mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-18 04:41:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix(env-flags): widen truthy-only session env checks to sibling sites

Browse source 
Build on @aydnOktay's cronjob fix by routing the cronjob check through
the shared 'env_var_enabled' helper in utils.py (same truthy set:
1/true/yes/on) and applying the same semantics to the 8 sibling call
sites that read HERMES_INTERACTIVE / HERMES_GATEWAY_SESSION /
HERMES_EXEC_ASK / HERMES_CRON_SESSION with bare os.getenv() truthy
checks:

- tools/approval.py: _is_gateway_approval_context (2), check_command_safety (2),
  check_all_command_guards (3) -- 7 sites total
- tools/terminal_tool.py: _handle_sudo_failure, sudo password prompt -- 2 sites
- tools/skills_tool.py: _is_gateway_surface -- 1 site

Without this, a user who exports HERMES_INTERACTIVE=0 in their shell
still gets interactive sudo prompts, approval prompts, and gateway
skill-install paths -- only the cronjob tool was hardened. Now all
consumers agree on the same false-like values.

Also drops the duplicate _is_truthy_env helper from cronjob_tools.py
in favour of the existing canonical utils.env_var_enabled.

Tests: extend the parametrized regression coverage to all three
session env vars (HERMES_INTERACTIVE / HERMES_GATEWAY_SESSION /
HERMES_EXEC_ASK) symmetrically. tests/tools/test_cronjob_tools.py:
60/60 pass; tests/tools/{approval,terminal_tool,skills_tool,
cron_approval_mode,hardline_blocklist}.py: 378/378 pass.
This commit is contained in:
teknium1 2026-05-15 02:03:49 -07:00 committed by Teknium
parent 734aa0f367
commit 931caf2b2d
5 changed files with 40 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

23
tools/cronjob_tools.py
View file

@ -662,14 +662,6 @@ Important safety rule: cron-run sessions should not recursively schedule more cr
}
def _is_truthy_env(var_name: str) -> bool:
"""Return True only for explicit truthy env values."""
value = os.getenv(var_name)
if value is None:
return False
return value.strip().lower() in {"1", "true", "yes", "on"}
def check_cronjob_requirements() -> bool:
"""
Check if cronjob tools can be used.
@ -677,11 +669,18 @@ def check_cronjob_requirements() -> bool:
Available in interactive CLI mode and gateway/messaging platforms.
The cron system is internal (JSON file-based scheduler ticked by the gateway),
so no external crontab executable is required.
Session env vars must hold an explicit truthy string (``1``, ``true``,
``yes``, ``on``) false-like values (``0``, ``false``, ``no``, ``off``)
leave the tool disabled. Uses the shared ``env_var_enabled`` helper so
every consumer of these flags agrees on the truthy set.
"""
return bool(
_is_truthy_env("HERMES_INTERACTIVE")
or _is_truthy_env("HERMES_GATEWAY_SESSION")
or _is_truthy_env("HERMES_EXEC_ASK")
from utils import env_var_enabled
return (
env_var_enabled("HERMES_INTERACTIVE")
or env_var_enabled("HERMES_GATEWAY_SESSION")
or env_var_enabled("HERMES_EXEC_ASK")
)