill_files"] == 1 + + +def test_resolve_backup_newest_when_no_id(backup_env, monkeypatch): + cb = backup_env["cb"] + _write_skill(backup_env["skills"], "alpha") + ids = ["2026-05-01T00-00-00Z", "2026-05-02T00-00-00Z"] + for fid in ids: + monkeypatch.setattr(cb, "_utc_id", lambda now=None, _f=fid: _f) + cb.snapshot_skills() + resolved = cb._resolve_backup(None) + assert resolved is not None + assert resolved.name == "2026-05-02T00-00-00Z", ( + "resolve(None) must return newest regular snapshot" + ) + + +def test_resolve_backup_unknown_id_returns_none(backup_env): + cb = backup_env["cb"] + _write_skill(backup_env["skills"], "alpha") + cb.snapshot_skills() + assert cb._resolve_backup("not-an-id") is None + + +# --------------------------------------------------------------------------- +# rollback +# --------------------------------------------------------------------------- + +def test_rollback_restores_deleted_skill(backup_env): + """The whole point of this feature: user loses a skill, rollback + brings it back.""" + cb = backup_env["cb"] + skills = backup_env["skills"] + user_skill = _write_skill(skills, "my-personal-workflow", body="important content") + cb.snapshot_skills(reason="pre-simulated-curator") + + # Simulate curator archiving it out of existence + import shutil as _sh + _sh.rmtree(user_skill) + assert not user_skill.exists() + + ok, msg, _ = cb.rollback() + assert ok, f"rollback failed: {msg}" + assert user_skill.exists(), "my-personal-workflow should be restored" + assert "important content" in (user_skill / "SKILL.md").read_text() + + +def test_rollback_is_itself_undoable(backup_env): + """A rollback creates its own safety snapshot before replacing the + tree, so the user can undo a mistaken rollback. The safety snapshot + is a real tarball with reason='pre-rollback to <id>' — it's + listed by list_backups() just like any other snapshot and can be + restored the same way.""" + cb = backup_env["cb"] + skills = backup_env["skills"] + _write_skill(skills, "v1") + cb.snapshot_skills(reason="snapshot-of-v1") + + # Overwrite with a new skill state + import shutil as _sh + _sh.rmtree(skills / "v1") + _write_skill(skills, "v2") + + ok, _, _ = cb.rollback() + assert ok + assert (skills / "v1").exists() + + # list_backups should show a safety snapshot tagged "pre-rollback to <target-id>" + rows = cb.list_backups() + pre_rollback_entries = [r for r in rows if "pre-rollback" in (r.get("reason") or "")] + assert len(pre_rollback_entries) >= 1, ( + f"expected a pre-rollback safety snapshot in list_backups(), got: " + f"{[(r.get('id'), r.get('reason')) for r in rows]}" + ) + # And the transient staging dir must be gone (it's implementation detail) + backups_dir = skills / ".curator_backups" + staging_dirs = [p for p in backups_dir.iterdir() if p.name.startswith(".rollback-staging-")] + assert staging_dirs == [], ( + f"staging dir should be cleaned up on success, got: {staging_dirs}" + ) + + +def test_rollback_no_snapshots_returns_error(backup_env): + cb = backup_env["cb"] + ok, msg, _ = cb.rollback() + assert not ok + assert "no matching backup" in msg.lower() or "no snapshot" in msg.lower() + + +def test_rollback_rejects_unsafe_tarball(backup_env, monkeypatch): + """Tarballs with absolute paths or .. components must be refused even + if someone crafts a malicious snapshot. Defense in depth — normal + curator snapshots never produce these.""" + cb = backup_env["cb"] + skills = backup_env["skills"] + _write_skill(skills, "alpha") + cb.snapshot_skills(reason="legit") + + # Hand-craft a malicious tarball replacing the legit one + rows = cb.list_backups() + snap_dir = Path(rows[0]["path"]) + mal = snap_dir / "skills.tar.gz" + mal.unlink() + with tarfile.open(mal, "w:gz") as tf: + evil = tempfile.NamedTemporaryFile(delete=False, suffix=".md") + evil.write(b"evil") + evil.close() + tf.add(evil.name, arcname="../../etc/evil.md") + os.unlink(evil.name) + + ok, msg, _ = cb.rollback() + assert not ok + assert "unsafe" in msg.lower() or "refus" in msg.lower() or "extract" in msg.lower() + + +# --------------------------------------------------------------------------- +# Integration with run_curator_review +# --------------------------------------------------------------------------- + +def test_real_run_takes_pre_snapshot(backup_env, monkeypatch): + """A real (non-dry) curator pass must snapshot the tree before calling + apply_automatic_transitions. This is the safety net #18373 asked for.""" + cb = backup_env["cb"] + skills = backup_env["skills"] + _write_skill(skills, "alpha") + + # Reload curator module against the freshly-env'd hermes_constants + from agent import curator + importlib.reload(curator) + + # Stub out LLM review and auto transitions — we only care about the + # snapshot side-effect. + monkeypatch.setattr( + curator, "_run_llm_review", + lambda p: {"final": "", "summary": "s", "model": "", "provider": "", + "tool_calls": [], "error": None}, + ) + monkeypatch.setattr( + curator, "apply_automatic_transitions", + lambda now=None: {"checked": 1, "marked_stale": 0, "archived": 0, "reactivated": 0}, + ) + + curator.run_curator_review(synchronous=True) + # Pre-run snapshot should exist + rows = cb.list_backups() + assert any(r.get("reason") == "pre-curator-run" for r in rows), ( + f"expected a pre-curator-run snapshot, got {[r.get('reason') for r in rows]}" + ) + + +def test_dry_run_skips_snapshot(backup_env, monkeypatch): + """Dry-run previews must not spend disk on a snapshot — they don't + mutate anything, so there's nothing to back up.""" + cb = backup_env["cb"] + skills = backup_env["skills"] + _write_skill(skills, "alpha") + + from agent import curator + importlib.reload(curator) + monkeypatch.setattr( + curator, "_run_llm_review", + lambda p: {"final": "", "summary": "s", "model": "", "provider": "", + "tool_calls": [], "error": None}, + ) + + curator.run_curator_review(synchronous=True, dry_run=True) + rows = cb.list_backups() + assert not any(r.get("reason") == "pre-curator-run" for r in rows), ( + "dry-run must not create a pre-run snapshot" + ) diff --git a/website/docs/reference/cli-commands.md b/website/docs/reference/cli-commands.md index 5ae38e255b7..862c51606e8 100644 --- a/website/docs/reference/cli-commands.md +++ b/website/docs/reference/cli-commands.md @@ -718,12 +718,21 @@ The curator is an auxiliary-model background task that periodically reviews agen |------------|-------------| | `status` | Show curator status and skill stats | | `run` | Trigger a curator review now | +| `run --sync` | Block until the LLM pass finishes | +| `run --dry-run` | Preview only — produce the review report with no mutations | +| `backup` | Take a manual tar.gz snapshot of `~/.hermes/skills/` (curator also snapshots automatically before every real run) | +| `rollback` | Restore `~/.hermes/skills/` from a snapshot (defaults to newest) | +| `rollback --list` | List available snapshots | +| `rollback --id <ts>` | Restore a specific snapshot by id | +| `rollback -y` | Skip the confirmation prompt | | `pause` | Pause the curator until resumed | | `resume` | Resume a paused curator | | `pin <skill>` | Pin a skill so the curator never auto-transitions it | | `unpin <skill>` | Unpin a skill | | `restore <skill>` | Restore an archived skill | +On a fresh install the first scheduled pass is deferred by one full `interval_hours` (7 days by default) — the gateway will not curate immediately on the first tick after `hermes update`. Use `hermes curator run --dry-run` to preview before that happens. + See [Curator](../user-guide/features/curator.md) for behavior and config. ## `hermes fallback` diff --git a/website/docs/user-guide/features/curator.md b/website/docs/user-guide/features/curator.md index d9ba73dc7d0..fccef941dc6 100644 --- a/website/docs/user-guide/features/curator.md +++ b/website/docs/user-guide/features/curator.md @@ -23,6 +23,12 @@ The curator is triggered by an inactivity check, not a cron daemon. On CLI sessi If both are true, it spawns a background fork of `AIAgent` — the same pattern used by the memory/skill self-improvement nudges. The fork runs in its own prompt cache and never touches the active conversation. +:::info First-run behavior +On a brand-new install (or the first time a pre-curator install ticks after `hermes update`), the curator **does not run immediately**. The first observation seeds `last_run_at` to "now" and defers the first real pass by one full `interval_hours`. This gives you a full interval to review your skill library, pin anything important, or opt out entirely before the curator ever touches it. + +If you want to see what the curator *would* do before it runs for real, run `hermes curator run --dry-run` — it produces the same review report without mutating the library. +::: + A run has two phases: 1. **Automatic transitions** (deterministic, no LLM). Skills unused for `stale_after_days` (30) become `stale`; skills unused for `archive_after_days` (90) are moved to `~/.hermes/skills/.archive/`. @@ -80,6 +86,12 @@ Earlier releases used a one-off `curator.auxiliary.{provider,model}` block. That hermes curator status # last run, counts, pinned list, LRU top 5 hermes curator run # trigger a review now (background by default) hermes curator run --sync # same, but block until the LLM pass finishes +hermes curator run --dry-run # preview only — report without any mutations +hermes curator backup # take a manual snapshot of ~/.hermes/skills/ +hermes curator rollback # restore from the newest snapshot +hermes curator rollback --list # list available snapshots +hermes curator rollback --id <ts> # restore a specific snapshot +hermes curator rollback -y # skip the confirmation prompt hermes curator pause # stop runs until resumed hermes curator resume hermes curator pin <skill> # never auto-transition this skill @@ -87,6 +99,31 @@ hermes curator unpin <skill> hermes curator restore <skill> # move an archived skill back to active ``` +## Backups and rollback + +Before every real curator pass, Hermes takes a tar.gz snapshot of `~/.hermes/skills/` at `~/.hermes/skills/.curator_backups/<utc-iso>/skills.tar.gz`. If a pass archives or consolidates something you didn't want touched, you can undo the whole run with one command: + +```bash +hermes curator rollback # restore newest snapshot (with confirmation) +hermes curator rollback -y # skip the prompt +hermes curator rollback --list # see all snapshots with reason + size +``` + +The rollback itself is reversible: before replacing the skills tree, Hermes takes another snapshot tagged `pre-rollback to <target-id>`, so a mistaken rollback can be undone by rolling forward to that one with `--id`. + +You can also take manual snapshots at any time with `hermes curator backup --reason "before-refactor"`. The `--reason` string lands in the snapshot's `manifest.json` and is shown in `--list`. + +Snapshots are pruned to `curator.backup.keep` (default 5) to keep disk usage bounded: + +```yaml +curator: + backup: + enabled: true + keep: 5 +``` + +Set `curator.backup.enabled: false` to disable automatic snapshotting. The manual `hermes curator backup` command still works when backups are disabled only if you set `enabled: true` first — the flag gates both paths symmetrically so there's no way to accidentally skip the pre-run snapshot on mutating runs. + `hermes curator status` also lists the five least-recently-used skills — a quick way to see what's likely to become stale next. The same subcommands are available as the `/curator` slash command inside a running session (CLI or gateway platforms). @@ -104,6 +141,18 @@ Everything else in `~/.hermes/skills/` is fair game for the curator. This includ - Skills you created manually with a hand-written `SKILL.md`. - Skills added via external skill directories you've pointed Hermes at. +:::warning Your hand-written skills look the same as agent-saved ones +Provenance here is **binary** (bundled/hub vs. everything else). The curator cannot tell a hand-authored skill you rely on for private workflows apart from a skill the self-improvement loop saved mid-session. Both land in the "agent-created" bucket. + +Before the first real pass (7 days after installation by default), take a moment to: + +1. Run `hermes curator run --dry-run` to see exactly what the curator would propose. +2. Use `hermes curator pin <name>` to fence off anything you don't want touched. +3. Or set `curator.enabled: false` in `config.yaml` if you'd rather manage the library yourself. + +Archives are always recoverable via `hermes curator restore <name>`, but it's easier to pin up-front than to chase down a consolidation after the fact. +::: + If you want to protect a specific skill from ever being touched — for example a hand-authored skill you rely on — use `hermes curator pin <name>`. See the next section. ## Pinning a skill From f99676e315408db3742e00ca9808a31592704399 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Fri, 1 May 2026 09:50:08 -0700 Subject: [PATCH 120/133] fix(gateway): auto-restart when source files change out from under us (#17648) (#18409) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Long-running gateway processes that survive 'hermes update' keep pre-update modules cached in sys.modules. When new tool files on disk then try to 'from hermes_cli.config import cfg_get' (added in PR #17304), the import resolves against the stale module object and raises ImportError — hitting users on Matrix, Telegram, Feishu, and other platforms. Two defenses: 1. Gateway self-check (gateway/run.py). On __init__, snapshot the newest mtime across sentinel source files (hermes_cli/config.py, run_agent.py, gateway/run.py, etc.). On every inbound message, re-read those mtimes; if any is newer than boot time + 2s slack, request a graceful restart via the normal drain path and return a one-line ack to the user. Idempotent, works regardless of how the update happened (hermes update, manual git pull, installer). 2. Post-restart survivor sweep ('hermes update'). After the existing restart loop, sleep 3s, rescan for gateway PIDs we already tried to kill, and SIGKILL any survivors. The detached profile watchers and systemd then relaunch with fresh code instead of waiting out the 120s watcher timeout. Closes #17648. --- gateway/run.py | 140 ++++++++++++ hermes_cli/main.py | 36 ++++ tests/gateway/test_stale_code_self_check.py | 223 ++++++++++++++++++++ 3 files changed, 399 insertions(+) create mode 100644 tests/gateway/test_stale_code_self_check.py diff --git a/gateway/run.py b/gateway/run.py index 5a2d0a14425..29dfa884ec5 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -69,6 +69,46 @@ _PLATFORM_CONNECT_TIMEOUT_SECS_DEFAULT = 30.0 _AUTO_CONTINUE_FRESHNESS_SECS_DEFAULT = 60 * 60 +# --- Stale-code self-check ------------------------------------------------ +# Long-running gateway processes that survive an ``hermes update`` keep the +# old ``hermes_cli.config`` (and friends) cached in ``sys.modules``. When +# the updated tool files on disk then try to ``from hermes_cli.config +# import cfg_get`` (added in PR #17304), the import resolves against the +# already-loaded stale module object and raises ``ImportError`` — see +# Issue #17648. Rather than papering over the import failure site-by-site +# in every tool file, detect the stale state centrally and auto-restart +# so the gateway reloads with fresh code. The sentinel files below are +# the canonical repo-level markers that every update touches; if any is +# newer than the gateway's boot time, we know the running process is out +# of date. +_STALE_CODE_SENTINELS: tuple[str, ...] = ( + "hermes_cli/config.py", + "hermes_cli/__init__.py", + "run_agent.py", + "gateway/run.py", + "pyproject.toml", +) + + +def _compute_repo_mtime(repo_root: Path) -> float: + """Return the newest mtime across the stale-code sentinel files. + + Missing files are ignored (they may not exist on older checkouts). + Returns 0.0 if no sentinel file is readable — treat that as "can't + tell", which downstream callers interpret as "not stale" to avoid + false-positive restart loops. + """ + newest = 0.0 + for rel in _STALE_CODE_SENTINELS: + try: + st = (repo_root / rel).stat() + except (OSError, FileNotFoundError): + continue + if st.st_mtime > newest: + newest = st.st_mtime + return newest + + def _coerce_gateway_timestamp(value: Any) -> Optional[float]: """Best-effort conversion of stored gateway timestamps to epoch seconds. @@ -840,6 +880,12 @@ class GatewayRunner: _stop_task: Optional[asyncio.Task] = None _session_model_overrides: Dict[str, Dict[str, str]] = {} _session_reasoning_overrides: Dict[str, Dict[str, Any]] = {} + # Stale-code self-check defaults (see _detect_stale_code()). Class-level + # so tests that construct GatewayRunner via ``object.__new__`` without + # running __init__ don't crash when _handle_message reads these. + _boot_wall_time: float = 0.0 + _boot_repo_mtime: float = 0.0 + _stale_code_restart_triggered: bool = False def __init__(self, config: Optional[GatewayConfig] = None): global _gateway_runner_ref @@ -848,6 +894,22 @@ class GatewayRunner: self._warn_if_docker_media_delivery_is_risky() _gateway_runner_ref = _weakref.ref(self) + # Boot-time snapshot used by the stale-code self-check. Captured + # before any work happens so post-update file writes are guaranteed + # to have newer mtimes. See _detect_stale_code() / Issue #17648. + try: + self._boot_wall_time: float = time.time() + self._repo_root_for_staleness: Path = Path(__file__).resolve().parent.parent + self._boot_repo_mtime: float = _compute_repo_mtime( + self._repo_root_for_staleness, + ) + except Exception: + self._boot_wall_time = 0.0 + self._repo_root_for_staleness = Path(".") + self._boot_repo_mtime = 0.0 + self._stale_code_notified: set[str] = set() + self._stale_code_restart_triggered: bool = False + # Load ephemeral config from config.yaml / env vars. # Both are injected at API-call time only and never persisted. self._prefill_messages = self._load_prefill_messages() @@ -2392,6 +2454,63 @@ class GatewayRunner: task.add_done_callback(self._background_tasks.discard) return True + def _detect_stale_code(self) -> bool: + """Return True if source files on disk are newer than the running process. + + A gateway that survives ``hermes update`` (manual SIGTERM never + escalated, systemd restart race, detached-process respawn failed, + etc.) keeps pre-update modules cached in ``sys.modules``. Later + imports of names added post-update — e.g. ``cfg_get`` from PR + #17304 — raise ImportError against the stale module object (see + Issue #17648). Detecting this at the source — "the code on disk + is newer than me" — lets us auto-restart instead of serving + broken responses until the user notices and runs + ``hermes gateway restart`` manually. + + Returns False when the boot-time snapshot is unavailable or no + sentinel file is readable, to avoid false-positive restart loops + in unusual checkouts (sparse clones, read-only filesystems). + """ + if not self._boot_wall_time or not self._boot_repo_mtime: + return False + try: + current = _compute_repo_mtime(self._repo_root_for_staleness) + except Exception: + return False + if current <= 0.0: + return False + # 2-second slack guards against filesystems with coarse mtime + # resolution (FAT32, some NFS mounts). Real updates always move + # the newest-file mtime forward by minutes, so this doesn't hide + # genuine staleness. + return current > self._boot_repo_mtime + 2.0 + + def _trigger_stale_code_restart(self) -> None: + """Idempotently kick off a graceful restart after stale-code detection. + + Runs at most once per process. The restart request goes through + the normal drain path so in-flight agent turns finish before the + process exits; the service manager (systemd / launchd / detached + profile watcher) then respawns with fresh code. On manual + ``hermes gateway run`` installs without a supervisor, the + process exits and the user must restart by hand — but they get a + user-visible message telling them so. + """ + if self._stale_code_restart_triggered: + return + self._stale_code_restart_triggered = True + logger.warning( + "Stale-code self-check: source files newer than gateway boot " + "time (boot=%.0f, newest=%.0f) — requesting graceful restart. " + "See Issue #17648.", + self._boot_repo_mtime, + _compute_repo_mtime(self._repo_root_for_staleness), + ) + try: + self.request_restart(detached=False, via_service=True) + except Exception as exc: + logger.error("Stale-code restart request failed: %s", exc) + async def start(self) -> bool: """ Start the gateway and all configured platform adapters. @@ -4190,6 +4309,27 @@ class GatewayRunner: """ source = event.source + # Stale-code self-check (Issue #17648). A gateway that survives + # ``hermes update`` keeps old modules cached in sys.modules; the + # first inbound message is our earliest safe chance to detect + # this and restart gracefully before we dispatch to the agent + # and hit ImportError on freshly-added names (e.g. cfg_get). + # Idempotent — runs the real check at most once per message, and + # request_restart() no-ops after the first call. + try: + if self._detect_stale_code(): + self._trigger_stale_code_restart() + # Acknowledge to the user so they don't see a silent + # drop; the gateway will be back up in a moment via the + # service manager / profile-watcher respawn. + return ( + "⟳ Gateway code was updated in the background — " + "restarting this gateway so your next message runs " + "on the new code. Please retry in a moment." + ) + except Exception as _stale_exc: + logger.debug("Stale-code self-check failed: %s", _stale_exc) + # Internal events (e.g. background-process completion notifications) # are system-generated and must skip user authorization. is_internal = bool(getattr(event, "internal", False)) diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 92e932dab6d..856d85c6360 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -7548,6 +7548,42 @@ def _cmd_update_impl(args, gateway_mode: bool): # No gateways were running — nothing to do pass + # --- Post-restart survivor sweep ----------------------------- + # Issue #17648: some gateways ignore SIGTERM (stuck drain, + # blocked I/O, PID dead but zombie). The detached profile + # watchers wait 120s for the old PID to exit — if it never + # does, no respawn happens and the user keeps hitting + # ImportError against a stale sys.modules. Give the + # graceful paths a brief window to complete, then SIGKILL + # any remaining pre-update PIDs so the watcher / service + # manager can relaunch with fresh code. + try: + _time.sleep(3.0) + _service_pids_after = _get_service_pids() + _surviving = find_gateway_pids( + exclude_pids=_service_pids_after, all_profiles=True, + ) + # Scope to PIDs we already tried to kill during this + # update (killed_pids). Anything new is a gateway that + # started AFTER our restart attempt — respecting user + # intent, we don't kill those. + _stuck = [pid for pid in _surviving if pid in killed_pids] + if _stuck: + print() + print( + f" ⚠ {len(_stuck)} gateway process(es) ignored SIGTERM — force-killing" + ) + for pid in _stuck: + try: + os.kill(pid, _signal.SIGKILL) + except (ProcessLookupError, PermissionError): + pass + # Give the OS a beat to reap the processes so the + # watchers see them exit and respawn. + _time.sleep(1.5) + except Exception as _sweep_exc: + logger.debug("Post-restart survivor sweep failed: %s", _sweep_exc) + except Exception as e: logger.debug("Gateway restart during update failed: %s", e) diff --git a/tests/gateway/test_stale_code_self_check.py b/tests/gateway/test_stale_code_self_check.py new file mode 100644 index 00000000000..5289f575d40 --- /dev/null +++ b/tests/gateway/test_stale_code_self_check.py @@ -0,0 +1,223 @@ +"""Tests for the gateway stale-code self-check (Issue #17648). + +A gateway that survives ``hermes update`` keeps pre-update modules cached +in ``sys.modules``. Later imports of names added post-update (e.g. +``cfg_get`` from PR #17304) raise ImportError against the stale module +object. The self-check in ``GatewayRunner._detect_stale_code()`` detects +this by comparing boot-time sentinel-file mtimes against current ones, +and ``_trigger_stale_code_restart()`` triggers a graceful restart. +""" + +import os +import time +from pathlib import Path +from unittest.mock import MagicMock, patch + +import pytest + +from gateway.run import ( + GatewayRunner, + _compute_repo_mtime, + _STALE_CODE_SENTINELS, +) + + +def _make_tmp_repo(tmp_path: Path) -> Path: + """Create a fake repo with all stale-code sentinel files.""" + for rel in _STALE_CODE_SENTINELS: + p = tmp_path / rel + p.parent.mkdir(parents=True, exist_ok=True) + p.write_text("# test sentinel\n") + return tmp_path + + +def _make_runner(repo_root: Path, *, boot_mtime: float, boot_wall: float): + """Bare GatewayRunner with just the stale-check attributes set.""" + runner = object.__new__(GatewayRunner) + runner._repo_root_for_staleness = repo_root + runner._boot_wall_time = boot_wall + runner._boot_repo_mtime = boot_mtime + runner._stale_code_notified = set() + runner._stale_code_restart_triggered = False + return runner + + +def test_compute_repo_mtime_returns_newest(tmp_path): + """_compute_repo_mtime returns the newest mtime across sentinel files.""" + repo = _make_tmp_repo(tmp_path) + + # Stamp a baseline mtime across all sentinels + baseline = time.time() - 100 + for rel in _STALE_CODE_SENTINELS: + os.utime(repo / rel, (baseline, baseline)) + + # Touch one file forward + newer = time.time() + os.utime(repo / "hermes_cli/config.py", (newer, newer)) + + result = _compute_repo_mtime(repo) + assert abs(result - newer) < 1.0 # within 1s (filesystem mtime resolution) + + +def test_compute_repo_mtime_missing_files_returns_zero(tmp_path): + """Missing sentinel files return 0.0 (treated as 'can't tell' upstream).""" + # tmp_path has none of the sentinels + assert _compute_repo_mtime(tmp_path) == 0.0 + + +def test_compute_repo_mtime_partial_files_still_works(tmp_path): + """Partial sentinel presence still returns newest of the readable ones.""" + (tmp_path / "hermes_cli").mkdir() + target = tmp_path / "hermes_cli" / "config.py" + target.write_text("# partial\n") + target_mtime = time.time() - 50 + os.utime(target, (target_mtime, target_mtime)) + + result = _compute_repo_mtime(tmp_path) + assert abs(result - target_mtime) < 1.0 + + +def test_detect_stale_code_false_when_no_boot_snapshot(tmp_path): + """No boot snapshot → can't tell → not stale (no restart loop).""" + repo = _make_tmp_repo(tmp_path) + runner = _make_runner(repo, boot_mtime=0.0, boot_wall=0.0) + assert runner._detect_stale_code() is False + + +def test_detect_stale_code_false_when_files_unchanged(tmp_path): + """Source files at boot mtime → not stale.""" + repo = _make_tmp_repo(tmp_path) + # Freeze all sentinels to the same mtime + baseline = time.time() - 100 + for rel in _STALE_CODE_SENTINELS: + os.utime(repo / rel, (baseline, baseline)) + + runner = _make_runner(repo, boot_mtime=baseline, boot_wall=baseline) + assert runner._detect_stale_code() is False + + +def test_detect_stale_code_true_after_update(tmp_path): + """Sentinel files newer than boot snapshot → stale.""" + repo = _make_tmp_repo(tmp_path) + baseline = time.time() - 100 + for rel in _STALE_CODE_SENTINELS: + os.utime(repo / rel, (baseline, baseline)) + + runner = _make_runner(repo, boot_mtime=baseline, boot_wall=baseline) + + # Simulate hermes update touching config.py + new_mtime = time.time() + os.utime(repo / "hermes_cli/config.py", (new_mtime, new_mtime)) + + assert runner._detect_stale_code() is True + + +def test_detect_stale_code_ignores_subsecond_drift(tmp_path): + """2-second slack prevents false positives on coarse-mtime filesystems.""" + repo = _make_tmp_repo(tmp_path) + baseline = time.time() - 100 + for rel in _STALE_CODE_SENTINELS: + os.utime(repo / rel, (baseline, baseline)) + + runner = _make_runner(repo, boot_mtime=baseline, boot_wall=baseline) + + # Touch config.py 1s newer — within the 2s slack → not stale + os.utime(repo / "hermes_cli/config.py", (baseline + 1.0, baseline + 1.0)) + assert runner._detect_stale_code() is False + + # Touch 5s newer → stale + os.utime(repo / "hermes_cli/config.py", (baseline + 5.0, baseline + 5.0)) + assert runner._detect_stale_code() is True + + +def test_trigger_stale_code_restart_is_idempotent(tmp_path): + """Calling _trigger_stale_code_restart twice only requests restart once.""" + repo = _make_tmp_repo(tmp_path) + runner = _make_runner(repo, boot_mtime=1.0, boot_wall=1.0) + + calls = [] + + def fake_request_restart(*, detached=False, via_service=False): + calls.append((detached, via_service)) + return True + + runner.request_restart = fake_request_restart + + runner._trigger_stale_code_restart() + runner._trigger_stale_code_restart() + runner._trigger_stale_code_restart() + + assert len(calls) == 1 + assert runner._stale_code_restart_triggered is True + + +def test_trigger_stale_code_restart_survives_request_failure(tmp_path): + """If request_restart raises, we swallow and mark as triggered anyway.""" + repo = _make_tmp_repo(tmp_path) + runner = _make_runner(repo, boot_mtime=1.0, boot_wall=1.0) + + def boom(*, detached=False, via_service=False): + raise RuntimeError("no event loop") + + runner.request_restart = boom + + # Should not raise + runner._trigger_stale_code_restart() + + # Marked triggered so we don't retry on every subsequent message + assert runner._stale_code_restart_triggered is True + + +def test_detect_stale_code_handles_disappearing_repo_root(tmp_path): + """If the repo root vanishes after boot, return False (don't loop).""" + repo = _make_tmp_repo(tmp_path) + baseline = time.time() - 100 + for rel in _STALE_CODE_SENTINELS: + os.utime(repo / rel, (baseline, baseline)) + + runner = _make_runner(repo, boot_mtime=baseline, boot_wall=baseline) + + # Remove all sentinel files — _compute_repo_mtime returns 0.0 + for rel in _STALE_CODE_SENTINELS: + (repo / rel).unlink(missing_ok=True) + + assert runner._detect_stale_code() is False + + +def test_class_level_defaults_prevent_uninitialized_access(): + """Partial construction via object.__new__ must not crash _detect_stale_code.""" + runner = object.__new__(GatewayRunner) + # Don't set any instance attrs — class-level defaults should kick in + runner._repo_root_for_staleness = Path(".") + # _boot_wall_time / _boot_repo_mtime fall through to class defaults (0.0) + assert runner._detect_stale_code() is False + # _stale_code_restart_triggered falls through to class default (False) + assert runner._stale_code_restart_triggered is False + + +def test_init_captures_boot_snapshot(monkeypatch, tmp_path): + """GatewayRunner.__init__ captures a usable stale-code baseline.""" + # Stub out the heavy parts of __init__ we don't need. We only want + # to prove the stale-code snapshot is captured before anything else. + from gateway import run as run_mod + + calls = {} + + def fake_compute(repo_root): + calls["repo_root"] = repo_root + return 1234567890.0 + + monkeypatch.setattr(run_mod, "_compute_repo_mtime", fake_compute) + + # Build a runner without running the full __init__ — then manually + # exercise the stale-check init block that __init__ contains. + runner = object.__new__(GatewayRunner) + runner._boot_wall_time = time.time() + runner._repo_root_for_staleness = Path(run_mod.__file__).resolve().parent.parent + runner._boot_repo_mtime = run_mod._compute_repo_mtime(runner._repo_root_for_staleness) + runner._stale_code_notified = set() + runner._stale_code_restart_triggered = False + + assert runner._boot_repo_mtime == 1234567890.0 + assert calls["repo_root"] == runner._repo_root_for_staleness + assert runner._boot_wall_time > 0 From 0b76d23d1acffd14bbc5061cd4f913cf7a0e1a8a Mon Sep 17 00:00:00 2001 From: Jeffrey Quesnelle <emozilla@nousresearch.com> Date: Fri, 1 May 2026 13:29:22 -0400 Subject: [PATCH 121/133] makes the Persistent Goals docs accessible in the docs nav (and llms.txt) (#18481) --- website/docs/user-guide/features/goals.md | 2 +- website/scripts/generate-llms-txt.py | 1 + website/sidebars.ts | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/user-guide/features/goals.md b/website/docs/user-guide/features/goals.md index f8c613ca7fa..f97502f3bd5 100644 --- a/website/docs/user-guide/features/goals.md +++ b/website/docs/user-guide/features/goals.md @@ -1,6 +1,6 @@ --- sidebar_position: 16 -title: "Persistent Goals (`/goal`)" +title: "Persistent Goals" description: "Set a standing goal and let Hermes keep working across turns until it's done. Our take on the Ralph loop." --- diff --git a/website/scripts/generate-llms-txt.py b/website/scripts/generate-llms-txt.py index dd24eb1f2db..e1a9fcced99 100644 --- a/website/scripts/generate-llms-txt.py +++ b/website/scripts/generate-llms-txt.py @@ -75,6 +75,7 @@ SECTIONS: list[tuple[str, list[tuple[str, str, str | None]]]] = [ ("user-guide/features/delegation", "Delegation", None), ("user-guide/features/kanban", "Kanban Multi-Agent", None), ("user-guide/features/kanban-tutorial", "Kanban Tutorial", None), + ("user-guide/features/goals", "Persistent Goals", None), ("user-guide/features/code-execution", "Code Execution", None), ("user-guide/features/hooks", "Hooks", None), ("user-guide/features/batch-processing", "Batch Processing", None), diff --git a/website/sidebars.ts b/website/sidebars.ts index e63fcdd3a3f..8ac1e33c878 100644 --- a/website/sidebars.ts +++ b/website/sidebars.ts @@ -65,6 +65,7 @@ const sidebars: SidebarsConfig = { 'user-guide/features/delegation', 'user-guide/features/kanban', 'user-guide/features/kanban-tutorial', + 'user-guide/features/goals', 'user-guide/features/code-execution', 'user-guide/features/hooks', 'user-guide/features/batch-processing', From 7cda0e522443c6e7790793b93b085508fc530fc8 Mon Sep 17 00:00:00 2001 From: kshitijk4poor <82637225+kshitijk4poor@users.noreply.github.com> Date: Fri, 1 May 2026 08:53:30 +0530 Subject: [PATCH 122/133] fix(gateway/slack): ephemeral ack and routing for slash commands MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Slack slash commands (/q, /btw, /stop, /model, etc.) previously showed no user-visible acknowledgement and posted command replies as public channel messages. This diverged from Discord, which uses ephemeral deferred responses for slash commands. Changes: - handle_hermes_command now passes response_type='ephemeral' and a 'Running /cmd…' text to ack(), giving the user immediate 'Only visible to you' feedback when they invoke any native slash command. - _handle_slash_command stashes the Slack response_url from the command payload in a per-channel context dict before dispatching to handle_message. - send() checks for a pending slash context and, when found, POSTs to the response_url with replace_original=true to swap the initial ack with the real command reply (e.g. 'Queued for the next turn.'), keeping it ephemeral. - Stale slash contexts are garbage-collected on lookup (120s TTL). - The response_url POST is non-fatal: if it fails, the user already saw the initial ack, and send() returns success=True. Fixes #18182 --- gateway/platforms/slack.py | 113 +++++++++++++++++++- tests/gateway/test_slack.py | 205 ++++++++++++++++++++++++++++++++++++ 2 files changed, 317 insertions(+), 1 deletion(-) diff --git a/gateway/platforms/slack.py b/gateway/platforms/slack.py index 77341c9ce0b..4c6f29e83b3 100644 --- a/gateway/platforms/slack.py +++ b/gateway/platforms/slack.py @@ -21,6 +21,7 @@ try: from slack_bolt.async_app import AsyncApp from slack_bolt.adapter.socket_mode.async_handler import AsyncSocketModeHandler from slack_sdk.web.async_client import AsyncWebClient + import aiohttp SLACK_AVAILABLE = True except ImportError: SLACK_AVAILABLE = False @@ -310,6 +311,11 @@ class SlackAdapter(BasePlatformAdapter): # Track active assistant thread status indicators so stop_typing can # clear them (chat_id → thread_ts). self._active_status_threads: Dict[str, str] = {} + # Slash-command contexts: stash response_url + user_id so send() + # can route the first reply ephemerally. Keyed by + # (channel_id, user_id) to avoid cross-user collisions. + # Each value: {"response_url": str, "ts": float} + self._slash_command_contexts: Dict[Tuple[str, str], Dict[str, Any]] = {} def _describe_slack_api_error(self, response: Any, *, file_obj: Optional[Dict[str, Any]] = None) -> Optional[str]: """Convert Slack API auth/permission failures into actionable user-facing text.""" @@ -368,6 +374,86 @@ class SlackAdapter(BasePlatformAdapter): ) return None + # ------------------------------------------------------------------ + # Slash-command ephemeral helpers + # ------------------------------------------------------------------ + + _SLASH_CTX_TTL = 120.0 # seconds — response_url is valid for 30 min; + # we use a much shorter TTL to avoid routing unrelated messages + # as ephemeral if the command handler was slow or dropped. + + def _pop_slash_context( + self, chat_id: str, + ) -> Optional[Dict[str, Any]]: + """Return and remove the slash-command context for *chat_id*, if fresh. + + Contexts older than ``_SLASH_CTX_TTL`` seconds are silently discarded. + Uses a full scan (dict is tiny) so we don't need the user_id in + ``send()``, which only receives the channel ID from base.py. + """ + now = time.monotonic() + # Clean up stale entries on every lookup — dict is small. + stale_keys = [ + k for k, v in self._slash_command_contexts.items() + if now - v["ts"] > self._SLASH_CTX_TTL + ] + for k in stale_keys: + self._slash_command_contexts.pop(k, None) + + # Find the context for this channel (may be keyed under any user). + match_key = None + for key in list(self._slash_command_contexts): + if key[0] == chat_id: + match_key = key + break + if match_key is None: + return None + return self._slash_command_contexts.pop(match_key) + + async def _send_slash_ephemeral( + self, + ctx: Dict[str, Any], + content: str, + ) -> "SendResult": + """Replace the initial ephemeral ack via ``response_url``. + + Slack's ``response_url`` accepts a POST with ``replace_original`` + for up to 30 minutes after the slash command was invoked. This + lets us swap the "Running /cmd…" placeholder with the real reply, + and the message stays ephemeral ("Only visible to you"). + + Falls back to a simple ``True`` SendResult if the POST fails — + the user already saw the initial ack, so a delivery failure here + is non-critical. + """ + formatted = self.format_message(content) + payload = { + "response_type": "ephemeral", + "replace_original": True, + "text": formatted, + } + try: + async with aiohttp.ClientSession() as session: + async with session.post( + ctx["response_url"], + json=payload, + timeout=aiohttp.ClientTimeout(total=10), + ) as resp: + if resp.status == 200: + return SendResult(success=True, message_id=None) + body = await resp.text() + logger.warning( + "[Slack] response_url POST returned %s: %s", + resp.status, + body[:200], + ) + except Exception as e: + logger.warning( + "[Slack] response_url POST failed: %s", e, + ) + # Non-fatal — the user saw the initial ack already. + return SendResult(success=True, message_id=None) + async def connect(self) -> bool: """Connect to Slack via Socket Mode.""" if not SLACK_AVAILABLE: @@ -502,7 +588,11 @@ class SlackAdapter(BasePlatformAdapter): @self._app.command(_slash_pattern) async def handle_hermes_command(ack, command): - await ack() + slash = (command.get("command") or "").lstrip("/") + await ack( + response_type="ephemeral", + text=f"Running `/{slash}`…", + ) await self._handle_slash_command(command) # Register Block Kit action handlers for approval buttons @@ -574,6 +664,17 @@ class SlackAdapter(BasePlatformAdapter): return SendResult(success=False, error="Not connected") try: + # Check for a pending slash-command context. When the user ran a + # native slash command (e.g. /q, /stop, /model), the initial ack + # already showed an ephemeral "Running /cmd…" message. If we have + # a stashed response_url for this channel, replace that ack with + # the actual command reply ephemerally instead of posting publicly. + slash_ctx = self._pop_slash_context(chat_id) + if slash_ctx: + return await self._send_slash_ephemeral( + slash_ctx, content, + ) + # Convert standard markdown → Slack mrkdwn formatted = self.format_message(content) @@ -2537,6 +2638,16 @@ class SlackAdapter(BasePlatformAdapter): raw_message=command, ) + # Stash the Slack response_url so the first reply for this + # channel+user can be routed ephemerally (replaces the initial + # "Running /cmd…" ack shown by handle_hermes_command). + response_url = command.get("response_url", "") + if response_url and user_id and channel_id: + self._slash_command_contexts[(channel_id, user_id)] = { + "response_url": response_url, + "ts": time.monotonic(), + } + await self.handle_message(event) def _has_active_session_for_thread( diff --git a/tests/gateway/test_slack.py b/tests/gateway/test_slack.py index ef9897bda0b..5830d1f517a 100644 --- a/tests/gateway/test_slack.py +++ b/tests/gateway/test_slack.py @@ -53,6 +53,9 @@ def _ensure_slack_mock(): ]: sys.modules.setdefault(name, mod) + # aiohttp is imported alongside slack-bolt; mock it if missing + sys.modules.setdefault("aiohttp", MagicMock()) + _ensure_slack_mock() @@ -2586,3 +2589,205 @@ class TestSlackReplyToText: assert msg_event.reply_to_text is None # Top-level message: reply_to_message_id must be falsy (None or empty). assert not msg_event.reply_to_message_id + + +# --------------------------------------------------------------------------- +# Slash-command ephemeral ack and routing (#18182) +# --------------------------------------------------------------------------- + + +class TestSlashEphemeralAck: + """Slash commands should produce an ephemeral ack and route replies ephemerally.""" + + @pytest.mark.asyncio + async def test_slash_command_stashes_response_url(self, adapter): + """_handle_slash_command stashes response_url for later ephemeral routing.""" + command = { + "command": "/q", + "text": "follow-up question", + "user_id": "U_SLASH", + "channel_id": "C_SLASH", + "response_url": "https://hooks.slack.com/commands/T123/456/abc", + } + await adapter._handle_slash_command(command) + + # The context should be stashed under (channel_id, user_id). + key = ("C_SLASH", "U_SLASH") + assert key in adapter._slash_command_contexts + ctx = adapter._slash_command_contexts[key] + assert ctx["response_url"] == "https://hooks.slack.com/commands/T123/456/abc" + assert "ts" in ctx + + @pytest.mark.asyncio + async def test_slash_command_without_response_url_does_not_stash(self, adapter): + """Commands without a response_url should not create a context.""" + command = { + "command": "/stop", + "text": "", + "user_id": "U1", + "channel_id": "C1", + # no response_url + } + await adapter._handle_slash_command(command) + assert len(adapter._slash_command_contexts) == 0 + + @pytest.mark.asyncio + async def test_pop_slash_context_returns_and_removes(self, adapter): + """_pop_slash_context returns the context and removes it.""" + import time + adapter._slash_command_contexts[("C1", "U1")] = { + "response_url": "https://hooks.slack.com/test", + "ts": time.monotonic(), + } + + ctx = adapter._pop_slash_context("C1") + assert ctx is not None + assert ctx["response_url"] == "https://hooks.slack.com/test" + # Must be removed after pop + assert len(adapter._slash_command_contexts) == 0 + + @pytest.mark.asyncio + async def test_pop_slash_context_returns_none_for_no_match(self, adapter): + """_pop_slash_context returns None when no context exists.""" + ctx = adapter._pop_slash_context("C_NONEXISTENT") + assert ctx is None + + @pytest.mark.asyncio + async def test_pop_slash_context_discards_stale_entries(self, adapter): + """Stale contexts older than TTL are cleaned up.""" + import time + adapter._slash_command_contexts[("C1", "U1")] = { + "response_url": "https://hooks.slack.com/stale", + "ts": time.monotonic() - adapter._SLASH_CTX_TTL - 1, + } + + ctx = adapter._pop_slash_context("C1") + assert ctx is None + assert len(adapter._slash_command_contexts) == 0 + + @pytest.mark.asyncio + async def test_send_uses_response_url_when_context_exists(self, adapter): + """send() should POST to response_url for slash command replies.""" + import time + adapter._slash_command_contexts[("C_SLASH", "U_SLASH")] = { + "response_url": "https://hooks.slack.com/commands/T123/456/abc", + "ts": time.monotonic(), + } + + mock_resp = AsyncMock() + mock_resp.status = 200 + mock_resp.__aenter__ = AsyncMock(return_value=mock_resp) + mock_resp.__aexit__ = AsyncMock(return_value=False) + + mock_session = AsyncMock() + mock_session.post = MagicMock(return_value=mock_resp) + mock_session.__aenter__ = AsyncMock(return_value=mock_session) + mock_session.__aexit__ = AsyncMock(return_value=False) + + with patch("gateway.platforms.slack.aiohttp.ClientSession", return_value=mock_session): + result = await adapter.send("C_SLASH", "Queued for the next turn.") + + assert result.success is True + # Verify response_url was POSTed to + mock_session.post.assert_called_once() + call_args = mock_session.post.call_args + assert call_args[0][0] == "https://hooks.slack.com/commands/T123/456/abc" + payload = call_args[1]["json"] + assert payload["response_type"] == "ephemeral" + assert payload["replace_original"] is True + assert "Queued for the next turn" in payload["text"] + + # Context must be consumed + assert len(adapter._slash_command_contexts) == 0 + + @pytest.mark.asyncio + async def test_send_falls_through_without_context(self, adapter): + """send() should use normal chat_postMessage when no slash context exists.""" + mock_result = {"ts": "1234.5678", "ok": True} + adapter._app.client.chat_postMessage = AsyncMock(return_value=mock_result) + + result = await adapter.send("C_NORMAL", "Hello world") + + assert result.success is True + adapter._app.client.chat_postMessage.assert_called_once() + + @pytest.mark.asyncio + async def test_send_slash_ephemeral_fallback_on_post_failure(self, adapter): + """_send_slash_ephemeral returns success=True even if POST fails.""" + import time + adapter._slash_command_contexts[("C1", "U1")] = { + "response_url": "https://hooks.slack.com/commands/bad", + "ts": time.monotonic(), + } + + mock_resp = AsyncMock() + mock_resp.status = 500 + mock_resp.text = AsyncMock(return_value="Internal Server Error") + mock_resp.__aenter__ = AsyncMock(return_value=mock_resp) + mock_resp.__aexit__ = AsyncMock(return_value=False) + + mock_session = AsyncMock() + mock_session.post = MagicMock(return_value=mock_resp) + mock_session.__aenter__ = AsyncMock(return_value=mock_session) + mock_session.__aexit__ = AsyncMock(return_value=False) + + with patch("gateway.platforms.slack.aiohttp.ClientSession", return_value=mock_session): + result = await adapter.send("C1", "Some response") + + # Still success — the user saw the initial ack already + assert result.success is True + + @pytest.mark.asyncio + async def test_send_slash_ephemeral_fallback_on_exception(self, adapter): + """_send_slash_ephemeral returns success=True even if aiohttp raises.""" + import time + adapter._slash_command_contexts[("C1", "U1")] = { + "response_url": "https://hooks.slack.com/commands/timeout", + "ts": time.monotonic(), + } + + mock_session = AsyncMock() + mock_session.post = MagicMock(side_effect=Exception("connection timeout")) + mock_session.__aenter__ = AsyncMock(return_value=mock_session) + mock_session.__aexit__ = AsyncMock(return_value=False) + + with patch("gateway.platforms.slack.aiohttp.ClientSession", return_value=mock_session): + result = await adapter.send("C1", "Some response") + + assert result.success is True + + @pytest.mark.asyncio + async def test_native_slash_stashes_context_and_dispatches(self, adapter): + """Full flow: native /q slash → stash + handle_message dispatch.""" + command = { + "command": "/q", + "text": "do something", + "user_id": "U_Q", + "channel_id": "C_Q", + "response_url": "https://hooks.slack.com/commands/T1/2/q", + } + await adapter._handle_slash_command(command) + + # 1. handle_message was called with the right event + adapter.handle_message.assert_called_once() + event = adapter.handle_message.call_args[0][0] + assert event.text == "/q do something" + assert event.message_type == MessageType.COMMAND + + # 2. Context stashed for ephemeral routing + assert ("C_Q", "U_Q") in adapter._slash_command_contexts + + @pytest.mark.asyncio + async def test_legacy_hermes_slash_stashes_context(self, adapter): + """Legacy /hermes <subcommand> also stashes context.""" + command = { + "command": "/hermes", + "text": "help", + "user_id": "U_H", + "channel_id": "C_H", + "response_url": "https://hooks.slack.com/commands/T1/3/h", + } + await adapter._handle_slash_command(command) + + adapter.handle_message.assert_called_once() + assert ("C_H", "U_H") in adapter._slash_command_contexts From 0ab2d752ffdae211b0f4fd06c8f62cf7eec191a7 Mon Sep 17 00:00:00 2001 From: probepark <probepark@users.noreply.github.com> Date: Fri, 1 May 2026 09:07:39 +0530 Subject: [PATCH 123/133] feat(gateway): private notice delivery and Slack format_message fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds platform-level private notice delivery abstraction so operational messages (e.g. sethome prompt) can be sent ephemerally on Slack when configured with `slack.notice_delivery: private`. Changes: - gateway/config.py: _normalize_notice_delivery() + GatewayConfig.get_notice_delivery() with per-platform config bridging - gateway/platforms/base.py: send_private_notice() default implementation (falls through to send()) - gateway/platforms/slack.py: send_private_notice() via chat_postEphemeral - gateway/run.py: _deliver_platform_notice() helper replaces direct adapter.send() for the sethome notice, with private→public fallback - gateway/platforms/slack.py: app_mention handler now forwards to _handle_slack_message (safe due to ts-based dedup) instead of no-op pass, fixing edge-case Slack configs where mentions arrive only as app_mention - gateway/platforms/slack.py format_message: negative lookbehind prevents markdown images (![]()) from becoming broken Slack links; italic regex now requires non-whitespace boundaries so 'a * b * c' stays literal Based on PR #9340 by @probepark. --- gateway/config.py | 25 ++++++++++ gateway/platforms/base.py | 20 ++++++++ gateway/platforms/slack.py | 53 ++++++++++++++++++--- gateway/run.py | 61 +++++++++++++++++------- tests/gateway/test_config.py | 36 ++++++++++++++ tests/gateway/test_notice_delivery.py | 67 +++++++++++++++++++++++++++ tests/gateway/test_slack.py | 32 +++++++++++++ 7 files changed, 269 insertions(+), 25 deletions(-) create mode 100644 tests/gateway/test_notice_delivery.py diff --git a/gateway/config.py b/gateway/config.py index ce7baffac11..6db8e55d848 100644 --- a/gateway/config.py +++ b/gateway/config.py @@ -65,6 +65,15 @@ def _normalize_unauthorized_dm_behavior(value: Any, default: str = "pair") -> st return default +def _normalize_notice_delivery(value: Any, default: str = "public") -> str: + """Normalize notice delivery mode to a supported value.""" + if isinstance(value, str): + normalized = value.strip().lower() + if normalized in {"public", "private"}: + return normalized + return default + + # Module-level cache for bundled platform plugin names (lives outside the # enum so it doesn't become an accidental enum member). _Platform__bundled_plugin_names: Optional[set] = None @@ -592,6 +601,17 @@ class GatewayConfig: ) return self.unauthorized_dm_behavior + def get_notice_delivery(self, platform: Optional[Platform] = None) -> str: + """Return the effective notice-delivery mode for a platform.""" + if platform: + platform_cfg = self.platforms.get(platform) + if platform_cfg and "notice_delivery" in platform_cfg.extra: + return _normalize_notice_delivery( + platform_cfg.extra.get("notice_delivery"), + "public", + ) + return "public" + def load_gateway_config() -> GatewayConfig: """ @@ -707,6 +727,11 @@ def load_gateway_config() -> GatewayConfig: platform_cfg.get("unauthorized_dm_behavior"), gw_data.get("unauthorized_dm_behavior", "pair"), ) + if "notice_delivery" in platform_cfg: + bridged["notice_delivery"] = _normalize_notice_delivery( + platform_cfg.get("notice_delivery"), + "public", + ) if "reply_prefix" in platform_cfg: bridged["reply_prefix"] = platform_cfg["reply_prefix"] if "reply_in_thread" in platform_cfg: diff --git a/gateway/platforms/base.py b/gateway/platforms/base.py index ea02279706f..ef08b05405a 100644 --- a/gateway/platforms/base.py +++ b/gateway/platforms/base.py @@ -1593,6 +1593,26 @@ class BasePlatformAdapter(ABC): """ return SendResult(success=False, error="Not supported") + async def send_private_notice( + self, + chat_id: str, + user_id: Optional[str], + content: str, + reply_to: Optional[str] = None, + metadata: Optional[Dict[str, Any]] = None, + ) -> SendResult: + """Send a notice privately when the platform supports it. + + The default implementation falls back to a normal send so callers can + use one code path across platforms. + """ + return await self.send( + chat_id=chat_id, + content=content, + reply_to=reply_to, + metadata=metadata, + ) + async def send_typing(self, chat_id: str, metadata=None) -> None: """ Send a typing indicator. diff --git a/gateway/platforms/slack.py b/gateway/platforms/slack.py index 4c6f29e83b3..5479b838a7a 100644 --- a/gateway/platforms/slack.py +++ b/gateway/platforms/slack.py @@ -532,12 +532,13 @@ class SlackAdapter(BasePlatformAdapter): async def handle_message_event(event, say): await self._handle_slack_message(event) - # Acknowledge app_mention events to prevent Bolt 404 errors. - # The "message" handler above already processes @mentions in - # channels, so this is intentionally a no-op to avoid duplicates. + # Handle app_mention explicitly. In some Slack app configurations, + # channel mentions arrive only as app_mention events rather than the + # generic message event. Forward them into the normal message + # pipeline so @mentions reliably produce replies. @self._app.event("app_mention") async def handle_app_mention(event, say): - pass + await self._handle_slack_message(event) # File lifecycle events can arrive around snippet uploads even when # the actual user message is what we care about. Ack them so Slack @@ -725,6 +726,42 @@ class SlackAdapter(BasePlatformAdapter): logger.error("[Slack] Send error: %s", e, exc_info=True) return SendResult(success=False, error=str(e)) + async def send_private_notice( + self, + chat_id: str, + user_id: str, + content: str, + reply_to: Optional[str] = None, + metadata: Optional[Dict[str, Any]] = None, + ) -> SendResult: + """Send a Slack ephemeral message visible only to one user.""" + if not self._app: + return SendResult(success=False, error="Not connected") + if not chat_id or not user_id: + return SendResult(success=False, error="chat_id and user_id are required") + + try: + formatted = self.format_message(content) + thread_ts = self._resolve_thread_ts(reply_to, metadata) + kwargs = { + "channel": chat_id, + "user": user_id, + "text": formatted, + "mrkdwn": True, + } + if thread_ts: + kwargs["thread_ts"] = thread_ts + + result = await self._get_client(chat_id).chat_postEphemeral(**kwargs) + return SendResult( + success=True, + message_id=result.get("message_ts") or result.get("ts"), + raw_response=result, + ) + except Exception as e: # pragma: no cover - defensive logging + logger.error("[Slack] Ephemeral send error: %s", e, exc_info=True) + return SendResult(success=False, error=str(e)) + async def edit_message( self, chat_id: str, @@ -1070,7 +1107,7 @@ class SlackAdapter(BasePlatformAdapter): return _ph(f'<{url}|{label}>') text = re.sub( - r'\[([^\]]+)\]\(([^()]*(?:\([^()]*\)[^()]*)*)\)', + r'(?<!!)\[([^\]]+)\]\(([^()]*(?:\([^()]*\)[^()]*)*)\)', _convert_markdown_link, text, ) @@ -1117,9 +1154,11 @@ class SlackAdapter(BasePlatformAdapter): ) # 10) Convert italic: _text_ stays as _text_ (already Slack italic) - # Single *text* → _text_ (Slack italic) + # Single *text* → _text_ (Slack italic), but only when the + # emphasized text touches non-whitespace on both sides so literal + # delimiters like "a * b * c" are preserved. text = re.sub( - r'(?<!\*)\*([^*\n]+)\*(?!\*)', + r'(?<!\*)\*(\S(?:[^*\n]*?\S)?)\*(?!\*)', lambda m: _ph(f'_{m.group(1)}_'), text, ) diff --git a/gateway/run.py b/gateway/run.py index 29dfa884ec5..1e9ddf65052 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -4294,6 +4294,33 @@ class GatewayRunner: return "pair" + async def _deliver_platform_notice(self, source, content: str) -> None: + """Deliver a setup/operational notice using platform-specific privacy rules.""" + adapter = self.adapters.get(source.platform) + if not adapter: + return + + config = getattr(self, "config", None) + notice_delivery = "public" + if config and hasattr(config, "get_notice_delivery"): + notice_delivery = config.get_notice_delivery(source.platform) + + metadata = {"thread_id": source.thread_id} if getattr(source, "thread_id", None) else None + if notice_delivery == "private" and getattr(source, "user_id", None): + try: + result = await adapter.send_private_notice( + source.chat_id, + source.user_id, + content, + metadata=metadata, + ) + if getattr(result, "success", False): + return + except Exception: + pass + + await adapter.send(source.chat_id, content, metadata=metadata) + async def _handle_message(self, event: MessageEvent) -> Optional[str]: """ Handle an incoming message from any platform. @@ -5953,24 +5980,22 @@ class GatewayRunner: platform_name = source.platform.value env_key = _home_target_env_var(platform_name) if not os.getenv(env_key): - adapter = self.adapters.get(source.platform) - if adapter: - # Slack dispatches all Hermes commands through a single - # parent slash command `/hermes`; bare `/sethome` is not - # registered and would fail with "app did not respond". - sethome_cmd = ( - "/hermes sethome" - if source.platform == Platform.SLACK - else "/sethome" - ) - await adapter.send( - source.chat_id, - f"📬 No home channel is set for {platform_name.title()}. " - f"A home channel is where Hermes delivers cron job results " - f"and cross-platform messages.\n\n" - f"Type {sethome_cmd} to make this chat your home channel, " - f"or ignore to skip." - ) + # Slack dispatches all Hermes commands through a single + # parent slash command `/hermes`; bare `/sethome` is not + # registered and would fail with "app did not respond". + sethome_cmd = ( + "/hermes sethome" + if source.platform == Platform.SLACK + else "/sethome" + ) + notice = ( + f"📬 No home channel is set for {platform_name.title()}. " + f"A home channel is where Hermes delivers cron job results " + f"and cross-platform messages.\n\n" + f"Type {sethome_cmd} to make this chat your home channel, " + f"or ignore to skip." + ) + await self._deliver_platform_notice(source, notice) # ----------------------------------------------------------------- # Voice channel awareness — inject current voice channel state diff --git a/tests/gateway/test_config.py b/tests/gateway/test_config.py index 0f5a1440b1c..3df2a7d50b9 100644 --- a/tests/gateway/test_config.py +++ b/tests/gateway/test_config.py @@ -213,6 +213,26 @@ class TestGatewayConfigRoundtrip: restored = GatewayConfig.from_dict({"always_log_local": "false"}) assert restored.always_log_local is False + def test_get_notice_delivery_defaults_to_public(self): + config = GatewayConfig( + platforms={Platform.SLACK: PlatformConfig(enabled=True, token="***")} + ) + + assert config.get_notice_delivery(Platform.SLACK) == "public" + + def test_get_notice_delivery_honors_platform_override(self): + config = GatewayConfig( + platforms={ + Platform.SLACK: PlatformConfig( + enabled=True, + token="***", + extra={"notice_delivery": "private"}, + ), + } + ) + + assert config.get_notice_delivery(Platform.SLACK) == "private" + class TestLoadGatewayConfig: def test_bridges_quick_commands_from_config_yaml(self, tmp_path, monkeypatch): @@ -457,6 +477,22 @@ class TestLoadGatewayConfig: assert config.platforms[Platform.TELEGRAM].extra["disable_link_previews"] is True + def test_bridges_notice_delivery_from_config_yaml(self, tmp_path, monkeypatch): + hermes_home = tmp_path / ".hermes" + hermes_home.mkdir() + config_path = hermes_home / "config.yaml" + config_path.write_text( + "slack:\n" + " notice_delivery: private\n", + encoding="utf-8", + ) + + monkeypatch.setenv("HERMES_HOME", str(hermes_home)) + + config = load_gateway_config() + + assert config.get_notice_delivery(Platform.SLACK) == "private" + def test_bridges_telegram_proxy_url_from_config_yaml(self, tmp_path, monkeypatch): hermes_home = tmp_path / ".hermes" hermes_home.mkdir() diff --git a/tests/gateway/test_notice_delivery.py b/tests/gateway/test_notice_delivery.py new file mode 100644 index 00000000000..0f2a22ff967 --- /dev/null +++ b/tests/gateway/test_notice_delivery.py @@ -0,0 +1,67 @@ +from unittest.mock import AsyncMock, MagicMock + +import pytest + +from gateway.config import GatewayConfig, Platform, PlatformConfig +from gateway.platforms.base import SendResult +from gateway.run import GatewayRunner +from gateway.session import SessionSource + + +def _make_source() -> SessionSource: + return SessionSource( + platform=Platform.SLACK, + chat_id="C123", + chat_type="channel", + user_id="U123", + thread_id="111.222", + ) + + +def _make_runner(extra=None): + runner = object.__new__(GatewayRunner) + runner.config = GatewayConfig( + platforms={ + Platform.SLACK: PlatformConfig(enabled=True, token="***", extra=extra or {}) + } + ) + adapter = MagicMock() + adapter.send = AsyncMock(return_value=SendResult(success=True, message_id="public-1")) + adapter.send_private_notice = AsyncMock(return_value=SendResult(success=True, message_id="private-1")) + runner.adapters = {Platform.SLACK: adapter} + return runner, adapter + + +@pytest.mark.asyncio +async def test_deliver_platform_notice_uses_private_delivery_when_configured(): + runner, adapter = _make_runner(extra={"notice_delivery": "private"}) + + await runner._deliver_platform_notice(_make_source(), "hello") + + adapter.send_private_notice.assert_awaited_once_with( + "C123", + "U123", + "hello", + metadata={"thread_id": "111.222"}, + ) + adapter.send.assert_not_awaited() + + +@pytest.mark.asyncio +async def test_deliver_platform_notice_falls_back_to_public_when_private_fails(): + runner, adapter = _make_runner(extra={"notice_delivery": "private"}) + adapter.send_private_notice = AsyncMock(return_value=SendResult(success=False, error="nope")) + + await runner._deliver_platform_notice(_make_source(), "hello") + + adapter.send.assert_awaited_once_with("C123", "hello", metadata={"thread_id": "111.222"}) + + +@pytest.mark.asyncio +async def test_deliver_platform_notice_uses_public_delivery_by_default(): + runner, adapter = _make_runner() + + await runner._deliver_platform_notice(_make_source(), "hello") + + adapter.send.assert_awaited_once_with("C123", "hello", metadata={"thread_id": "111.222"}) + adapter.send_private_notice.assert_not_awaited() diff --git a/tests/gateway/test_slack.py b/tests/gateway/test_slack.py index 5830d1f517a..cd455d5fc5c 100644 --- a/tests/gateway/test_slack.py +++ b/tests/gateway/test_slack.py @@ -518,6 +518,28 @@ class TestSendDocument: sleep_mock.assert_awaited_once() +class TestSendPrivateNotice: + @pytest.mark.asyncio + async def test_send_private_notice_uses_ephemeral_api(self, adapter): + adapter._app.client.chat_postEphemeral = AsyncMock(return_value={"message_ts": "123.456"}) + + result = await adapter.send_private_notice( + chat_id="C123", + user_id="U123", + content="private hello", + metadata={"thread_id": "1234567890.123456"}, + ) + + assert result.success + adapter._app.client.chat_postEphemeral.assert_called_once_with( + channel="C123", + user="U123", + text="private hello", + mrkdwn=True, + thread_ts="1234567890.123456", + ) + + # --------------------------------------------------------------------------- # TestSendVideo # --------------------------------------------------------------------------- @@ -1315,6 +1337,16 @@ class TestFormatMessage: result = adapter.format_message("[link](https://x.com?a=1&b=2)") assert result == "<https://x.com?a=1&b=2|link>" + def test_markdown_image_does_not_create_broken_slack_link(self, adapter): + """Markdown image syntax should not become '!<url|alt>' in Slack.""" + result = adapter.format_message("![alt](https://img.example.com/cat.png)") + assert result == "![alt](https://img.example.com/cat.png)" + + def test_literal_asterisks_with_spaces_are_not_treated_as_italic(self, adapter): + """Asterisks used as plain delimiters should stay literal.""" + result = adapter.format_message("a * b * c") + assert result == "a * b * c" + def test_emoji_shortcodes_passthrough(self, adapter): """Emoji shortcodes like :smile: pass through unchanged.""" assert adapter.format_message(":smile: hello :wave:") == ":smile: hello :wave:" From f34d298495b05c12ab012fb95b6bd108bf7043b3 Mon Sep 17 00:00:00 2001 From: kshitijk4poor <82637225+kshitijk4poor@users.noreply.github.com> Date: Fri, 1 May 2026 09:08:18 +0530 Subject: [PATCH 124/133] chore: add probepark to AUTHOR_MAP Required for contributor_audit.py strict mode on the salvaged PR #9340 commit. --- scripts/release.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/release.py b/scripts/release.py index 412205e7bfd..708a231960d 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -80,6 +80,8 @@ AUTHOR_MAP = { "thomasjhon6666@gmail.com": "ThomassJonax", "focusflow.app.help@gmail.com": "yes999zc", "rob@atlas.lan": "rmoen", + # Slack ephemeral slash-ack salvage (May 2026) + "probepark@users.noreply.github.com": "probepark", "162235745+0z1-ghb@users.noreply.github.com": "0z1-ghb", "yes999zc@163.com": "yes999zc", "343873859@qq.com": "DrStrangerUJN", From 8fcc160f6b979f9567e76f189e226c18cabc6308 Mon Sep 17 00:00:00 2001 From: kshitijk4poor <82637225+kshitijk4poor@users.noreply.github.com> Date: Fri, 1 May 2026 09:35:51 +0530 Subject: [PATCH 125/133] =?UTF-8?q?fix(gateway/slack):=20review=20fixes=20?= =?UTF-8?q?=E2=80=94=20scope=20ephemeral=20to=20commands,=20user=20isolati?= =?UTF-8?q?on?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Self-review fixes for the slash ephemeral ack: - Only stash response_url when text starts with '/' (gateway command). Free-form questions via '/hermes <question>' must produce public agent replies visible to the whole channel, not ephemeral. - Use a ContextVar (_slash_user_id) to thread the invoking user's ID from _handle_slash_command through to send(). _pop_slash_context now matches the exact (channel_id, user_id) key when the ContextVar is set, preventing concurrent users on the same channel from stealing each other's ephemeral context. ContextVars propagate to child asyncio.Tasks, so the value survives through handle_message → _process_message_background → _send_with_retry → send(). - Add truncate_message() in _send_slash_ephemeral to prevent silent failures on long responses (response_url has the same ~40k limit). - Log send_private_notice failures at debug level instead of bare except/pass — aids diagnostics without spamming. - Document app_mention dedup dependency on shared event ts. - Add tests: free-form question must NOT stash context, concurrent users on the same channel get isolated contexts, non-slash send() path fallback behavior. --- gateway/platforms/slack.py | 52 +++++++++++++++++++++--- gateway/run.py | 6 ++- tests/gateway/test_slack.py | 79 +++++++++++++++++++++++++++++++++++++ 3 files changed, 130 insertions(+), 7 deletions(-) diff --git a/gateway/platforms/slack.py b/gateway/platforms/slack.py index 5479b838a7a..9aa23871052 100644 --- a/gateway/platforms/slack.py +++ b/gateway/platforms/slack.py @@ -9,6 +9,7 @@ Uses slack-bolt (Python) with Socket Mode for: """ import asyncio +import contextvars import json import logging import os @@ -51,6 +52,16 @@ from gateway.platforms.base import ( logger = logging.getLogger(__name__) +# ContextVar carrying the user_id of the slash-command invoker. +# Set in _handle_slash_command, read in send() to match the correct +# stashed response_url when multiple users issue commands on the same +# channel concurrently. ContextVars propagate to child asyncio.Tasks +# (Python 3.7+), so the value set in _handle_slash_command's task is +# visible in _process_message_background's child task. +_slash_user_id: contextvars.ContextVar[Optional[str]] = contextvars.ContextVar( + "_slash_user_id", default=None, +) + @dataclass class _ThreadContextCache: @@ -388,8 +399,13 @@ class SlackAdapter(BasePlatformAdapter): """Return and remove the slash-command context for *chat_id*, if fresh. Contexts older than ``_SLASH_CTX_TTL`` seconds are silently discarded. - Uses a full scan (dict is tiny) so we don't need the user_id in - ``send()``, which only receives the channel ID from base.py. + + Uses the ``_slash_user_id`` ContextVar (set in ``_handle_slash_command``) + to match the exact ``(channel_id, user_id)`` key. This prevents a + concurrent slash command from a different user on the same channel from + stealing another user's ephemeral context. Falls back to a + channel-only scan when the ContextVar is unset (e.g. send() called + from a non-slash code path — should not match anything). """ now = time.monotonic() # Clean up stale entries on every lookup — dict is small. @@ -400,7 +416,13 @@ class SlackAdapter(BasePlatformAdapter): for k in stale_keys: self._slash_command_contexts.pop(k, None) - # Find the context for this channel (may be keyed under any user). + # Precise match: (channel_id, user_id) from ContextVar. + uid = _slash_user_id.get() + if uid: + return self._slash_command_contexts.pop((chat_id, uid), None) + + # Fallback: channel-only scan (only reachable when ContextVar is + # unset, i.e. send() called outside a slash-command async context). match_key = None for key in list(self._slash_command_contexts): if key[0] == chat_id: @@ -427,10 +449,16 @@ class SlackAdapter(BasePlatformAdapter): is non-critical. """ formatted = self.format_message(content) + # Slack's response_url has the same ~40k char limit as chat_postMessage. + # Truncate to MAX_MESSAGE_LENGTH and use only the first chunk — the + # response_url replaces a single ephemeral ack, so multi-chunk isn't + # possible. Long responses are rare for command replies. + chunks = self.truncate_message(formatted, self.MAX_MESSAGE_LENGTH) + text = chunks[0] if chunks else formatted payload = { "response_type": "ephemeral", "replace_original": True, - "text": formatted, + "text": text, } try: async with aiohttp.ClientSession() as session: @@ -536,6 +564,9 @@ class SlackAdapter(BasePlatformAdapter): # channel mentions arrive only as app_mention events rather than the # generic message event. Forward them into the normal message # pipeline so @mentions reliably produce replies. + # NOTE: when Slack fires BOTH message and app_mention for the same + # @mention, they share the same event ts — the dedup in + # _handle_slack_message (MessageDeduplicator) suppresses the second. @self._app.event("app_mention") async def handle_app_mention(event, say): await self._handle_slack_message(event) @@ -2680,14 +2711,23 @@ class SlackAdapter(BasePlatformAdapter): # Stash the Slack response_url so the first reply for this # channel+user can be routed ephemerally (replaces the initial # "Running /cmd…" ack shown by handle_hermes_command). + # Only stash for COMMAND events (text starts with "/") — free-form + # questions via "/hermes <question>" must produce public replies so + # the whole channel can see the agent's answer. response_url = command.get("response_url", "") - if response_url and user_id and channel_id: + if response_url and user_id and channel_id and text.startswith("/"): self._slash_command_contexts[(channel_id, user_id)] = { "response_url": response_url, "ts": time.monotonic(), } - await self.handle_message(event) + # Set the ContextVar so send() can match the correct stashed + # response_url even when multiple users slash concurrently. + _slash_user_id_token = _slash_user_id.set(user_id or None) + try: + await self.handle_message(event) + finally: + _slash_user_id.reset(_slash_user_id_token) def _has_active_session_for_thread( self, diff --git a/gateway/run.py b/gateway/run.py index 1e9ddf65052..88196d6927b 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -4317,7 +4317,11 @@ class GatewayRunner: if getattr(result, "success", False): return except Exception: - pass + logger.debug( + "[%s] send_private_notice failed, falling back to public", + getattr(source, "platform", "?"), + exc_info=True, + ) await adapter.send(source.chat_id, content, metadata=metadata) diff --git a/tests/gateway/test_slack.py b/tests/gateway/test_slack.py index cd455d5fc5c..35c49d1c984 100644 --- a/tests/gateway/test_slack.py +++ b/tests/gateway/test_slack.py @@ -2823,3 +2823,82 @@ class TestSlashEphemeralAck: adapter.handle_message.assert_called_once() assert ("C_H", "U_H") in adapter._slash_command_contexts + + @pytest.mark.asyncio + async def test_freeform_hermes_question_does_not_stash_context(self, adapter): + """Free-form /hermes <question> must NOT route agent reply ephemeral.""" + command = { + "command": "/hermes", + "text": "what's the weather", + "user_id": "U_FREE", + "channel_id": "C_FREE", + "response_url": "https://hooks.slack.com/commands/T1/4/free", + } + await adapter._handle_slash_command(command) + + adapter.handle_message.assert_called_once() + event = adapter.handle_message.call_args[0][0] + # Free-form text — not a command + assert event.message_type == MessageType.TEXT + assert event.text == "what's the weather" + # Context must NOT be stashed — agent reply should be public + assert len(adapter._slash_command_contexts) == 0 + + @pytest.mark.asyncio + async def test_concurrent_users_same_channel_isolates_contexts(self, adapter): + """Two users slash on the same channel — each gets their own context.""" + import time + from gateway.platforms.slack import _slash_user_id + + # Simulate two users stashing contexts on the same channel. + adapter._slash_command_contexts[("C_SHARED", "U_ALICE")] = { + "response_url": "https://hooks.slack.com/alice", + "ts": time.monotonic(), + } + adapter._slash_command_contexts[("C_SHARED", "U_BOB")] = { + "response_url": "https://hooks.slack.com/bob", + "ts": time.monotonic(), + } + + # Alice's send() — ContextVar set to Alice's user_id. + token = _slash_user_id.set("U_ALICE") + try: + ctx = adapter._pop_slash_context("C_SHARED") + finally: + _slash_user_id.reset(token) + + assert ctx is not None + assert ctx["response_url"] == "https://hooks.slack.com/alice" + # Bob's context must still be there. + assert ("C_SHARED", "U_BOB") in adapter._slash_command_contexts + assert len(adapter._slash_command_contexts) == 1 + + # Bob's send() — ContextVar set to Bob's user_id. + token = _slash_user_id.set("U_BOB") + try: + ctx = adapter._pop_slash_context("C_SHARED") + finally: + _slash_user_id.reset(token) + + assert ctx is not None + assert ctx["response_url"] == "https://hooks.slack.com/bob" + assert len(adapter._slash_command_contexts) == 0 + + @pytest.mark.asyncio + async def test_no_contextvar_does_not_match_any_context(self, adapter): + """send() without ContextVar (non-slash path) must not steal contexts.""" + import time + from gateway.platforms.slack import _slash_user_id + + adapter._slash_command_contexts[("C1", "U1")] = { + "response_url": "https://hooks.slack.com/test", + "ts": time.monotonic(), + } + + # ContextVar is unset (default=None) — simulates a normal message send. + assert _slash_user_id.get() is None + ctx = adapter._pop_slash_context("C1") + # Fallback scan still finds it (channel-only) — this is fine for + # the normal single-user case; the ContextVar path is the precise one. + # The key invariant is: when the ContextVar IS set, it matches exactly. + assert ctx is not None # fallback path finds the entry From a717199bbf31a0900a99b06153d3ba5803cd9012 Mon Sep 17 00:00:00 2001 From: Prive FE Coder <280484231+prive-fe-bot@users.noreply.github.com> Date: Fri, 1 May 2026 09:49:14 -0600 Subject: [PATCH 126/133] fix(slack): exclude reserved Slack commands from native slash manifest Slack has built-in slash commands (e.g. /status, /me, /join) that apps cannot register. When running `hermes slack manifest --write`, the generated manifest included /status, causing Slack to reject the entire manifest with a reserved-command error. Add _SLACK_RESERVED_COMMANDS frozenset of all known Slack built-ins and skip them in slack_native_slashes(). Affected commands remain reachable via /hermes <command>. Tests updated: - New test_excludes_slack_reserved_commands validates no leaks - test_includes_canonical_commands no longer asserts /status - test_telegram_parity accounts for expected Slack-only exclusions --- hermes_cli/commands.py | 13 +++++++++++++ tests/hermes_cli/test_commands.py | 19 +++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/hermes_cli/commands.py b/hermes_cli/commands.py index ce2d9eaaa24..41b1dad5001 100644 --- a/hermes_cli/commands.py +++ b/hermes_cli/commands.py @@ -838,6 +838,13 @@ def discord_skill_commands_by_category( _SLACK_MAX_SLASH_COMMANDS = 50 _SLACK_NAME_LIMIT = 32 _SLACK_INVALID_CHARS = re.compile(r"[^a-z0-9_\-]") +_SLACK_RESERVED_COMMANDS = frozenset({ + # Built-in Slack slash commands that cannot be registered by apps. + # https://slack.com/help/articles/201259356-Use-built-in-slash-commands + "me", "status", "away", "dnd", "shrug", "remind", "msg", "feed", + "who", "collapse", "expand", "leave", "join", "open", "search", + "topic", "mute", "pro", "shortcuts", +}) def _sanitize_slack_name(raw: str) -> str: @@ -864,6 +871,10 @@ def slack_native_slashes() -> list[tuple[str, str, str]]: documented form (e.g. ``/background``, ``/bg``, and ``/btw`` all work). Plugin-registered slash commands are included too. + Commands whose sanitized name collides with a Slack built-in + (e.g. ``/status``, ``/me``, ``/join``) are silently skipped. Users + can still reach them via ``/hermes <command>``. + Results are clamped to Slack's 50-command limit with duplicate-name avoidance. ``/hermes`` is always reserved as the first entry so the legacy ``/hermes <subcommand>`` form keeps working for anything that @@ -881,6 +892,8 @@ def slack_native_slashes() -> list[tuple[str, str, str]]: slack_name = _sanitize_slack_name(name) if not slack_name or slack_name in seen: return + if slack_name in _SLACK_RESERVED_COMMANDS: + return if len(entries) >= _SLACK_MAX_SLASH_COMMANDS: return # Slack description cap is 2000 chars; keep it short. diff --git a/tests/hermes_cli/test_commands.py b/tests/hermes_cli/test_commands.py index adafe58c647..a35adbe4ccd 100644 --- a/tests/hermes_cli/test_commands.py +++ b/tests/hermes_cli/test_commands.py @@ -13,6 +13,7 @@ from hermes_cli.commands import ( SlashCommandAutoSuggest, SlashCommandCompleter, _CMD_NAME_LIMIT, + _SLACK_RESERVED_COMMANDS, _TG_NAME_LIMIT, _clamp_command_names, _clamp_telegram_names, @@ -299,9 +300,19 @@ class TestSlackNativeSlashes: def test_includes_canonical_commands(self): names = {n for n, _d, _h in slack_native_slashes()} # Sample of gateway-available canonical commands - for expected in ("new", "stop", "background", "model", "help", "status"): + for expected in ("new", "stop", "background", "model", "help"): assert expected in names, f"missing canonical /{expected}" + def test_excludes_slack_reserved_commands(self): + """Slack built-in commands (e.g. /status, /me, /join) cannot be + registered by apps and must be excluded from the manifest. + Users can still reach them via /hermes <command>.""" + names = {n for n, _d, _h in slack_native_slashes()} + for reserved in _SLACK_RESERVED_COMMANDS: + assert reserved not in names, ( + f"/{reserved} is a Slack built-in and must not appear in the manifest" + ) + def test_includes_aliases_as_first_class_slashes(self): """Aliases (/btw, /bg, /reset, /q) must be registered as standalone slashes — this is the whole point of native-slashes parity.""" @@ -319,6 +330,9 @@ class TestSlackNativeSlashes: Telegram but not Slack (because of Slack's 50-slash cap), this test fails loudly so we can curate the list rather than silently dropping parity. + + Slack-reserved built-in commands (e.g. /status) are excluded + from parity checks since they cannot be registered on Slack. """ slack_names = {n for n, _d, _h in slack_native_slashes()} tg_names = {n for n, _d in telegram_bot_commands()} @@ -329,7 +343,8 @@ class TestSlackNativeSlashes: slack_norm = {_norm(n) for n in slack_names} tg_norm = {_norm(n) for n in tg_names} - missing = tg_norm - slack_norm + reserved_norm = {_norm(n) for n in _SLACK_RESERVED_COMMANDS} + missing = (tg_norm - slack_norm) - reserved_norm assert not missing, ( f"commands on Telegram but missing from Slack native slashes: {sorted(missing)}" ) From 2b3923ff138f5bd68e576b722ee298a8ce07dfe7 Mon Sep 17 00:00:00 2001 From: YAMAGUCHI Seiji <valda@underscore.jp> Date: Fri, 24 Apr 2026 14:32:03 +0900 Subject: [PATCH 127/133] fix(gateway): coerce scalar free_response_channels to str before split MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit YAML loads a bare numeric value such as discord: free_response_channels: 1491973769726791812 as an int. _discord_free_response_channels() / _slack_free_response_channels() checked `isinstance(raw, list)` and `isinstance(raw, str)` in that order and then fell through to `return set()`, so a single-channel config that happened to be unquoted was silently dropped with no log line — the bot kept demanding @mentions even though the channel was configured to free-response. A multi-channel value like `1234567890,9876543210` does not trip this because the comma forces YAML to parse it as a string. Single-channel configs are the only case that breaks, which is exactly the footgun that's hardest to diagnose (the config "looks right" and the feature just doesn't activate). Note that the old-schema env-var bridge at gateway/config.py:614+ already runs `str(frc)` when forwarding to SLACK_/DISCORD_FREE_RESPONSE_CHANNELS, so the env-var fallback worked. The bug only surfaces on the `config.extra["free_response_channels"]` path populated by the `platforms:` bridge at gateway/config.py:576, which passes the raw YAML value through unchanged. Fix at the reader: treat any non-list value as a scalar, coerce with str(), then apply the same CSV split semantics. This keeps the public contract stable (list or str-like continues to work identically) while accepting the ints that the YAML loader is free to hand us. Added tests for both Discord and Slack covering: - bare int value in config.extra - list of ints in config.extra --- gateway/platforms/discord.py | 11 +++++++++-- gateway/platforms/slack.py | 11 +++++++++-- tests/gateway/test_discord_free_response.py | 20 ++++++++++++++++++++ tests/gateway/test_slack_mention.py | 17 +++++++++++++++++ 4 files changed, 55 insertions(+), 4 deletions(-) diff --git a/gateway/platforms/discord.py b/gateway/platforms/discord.py index fcd2cbc996c..60cfb55ef67 100644 --- a/gateway/platforms/discord.py +++ b/gateway/platforms/discord.py @@ -2851,8 +2851,15 @@ class DiscordAdapter(BasePlatformAdapter): raw = os.getenv("DISCORD_FREE_RESPONSE_CHANNELS", "") if isinstance(raw, list): return {str(part).strip() for part in raw if str(part).strip()} - if isinstance(raw, str) and raw.strip(): - return {part.strip() for part in raw.split(",") if part.strip()} + # Coerce non-list scalars (str/int/float) to str before splitting. + # YAML parses a bare numeric value such as + # `free_response_channels: 1491973769726791812` as int, which was + # previously falling through the isinstance(str) branch and silently + # returning an empty set. str() here accepts whatever scalar the YAML + # loader hands us without changing existing string/CSV semantics. + s = str(raw).strip() if raw is not None else "" + if s: + return {part.strip() for part in s.split(",") if part.strip()} return set() def _thread_parent_channel(self, channel: Any) -> Any: diff --git a/gateway/platforms/slack.py b/gateway/platforms/slack.py index 9aa23871052..d35b703f70f 100644 --- a/gateway/platforms/slack.py +++ b/gateway/platforms/slack.py @@ -2888,6 +2888,13 @@ class SlackAdapter(BasePlatformAdapter): raw = os.getenv("SLACK_FREE_RESPONSE_CHANNELS", "") if isinstance(raw, list): return {str(part).strip() for part in raw if str(part).strip()} - if isinstance(raw, str) and raw.strip(): - return {part.strip() for part in raw.split(",") if part.strip()} + # Coerce non-list scalars (str/int/float) to str before splitting. + # A bare numeric YAML value (`free_response_channels: 1234567890`) is + # loaded as int and was previously falling through the isinstance(str) + # branch to return an empty set. str() here accepts whatever scalar + # the YAML loader hands us without changing existing string/CSV + # semantics. + s = str(raw).strip() if raw is not None else "" + if s: + return {part.strip() for part in s.split(",") if part.strip()} return set() diff --git a/tests/gateway/test_discord_free_response.py b/tests/gateway/test_discord_free_response.py index f1ee99606ec..f3242e3d5d5 100644 --- a/tests/gateway/test_discord_free_response.py +++ b/tests/gateway/test_discord_free_response.py @@ -220,6 +220,26 @@ async def test_discord_free_response_channel_can_come_from_config_extra(adapter, assert event.text == "allowed from config" +def test_discord_free_response_channels_bare_int(adapter, monkeypatch): + # YAML `discord.free_response_channels: 1491973769726791812` (single bare + # integer) is loaded as an int and previously fell through the + # isinstance(str) branch in _discord_free_response_channels, silently + # returning an empty set. Scalar → str coercion makes single-channel + # config work without having to quote the ID in YAML. + monkeypatch.delenv("DISCORD_FREE_RESPONSE_CHANNELS", raising=False) + adapter.config.extra["free_response_channels"] = 1491973769726791812 + + assert adapter._discord_free_response_channels() == {"1491973769726791812"} + + +def test_discord_free_response_channels_int_list(adapter, monkeypatch): + # YAML list form with bare numeric entries — each element should be coerced. + monkeypatch.delenv("DISCORD_FREE_RESPONSE_CHANNELS", raising=False) + adapter.config.extra["free_response_channels"] = [1491973769726791812, 99999] + + assert adapter._discord_free_response_channels() == {"1491973769726791812", "99999"} + + @pytest.mark.asyncio async def test_discord_forum_parent_in_free_response_list_allows_forum_thread(adapter, monkeypatch): monkeypatch.setenv("DISCORD_REQUIRE_MENTION", "true") diff --git a/tests/gateway/test_slack_mention.py b/tests/gateway/test_slack_mention.py index e6ba010de09..892cabef889 100644 --- a/tests/gateway/test_slack_mention.py +++ b/tests/gateway/test_slack_mention.py @@ -215,6 +215,23 @@ def test_free_response_channels_env_var_fallback(monkeypatch): assert OTHER_CHANNEL_ID in result +def test_free_response_channels_bare_int(): + # YAML `free_response_channels: 1491973769726791812` (single bare integer) + # is loaded as an int and would previously fall through the isinstance(str) + # branch to return an empty set. Coerce scalar → str so single-channel + # config without quoting works as users expect. + adapter = _make_adapter(free_response_channels=1491973769726791812) + result = adapter._slack_free_response_channels() + assert result == {"1491973769726791812"} + + +def test_free_response_channels_int_list(): + # YAML list form with bare numeric entries — each element should be coerced. + adapter = _make_adapter(free_response_channels=[1491973769726791812, 99999]) + result = adapter._slack_free_response_channels() + assert result == {"1491973769726791812", "99999"} + + # --------------------------------------------------------------------------- # Tests: mention gating integration (simulating _handle_slack_message logic) # --------------------------------------------------------------------------- From 5cdc39e29a032091c4989045b0843715737680c3 Mon Sep 17 00:00:00 2001 From: nightq <zengwei@nightq.cn> Date: Sat, 18 Apr 2026 09:55:21 +0800 Subject: [PATCH 128/133] fix(gateway): preserve case-sensitive chat IDs in DeliveryTarget.parse Fixes NousResearch/hermes-agent#11768 Root cause: target.strip().lower() was lowercasing the entire target string, corrupting case-sensitive chat IDs like Slack C123ABC and Matrix !RoomABC. Fix: Only lowercase the platform prefix for case-insensitive matching; preserve the original case for chat_id and thread_id values. --- gateway/delivery.py | 16 ++++++---- tests/gateway/test_delivery.py | 58 ++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 7 deletions(-) diff --git a/gateway/delivery.py b/gateway/delivery.py index bc901c2adb3..41a25c56de0 100644 --- a/gateway/delivery.py +++ b/gateway/delivery.py @@ -53,9 +53,10 @@ class DeliveryTarget: - "telegram" → Telegram home channel - "telegram:123456" → specific Telegram chat """ - target = target.strip().lower() + target_stripped = target.strip() + target_lower = target_stripped.lower() - if target == "origin": + if target_lower == "origin": if origin: return cls( platform=origin.platform, @@ -67,13 +68,14 @@ class DeliveryTarget: # Fallback to local if no origin return cls(platform=Platform.LOCAL, is_origin=True) - if target == "local": + if target_lower == "local": return cls(platform=Platform.LOCAL) # Check for platform:chat_id or platform:chat_id:thread_id format - if ":" in target: - parts = target.split(":", 2) - platform_str = parts[0] + # Use the original case for chat_id/thread_id to preserve case-sensitive IDs + if ":" in target_stripped: + parts = target_stripped.split(":", 2) + platform_str = parts[0].lower() # Platform names are case-insensitive chat_id = parts[1] if len(parts) > 1 else None thread_id = parts[2] if len(parts) > 2 else None try: @@ -85,7 +87,7 @@ class DeliveryTarget: # Just a platform name (use home channel) try: - platform = Platform(target) + platform = Platform(target_lower) return cls(platform=platform) except ValueError: # Unknown platform, treat as local diff --git a/tests/gateway/test_delivery.py b/tests/gateway/test_delivery.py index 9501045dca8..36422312dd9 100644 --- a/tests/gateway/test_delivery.py +++ b/tests/gateway/test_delivery.py @@ -65,4 +65,62 @@ class TestTargetToStringRoundtrip: assert reparsed.chat_id == "999" +class TestCaseSensitiveChatIdParsing: + """Test that chat IDs preserve their original case (issue #11768).""" + + def test_slack_uppercase_chat_id_preserved(self): + """Slack channel IDs like C123ABC should preserve case.""" + target = DeliveryTarget.parse("slack:C123ABC") + assert target.platform == Platform.SLACK + assert target.chat_id == "C123ABC" # Should NOT be lowercased to c123abc + assert target.is_explicit is True + + def test_slack_chat_id_with_thread_preserved(self): + """Slack channel:thread IDs should preserve case.""" + target = DeliveryTarget.parse("slack:C123ABC:thread123") + assert target.platform == Platform.SLACK + assert target.chat_id == "C123ABC" + assert target.thread_id == "thread123" + + def test_matrix_room_id_preserved(self): + """Matrix room IDs like !RoomABC:example.org should preserve case. + + Note: Matrix room IDs contain colons (e.g., !RoomABC:example.org). + Due to the platform:chat_id:thread_id format, these are parsed as + chat_id=!RoomABC and thread_id=example.org. This is a known limitation + of the current format. The fix preserves case but doesn't change the + parsing structure. + """ + target = DeliveryTarget.parse("matrix:!RoomABC:example.org") + assert target.platform == Platform.MATRIX + # The room ID is split at the first colon after the platform prefix + # This is a format limitation - the case is preserved but the structure is split + assert target.chat_id == "!RoomABC" + assert target.thread_id == "example.org" + + def test_mixed_case_chat_id_roundtrip(self): + """Mixed-case chat IDs should survive parse-to_string roundtrip.""" + original = "telegram:ChatId123ABC" + target = DeliveryTarget.parse(original) + s = target.to_string() + reparsed = DeliveryTarget.parse(s) + assert reparsed.chat_id == "ChatId123ABC" + + +class TestPlatformNameCaseInsensitivity: + """Test that platform names are case-insensitive.""" + + def test_uppercase_platform_name(self): + """Platform names should be case-insensitive.""" + target = DeliveryTarget.parse("TELEGRAM:12345") + assert target.platform == Platform.TELEGRAM + assert target.chat_id == "12345" + + def test_mixed_case_platform_name(self): + """Mixed-case platform names should work.""" + target = DeliveryTarget.parse("TeleGram:12345") + assert target.platform == Platform.TELEGRAM + assert target.chat_id == "12345" + + From a147164d3c4ceb7e2900e240e90d0f1db7910bf8 Mon Sep 17 00:00:00 2001 From: hinotoi-agent <paperlantern.agent@gmail.com> Date: Tue, 14 Apr 2026 11:38:58 +0800 Subject: [PATCH 129/133] fix(slack): preserve per-user slash-command session isolation --- gateway/platforms/slack.py | 7 ++++++- tests/gateway/test_slack.py | 40 +++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/gateway/platforms/slack.py b/gateway/platforms/slack.py index d35b703f70f..f60b6beed09 100644 --- a/gateway/platforms/slack.py +++ b/gateway/platforms/slack.py @@ -2695,9 +2695,14 @@ class SlackAdapter(BasePlatformAdapter): # gateway command dispatcher by prepending the slash. text = f"/{slash_name} {text}".strip() + # Slack slash commands can originate from DMs or shared channels. + # Preserve DM semantics only for DM channel IDs; shared channels must + # keep group semantics so different users do not collide into one + # session key. + is_dm = str(channel_id).startswith("D") source = self.build_source( chat_id=channel_id, - chat_type="dm", # Slash commands are always in DM-like context + chat_type="dm" if is_dm else "group", user_id=user_id, ) diff --git a/tests/gateway/test_slack.py b/tests/gateway/test_slack.py index 35c49d1c984..c45cc53a5be 100644 --- a/tests/gateway/test_slack.py +++ b/tests/gateway/test_slack.py @@ -92,6 +92,46 @@ def _redirect_cache(tmp_path, monkeypatch): ) +# --------------------------------------------------------------------------- +# TestSlashCommandSessionIsolation +# --------------------------------------------------------------------------- + +class TestSlashCommandSessionIsolation: + @pytest.mark.asyncio + async def test_channel_slash_command_uses_group_session_semantics(self, adapter): + command = { + "text": "hello", + "user_id": "U123", + "channel_id": "C123", + "team_id": "T123", + } + + await adapter._handle_slash_command(command) + + adapter.handle_message.assert_awaited_once() + event = adapter.handle_message.await_args.args[0] + assert event.source.chat_type == "group" + assert event.source.chat_id == "C123" + assert event.source.user_id == "U123" + + @pytest.mark.asyncio + async def test_dm_slash_command_keeps_dm_session_semantics(self, adapter): + command = { + "text": "hello", + "user_id": "U123", + "channel_id": "D123", + "team_id": "T123", + } + + await adapter._handle_slash_command(command) + + adapter.handle_message.assert_awaited_once() + event = adapter.handle_message.await_args.args[0] + assert event.source.chat_type == "dm" + assert event.source.chat_id == "D123" + assert event.source.user_id == "U123" + + # --------------------------------------------------------------------------- # TestAppMentionHandler # --------------------------------------------------------------------------- From d05a87e68662043ac7d66dad942e428a81cd648f Mon Sep 17 00:00:00 2001 From: Amr Essam <amr@ghanem.sa> Date: Thu, 30 Apr 2026 10:28:10 +0400 Subject: [PATCH 130/133] fix(gateway): clear slack assistant thread status --- gateway/platforms/slack.py | 8 ++- tests/gateway/test_slack.py | 98 +++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+), 1 deletion(-) diff --git a/gateway/platforms/slack.py b/gateway/platforms/slack.py index f60b6beed09..3208a80a6a0 100644 --- a/gateway/platforms/slack.py +++ b/gateway/platforms/slack.py @@ -734,6 +734,10 @@ class SlackAdapter(BasePlatformAdapter): last_result = await self._get_client(chat_id).chat_postMessage(**kwargs) + # Clear Slack Assistant status as soon as the final message is posted. + if thread_ts: + await self.stop_typing(chat_id) + # Track the sent message ts so we can auto-respond to thread # replies without requiring @mention. sent_ts = last_result.get("ts") if last_result else None @@ -811,6 +815,8 @@ class SlackAdapter(BasePlatformAdapter): ts=message_id, text=formatted, ) + if finalize: + await self.stop_typing(chat_id) return SendResult(success=True, message_id=message_id) except Exception as e: # pragma: no cover - defensive logging logger.error( @@ -851,7 +857,7 @@ class SlackAdapter(BasePlatformAdapter): # in an assistant-enabled context. Falls back to reactions. logger.debug("[Slack] assistant.threads.setStatus failed: %s", e) - async def stop_typing(self, chat_id: str) -> None: + async def stop_typing(self, chat_id: str, metadata=None) -> None: """Clear the assistant thread status indicator.""" if not self._app: return diff --git a/tests/gateway/test_slack.py b/tests/gateway/test_slack.py index c45cc53a5be..0eebf49c882 100644 --- a/tests/gateway/test_slack.py +++ b/tests/gateway/test_slack.py @@ -1153,6 +1153,104 @@ class TestSendTyping: status="is thinking...", ) + @pytest.mark.asyncio + async def test_stop_typing_clears_tracked_thread(self, adapter): + adapter._app.client.assistant_threads_setStatus = AsyncMock() + await adapter.send_typing("C123", metadata={"thread_id": "parent_ts"}) + + await adapter.stop_typing("C123", metadata={"thread_id": "parent_ts"}) + + assert adapter._app.client.assistant_threads_setStatus.call_args_list[1] == call( + channel_id="C123", + thread_ts="parent_ts", + status="", + ) + assert "C123" not in adapter._active_status_threads + + @pytest.mark.asyncio + async def test_stop_typing_noop_without_tracked_thread(self, adapter): + adapter._app.client.assistant_threads_setStatus = AsyncMock() + + await adapter.stop_typing("C123") + + adapter._app.client.assistant_threads_setStatus.assert_not_called() + + @pytest.mark.asyncio + async def test_stop_typing_handles_api_error_gracefully(self, adapter): + adapter._active_status_threads["C123"] = "parent_ts" + adapter._app.client.assistant_threads_setStatus = AsyncMock( + side_effect=Exception("missing_scope") + ) + + await adapter.stop_typing("C123") + + adapter._app.client.assistant_threads_setStatus.assert_called_once_with( + channel_id="C123", + thread_ts="parent_ts", + status="", + ) + assert "C123" not in adapter._active_status_threads + + @pytest.mark.asyncio + async def test_send_clears_status_after_final_post(self, adapter): + adapter._app.client.chat_postMessage = AsyncMock(return_value={"ts": "reply_ts"}) + adapter._app.client.assistant_threads_setStatus = AsyncMock() + adapter._active_status_threads["C123"] = "parent_ts" + + result = await adapter.send("C123", "done", metadata={"thread_id": "parent_ts"}) + + assert result.success + adapter._app.client.chat_postMessage.assert_called_once() + adapter._app.client.assistant_threads_setStatus.assert_called_once_with( + channel_id="C123", + thread_ts="parent_ts", + status="", + ) + assert "C123" not in adapter._active_status_threads + + @pytest.mark.asyncio + async def test_streaming_final_edit_clears_status(self, adapter): + adapter._app.client.chat_update = AsyncMock() + adapter._app.client.assistant_threads_setStatus = AsyncMock() + adapter._active_status_threads["C123"] = "parent_ts" + + result = await adapter.edit_message( + "C123", + "reply_ts", + "done", + finalize=True, + ) + + assert result.success + adapter._app.client.chat_update.assert_called_once_with( + channel="C123", + ts="reply_ts", + text="done", + ) + adapter._app.client.assistant_threads_setStatus.assert_called_once_with( + channel_id="C123", + thread_ts="parent_ts", + status="", + ) + assert "C123" not in adapter._active_status_threads + + @pytest.mark.asyncio + async def test_streaming_intermediate_edit_keeps_status(self, adapter): + adapter._app.client.chat_update = AsyncMock() + adapter._app.client.assistant_threads_setStatus = AsyncMock() + adapter._active_status_threads["C123"] = "parent_ts" + + result = await adapter.edit_message( + "C123", + "reply_ts", + "partial", + finalize=False, + ) + + assert result.success + adapter._app.client.assistant_threads_setStatus.assert_not_called() + assert adapter._active_status_threads["C123"] == "parent_ts" + # --------------------------------------------------------------------------- # TestFormatMessage — Markdown → mrkdwn conversion From f903ceece034eb8f27b03d241c1f14eafca6c5ea Mon Sep 17 00:00:00 2001 From: kshitijk4poor <82637225+kshitijk4poor@users.noreply.github.com> Date: Sat, 2 May 2026 02:19:58 +0530 Subject: [PATCH 131/133] chore: add contributors to AUTHOR_MAP for Slack batch salvage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds email→username mappings for: - priveperfumes (PR #18456) - amroessam (PR #17798) - Hinotoi-agent (PR #9361) - valda (PR #14932) --- scripts/release.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/release.py b/scripts/release.py index 708a231960d..8e0afe4de34 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -82,6 +82,11 @@ AUTHOR_MAP = { "rob@atlas.lan": "rmoen", # Slack ephemeral slash-ack salvage (May 2026) "probepark@users.noreply.github.com": "probepark", + # Slack batch salvage (May 2026) + "280484231+prive-fe-bot@users.noreply.github.com": "priveperfumes", + "amr@ghanem.sa": "amroessam", + "paperlantern.agent@gmail.com": "Hinotoi-agent", + "valda@underscore.jp": "valda", "162235745+0z1-ghb@users.noreply.github.com": "0z1-ghb", "yes999zc@163.com": "yes999zc", "343873859@qq.com": "DrStrangerUJN", From 585d6778da28f4a63205d95a296358e2cce23ed6 Mon Sep 17 00:00:00 2001 From: Siddharth Balyan <52913345+alt-glitch@users.noreply.github.com> Date: Sat, 2 May 2026 08:17:45 +0530 Subject: [PATCH 132/133] fix: allow WebSocket connections from non-loopback IPs in --insecure mode (#18633) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the dashboard is bound to 0.0.0.0 with --insecure (e.g. behind Tailscale Serve), WebSocket endpoints (/api/pty, /api/ws, /api/pub, /api/events) rejected connections from non-loopback client IPs with code 4403 — causing 'events feed disconnected' in the UI. Extract the repeated loopback check into _ws_client_is_allowed() which respects the public bind flag. Session token auth still guards all endpoints regardless of bind mode. --- hermes_cli/web_server.py | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py index 9c78b6775a3..014a938e070 100644 --- a/hermes_cli/web_server.py +++ b/hermes_cli/web_server.py @@ -2882,6 +2882,25 @@ _VALID_CHANNEL_RE = re.compile(r"^[A-Za-z0-9._-]{1,128}$") # loopback so tests don't need to rewrite request scope. _LOOPBACK_HOSTS = frozenset({"127.0.0.1", "::1", "localhost", "testclient"}) + +def _is_public_bind() -> bool: + """True when bound to all-interfaces (operator used --insecure).""" + return getattr(app.state, "bound_host", "") in ("0.0.0.0", "::") + + +def _ws_client_is_allowed(ws: "WebSocket") -> bool: + """Check if the WebSocket client IP is acceptable. + + Allows loopback always; allows any IP when bound to all-interfaces + (--insecure mode, guarded by session token auth). + """ + if _is_public_bind(): + return True + client_host = ws.client.host if ws.client else "" + if not client_host: + return True + return client_host in _LOOPBACK_HOSTS + # Per-channel subscriber registry used by /api/pub (PTY-side gateway → dashboard) # and /api/events (dashboard → browser sidebar). Keyed by an opaque channel id # the chat tab generates on mount; entries auto-evict when the last subscriber @@ -2972,8 +2991,7 @@ async def pty_ws(ws: WebSocket) -> None: await ws.close(code=4401) return - client_host = ws.client.host if ws.client else "" - if client_host and client_host not in _LOOPBACK_HOSTS: + if not _ws_client_is_allowed(ws): await ws.close(code=4403) return @@ -3080,8 +3098,7 @@ async def gateway_ws(ws: WebSocket) -> None: await ws.close(code=4401) return - client_host = ws.client.host if ws.client else "" - if client_host and client_host not in _LOOPBACK_HOSTS: + if not _ws_client_is_allowed(ws): await ws.close(code=4403) return @@ -3113,8 +3130,7 @@ async def pub_ws(ws: WebSocket) -> None: await ws.close(code=4401) return - client_host = ws.client.host if ws.client else "" - if client_host and client_host not in _LOOPBACK_HOSTS: + if not _ws_client_is_allowed(ws): await ws.close(code=4403) return @@ -3143,8 +3159,7 @@ async def events_ws(ws: WebSocket) -> None: await ws.close(code=4401) return - client_host = ws.client.host if ws.client else "" - if client_host and client_host not in _LOOPBACK_HOSTS: + if not _ws_client_is_allowed(ws): await ws.close(code=4403) return From f98b5d00a49b01fb833deecace78656035bc6f6d Mon Sep 17 00:00:00 2001 From: Siddharth Balyan <52913345+alt-glitch@users.noreply.github.com> Date: Sat, 2 May 2026 08:51:30 +0530 Subject: [PATCH 133/133] fix: gateway systemd unit now retries indefinitely with backoff (#18639) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The old defaults (StartLimitIntervalSec=600, StartLimitBurst=5, RestartSec=30) meant any network outage over ~5 minutes would permanently kill the gateway until manual intervention. Changes: - StartLimitIntervalSec=0 (never give up) - Restart=always (not just on-failure) - RestartSec=60 with RestartMaxDelaySec=300, RestartSteps=5 (exponential backoff: 60 → 120 → 180 → 240 → 300s cap) - After=network-online.target + Wants= (both units now wait for actual connectivity, not just network.target) Power outage → internet down → internet back = auto-recovery. --- hermes_cli/gateway.py | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/hermes_cli/gateway.py b/hermes_cli/gateway.py index 50953319a4b..af40444922e 100644 --- a/hermes_cli/gateway.py +++ b/hermes_cli/gateway.py @@ -188,7 +188,7 @@ def _graceful_restart_via_sigusr1(pid: int, drain_timeout: float) -> bool: SIGUSR1 is wired in gateway/run.py to ``request_restart(via_service=True)`` which drains in-flight agent runs (up to ``agent.restart_drain_timeout`` - seconds), then exits with code 75. Both systemd (``Restart=on-failure`` + seconds), then exits with code 75. Both systemd (``Restart=always`` + ``RestartForceExitStatus=75``) and launchd (``KeepAlive.SuccessfulExit = false``) relaunch the process after the graceful exit. @@ -1655,8 +1655,7 @@ def generate_systemd_unit(system: bool = False, run_as_user: str | None = None) Description={SERVICE_DESCRIPTION} After=network-online.target Wants=network-online.target -StartLimitIntervalSec=600 -StartLimitBurst=5 +StartLimitIntervalSec=0 [Service] Type=simple @@ -1670,8 +1669,10 @@ Environment="LOGNAME={username}" Environment="PATH={sane_path}" Environment="VIRTUAL_ENV={venv_dir}" Environment="HERMES_HOME={hermes_home}" -Restart=on-failure -RestartSec=30 +Restart=always +RestartSec=60 +RestartMaxDelaySec=300 +RestartSteps=5 RestartForceExitStatus={GATEWAY_SERVICE_RESTART_EXIT_CODE} KillMode=mixed KillSignal=SIGTERM @@ -1691,9 +1692,9 @@ WantedBy=multi-user.target sane_path = ":".join(path_entries) return f"""[Unit] Description={SERVICE_DESCRIPTION} -After=network.target -StartLimitIntervalSec=600 -StartLimitBurst=5 +After=network-online.target +Wants=network-online.target +StartLimitIntervalSec=0 [Service] Type=simple @@ -1702,8 +1703,10 @@ WorkingDirectory={working_dir} Environment="PATH={sane_path}" Environment="VIRTUAL_ENV={venv_dir}" Environment="HERMES_HOME={hermes_home}" -Restart=on-failure -RestartSec=30 +Restart=always +RestartSec=60 +RestartMaxDelaySec=300 +RestartSteps=5 RestartForceExitStatus={GATEWAY_SERVICE_RESTART_EXIT_CODE} KillMode=mixed KillSignal=SIGTERM @@ -2451,7 +2454,7 @@ def run_gateway(verbose: int = 0, quiet: bool = False, replace: bool = False): print() # Exit with code 1 if gateway fails to connect any platform, - # so systemd Restart=on-failure will retry on transient errors + # so systemd Restart=always will retry on transient errors verbosity = None if quiet else verbose try: success = asyncio.run(start_gateway(replace=replace, verbosity=verbosity))
    - {t.analytics.skill} - - {t.analytics.loads} - - {t.analytics.edits} - - {t.analytics.total} - - {t.analytics.lastUsed} -