mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-03 07:21:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

fix(security): address review feedback from pmos69

Browse source 
- Preserve OPENROUTER_API_KEY for explicit mirror/proxy configs when
  requested provider is openrouter and OPENROUTER_BASE_URL is set
- Gate OPENAI_API_KEY and OPENROUTER_API_KEY in named custom provider
  path (_resolve_named_custom_runtime) on authoritative hosts
- Gate same keys in direct-alias path
- Update tests to reflect secure-by-default behavior for local endpoints
This commit is contained in:
Erhnysr 2026-05-20 20:07:28 +03:00 committed by Teknium
parent 59088228f6
commit 9514ddbee2
2 changed files with 22 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/hermes_cli/test_runtime_provider_resolution.py
View file

@ -865,7 +865,8 @@ def test_named_custom_provider_falls_back_to_openai_api_key(monkeypatch):
resolved = rp.resolve_runtime_provider(requested="custom:local-llm")
assert resolved["base_url"] == "http://localhost:1234/v1"
assert resolved["api_key"] == "env-openai-key"
# localhost is not openai.com — OPENAI_API_KEY must not leak to local endpoints (#28660)
assert resolved["api_key"] == "no-key-required"
assert resolved["requested_provider"] == "custom:local-llm"