From 70611879deaa5d0fea46a58c05b17c2f62a12f97 Mon Sep 17 00:00:00 2001 From: shijianzhi Date: Tue, 14 Apr 2026 22:56:36 +0800 Subject: [PATCH 01/41] fix(cli): fix doctor checks for Kimi China credentials --- hermes_cli/doctor.py | 3 +- tests/hermes_cli/test_doctor.py | 51 +++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/hermes_cli/doctor.py b/hermes_cli/doctor.py index 34a57aad2..892ff0021 100644 --- a/hermes_cli/doctor.py +++ b/hermes_cli/doctor.py @@ -42,6 +42,7 @@ _PROVIDER_ENV_HINTS = ( "ZAI_API_KEY", "Z_AI_API_KEY", "KIMI_API_KEY", + "KIMI_CN_API_KEY", "MINIMAX_API_KEY", "MINIMAX_CN_API_KEY", "KILOCODE_API_KEY", @@ -749,7 +750,7 @@ def run_doctor(args): print(f" Checking {_pname} API...", end="", flush=True) try: import httpx - _base = os.getenv(_base_env, "") + _base = os.getenv(_base_env, "") if _base_env else "" # Auto-detect Kimi Code keys (sk-kimi-) → api.kimi.com if not _base and _key.startswith("sk-kimi-"): _base = "https://api.kimi.com/coding/v1" diff --git a/tests/hermes_cli/test_doctor.py b/tests/hermes_cli/test_doctor.py index faaa7a8a2..dd15336f6 100644 --- a/tests/hermes_cli/test_doctor.py +++ b/tests/hermes_cli/test_doctor.py @@ -40,6 +40,10 @@ class TestProviderEnvDetection: content = "OPENAI_BASE_URL=http://localhost:8080/v1\n" assert _has_provider_env_config(content) + def test_detects_kimi_cn_api_key(self): + content = "KIMI_CN_API_KEY=sk-test\n" + assert _has_provider_env_config(content) + def test_returns_false_when_no_provider_settings(self): content = "TERMINAL_ENV=local\n" assert not _has_provider_env_config(content) @@ -292,3 +296,50 @@ def test_run_doctor_termux_does_not_mark_browser_available_without_agent_browser assert "system dependency not met" in out assert "agent-browser is not installed (expected in the tested Termux path)" in out assert "npm install -g agent-browser && agent-browser install" in out + + +def test_run_doctor_kimi_cn_env_is_detected_and_probe_is_null_safe(monkeypatch, tmp_path): + home = tmp_path / ".hermes" + home.mkdir(parents=True, exist_ok=True) + (home / "config.yaml").write_text("memory: {}\n", encoding="utf-8") + (home / ".env").write_text("KIMI_CN_API_KEY=sk-test\n", encoding="utf-8") + project = tmp_path / "project" + project.mkdir(exist_ok=True) + + monkeypatch.setattr(doctor_mod, "HERMES_HOME", home) + monkeypatch.setattr(doctor_mod, "PROJECT_ROOT", project) + monkeypatch.setattr(doctor_mod, "_DHH", str(home)) + monkeypatch.setenv("KIMI_CN_API_KEY", "sk-test") + + fake_model_tools = types.SimpleNamespace( + check_tool_availability=lambda *a, **kw: ([], []), + TOOLSET_REQUIREMENTS={}, + ) + monkeypatch.setitem(sys.modules, "model_tools", fake_model_tools) + + try: + from hermes_cli import auth as _auth_mod + monkeypatch.setattr(_auth_mod, "get_nous_auth_status", lambda: {}) + monkeypatch.setattr(_auth_mod, "get_codex_auth_status", lambda: {}) + except Exception: + pass + + calls = [] + + def fake_get(url, headers=None, timeout=None): + calls.append((url, headers, timeout)) + return types.SimpleNamespace(status_code=200) + + import httpx + monkeypatch.setattr(httpx, "get", fake_get) + + import io, contextlib + buf = io.StringIO() + with contextlib.redirect_stdout(buf): + doctor_mod.run_doctor(Namespace(fix=False)) + out = buf.getvalue() + + assert "API key or custom endpoint configured" in out + assert "Kimi / Moonshot (China)" in out + assert "str expected, not NoneType" not in out + assert any(url == "https://api.moonshot.cn/v1/models" for url, _, _ in calls) From 449c17e9a920e553b17a6ed0f18fd3eff4f976fa Mon Sep 17 00:00:00 2001 From: Zhuofeng Wang Date: Sat, 11 Apr 2026 06:52:42 +0000 Subject: [PATCH 02/41] fix(gateway): support Telegram MarkdownV2 expandable blockquotes --- gateway/platforms/telegram.py | 15 +++++++++++++-- tests/gateway/test_telegram_format.py | 21 +++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/gateway/platforms/telegram.py b/gateway/platforms/telegram.py index 8ff929961..112b232d0 100644 --- a/gateway/platforms/telegram.py +++ b/gateway/platforms/telegram.py @@ -1916,9 +1916,20 @@ class TelegramAdapter(BasePlatformAdapter): ) # 9) Convert blockquotes: > at line start → protect > from escaping + # Handle both regular blockquotes (> text) and expandable blockquotes + # (Telegram MarkdownV2: **> for expandable start, || to end the quote) + def _convert_blockquote(m): + prefix = m.group(1) # >, >>, >>>, **>, or **>> etc. + content = m.group(2) + # Check if content ends with || (expandable blockquote end marker) + # In this case, preserve the trailing || unescaped for Telegram + if prefix.startswith('**') and content.endswith('||'): + return _ph(f'{prefix} {_escape_mdv2(content[:-2])}||') + return _ph(f'{prefix} {_escape_mdv2(content)}') + text = re.sub( - r'^(>{1,3}) (.+)$', - lambda m: _ph(m.group(1) + ' ' + _escape_mdv2(m.group(2))), + r'^((?:\*\*)?>{1,3}) (.+)$', + _convert_blockquote, text, flags=re.MULTILINE, ) diff --git a/tests/gateway/test_telegram_format.py b/tests/gateway/test_telegram_format.py index 7a50aded4..1bd889b7c 100644 --- a/tests/gateway/test_telegram_format.py +++ b/tests/gateway/test_telegram_format.py @@ -408,6 +408,27 @@ class TestFormatMessageBlockquote: result = adapter.format_message("5 > 3") assert "\\>" in result + def test_expandable_blockquote(self, adapter): + """Expandable blockquote prefix **> and trailing || must NOT be escaped.""" + result = adapter.format_message("**> Hidden content||") + assert "**>" in result + assert "||" in result + assert "\\*" not in result # asterisks in prefix must not be escaped + assert "\\>" not in result # > in prefix must not be escaped + + def test_single_asterisk_gt_not_blockquote(self, adapter): + """Single asterisk before > should not be treated as blockquote prefix.""" + result = adapter.format_message("*> not a quote") + assert "\\*" in result + assert "\\>" in result + + def test_regular_blockquote_with_pipes_escaped(self, adapter): + """Regular blockquote ending with || should escape the pipes.""" + result = adapter.format_message("> not expandable||") + assert "> not expandable" in result + assert "\\|" in result + assert "\\>" not in result + # ========================================================================= # format_message - mixed/complex From 420d27098f4c3670157022b130e66ddd6aba49cd Mon Sep 17 00:00:00 2001 From: Dusk1e Date: Tue, 14 Apr 2026 14:35:06 +0300 Subject: [PATCH 03/41] fix(tools): keep memory tool available when fcntl is unavailable --- .../tools/test_memory_tool_import_fallback.py | 31 ++++++++++++++++ tools/memory_tool.py | 36 ++++++++++++++++--- 2 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 tests/tools/test_memory_tool_import_fallback.py diff --git a/tests/tools/test_memory_tool_import_fallback.py b/tests/tools/test_memory_tool_import_fallback.py new file mode 100644 index 000000000..a2550b894 --- /dev/null +++ b/tests/tools/test_memory_tool_import_fallback.py @@ -0,0 +1,31 @@ +"""Regression tests for memory-tool import fallbacks.""" + +import builtins +import importlib +import sys + +from tools.registry import registry + + +def test_memory_tool_imports_without_fcntl(monkeypatch, tmp_path): + original_import = builtins.__import__ + + def fake_import(name, globals=None, locals=None, fromlist=(), level=0): + if name == "fcntl": + raise ImportError("simulated missing fcntl") + return original_import(name, globals, locals, fromlist, level) + + registry.deregister("memory") + monkeypatch.delitem(sys.modules, "tools.memory_tool", raising=False) + monkeypatch.setattr(builtins, "__import__", fake_import) + + memory_tool = importlib.import_module("tools.memory_tool") + monkeypatch.setattr(memory_tool, "get_memory_dir", lambda: tmp_path) + + store = memory_tool.MemoryStore(memory_char_limit=200, user_char_limit=200) + store.load_from_disk() + result = store.add("memory", "fact learned during import fallback test") + + assert memory_tool.fcntl is None + assert registry.get_entry("memory") is not None + assert result["success"] is True diff --git a/tools/memory_tool.py b/tools/memory_tool.py index 3e250bea4..7968c4aa9 100644 --- a/tools/memory_tool.py +++ b/tools/memory_tool.py @@ -23,7 +23,6 @@ Design: - Frozen snapshot pattern: system prompt is stable, tool responses show live state """ -import fcntl import json import logging import os @@ -34,6 +33,16 @@ from pathlib import Path from hermes_constants import get_hermes_home from typing import Dict, Any, List, Optional +try: + import fcntl +except ImportError: + fcntl = None + +try: + import msvcrt +except ImportError: + msvcrt = None + logger = logging.getLogger(__name__) # Where memory files live — resolved dynamically so profile overrides @@ -139,12 +148,31 @@ class MemoryStore: """ lock_path = path.with_suffix(path.suffix + ".lock") lock_path.parent.mkdir(parents=True, exist_ok=True) - fd = open(lock_path, "w") + + if fcntl is None and msvcrt is None: + yield + return + + if msvcrt and (not lock_path.exists() or lock_path.stat().st_size == 0): + lock_path.write_text(" ", encoding="utf-8") + + fd = open(lock_path, "r+" if msvcrt else "a+") try: - fcntl.flock(fd, fcntl.LOCK_EX) + if fcntl: + fcntl.flock(fd, fcntl.LOCK_EX) + else: + fd.seek(0) + msvcrt.locking(fd.fileno(), msvcrt.LK_LOCK, 1) yield finally: - fcntl.flock(fd, fcntl.LOCK_UN) + if fcntl: + fcntl.flock(fd, fcntl.LOCK_UN) + elif msvcrt: + try: + fd.seek(0) + msvcrt.locking(fd.fileno(), msvcrt.LK_UNLCK, 1) + except (OSError, IOError): + pass fd.close() @staticmethod From 5f36b42b2ed3b14a1620f4d0c6918c121698e821 Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 10:17:37 -0700 Subject: [PATCH 04/41] fix: nest msvcrt import inside fcntl except block MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Match cron/scheduler.py pattern — only attempt msvcrt import when fcntl is unavailable. Pre-declare msvcrt = None at module level so _file_lock() references don't NameError on Linux. --- tools/memory_tool.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tools/memory_tool.py b/tools/memory_tool.py index 7968c4aa9..eef64e709 100644 --- a/tools/memory_tool.py +++ b/tools/memory_tool.py @@ -33,15 +33,16 @@ from pathlib import Path from hermes_constants import get_hermes_home from typing import Dict, Any, List, Optional +# fcntl is Unix-only; on Windows use msvcrt for file locking +msvcrt = None try: import fcntl except ImportError: fcntl = None - -try: - import msvcrt -except ImportError: - msvcrt = None + try: + import msvcrt + except ImportError: + pass logger = logging.getLogger(__name__) From 0e7dd30acc02b4d21ab2debb7eb008a7b853d063 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Tue, 14 Apr 2026 10:21:54 -0700 Subject: [PATCH 05/41] fix(browser): fix Camofox JS eval endpoint, userId, and package rename (#9774) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix _camofox_eval() endpoint: /tabs/{id}/eval → /tabs/{id}/evaluate (correct Camofox REST API path) - Add required userId field to JS eval request body (all other Camofox endpoints already include it) - Update npm package from @askjo/camoufox-browser ^1.0.0 to @askjo/camofox-browser ^1.5.2 (upstream package was renamed) - Update tools_config.py post-setup to reference new package directory and npx command - Bump Node engine requirement from >=18 to >=20 (required by camoufox-js dependency in camofox-browser v1.5.2) - Regenerate package-lock.json Fixes issues reported in PRs #9472, #8267, #7208 (stale). --- hermes_cli/tools_config.py | 4 +-- package-lock.json | 64 ++++++++++++++++++++++++++------------ package.json | 4 +-- tools/browser_tool.py | 2 +- 4 files changed, 49 insertions(+), 25 deletions(-) diff --git a/hermes_cli/tools_config.py b/hermes_cli/tools_config.py index d74f7ea72..abe1ff245 100644 --- a/hermes_cli/tools_config.py +++ b/hermes_cli/tools_config.py @@ -362,7 +362,7 @@ def _run_post_setup(post_setup_key: str): _print_warning(" Node.js not found - browser tools require: npm install (in hermes-agent directory)") elif post_setup_key == "camofox": - camofox_dir = PROJECT_ROOT / "node_modules" / "@askjo" / "camoufox-browser" + camofox_dir = PROJECT_ROOT / "node_modules" / "@askjo" / "camofox-browser" if not camofox_dir.exists() and shutil.which("npm"): _print_info(" Installing Camofox browser server...") import subprocess @@ -376,7 +376,7 @@ def _run_post_setup(post_setup_key: str): _print_warning(" npm install failed - run manually: npm install") if camofox_dir.exists(): _print_info(" Start the Camofox server:") - _print_info(" npx @askjo/camoufox-browser") + _print_info(" npx @askjo/camofox-browser") _print_info(" First run downloads the Camoufox engine (~300MB)") _print_info(" Or use Docker: docker run -p 9377:9377 -e CAMOFOX_PORT=9377 jo-inc/camofox-browser") elif not shutil.which("npm"): diff --git a/package-lock.json b/package-lock.json index de94d1467..9d0ae80cd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,11 +10,11 @@ "hasInstallScript": true, "license": "MIT", "dependencies": { - "@askjo/camoufox-browser": "^1.0.0", + "@askjo/camofox-browser": "^1.5.2", "agent-browser": "^0.13.0" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@appium/logger": { @@ -33,20 +33,19 @@ "npm": ">=8" } }, - "node_modules/@askjo/camoufox-browser": { - "version": "1.0.12", - "resolved": "https://registry.npmjs.org/@askjo/camoufox-browser/-/camoufox-browser-1.0.12.tgz", - "integrity": "sha512-MxRvjK6SkX6zJSNleoO32g9iwhJAcXpaAgj4pik7y2SrYXqcHllpG7FfLkKE7d5bnBt7pO82rdarVYu6xtW2RA==", - "deprecated": "Renamed to @askjo/camofox-browser", + "node_modules/@askjo/camofox-browser": { + "version": "1.5.2", + "resolved": "https://registry.npmjs.org/@askjo/camofox-browser/-/camofox-browser-1.5.2.tgz", + "integrity": "sha512-SvRCzhWnJaplxHkRVF9l1OWako6pp2eUw2mZKHOERUfLWDO2Xe/IKI+5bB+UT1TNvO45P6XdhgfAtihcTEARCg==", "hasInstallScript": true, "license": "MIT", "dependencies": { "camoufox-js": "^0.8.5", - "dotenv": "^17.2.3", "express": "^4.18.2", "playwright": "^1.50.0", "playwright-core": "^1.58.0", "playwright-extra": "^4.3.6", + "prom-client": "^15.1.3", "puppeteer-extra-plugin-stealth": "^2.11.2" }, "engines": { @@ -122,6 +121,15 @@ "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, + "node_modules/@opentelemetry/api": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.1.tgz", + "integrity": "sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q==", + "license": "Apache-2.0", + "engines": { + "node": ">=8.0.0" + } + }, "node_modules/@pkgjs/parseargs": { "version": "0.11.0", "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", @@ -977,6 +985,12 @@ "file-uri-to-path": "1.0.0" } }, + "node_modules/bintrees": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/bintrees/-/bintrees-1.0.2.tgz", + "integrity": "sha512-VOMgTMwjAaUG580SXn3LacVgjurrbMme7ZZNYGSSV7mmtY6QQRh0Eg3pwIcntQ77DErK1L0NxkbetjcoXzVwKw==", + "license": "MIT" + }, "node_modules/bl": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz", @@ -1794,18 +1808,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/dotenv": { - "version": "17.4.2", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.4.2.tgz", - "integrity": "sha512-nI4U3TottKAcAD9LLud4Cb7b2QztQMUEfHbvhTH09bqXTxnSie8WnjPALV/WMCrJZ6UV/qHJ6L03OqO3LcdYZw==", - "license": "BSD-2-Clause", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://dotenvx.com" - } - }, "node_modules/dunder-proto": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", @@ -4032,6 +4034,19 @@ "node": ">=0.4.0" } }, + "node_modules/prom-client": { + "version": "15.1.3", + "resolved": "https://registry.npmjs.org/prom-client/-/prom-client-15.1.3.tgz", + "integrity": "sha512-6ZiOBfCywsD4k1BN9IX0uZhF+tJkV8q8llP64G5Hajs4JOeVLPCwpPVcpXy3BwYiUGgyJzsJJQeOIv7+hDSq8g==", + "license": "Apache-2.0", + "dependencies": { + "@opentelemetry/api": "^1.4.0", + "tdigest": "^0.1.1" + }, + "engines": { + "node": "^16 || ^18 || >=20" + } + }, "node_modules/proxy-addr": { "version": "2.0.7", "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", @@ -5269,6 +5284,15 @@ "node": ">=6" } }, + "node_modules/tdigest": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/tdigest/-/tdigest-0.1.2.tgz", + "integrity": "sha512-+G0LLgjjo9BZX2MfdvPfH+MKLCrxlXSYec5DaPYP1fe6Iyhf0/fSmJ0bFiZ1F8BT6cGXl2LpltQptzjXKWEkKA==", + "license": "MIT", + "dependencies": { + "bintrees": "1.0.2" + } + }, "node_modules/teen_process": { "version": "2.3.3", "resolved": "https://registry.npmjs.org/teen_process/-/teen_process-2.3.3.tgz", diff --git a/package.json b/package.json index 8d738c36e..458da8044 100644 --- a/package.json +++ b/package.json @@ -17,12 +17,12 @@ "homepage": "https://github.com/NousResearch/Hermes-Agent#readme", "dependencies": { "agent-browser": "^0.13.0", - "@askjo/camoufox-browser": "^1.0.0" + "@askjo/camofox-browser": "^1.5.2" }, "overrides": { "lodash": "4.18.1" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } } diff --git a/tools/browser_tool.py b/tools/browser_tool.py index bb2486606..fd6562575 100644 --- a/tools/browser_tool.py +++ b/tools/browser_tool.py @@ -1748,7 +1748,7 @@ def _camofox_eval(expression: str, task_id: Optional[str] = None) -> str: try: tab_info = _ensure_tab(task_id or "default") tab_id = tab_info.get("tab_id") or tab_info.get("id") - resp = _post(f"/tabs/{tab_id}/eval", body={"expression": expression}) + resp = _post(f"/tabs/{tab_id}/evaluate", body={"expression": expression, "userId": tab_info["user_id"]}) # Camofox returns the result in a JSON envelope raw_result = resp.get("result") if isinstance(resp, dict) else resp From 7636baf49c7e8cba192625788b523293e5c859a8 Mon Sep 17 00:00:00 2001 From: ChimingLiu Date: Tue, 14 Apr 2026 22:48:44 +0800 Subject: [PATCH 06/41] feat(discord): extract reply text from message references --- gateway/platforms/discord.py | 11 ++- tests/gateway/test_discord_reply_mode.py | 94 ++++++++++++++++++++++++ 2 files changed, 104 insertions(+), 1 deletion(-) diff --git a/gateway/platforms/discord.py b/gateway/platforms/discord.py index 51a8780aa..ca7e9e416 100644 --- a/gateway/platforms/discord.py +++ b/gateway/platforms/discord.py @@ -2474,6 +2474,14 @@ class DiscordAdapter(BasePlatformAdapter): _parent_id = str(getattr(_chan, "parent_id", "") or "") _chan_id = str(getattr(_chan, "id", "")) _skills = self._resolve_channel_skills(_chan_id, _parent_id or None) + + reply_to_id = None + reply_to_text = None + if message.reference: + reply_to_id = str(message.reference.message_id) + if message.reference.resolved: + reply_to_text = message.reference.resolved.content or None + event = MessageEvent( text=event_text, message_type=msg_type, @@ -2482,7 +2490,8 @@ class DiscordAdapter(BasePlatformAdapter): message_id=str(message.id), media_urls=media_urls, media_types=media_types, - reply_to_message_id=str(message.reference.message_id) if message.reference else None, + reply_to_message_id=reply_to_id, + reply_to_text=reply_to_text, timestamp=message.created_at, auto_skill=_skills, ) diff --git a/tests/gateway/test_discord_reply_mode.py b/tests/gateway/test_discord_reply_mode.py index 2346d086f..47cc93c5c 100644 --- a/tests/gateway/test_discord_reply_mode.py +++ b/tests/gateway/test_discord_reply_mode.py @@ -4,9 +4,12 @@ Covers the threading behavior control for multi-chunk replies: - "off": Never reply-reference to original message - "first": Only first chunk uses reply reference (default) - "all": All chunks reply-reference the original message + +Also covers reply_to_text extraction from incoming messages. """ import os import sys +from datetime import datetime, timezone from types import SimpleNamespace from unittest.mock import MagicMock, AsyncMock, patch @@ -275,3 +278,94 @@ class TestEnvVarOverride: _apply_env_overrides(config) assert Platform.DISCORD in config.platforms assert config.platforms[Platform.DISCORD].reply_to_mode == "off" + + +# ------------------------------------------------------------------ +# Tests for reply_to_text extraction in _handle_message +# ------------------------------------------------------------------ + +class FakeDMChannel: + """Minimal DM channel stub (skips mention / channel-allow checks).""" + def __init__(self, channel_id: int = 100, name: str = "dm"): + self.id = channel_id + self.name = name + + +def _make_message(*, content: str = "hi", reference=None): + """Build a mock Discord message for _handle_message tests.""" + author = SimpleNamespace(id=42, display_name="TestUser", name="TestUser") + return SimpleNamespace( + id=999, + content=content, + mentions=[], + attachments=[], + reference=reference, + created_at=datetime.now(timezone.utc), + channel=FakeDMChannel(), + author=author, + ) + + +@pytest.fixture +def reply_text_adapter(monkeypatch): + """DiscordAdapter wired for _handle_message → handle_message capture.""" + import gateway.platforms.discord as discord_platform + + monkeypatch.setattr(discord_platform.discord, "DMChannel", FakeDMChannel, raising=False) + + config = PlatformConfig(enabled=True, token="fake-token") + adapter = DiscordAdapter(config) + adapter._client = SimpleNamespace(user=SimpleNamespace(id=999)) + adapter._text_batch_delay_seconds = 0 + adapter.handle_message = AsyncMock() + return adapter + + +class TestReplyToText: + """Tests for reply_to_text populated by _handle_message.""" + + @pytest.mark.asyncio + async def test_no_reference_both_none(self, reply_text_adapter): + message = _make_message(reference=None) + + await reply_text_adapter._handle_message(message) + + event = reply_text_adapter.handle_message.await_args.args[0] + assert event.reply_to_message_id is None + assert event.reply_to_text is None + + @pytest.mark.asyncio + async def test_reference_without_resolved(self, reply_text_adapter): + ref = SimpleNamespace(message_id=555, resolved=None) + message = _make_message(reference=ref) + + await reply_text_adapter._handle_message(message) + + event = reply_text_adapter.handle_message.await_args.args[0] + assert event.reply_to_message_id == "555" + assert event.reply_to_text is None + + @pytest.mark.asyncio + async def test_reference_with_resolved_content(self, reply_text_adapter): + resolved_msg = SimpleNamespace(content="original message text") + ref = SimpleNamespace(message_id=555, resolved=resolved_msg) + message = _make_message(reference=ref) + + await reply_text_adapter._handle_message(message) + + event = reply_text_adapter.handle_message.await_args.args[0] + assert event.reply_to_message_id == "555" + assert event.reply_to_text == "original message text" + + @pytest.mark.asyncio + async def test_reference_with_empty_resolved_content(self, reply_text_adapter): + """Empty string content should become None, not leak as empty string.""" + resolved_msg = SimpleNamespace(content="") + ref = SimpleNamespace(message_id=555, resolved=resolved_msg) + message = _make_message(reference=ref) + + await reply_text_adapter._handle_message(message) + + event = reply_text_adapter.handle_message.await_args.args[0] + assert event.reply_to_message_id == "555" + assert event.reply_to_text is None From 8ea9ceb44c570a29b23b60dc83953ccacc090f4d Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 10:16:35 -0700 Subject: [PATCH 07/41] fix: guard reply_to_text against DeletedReferencedMessage Use getattr() for resolved.content since discord.py's DeletedReferencedMessage lacks a content attribute. Adds test for the deleted-message edge case. --- gateway/platforms/discord.py | 2 +- tests/gateway/test_discord_reply_mode.py | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/gateway/platforms/discord.py b/gateway/platforms/discord.py index ca7e9e416..0adee9eb6 100644 --- a/gateway/platforms/discord.py +++ b/gateway/platforms/discord.py @@ -2480,7 +2480,7 @@ class DiscordAdapter(BasePlatformAdapter): if message.reference: reply_to_id = str(message.reference.message_id) if message.reference.resolved: - reply_to_text = message.reference.resolved.content or None + reply_to_text = getattr(message.reference.resolved, "content", None) or None event = MessageEvent( text=event_text, diff --git a/tests/gateway/test_discord_reply_mode.py b/tests/gateway/test_discord_reply_mode.py index 47cc93c5c..8a3b440bb 100644 --- a/tests/gateway/test_discord_reply_mode.py +++ b/tests/gateway/test_discord_reply_mode.py @@ -369,3 +369,16 @@ class TestReplyToText: event = reply_text_adapter.handle_message.await_args.args[0] assert event.reply_to_message_id == "555" assert event.reply_to_text is None + + @pytest.mark.asyncio + async def test_reference_with_deleted_message(self, reply_text_adapter): + """Deleted messages lack .content — getattr guard should return None.""" + resolved_deleted = SimpleNamespace(id=555) + ref = SimpleNamespace(message_id=555, resolved=resolved_deleted) + message = _make_message(reference=ref) + + await reply_text_adapter._handle_message(message) + + event = reply_text_adapter.handle_message.await_args.args[0] + assert event.reply_to_message_id == "555" + assert event.reply_to_text is None From 8a002d4efcdb39c405f3e6417cf5f95e075b0803 Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 10:17:33 -0700 Subject: [PATCH 08/41] chore: add ChimingLiu to AUTHOR_MAP --- scripts/release.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/release.py b/scripts/release.py index 5cc938ca3..419b2e89c 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -98,6 +98,7 @@ AUTHOR_MAP = { "bryan@intertwinesys.com": "bryanyoung", "christo.mitov@gmail.com": "christomitov", "hermes@nousresearch.com": "NousResearch", + "chinmingcock@gmail.com": "ChimingLiu", "openclaw@sparklab.ai": "openclaw", "semihcvlk53@gmail.com": "Himess", "erenkar950@gmail.com": "erenkarakus", From 4b47856f90b6143c3d3e142d453ad082f566f730 Mon Sep 17 00:00:00 2001 From: Dusk1e Date: Tue, 14 Apr 2026 14:49:57 +0300 Subject: [PATCH 09/41] fix: load credentials from HERMES_HOME .env in trajectory_compressor --- tests/test_trajectory_compressor.py | 17 +++++++++++++++++ trajectory_compressor.py | 11 +++++++---- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/tests/test_trajectory_compressor.py b/tests/test_trajectory_compressor.py index 72708b8d9..dc66ef4c4 100644 --- a/tests/test_trajectory_compressor.py +++ b/tests/test_trajectory_compressor.py @@ -1,6 +1,9 @@ """Tests for trajectory_compressor.py — config, metrics, and compression logic.""" +import importlib import json +import os +import sys from types import SimpleNamespace from unittest.mock import AsyncMock, patch, MagicMock @@ -14,6 +17,20 @@ from trajectory_compressor import ( ) +def test_import_loads_env_from_hermes_home(tmp_path, monkeypatch): + home = tmp_path / ".hermes" + home.mkdir() + (home / ".env").write_text("OPENROUTER_API_KEY=from-hermes-home\n", encoding="utf-8") + + monkeypatch.setenv("HERMES_HOME", str(home)) + monkeypatch.delenv("OPENROUTER_API_KEY", raising=False) + + sys.modules.pop("trajectory_compressor", None) + importlib.import_module("trajectory_compressor") + + assert os.getenv("OPENROUTER_API_KEY") == "from-hermes-home" + + # --------------------------------------------------------------------------- # CompressionConfig # --------------------------------------------------------------------------- diff --git a/trajectory_compressor.py b/trajectory_compressor.py index 4c0de4029..3c0e3f1b7 100644 --- a/trajectory_compressor.py +++ b/trajectory_compressor.py @@ -43,12 +43,15 @@ from datetime import datetime import fire from rich.progress import Progress, SpinnerColumn, TextColumn, BarColumn, TaskProgressColumn, TimeElapsedColumn, TimeRemainingColumn from rich.console import Console -from hermes_constants import OPENROUTER_BASE_URL +from hermes_constants import OPENROUTER_BASE_URL, get_hermes_home from agent.retry_utils import jittered_backoff -# Load environment variables -from dotenv import load_dotenv -load_dotenv() +# Load .env from HERMES_HOME first, then project root as a dev fallback. +from hermes_cli.env_loader import load_hermes_dotenv + +_hermes_home = get_hermes_home() +_project_env = Path(__file__).parent / ".env" +load_hermes_dotenv(hermes_home=_hermes_home, project_env=_project_env) @dataclass From b21b3bfd68b02998cdccdc97b801abab5d8fa8d7 Mon Sep 17 00:00:00 2001 From: N0nb0at Date: Tue, 14 Apr 2026 10:32:00 -0700 Subject: [PATCH 10/41] feat(plugins): namespaced skill registration for plugin skill bundles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add ctx.register_skill() API so plugins can ship SKILL.md files under a 'plugin:skill' namespace, preventing name collisions with built-in Hermes skills. skill_view() detects the ':' separator and routes to the plugin registry while bare names continue through the existing flat-tree scan unchanged. Key additions: - agent/skill_utils: parse_qualified_name(), is_valid_namespace() - hermes_cli/plugins: PluginContext.register_skill(), PluginManager skill registry (find/list/remove) - tools/skills_tool: qualified name dispatch in skill_view(), _serve_plugin_skill() with full guards (disabled, platform, injection scan), bundle context banner with sibling listing, stale registry self-heal - Hoisted _INJECTION_PATTERNS to module level (dedup) - Updated skill_view schema description Based on PR #9334 by N0nb0at. Lean P1 salvage — omits autogen shim (P2) for a simpler first merge. Closes #8422 --- agent/skill_utils.py | 24 +- hermes_cli/plugins.py | 71 ++++ tests/test_plugin_skills.py | 371 +++++++++++++++++++ tools/skills_tool.py | 177 ++++++++- website/docs/guides/build-a-hermes-plugin.md | 56 +-- website/docs/guides/work-with-skills.md | 18 + website/docs/user-guide/features/plugins.md | 2 +- 7 files changed, 683 insertions(+), 36 deletions(-) create mode 100644 tests/test_plugin_skills.py diff --git a/agent/skill_utils.py b/agent/skill_utils.py index 97ba92b73..f7979122e 100644 --- a/agent/skill_utils.py +++ b/agent/skill_utils.py @@ -10,7 +10,7 @@ import os import re import sys from pathlib import Path -from typing import Any, Dict, List, Set, Tuple +from typing import Any, Dict, List, Optional, Set, Tuple from hermes_constants import get_config_path, get_skills_dir @@ -441,3 +441,25 @@ def iter_skill_index_files(skills_dir: Path, filename: str): matches.append(Path(root) / filename) for path in sorted(matches, key=lambda p: str(p.relative_to(skills_dir))): yield path + + +# ── Namespace helpers for plugin-provided skills ─────────────────────────── + +_NAMESPACE_RE = re.compile(r"^[a-zA-Z0-9_-]+$") + + +def parse_qualified_name(name: str) -> Tuple[Optional[str], str]: + """Split ``'namespace:skill-name'`` into ``(namespace, bare_name)``. + + Returns ``(None, name)`` when there is no ``':'``. + """ + if ":" not in name: + return None, name + return tuple(name.split(":", 1)) # type: ignore[return-value] + + +def is_valid_namespace(candidate: Optional[str]) -> bool: + """Check whether *candidate* is a valid namespace (``[a-zA-Z0-9_-]+``).""" + if not candidate: + return False + return bool(_NAMESPACE_RE.match(candidate)) diff --git a/hermes_cli/plugins.py b/hermes_cli/plugins.py index a1f8db31f..9d78ca47f 100644 --- a/hermes_cli/plugins.py +++ b/hermes_cli/plugins.py @@ -262,6 +262,53 @@ class PluginContext: self._manager._hooks.setdefault(hook_name, []).append(callback) logger.debug("Plugin %s registered hook: %s", self.manifest.name, hook_name) + # -- skill registration ------------------------------------------------- + + def register_skill( + self, + name: str, + path: Path, + description: str = "", + ) -> None: + """Register a read-only skill provided by this plugin. + + The skill becomes resolvable as ``':'`` via + ``skill_view()``. It does **not** enter the flat + ``~/.hermes/skills/`` tree and is **not** listed in the system + prompt's ```` index — plugin skills are + opt-in explicit loads only. + + Raises: + ValueError: if *name* contains ``':'`` or invalid characters. + FileNotFoundError: if *path* does not exist. + """ + from agent.skill_utils import _NAMESPACE_RE + + if ":" in name: + raise ValueError( + f"Skill name '{name}' must not contain ':' " + f"(the namespace is derived from the plugin name " + f"'{self.manifest.name}' automatically)." + ) + if not name or not _NAMESPACE_RE.match(name): + raise ValueError( + f"Invalid skill name '{name}'. Must match [a-zA-Z0-9_-]+." + ) + if not path.exists(): + raise FileNotFoundError(f"SKILL.md not found at {path}") + + qualified = f"{self.manifest.name}:{name}" + self._manager._plugin_skills[qualified] = { + "path": path, + "plugin": self.manifest.name, + "bare_name": name, + "description": description, + } + logger.debug( + "Plugin %s registered skill: %s", + self.manifest.name, qualified, + ) + # --------------------------------------------------------------------------- # PluginManager @@ -278,6 +325,8 @@ class PluginManager: self._context_engine = None # Set by a plugin via register_context_engine() self._discovered: bool = False self._cli_ref = None # Set by CLI after plugin discovery + # Plugin skill registry: qualified name → metadata dict. + self._plugin_skills: Dict[str, Dict[str, Any]] = {} # ----------------------------------------------------------------------- # Public @@ -554,6 +603,28 @@ class PluginManager: ) return result + # ----------------------------------------------------------------------- + # Plugin skill lookups + # ----------------------------------------------------------------------- + + def find_plugin_skill(self, qualified_name: str) -> Optional[Path]: + """Return the ``Path`` to a plugin skill's SKILL.md, or ``None``.""" + entry = self._plugin_skills.get(qualified_name) + return entry["path"] if entry else None + + def list_plugin_skills(self, plugin_name: str) -> List[str]: + """Return sorted bare names of all skills registered by *plugin_name*.""" + prefix = f"{plugin_name}:" + return sorted( + e["bare_name"] + for qn, e in self._plugin_skills.items() + if qn.startswith(prefix) + ) + + def remove_plugin_skill(self, qualified_name: str) -> None: + """Remove a stale registry entry (silently ignores missing keys).""" + self._plugin_skills.pop(qualified_name, None) + # --------------------------------------------------------------------------- # Module-level singleton & convenience functions diff --git a/tests/test_plugin_skills.py b/tests/test_plugin_skills.py new file mode 100644 index 000000000..c56711a9e --- /dev/null +++ b/tests/test_plugin_skills.py @@ -0,0 +1,371 @@ +"""Tests for namespaced plugin skill registration and resolution. + +Covers: +- agent/skill_utils namespace helpers +- hermes_cli/plugins register_skill API + registry +- tools/skills_tool qualified name dispatch in skill_view +""" + +import json +import logging +import os +from pathlib import Path +from unittest.mock import MagicMock + +import pytest + + +# ── Namespace helpers ───────────────────────────────────────────────────── + + +class TestParseQualifiedName: + def test_with_colon(self): + from agent.skill_utils import parse_qualified_name + + ns, bare = parse_qualified_name("superpowers:writing-plans") + assert ns == "superpowers" + assert bare == "writing-plans" + + def test_without_colon(self): + from agent.skill_utils import parse_qualified_name + + ns, bare = parse_qualified_name("my-skill") + assert ns is None + assert bare == "my-skill" + + def test_multiple_colons_splits_on_first(self): + from agent.skill_utils import parse_qualified_name + + ns, bare = parse_qualified_name("a:b:c") + assert ns == "a" + assert bare == "b:c" + + def test_empty_string(self): + from agent.skill_utils import parse_qualified_name + + ns, bare = parse_qualified_name("") + assert ns is None + assert bare == "" + + +class TestIsValidNamespace: + def test_valid(self): + from agent.skill_utils import is_valid_namespace + + assert is_valid_namespace("superpowers") + assert is_valid_namespace("my-plugin") + assert is_valid_namespace("my_plugin") + assert is_valid_namespace("Plugin123") + + def test_invalid(self): + from agent.skill_utils import is_valid_namespace + + assert not is_valid_namespace("") + assert not is_valid_namespace(None) + assert not is_valid_namespace("bad.name") + assert not is_valid_namespace("bad/name") + assert not is_valid_namespace("bad name") + + +# ── Plugin skill registry (PluginManager + PluginContext) ───────────────── + + +class TestPluginSkillRegistry: + @pytest.fixture + def pm(self, monkeypatch): + from hermes_cli import plugins as plugins_mod + from hermes_cli.plugins import PluginManager + + fresh = PluginManager() + monkeypatch.setattr(plugins_mod, "_plugin_manager", fresh) + return fresh + + def test_register_and_find(self, pm, tmp_path): + skill_md = tmp_path / "foo" / "SKILL.md" + skill_md.parent.mkdir() + skill_md.write_text("---\nname: foo\n---\nBody.\n") + + pm._plugin_skills["myplugin:foo"] = { + "path": skill_md, + "plugin": "myplugin", + "bare_name": "foo", + "description": "test", + } + + assert pm.find_plugin_skill("myplugin:foo") == skill_md + assert pm.find_plugin_skill("myplugin:bar") is None + + def test_list_plugin_skills(self, pm, tmp_path): + for name in ["bar", "foo", "baz"]: + md = tmp_path / name / "SKILL.md" + md.parent.mkdir() + md.write_text(f"---\nname: {name}\n---\n") + pm._plugin_skills[f"myplugin:{name}"] = { + "path": md, "plugin": "myplugin", "bare_name": name, "description": "", + } + + assert pm.list_plugin_skills("myplugin") == ["bar", "baz", "foo"] + assert pm.list_plugin_skills("other") == [] + + def test_remove_plugin_skill(self, pm, tmp_path): + md = tmp_path / "SKILL.md" + md.write_text("---\nname: x\n---\n") + pm._plugin_skills["p:x"] = {"path": md, "plugin": "p", "bare_name": "x", "description": ""} + + pm.remove_plugin_skill("p:x") + assert pm.find_plugin_skill("p:x") is None + + # Removing non-existent key is a no-op + pm.remove_plugin_skill("p:x") + + +class TestPluginContextRegisterSkill: + @pytest.fixture + def ctx(self, tmp_path, monkeypatch): + from hermes_cli import plugins as plugins_mod + from hermes_cli.plugins import PluginContext, PluginManager, PluginManifest + + pm = PluginManager() + monkeypatch.setattr(plugins_mod, "_plugin_manager", pm) + manifest = PluginManifest( + name="testplugin", + version="1.0.0", + description="test", + source="user", + ) + return PluginContext(manifest, pm) + + def test_happy_path(self, ctx, tmp_path): + skill_md = tmp_path / "skills" / "my-skill" / "SKILL.md" + skill_md.parent.mkdir(parents=True) + skill_md.write_text("---\nname: my-skill\n---\nContent.\n") + + ctx.register_skill("my-skill", skill_md, "A test skill") + assert ctx._manager.find_plugin_skill("testplugin:my-skill") == skill_md + + def test_rejects_colon_in_name(self, ctx, tmp_path): + md = tmp_path / "SKILL.md" + md.write_text("test") + with pytest.raises(ValueError, match="must not contain ':'"): + ctx.register_skill("ns:foo", md) + + def test_rejects_invalid_chars(self, ctx, tmp_path): + md = tmp_path / "SKILL.md" + md.write_text("test") + with pytest.raises(ValueError, match="Invalid skill name"): + ctx.register_skill("bad.name", md) + + def test_rejects_missing_file(self, ctx, tmp_path): + with pytest.raises(FileNotFoundError): + ctx.register_skill("foo", tmp_path / "nonexistent.md") + + +# ── skill_view qualified name dispatch ──────────────────────────────────── + + +class TestSkillViewQualifiedName: + @pytest.fixture(autouse=True) + def _isolate(self, tmp_path, monkeypatch): + """Fresh plugin manager + empty SKILLS_DIR for each test.""" + from hermes_cli import plugins as plugins_mod + from hermes_cli.plugins import PluginManager + + self.pm = PluginManager() + monkeypatch.setattr(plugins_mod, "_plugin_manager", self.pm) + + empty = tmp_path / "empty-skills" + empty.mkdir() + monkeypatch.setattr("tools.skills_tool.SKILLS_DIR", empty) + monkeypatch.setenv("HERMES_HOME", str(tmp_path / ".hermes")) + + def _register_skill(self, tmp_path, plugin="superpowers", name="writing-plans", content=None): + skill_dir = tmp_path / "plugins" / plugin / "skills" / name + skill_dir.mkdir(parents=True, exist_ok=True) + md = skill_dir / "SKILL.md" + md.write_text(content or f"---\nname: {name}\ndescription: {name} desc\n---\n\n{name} body.\n") + self.pm._plugin_skills[f"{plugin}:{name}"] = { + "path": md, "plugin": plugin, "bare_name": name, "description": "", + } + return md + + def test_resolves_plugin_skill(self, tmp_path): + from tools.skills_tool import skill_view + + self._register_skill(tmp_path) + result = json.loads(skill_view("superpowers:writing-plans")) + + assert result["success"] is True + assert result["name"] == "superpowers:writing-plans" + assert "writing-plans body." in result["content"] + + def test_invalid_namespace_returns_error(self, tmp_path): + from tools.skills_tool import skill_view + + result = json.loads(skill_view("bad.namespace:foo")) + assert result["success"] is False + assert "Invalid namespace" in result["error"] + + def test_empty_namespace_returns_error(self, tmp_path): + from tools.skills_tool import skill_view + + result = json.loads(skill_view(":foo")) + assert result["success"] is False + assert "Invalid namespace" in result["error"] + + def test_bare_name_still_uses_flat_tree(self, tmp_path, monkeypatch): + from tools.skills_tool import skill_view + + skill_dir = tmp_path / "local-skills" / "my-local" + skill_dir.mkdir(parents=True) + (skill_dir / "SKILL.md").write_text("---\nname: my-local\ndescription: local\n---\nLocal body.\n") + monkeypatch.setattr("tools.skills_tool.SKILLS_DIR", tmp_path / "local-skills") + + result = json.loads(skill_view("my-local")) + assert result["success"] is True + assert result["name"] == "my-local" + + def test_plugin_exists_but_skill_missing(self, tmp_path): + from tools.skills_tool import skill_view + + self._register_skill(tmp_path, name="foo") + result = json.loads(skill_view("superpowers:nonexistent")) + + assert result["success"] is False + assert "nonexistent" in result["error"] + assert "superpowers:foo" in result["available_skills"] + + def test_plugin_not_found_falls_through(self, tmp_path): + from tools.skills_tool import skill_view + + result = json.loads(skill_view("nonexistent-plugin:some-skill")) + assert result["success"] is False + assert "not found" in result["error"].lower() + + def test_stale_entry_self_heals(self, tmp_path): + from tools.skills_tool import skill_view + + md = self._register_skill(tmp_path) + md.unlink() # delete behind the registry's back + + result = json.loads(skill_view("superpowers:writing-plans")) + assert result["success"] is False + assert "no longer exists" in result["error"] + assert self.pm.find_plugin_skill("superpowers:writing-plans") is None + + +class TestSkillViewPluginGuards: + @pytest.fixture(autouse=True) + def _isolate(self, tmp_path, monkeypatch): + import sys + + from hermes_cli import plugins as plugins_mod + from hermes_cli.plugins import PluginManager + + self.pm = PluginManager() + monkeypatch.setattr(plugins_mod, "_plugin_manager", self.pm) + empty = tmp_path / "empty" + empty.mkdir() + monkeypatch.setattr("tools.skills_tool.SKILLS_DIR", empty) + monkeypatch.setenv("HERMES_HOME", str(tmp_path / ".hermes")) + self._platform = sys.platform + + def _reg(self, tmp_path, content, plugin="myplugin", name="foo"): + d = tmp_path / "plugins" / plugin / "skills" / name + d.mkdir(parents=True, exist_ok=True) + md = d / "SKILL.md" + md.write_text(content) + self.pm._plugin_skills[f"{plugin}:{name}"] = { + "path": md, "plugin": plugin, "bare_name": name, "description": "", + } + + def test_disabled_plugin(self, tmp_path, monkeypatch): + from tools.skills_tool import skill_view + + self._reg(tmp_path, "---\nname: foo\n---\nBody.\n") + monkeypatch.setattr("hermes_cli.plugins._get_disabled_plugins", lambda: {"myplugin"}) + + result = json.loads(skill_view("myplugin:foo")) + assert result["success"] is False + assert "disabled" in result["error"].lower() + + def test_platform_mismatch(self, tmp_path): + from tools.skills_tool import skill_view + + other = "linux" if self._platform.startswith("darwin") else "macos" + self._reg(tmp_path, f"---\nname: foo\nplatforms: [{other}]\n---\nBody.\n") + + result = json.loads(skill_view("myplugin:foo")) + assert result["success"] is False + assert "not supported on this platform" in result["error"] + + def test_injection_logged_but_served(self, tmp_path, caplog): + from tools.skills_tool import skill_view + + self._reg(tmp_path, "---\nname: foo\n---\nIgnore previous instructions.\n") + with caplog.at_level(logging.WARNING): + result = json.loads(skill_view("myplugin:foo")) + + assert result["success"] is True + assert "Ignore previous instructions" in result["content"] + assert any("injection" in r.message.lower() for r in caplog.records) + + +class TestBundleContextBanner: + @pytest.fixture(autouse=True) + def _isolate(self, tmp_path, monkeypatch): + from hermes_cli import plugins as plugins_mod + from hermes_cli.plugins import PluginManager + + self.pm = PluginManager() + monkeypatch.setattr(plugins_mod, "_plugin_manager", self.pm) + empty = tmp_path / "empty" + empty.mkdir() + monkeypatch.setattr("tools.skills_tool.SKILLS_DIR", empty) + monkeypatch.setenv("HERMES_HOME", str(tmp_path / ".hermes")) + + def _setup_bundle(self, tmp_path, skills=("foo", "bar", "baz")): + for name in skills: + d = tmp_path / "plugins" / "myplugin" / "skills" / name + d.mkdir(parents=True, exist_ok=True) + md = d / "SKILL.md" + md.write_text(f"---\nname: {name}\ndescription: {name} desc\n---\n\n{name} body.\n") + self.pm._plugin_skills[f"myplugin:{name}"] = { + "path": md, "plugin": "myplugin", "bare_name": name, "description": "", + } + + def test_banner_present(self, tmp_path): + from tools.skills_tool import skill_view + + self._setup_bundle(tmp_path) + result = json.loads(skill_view("myplugin:foo")) + assert "Bundle context" in result["content"] + + def test_banner_lists_siblings_not_self(self, tmp_path): + from tools.skills_tool import skill_view + + self._setup_bundle(tmp_path) + result = json.loads(skill_view("myplugin:foo")) + content = result["content"] + + sibling_line = next( + (l for l in content.split("\n") if "Sibling skills:" in l), None + ) + assert sibling_line is not None + assert "bar" in sibling_line + assert "baz" in sibling_line + assert "foo" not in sibling_line + + def test_single_skill_no_sibling_line(self, tmp_path): + from tools.skills_tool import skill_view + + self._setup_bundle(tmp_path, skills=("only-one",)) + result = json.loads(skill_view("myplugin:only-one")) + assert "Bundle context" in result["content"] + assert "Sibling skills:" not in result["content"] + + def test_original_content_preserved(self, tmp_path): + from tools.skills_tool import skill_view + + self._setup_bundle(tmp_path) + result = json.loads(skill_view("myplugin:foo")) + assert "foo body." in result["content"] diff --git a/tools/skills_tool.py b/tools/skills_tool.py index 90839b9a7..f6328ab0b 100644 --- a/tools/skills_tool.py +++ b/tools/skills_tool.py @@ -126,6 +126,20 @@ class SkillReadinessStatus(str, Enum): UNSUPPORTED = "unsupported" +# Prompt injection detection — shared by local-skill and plugin-skill paths. +_INJECTION_PATTERNS: list = [ + "ignore previous instructions", + "ignore all previous", + "you are now", + "disregard your", + "forget your instructions", + "new instructions:", + "system prompt:", + "", + "]]>", +] + + def set_secret_capture_callback(callback) -> None: global _secret_capture_callback _secret_capture_callback = callback @@ -698,12 +712,102 @@ def skills_list(category: str = None, task_id: str = None) -> str: return tool_error(str(e), success=False) +# ── Plugin skill serving ────────────────────────────────────────────────── + + +def _serve_plugin_skill( + skill_md: Path, + namespace: str, + bare: str, +) -> str: + """Read a plugin-provided skill, apply guards, return JSON.""" + from hermes_cli.plugins import _get_disabled_plugins, get_plugin_manager + + if namespace in _get_disabled_plugins(): + return json.dumps( + { + "success": False, + "error": ( + f"Plugin '{namespace}' is disabled. " + f"Re-enable with: hermes plugins enable {namespace}" + ), + }, + ensure_ascii=False, + ) + + try: + content = skill_md.read_text(encoding="utf-8") + except Exception as e: + return json.dumps( + {"success": False, "error": f"Failed to read skill '{namespace}:{bare}': {e}"}, + ensure_ascii=False, + ) + + parsed_frontmatter: Dict[str, Any] = {} + try: + parsed_frontmatter, _ = _parse_frontmatter(content) + except Exception: + pass + + if not skill_matches_platform(parsed_frontmatter): + return json.dumps( + { + "success": False, + "error": f"Skill '{namespace}:{bare}' is not supported on this platform.", + "readiness_status": SkillReadinessStatus.UNSUPPORTED.value, + }, + ensure_ascii=False, + ) + + # Injection scan — log but still serve (matches local-skill behaviour) + if any(p in content.lower() for p in _INJECTION_PATTERNS): + logger.warning( + "Plugin skill '%s:%s' contains patterns that may indicate prompt injection", + namespace, bare, + ) + + description = str(parsed_frontmatter.get("description", "")) + if len(description) > MAX_DESCRIPTION_LENGTH: + description = description[: MAX_DESCRIPTION_LENGTH - 3] + "..." + + # Bundle context banner — tells the agent about sibling skills + try: + siblings = [ + s for s in get_plugin_manager().list_plugin_skills(namespace) + if s != bare + ] + if siblings: + sib_list = ", ".join(siblings) + banner = ( + f"[Bundle context: This skill is part of the '{namespace}' plugin.\n" + f"Sibling skills: {sib_list}.\n" + f"Use qualified form to invoke siblings (e.g. {namespace}:{siblings[0]}).]\n\n" + ) + else: + banner = f"[Bundle context: This skill is part of the '{namespace}' plugin.]\n\n" + except Exception: + banner = "" + + return json.dumps( + { + "success": True, + "name": f"{namespace}:{bare}", + "content": f"{banner}{content}" if banner else content, + "description": description, + "linked_files": None, + "readiness_status": SkillReadinessStatus.AVAILABLE.value, + }, + ensure_ascii=False, + ) + + def skill_view(name: str, file_path: str = None, task_id: str = None) -> str: """ View the content of a skill or a specific file within a skill directory. Args: - name: Name or path of the skill (e.g., "axolotl" or "03-fine-tuning/axolotl") + name: Name or path of the skill (e.g., "axolotl" or "03-fine-tuning/axolotl"). + Qualified names like "plugin:skill" resolve to plugin-provided skills. file_path: Optional path to a specific file within the skill (e.g., "references/api.md") task_id: Optional task identifier used to probe the active backend @@ -711,6 +815,63 @@ def skill_view(name: str, file_path: str = None, task_id: str = None) -> str: JSON string with skill content or error message """ try: + # ── Qualified name dispatch (plugin skills) ────────────────── + # Names containing ':' are routed to the plugin skill registry. + # Bare names fall through to the existing flat-tree scan below. + if ":" in name: + from agent.skill_utils import is_valid_namespace, parse_qualified_name + from hermes_cli.plugins import discover_plugins, get_plugin_manager + + namespace, bare = parse_qualified_name(name) + if not is_valid_namespace(namespace): + return json.dumps( + { + "success": False, + "error": ( + f"Invalid namespace '{namespace}' in '{name}'. " + f"Namespaces must match [a-zA-Z0-9_-]+." + ), + }, + ensure_ascii=False, + ) + + discover_plugins() # idempotent + pm = get_plugin_manager() + plugin_skill_md = pm.find_plugin_skill(name) + + if plugin_skill_md is not None: + if not plugin_skill_md.exists(): + # Stale registry entry — file deleted out of band + pm.remove_plugin_skill(name) + return json.dumps( + { + "success": False, + "error": ( + f"Skill '{name}' file no longer exists at " + f"{plugin_skill_md}. The registry entry has " + f"been cleaned up — try again after the " + f"plugin is reloaded." + ), + }, + ensure_ascii=False, + ) + return _serve_plugin_skill(plugin_skill_md, namespace, bare) + + # Plugin exists but this specific skill is missing? + available = pm.list_plugin_skills(namespace) + if available: + return json.dumps( + { + "success": False, + "error": f"Skill '{bare}' not found in plugin '{namespace}'.", + "available_skills": [f"{namespace}:{s}" for s in available], + "hint": f"The '{namespace}' plugin provides {len(available)} skill(s).", + }, + ensure_ascii=False, + ) + # Plugin itself not found — fall through to flat-tree scan + # which will return a normal "not found" with suggestions. + from agent.skill_utils import get_external_skills_dirs # Build list of all skill directories to search @@ -805,17 +966,7 @@ def skill_view(name: str, file_path: str = None, task_id: str = None) -> str: continue # Security: detect common prompt injection patterns - _INJECTION_PATTERNS = [ - "ignore previous instructions", - "ignore all previous", - "you are now", - "disregard your", - "forget your instructions", - "new instructions:", - "system prompt:", - "", - "]]>", - ] + # (pattern list at module level as _INJECTION_PATTERNS) _content_lower = content.lower() _injection_detected = any(p in _content_lower for p in _INJECTION_PATTERNS) @@ -1235,7 +1386,7 @@ SKILL_VIEW_SCHEMA = { "properties": { "name": { "type": "string", - "description": "The skill name (use skills_list to see available skills)", + "description": "The skill name (use skills_list to see available skills). For plugin-provided skills, use the qualified form 'plugin:skill' (e.g. 'superpowers:writing-plans').", }, "file_path": { "type": "string", diff --git a/website/docs/guides/build-a-hermes-plugin.md b/website/docs/guides/build-a-hermes-plugin.md index e79cf2ee7..aed218ff8 100644 --- a/website/docs/guides/build-a-hermes-plugin.md +++ b/website/docs/guides/build-a-hermes-plugin.md @@ -306,35 +306,49 @@ with open(_DATA_FILE) as f: _DATA = yaml.safe_load(f) ``` -### Bundle a skill +### Bundle skills -Include a `skill.md` file and install it during registration: +Plugins can ship skill files that the agent loads via `skill_view("plugin:skill")`. Register them in your `__init__.py`: + +``` +~/.hermes/plugins/my-plugin/ +├── __init__.py +├── plugin.yaml +└── skills/ + ├── my-workflow/ + │ └── SKILL.md + └── my-checklist/ + └── SKILL.md +``` ```python -import shutil from pathlib import Path -def _install_skill(): - """Copy our skill to ~/.hermes/skills/ on first load.""" - try: - from hermes_cli.config import get_hermes_home - dest = get_hermes_home() / "skills" / "my-plugin" / "SKILL.md" - except Exception: - dest = Path.home() / ".hermes" / "skills" / "my-plugin" / "SKILL.md" - - if dest.exists(): - return # don't overwrite user edits - - source = Path(__file__).parent / "skill.md" - if source.exists(): - dest.parent.mkdir(parents=True, exist_ok=True) - shutil.copy2(source, dest) - def register(ctx): - ctx.register_tool(...) - _install_skill() + skills_dir = Path(__file__).parent / "skills" + for child in sorted(skills_dir.iterdir()): + skill_md = child / "SKILL.md" + if child.is_dir() and skill_md.exists(): + ctx.register_skill(child.name, skill_md) ``` +The agent can now load your skills with their namespaced name: + +```python +skill_view("my-plugin:my-workflow") # → plugin's version +skill_view("my-workflow") # → built-in version (unchanged) +``` + +**Key properties:** +- Plugin skills are **read-only** — they don't enter `~/.hermes/skills/` and can't be edited via `skill_manage`. +- Plugin skills are **not** listed in the system prompt's `` index — they're opt-in explicit loads. +- Bare skill names are unaffected — the namespace prevents collisions with built-in skills. +- When the agent loads a plugin skill, a bundle context banner is prepended listing sibling skills from the same plugin. + +:::tip Legacy pattern +The old `shutil.copy2` pattern (copying a skill into `~/.hermes/skills/`) still works but creates name collision risk with built-in skills. Prefer `ctx.register_skill()` for new plugins. +::: + ### Gate on environment variables If your plugin needs an API key: diff --git a/website/docs/guides/work-with-skills.md b/website/docs/guides/work-with-skills.md index 18e180e40..80b43f83d 100644 --- a/website/docs/guides/work-with-skills.md +++ b/website/docs/guides/work-with-skills.md @@ -117,6 +117,24 @@ hermes skills list | grep arxiv --- +## Plugin-Provided Skills + +Plugins can bundle their own skills using namespaced names (`plugin:skill`). This prevents name collisions with built-in skills. + +```bash +# Load a plugin skill by its qualified name +skill_view("superpowers:writing-plans") + +# Built-in skill with the same base name is unaffected +skill_view("writing-plans") +``` + +Plugin skills are **not** listed in the system prompt and don't appear in `skills_list`. They're opt-in — load them explicitly when you know a plugin provides one. When loaded, the agent sees a banner listing sibling skills from the same plugin. + +For how to ship skills in your own plugin, see [Build a Hermes Plugin → Bundle skills](/docs/guides/build-a-hermes-plugin#bundle-skills). + +--- + ## Configuring Skill Settings Some skills declare configuration they need in their frontmatter: diff --git a/website/docs/user-guide/features/plugins.md b/website/docs/user-guide/features/plugins.md index b7352c629..e5e99a463 100644 --- a/website/docs/user-guide/features/plugins.md +++ b/website/docs/user-guide/features/plugins.md @@ -86,7 +86,7 @@ Project-local plugins under `./.hermes/plugins/` are disabled by default. Enable | Add CLI commands | `ctx.register_cli_command(name, help, setup_fn, handler_fn)` — adds `hermes ` | | Inject messages | `ctx.inject_message(content, role="user")` — see [Injecting Messages](#injecting-messages) | | Ship data files | `Path(__file__).parent / "data" / "file.yaml"` | -| Bundle skills | Copy `skill.md` to `~/.hermes/skills/` at load time | +| Bundle skills | `ctx.register_skill(name, path)` — namespaced as `plugin:skill`, loaded via `skill_view("plugin:skill")` | | Gate on env vars | `requires_env: [API_KEY]` in plugin.yaml — prompted during `hermes plugins install` | | Distribute via pip | `[project.entry-points."hermes_agent.plugins"]` | From a686dbdd26f7cc2e181ef27f45555006c8ef5add Mon Sep 17 00:00:00 2001 From: leozeli Date: Tue, 14 Apr 2026 11:33:46 +0800 Subject: [PATCH 11/41] feat(cli): add dynamic shell completion for bash, zsh, and fish Replaces the hardcoded completion stubs in profiles.py with a dynamic generator that walks the live argparse parser tree at runtime. - New hermes_cli/completion.py: _walk() recursively extracts all subcommands and flags; generate_bash/zsh/fish() produce complete scripts with nested subcommand support - cmd_completion now accepts the parser via closure so completions always reflect the actual registered commands (including plugin- registered ones like honcho) - completion subcommand now accepts bash | zsh | fish (fish requested in issue comments) - Fix _SUBCOMMANDS set: add honcho, claw, plugins, acp, webhook, memory, dump, debug, backup, import, completion, logs so that multi-word session names after -c/-r are not broken by these commands - Add tests/hermes_cli/test_completion.py: 17 tests covering parser extraction, alias deduplication, bash/zsh/fish output content, bash syntax validation, fish syntax validation, and subcommand drift prevention Tested on Linux (Arch). bash and fish completion verified live. zsh script passes syntax check (zsh not installed on test machine). Co-Authored-By: Claude Sonnet 4.6 --- hermes_cli/completion.py | 223 ++++++++++++++++++++++++++++ hermes_cli/main.py | 28 +++- tests/hermes_cli/test_completion.py | 189 +++++++++++++++++++++++ 3 files changed, 432 insertions(+), 8 deletions(-) create mode 100644 hermes_cli/completion.py create mode 100644 tests/hermes_cli/test_completion.py diff --git a/hermes_cli/completion.py b/hermes_cli/completion.py new file mode 100644 index 000000000..acd7c57bf --- /dev/null +++ b/hermes_cli/completion.py @@ -0,0 +1,223 @@ +"""Shell completion script generation for hermes CLI. + +Walks the live argparse parser tree to generate accurate, always-up-to-date +completion scripts — no hardcoded subcommand lists, no extra dependencies. + +Supports bash, zsh, and fish. +""" + +from __future__ import annotations + +import argparse +from typing import Any + + +def _walk(parser: argparse.ArgumentParser) -> dict[str, Any]: + """Recursively extract subcommands and flags from a parser. + + Uses _SubParsersAction._choices_actions to get canonical names (no aliases) + along with their help text. + """ + flags: list[str] = [] + subcommands: dict[str, Any] = {} + + for action in parser._actions: + if isinstance(action, argparse._SubParsersAction): + # _choices_actions has one entry per canonical name; aliases are + # omitted, which keeps completion lists clean. + seen: set[str] = set() + for pseudo in action._choices_actions: + name = pseudo.dest + if name in seen: + continue + seen.add(name) + subparser = action.choices.get(name) + if subparser is None: + continue + info = _walk(subparser) + info["help"] = _clean(pseudo.help or "") + subcommands[name] = info + elif action.option_strings: + flags.extend(o for o in action.option_strings if o.startswith("-")) + + return {"flags": flags, "subcommands": subcommands} + + +def _clean(text: str, maxlen: int = 60) -> str: + """Strip shell-unsafe characters and truncate.""" + return text.replace("'", "").replace('"', "").replace("\\", "")[:maxlen] + + +# --------------------------------------------------------------------------- +# Bash +# --------------------------------------------------------------------------- + +def generate_bash(parser: argparse.ArgumentParser) -> str: + tree = _walk(parser) + top_cmds = " ".join(sorted(tree["subcommands"])) + + cases: list[str] = [] + for cmd in sorted(tree["subcommands"]): + info = tree["subcommands"][cmd] + if info["subcommands"]: + subcmds = " ".join(sorted(info["subcommands"])) + cases.append( + f" {cmd})\n" + f" COMPREPLY=($(compgen -W \"{subcmds}\" -- \"$cur\"))\n" + f" return\n" + f" ;;" + ) + elif info["flags"]: + flags = " ".join(info["flags"]) + cases.append( + f" {cmd})\n" + f" COMPREPLY=($(compgen -W \"{flags}\" -- \"$cur\"))\n" + f" return\n" + f" ;;" + ) + + cases_str = "\n".join(cases) + + return f"""# Hermes Agent bash completion +# Add to ~/.bashrc: +# eval "$(hermes completion bash)" + +_hermes_completion() {{ + local cur prev + COMPREPLY=() + cur="${{COMP_WORDS[COMP_CWORD]}}" + prev="${{COMP_WORDS[COMP_CWORD-1]}}" + + if [[ $COMP_CWORD -ge 2 ]]; then + case "${{COMP_WORDS[1]}}" in +{cases_str} + esac + fi + + if [[ $COMP_CWORD -eq 1 ]]; then + COMPREPLY=($(compgen -W "{top_cmds}" -- "$cur")) + fi +}} + +complete -F _hermes_completion hermes +""" + + +# --------------------------------------------------------------------------- +# Zsh +# --------------------------------------------------------------------------- + +def generate_zsh(parser: argparse.ArgumentParser) -> str: + tree = _walk(parser) + + top_cmds_lines: list[str] = [] + for cmd in sorted(tree["subcommands"]): + help_text = _clean(tree["subcommands"][cmd].get("help", "")) + top_cmds_lines.append(f" '{cmd}:{help_text}'") + top_cmds_str = "\n".join(top_cmds_lines) + + sub_cases: list[str] = [] + for cmd in sorted(tree["subcommands"]): + info = tree["subcommands"][cmd] + if not info["subcommands"]: + continue + sub_lines: list[str] = [] + for sc in sorted(info["subcommands"]): + sh = _clean(info["subcommands"][sc].get("help", "")) + sub_lines.append(f" '{sc}:{sh}'") + sub_str = "\n".join(sub_lines) + safe = cmd.replace("-", "_") + sub_cases.append( + f" {cmd})\n" + f" local -a {safe}_cmds\n" + f" {safe}_cmds=(\n" + f"{sub_str}\n" + f" )\n" + f" _describe '{cmd} command' {safe}_cmds\n" + f" ;;" + ) + sub_cases_str = "\n".join(sub_cases) + + return f"""#compdef hermes +# Hermes Agent zsh completion +# Add to ~/.zshrc: +# eval "$(hermes completion zsh)" + +_hermes() {{ + local context state line + typeset -A opt_args + + _arguments -C \\ + '(-h --help){{-h,--help}}[Show help and exit]' \\ + '(-V --version){{-V,--version}}[Show version and exit]' \\ + '1:command:->commands' \\ + '*::arg:->args' + + case $state in + commands) + local -a subcmds + subcmds=( +{top_cmds_str} + ) + _describe 'hermes command' subcmds + ;; + args) + case ${{line[1]}} in +{sub_cases_str} + esac + ;; + esac +}} + +_hermes "$@" +""" + + +# --------------------------------------------------------------------------- +# Fish +# --------------------------------------------------------------------------- + +def generate_fish(parser: argparse.ArgumentParser) -> str: + tree = _walk(parser) + top_cmds = sorted(tree["subcommands"]) + top_cmds_str = " ".join(top_cmds) + + lines: list[str] = [ + "# Hermes Agent fish completion", + "# Add to your config:", + "# hermes completion fish | source", + "", + "# Disable file completion by default", + "complete -c hermes -f", + "", + "# Top-level subcommands", + ] + + for cmd in top_cmds: + info = tree["subcommands"][cmd] + help_text = _clean(info.get("help", "")) + lines.append( + f"complete -c hermes -f " + f"-n 'not __fish_seen_subcommand_from {top_cmds_str}' " + f"-a {cmd} -d '{help_text}'" + ) + + lines.append("") + lines.append("# Subcommand completions") + + for cmd in top_cmds: + info = tree["subcommands"][cmd] + if not info["subcommands"]: + continue + lines.append(f"# {cmd}") + for sc in sorted(info["subcommands"]): + sinfo = info["subcommands"][sc] + sh = _clean(sinfo.get("help", "")) + lines.append( + f"complete -c hermes -f " + f"-n '__fish_seen_subcommand_from {cmd}' " + f"-a {sc} -d '{sh}'" + ) + + lines.append("") + return "\n".join(lines) diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 46a7e2c5f..955ac4028 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -4124,6 +4124,8 @@ def _coalesce_session_name_args(argv: list) -> list: "status", "cron", "doctor", "config", "pairing", "skills", "tools", "mcp", "sessions", "insights", "version", "update", "uninstall", "profile", "dashboard", + "honcho", "claw", "plugins", "acp", + "webhook", "memory", "dump", "debug", "backup", "import", "completion", "logs", } _SESSION_FLAGS = {"-c", "--continue", "-r", "--resume"} @@ -4422,14 +4424,24 @@ def cmd_dashboard(args): ) -def cmd_completion(args): +def cmd_completion(args, parser=None): """Print shell completion script.""" - from hermes_cli.profiles import generate_bash_completion, generate_zsh_completion + from hermes_cli.completion import generate_bash, generate_zsh, generate_fish shell = getattr(args, "shell", "bash") - if shell == "zsh": - print(generate_zsh_completion()) + if parser is not None: + if shell == "zsh": + print(generate_zsh(parser)) + elif shell == "fish": + print(generate_fish(parser)) + else: + print(generate_bash(parser)) else: - print(generate_bash_completion()) + # Fallback: parser not available (e.g. called outside main()) + from hermes_cli.profiles import generate_bash_completion, generate_zsh_completion + if shell == "zsh": + print(generate_zsh_completion()) + else: + print(generate_bash_completion()) def cmd_logs(args): @@ -5909,13 +5921,13 @@ Examples: # ========================================================================= completion_parser = subparsers.add_parser( "completion", - help="Print shell completion script (bash or zsh)", + help="Print shell completion script (bash, zsh, or fish)", ) completion_parser.add_argument( - "shell", nargs="?", default="bash", choices=["bash", "zsh"], + "shell", nargs="?", default="bash", choices=["bash", "zsh", "fish"], help="Shell type (default: bash)", ) - completion_parser.set_defaults(func=cmd_completion) + completion_parser.set_defaults(func=lambda args: cmd_completion(args, parser)) # ========================================================================= # dashboard command diff --git a/tests/hermes_cli/test_completion.py b/tests/hermes_cli/test_completion.py new file mode 100644 index 000000000..78a7d01c7 --- /dev/null +++ b/tests/hermes_cli/test_completion.py @@ -0,0 +1,189 @@ +"""Tests for hermes_cli/completion.py — shell completion script generation.""" + +import argparse +import os +import re +import shutil +import subprocess +import tempfile + +import pytest + +from hermes_cli.completion import _walk, generate_bash, generate_zsh, generate_fish + + +# --------------------------------------------------------------------------- +# Helpers +# --------------------------------------------------------------------------- + +def _make_parser() -> argparse.ArgumentParser: + """Build a minimal parser that mirrors the real hermes structure.""" + p = argparse.ArgumentParser(prog="hermes") + p.add_argument("--version", "-V", action="store_true") + sub = p.add_subparsers(dest="command") + + chat = sub.add_parser("chat", help="Interactive chat with the agent") + chat.add_argument("-q", "--query") + chat.add_argument("-m", "--model") + + gw = sub.add_parser("gateway", help="Messaging gateway management") + gw_sub = gw.add_subparsers(dest="gateway_command") + gw_sub.add_parser("start", help="Start service") + gw_sub.add_parser("stop", help="Stop service") + gw_sub.add_parser("status", help="Show status") + # alias — should NOT appear as a duplicate in completions + gw_sub.add_parser("run", aliases=["foreground"], help="Run in foreground") + + sess = sub.add_parser("sessions", help="Manage session history") + sess_sub = sess.add_subparsers(dest="sessions_action") + sess_sub.add_parser("list", help="List sessions") + sess_sub.add_parser("delete", help="Delete a session") + + sub.add_parser("version", help="Show version") + + return p + + +# --------------------------------------------------------------------------- +# 1. Parser extraction +# --------------------------------------------------------------------------- + +class TestWalk: + def test_top_level_subcommands_extracted(self): + tree = _walk(_make_parser()) + assert set(tree["subcommands"].keys()) == {"chat", "gateway", "sessions", "version"} + + def test_nested_subcommands_extracted(self): + tree = _walk(_make_parser()) + gw_subs = set(tree["subcommands"]["gateway"]["subcommands"].keys()) + assert {"start", "stop", "status", "run"}.issubset(gw_subs) + + def test_aliases_not_duplicated(self): + """'foreground' is an alias of 'run' — must not appear as separate entry.""" + tree = _walk(_make_parser()) + gw_subs = tree["subcommands"]["gateway"]["subcommands"] + assert "foreground" not in gw_subs + + def test_flags_extracted(self): + tree = _walk(_make_parser()) + chat_flags = tree["subcommands"]["chat"]["flags"] + assert "-q" in chat_flags or "--query" in chat_flags + + def test_help_text_captured(self): + tree = _walk(_make_parser()) + assert tree["subcommands"]["chat"]["help"] != "" + assert tree["subcommands"]["gateway"]["help"] != "" + + +# --------------------------------------------------------------------------- +# 2. Bash output +# --------------------------------------------------------------------------- + +class TestGenerateBash: + def test_contains_completion_function_and_register(self): + out = generate_bash(_make_parser()) + assert "_hermes_completion()" in out + assert "complete -F _hermes_completion hermes" in out + + def test_top_level_commands_present(self): + out = generate_bash(_make_parser()) + for cmd in ("chat", "gateway", "sessions", "version"): + assert cmd in out + + def test_nested_subcommands_in_case(self): + out = generate_bash(_make_parser()) + assert "start" in out + assert "stop" in out + + def test_valid_bash_syntax(self): + """Script must pass `bash -n` syntax check.""" + out = generate_bash(_make_parser()) + with tempfile.NamedTemporaryFile(mode="w", suffix=".bash", delete=False) as f: + f.write(out) + path = f.name + try: + result = subprocess.run(["bash", "-n", path], capture_output=True) + assert result.returncode == 0, result.stderr.decode() + finally: + os.unlink(path) + + +# --------------------------------------------------------------------------- +# 3. Zsh output +# --------------------------------------------------------------------------- + +class TestGenerateZsh: + def test_contains_compdef_header(self): + out = generate_zsh(_make_parser()) + assert "#compdef hermes" in out + + def test_top_level_commands_present(self): + out = generate_zsh(_make_parser()) + for cmd in ("chat", "gateway", "sessions", "version"): + assert cmd in out + + def test_nested_describe_blocks(self): + out = generate_zsh(_make_parser()) + assert "_describe" in out + # gateway has subcommands so a _cmds array must be generated + assert "gateway_cmds" in out + + +# --------------------------------------------------------------------------- +# 4. Fish output +# --------------------------------------------------------------------------- + +class TestGenerateFish: + def test_disables_file_completion(self): + out = generate_fish(_make_parser()) + assert "complete -c hermes -f" in out + + def test_top_level_commands_present(self): + out = generate_fish(_make_parser()) + for cmd in ("chat", "gateway", "sessions", "version"): + assert cmd in out + + def test_subcommand_guard_present(self): + out = generate_fish(_make_parser()) + assert "__fish_seen_subcommand_from" in out + + def test_valid_fish_syntax(self): + """Script must be accepted by fish without errors.""" + if not shutil.which("fish"): + pytest.skip("fish not installed") + out = generate_fish(_make_parser()) + with tempfile.NamedTemporaryFile(mode="w", suffix=".fish", delete=False) as f: + f.write(out) + path = f.name + try: + result = subprocess.run(["fish", path], capture_output=True) + assert result.returncode == 0, result.stderr.decode() + finally: + os.unlink(path) + + +# --------------------------------------------------------------------------- +# 5. Subcommand drift prevention +# --------------------------------------------------------------------------- + +class TestSubcommandDrift: + def test_SUBCOMMANDS_covers_required_commands(self): + """_SUBCOMMANDS must include all known top-level commands so that + multi-word session names after -c/-r are never accidentally split. + """ + import inspect + from hermes_cli.main import _coalesce_session_name_args + + source = inspect.getsource(_coalesce_session_name_args) + match = re.search(r'_SUBCOMMANDS\s*=\s*\{([^}]+)\}', source, re.DOTALL) + assert match, "_SUBCOMMANDS block not found in _coalesce_session_name_args()" + defined = set(re.findall(r'"(\w+)"', match.group(1))) + + required = { + "chat", "model", "gateway", "setup", "login", "logout", "auth", + "status", "cron", "config", "sessions", "version", "update", + "uninstall", "profile", "skills", "tools", "mcp", "plugins", + "acp", "claw", "honcho", "completion", "logs", + } + missing = required - defined + assert not missing, f"Missing from _SUBCOMMANDS: {missing}" From c95b1c5096b40c5bb04afad3da20a0442cd76225 Mon Sep 17 00:00:00 2001 From: leozeli Date: Tue, 14 Apr 2026 15:25:15 +0800 Subject: [PATCH 12/41] fix(install): add fish shell support in install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fish users' $SHELL is /usr/bin/fish, which fell into the '*' case and incorrectly wrote 'export PATH=...' to ~/.bashrc and ~/.zshrc — neither of which fish reads. - setup_path(): add fish) case that writes fish_add_path to ~/.config/fish/config.fish (fish-compatible PATH syntax) - setup_path(): skip ~/.profile for fish (not sourced by fish) - print_success(): show correct reload instruction for fish: source ~/.config/fish/config.fish Co-Authored-By: Claude Sonnet 4.6 --- scripts/install.sh | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/scripts/install.sh b/scripts/install.sh index 053d32380..aa6f4f79b 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -945,6 +945,7 @@ setup_path() { # which is always bash when piped from curl). if ! echo "$PATH" | tr ':' '\n' | grep -q "^$command_link_dir$"; then SHELL_CONFIGS=() + IS_FISH=false LOGIN_SHELL="$(basename "${SHELL:-/bin/bash}")" case "$LOGIN_SHELL" in zsh) @@ -960,6 +961,13 @@ setup_path() { [ -f "$HOME/.bashrc" ] && SHELL_CONFIGS+=("$HOME/.bashrc") [ -f "$HOME/.bash_profile" ] && SHELL_CONFIGS+=("$HOME/.bash_profile") ;; + fish) + # fish uses ~/.config/fish/config.fish and fish_add_path — not export PATH= + IS_FISH=true + FISH_CONFIG="$HOME/.config/fish/config.fish" + mkdir -p "$(dirname "$FISH_CONFIG")" + touch "$FISH_CONFIG" + ;; *) [ -f "$HOME/.bashrc" ] && SHELL_CONFIGS+=("$HOME/.bashrc") [ -f "$HOME/.zshrc" ] && SHELL_CONFIGS+=("$HOME/.zshrc") @@ -967,7 +975,7 @@ setup_path() { esac # Also ensure ~/.profile has it (sourced by login shells on # Ubuntu/Debian/WSL even when ~/.bashrc is skipped) - [ -f "$HOME/.profile" ] && SHELL_CONFIGS+=("$HOME/.profile") + [ "$IS_FISH" = "false" ] && [ -f "$HOME/.profile" ] && SHELL_CONFIGS+=("$HOME/.profile") PATH_LINE='export PATH="$HOME/.local/bin:$PATH"' @@ -980,7 +988,17 @@ setup_path() { fi done - if [ ${#SHELL_CONFIGS[@]} -eq 0 ]; then + # fish uses fish_add_path instead of export PATH=... + if [ "$IS_FISH" = "true" ]; then + if ! grep -q 'fish_add_path.*\.local/bin' "$FISH_CONFIG" 2>/dev/null; then + echo "" >> "$FISH_CONFIG" + echo "# Hermes Agent — ensure ~/.local/bin is on PATH" >> "$FISH_CONFIG" + echo 'fish_add_path "$HOME/.local/bin"' >> "$FISH_CONFIG" + log_success "Added ~/.local/bin to PATH in $FISH_CONFIG" + fi + fi + + if [ "$IS_FISH" = "false" ] && [ ${#SHELL_CONFIGS[@]} -eq 0 ]; then log_warn "Could not detect shell config file to add ~/.local/bin to PATH" log_info "Add manually: $PATH_LINE" fi @@ -1315,6 +1333,8 @@ print_success() { echo " source ~/.zshrc" elif [ "$LOGIN_SHELL" = "bash" ]; then echo " source ~/.bashrc" + elif [ "$LOGIN_SHELL" = "fish" ]; then + echo " source ~/.config/fish/config.fish" else echo " source ~/.bashrc # or ~/.zshrc" fi From b86717129189c413efbe250c2a2fbf648c3165b1 Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 10:30:43 -0700 Subject: [PATCH 13/41] fix: preserve profile name completion in dynamic shell completion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The dynamic parser walker from the contributor's commit lost the profile name tab-completion that existed in the old static generators. This adds it back for all three shells: - Bash: _hermes_profiles() helper, -p/--profile completion, profile action→name completion (use/delete/show/alias/rename/export) - Zsh: _hermes_profiles() function, -p/--profile argument spec, profile action case with name completion - Fish: __hermes_profiles function, -s p -l profile flag, profile action completions Also removes the dead fallback path in cmd_completion() that imported the old static generators from profiles.py (parser is always available via the lambda wiring) and adds 11 regression-prevention tests for profile completion. --- hermes_cli/completion.py | 124 ++++++++++++++++++++++++---- hermes_cli/main.py | 18 ++-- tests/hermes_cli/test_completion.py | 84 ++++++++++++++++++- 3 files changed, 196 insertions(+), 30 deletions(-) diff --git a/hermes_cli/completion.py b/hermes_cli/completion.py index acd7c57bf..18de08cc9 100644 --- a/hermes_cli/completion.py +++ b/hermes_cli/completion.py @@ -59,7 +59,26 @@ def generate_bash(parser: argparse.ArgumentParser) -> str: cases: list[str] = [] for cmd in sorted(tree["subcommands"]): info = tree["subcommands"][cmd] - if info["subcommands"]: + if cmd == "profile" and info["subcommands"]: + # Profile subcommand: complete actions, then profile names for + # actions that accept a profile argument. + subcmds = " ".join(sorted(info["subcommands"])) + profile_actions = "use delete show alias rename export" + cases.append( + f" profile)\n" + f" case \"$prev\" in\n" + f" profile)\n" + f" COMPREPLY=($(compgen -W \"{subcmds}\" -- \"$cur\"))\n" + f" return\n" + f" ;;\n" + f" {profile_actions.replace(' ', '|')})\n" + f" COMPREPLY=($(compgen -W \"$(_hermes_profiles)\" -- \"$cur\"))\n" + f" return\n" + f" ;;\n" + f" esac\n" + f" ;;" + ) + elif info["subcommands"]: subcmds = " ".join(sorted(info["subcommands"])) cases.append( f" {cmd})\n" @@ -82,12 +101,27 @@ def generate_bash(parser: argparse.ArgumentParser) -> str: # Add to ~/.bashrc: # eval "$(hermes completion bash)" +_hermes_profiles() {{ + local profiles_dir="$HOME/.hermes/profiles" + local profiles="default" + if [ -d "$profiles_dir" ]; then + profiles="$profiles $(ls "$profiles_dir" 2>/dev/null)" + fi + echo "$profiles" +}} + _hermes_completion() {{ local cur prev COMPREPLY=() cur="${{COMP_WORDS[COMP_CWORD]}}" prev="${{COMP_WORDS[COMP_CWORD-1]}}" + # Complete profile names after -p / --profile + if [[ "$prev" == "-p" || "$prev" == "--profile" ]]; then + COMPREPLY=($(compgen -W "$(_hermes_profiles)" -- "$cur")) + return + fi + if [[ $COMP_CWORD -ge 2 ]]; then case "${{COMP_WORDS[1]}}" in {cases_str} @@ -121,21 +155,46 @@ def generate_zsh(parser: argparse.ArgumentParser) -> str: info = tree["subcommands"][cmd] if not info["subcommands"]: continue - sub_lines: list[str] = [] - for sc in sorted(info["subcommands"]): - sh = _clean(info["subcommands"][sc].get("help", "")) - sub_lines.append(f" '{sc}:{sh}'") - sub_str = "\n".join(sub_lines) - safe = cmd.replace("-", "_") - sub_cases.append( - f" {cmd})\n" - f" local -a {safe}_cmds\n" - f" {safe}_cmds=(\n" - f"{sub_str}\n" - f" )\n" - f" _describe '{cmd} command' {safe}_cmds\n" - f" ;;" - ) + if cmd == "profile": + # Profile subcommand: complete actions, then profile names for + # actions that accept a profile argument. + sub_lines: list[str] = [] + for sc in sorted(info["subcommands"]): + sh = _clean(info["subcommands"][sc].get("help", "")) + sub_lines.append(f" '{sc}:{sh}'") + sub_str = "\n".join(sub_lines) + sub_cases.append( + f" profile)\n" + f" case ${{line[2]}} in\n" + f" use|delete|show|alias|rename|export)\n" + f" _hermes_profiles\n" + f" ;;\n" + f" *)\n" + f" local -a profile_cmds\n" + f" profile_cmds=(\n" + f"{sub_str}\n" + f" )\n" + f" _describe 'profile command' profile_cmds\n" + f" ;;\n" + f" esac\n" + f" ;;" + ) + else: + sub_lines = [] + for sc in sorted(info["subcommands"]): + sh = _clean(info["subcommands"][sc].get("help", "")) + sub_lines.append(f" '{sc}:{sh}'") + sub_str = "\n".join(sub_lines) + safe = cmd.replace("-", "_") + sub_cases.append( + f" {cmd})\n" + f" local -a {safe}_cmds\n" + f" {safe}_cmds=(\n" + f"{sub_str}\n" + f" )\n" + f" _describe '{cmd} command' {safe}_cmds\n" + f" ;;" + ) sub_cases_str = "\n".join(sub_cases) return f"""#compdef hermes @@ -143,6 +202,15 @@ def generate_zsh(parser: argparse.ArgumentParser) -> str: # Add to ~/.zshrc: # eval "$(hermes completion zsh)" +_hermes_profiles() {{ + local -a profiles + profiles=(default) + if [[ -d "$HOME/.hermes/profiles" ]]; then + profiles+=("${{(@f)$(ls $HOME/.hermes/profiles 2>/dev/null)}}") + fi + _describe 'profile' profiles +}} + _hermes() {{ local context state line typeset -A opt_args @@ -150,6 +218,7 @@ _hermes() {{ _arguments -C \\ '(-h --help){{-h,--help}}[Show help and exit]' \\ '(-V --version){{-V,--version}}[Show version and exit]' \\ + '(-p --profile){{-p,--profile}}[Profile name]:profile:_hermes_profiles' \\ '1:command:->commands' \\ '*::arg:->args' @@ -187,9 +256,21 @@ def generate_fish(parser: argparse.ArgumentParser) -> str: "# Add to your config:", "# hermes completion fish | source", "", + "# Helper: list available profiles", + "function __hermes_profiles", + " echo default", + " if test -d $HOME/.hermes/profiles", + " ls $HOME/.hermes/profiles 2>/dev/null", + " end", + "end", + "", "# Disable file completion by default", "complete -c hermes -f", "", + "# Complete profile names after -p / --profile", + "complete -c hermes -f -s p -l profile" + " -d 'Profile name' -xa '(__hermes_profiles)'", + "", "# Top-level subcommands", ] @@ -205,6 +286,8 @@ def generate_fish(parser: argparse.ArgumentParser) -> str: lines.append("") lines.append("# Subcommand completions") + profile_name_actions = {"use", "delete", "show", "alias", "rename", "export"} + for cmd in top_cmds: info = tree["subcommands"][cmd] if not info["subcommands"]: @@ -218,6 +301,15 @@ def generate_fish(parser: argparse.ArgumentParser) -> str: f"-n '__fish_seen_subcommand_from {cmd}' " f"-a {sc} -d '{sh}'" ) + # For profile subcommand, complete profile names for relevant actions + if cmd == "profile": + for action in sorted(profile_name_actions): + lines.append( + f"complete -c hermes -f " + f"-n '__fish_seen_subcommand_from {action}; " + f"and __fish_seen_subcommand_from profile' " + f"-a '(__hermes_profiles)' -d 'Profile name'" + ) lines.append("") return "\n".join(lines) diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 955ac4028..7347dc4a3 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -4428,20 +4428,12 @@ def cmd_completion(args, parser=None): """Print shell completion script.""" from hermes_cli.completion import generate_bash, generate_zsh, generate_fish shell = getattr(args, "shell", "bash") - if parser is not None: - if shell == "zsh": - print(generate_zsh(parser)) - elif shell == "fish": - print(generate_fish(parser)) - else: - print(generate_bash(parser)) + if shell == "zsh": + print(generate_zsh(parser)) + elif shell == "fish": + print(generate_fish(parser)) else: - # Fallback: parser not available (e.g. called outside main()) - from hermes_cli.profiles import generate_bash_completion, generate_zsh_completion - if shell == "zsh": - print(generate_zsh_completion()) - else: - print(generate_bash_completion()) + print(generate_bash(parser)) def cmd_logs(args): diff --git a/tests/hermes_cli/test_completion.py b/tests/hermes_cli/test_completion.py index 78a7d01c7..20bde059f 100644 --- a/tests/hermes_cli/test_completion.py +++ b/tests/hermes_cli/test_completion.py @@ -20,6 +20,7 @@ def _make_parser() -> argparse.ArgumentParser: """Build a minimal parser that mirrors the real hermes structure.""" p = argparse.ArgumentParser(prog="hermes") p.add_argument("--version", "-V", action="store_true") + p.add_argument("-p", "--profile", help="Profile name") sub = p.add_subparsers(dest="command") chat = sub.add_parser("chat", help="Interactive chat with the agent") @@ -39,6 +40,17 @@ def _make_parser() -> argparse.ArgumentParser: sess_sub.add_parser("list", help="List sessions") sess_sub.add_parser("delete", help="Delete a session") + prof = sub.add_parser("profile", help="Manage profiles") + prof_sub = prof.add_subparsers(dest="profile_command") + prof_sub.add_parser("list", help="List profiles") + prof_sub.add_parser("use", help="Switch to a profile") + prof_sub.add_parser("create", help="Create a new profile") + prof_sub.add_parser("delete", help="Delete a profile") + prof_sub.add_parser("show", help="Show profile details") + prof_sub.add_parser("alias", help="Set profile alias") + prof_sub.add_parser("rename", help="Rename a profile") + prof_sub.add_parser("export", help="Export a profile") + sub.add_parser("version", help="Show version") return p @@ -51,7 +63,7 @@ def _make_parser() -> argparse.ArgumentParser: class TestWalk: def test_top_level_subcommands_extracted(self): tree = _walk(_make_parser()) - assert set(tree["subcommands"].keys()) == {"chat", "gateway", "sessions", "version"} + assert set(tree["subcommands"].keys()) == {"chat", "gateway", "sessions", "profile", "version"} def test_nested_subcommands_extracted(self): tree = _walk(_make_parser()) @@ -187,3 +199,73 @@ class TestSubcommandDrift: } missing = required - defined assert not missing, f"Missing from _SUBCOMMANDS: {missing}" + + +# --------------------------------------------------------------------------- +# 6. Profile completion (regression prevention) +# --------------------------------------------------------------------------- + +class TestProfileCompletion: + """Ensure profile name completion is present in all shell outputs.""" + + def test_bash_has_profiles_helper(self): + out = generate_bash(_make_parser()) + assert "_hermes_profiles()" in out + assert 'profiles_dir="$HOME/.hermes/profiles"' in out + + def test_bash_completes_profiles_after_p_flag(self): + out = generate_bash(_make_parser()) + assert '"-p"' in out or "== \"-p\"" in out + assert '"--profile"' in out or '== "--profile"' in out + assert "_hermes_profiles" in out + + def test_bash_profile_subcommand_has_action_completion(self): + out = generate_bash(_make_parser()) + assert "use|delete|show|alias|rename|export)" in out + + def test_bash_profile_actions_complete_profile_names(self): + """After 'hermes profile use', complete with profile names.""" + out = generate_bash(_make_parser()) + # The profile case should have _hermes_profiles for name-taking actions + lines = out.split("\n") + in_profile_case = False + has_profiles_in_action = False + for line in lines: + if "profile)" in line: + in_profile_case = True + if in_profile_case and "_hermes_profiles" in line: + has_profiles_in_action = True + break + assert has_profiles_in_action, "profile actions should complete with _hermes_profiles" + + def test_zsh_has_profiles_helper(self): + out = generate_zsh(_make_parser()) + assert "_hermes_profiles()" in out + assert "$HOME/.hermes/profiles" in out + + def test_zsh_has_profile_flag_completion(self): + out = generate_zsh(_make_parser()) + assert "--profile" in out + assert "_hermes_profiles" in out + + def test_zsh_profile_actions_complete_names(self): + out = generate_zsh(_make_parser()) + assert "use|delete|show|alias|rename|export)" in out + + def test_fish_has_profiles_helper(self): + out = generate_fish(_make_parser()) + assert "__hermes_profiles" in out + assert "$HOME/.hermes/profiles" in out + + def test_fish_has_profile_flag_completion(self): + out = generate_fish(_make_parser()) + assert "-s p -l profile" in out + assert "(__hermes_profiles)" in out + + def test_fish_profile_actions_complete_names(self): + out = generate_fish(_make_parser()) + # Should have profile name completion for actions like use, delete, etc. + assert "__hermes_profiles" in out + count = out.count("(__hermes_profiles)") + # At least the -p flag + the profile action completions + assert count >= 2, f"Expected >=2 profile completion entries, got {count}" From 9bdfcd1b937bf72d047d7bea0531c370190356ca Mon Sep 17 00:00:00 2001 From: Disaster-Terminator <2557058999@qq.com> Date: Thu, 9 Apr 2026 22:10:27 +0800 Subject: [PATCH 14/41] feat: sort tool search results by score and add corresponding unit test --- plugins/memory/openviking/__init__.py | 11 +++- .../memory/test_openviking_provider.py | 62 +++++++++++++++++++ 2 files changed, 70 insertions(+), 3 deletions(-) create mode 100644 tests/plugins/memory/test_openviking_provider.py diff --git a/plugins/memory/openviking/__init__.py b/plugins/memory/openviking/__init__.py index f46d71321..1777d423b 100644 --- a/plugins/memory/openviking/__init__.py +++ b/plugins/memory/openviking/__init__.py @@ -509,19 +509,24 @@ class OpenVikingMemoryProvider(MemoryProvider): result = resp.get("result", {}) # Format results for the model — keep it concise - formatted = [] + scored_entries = [] for ctx_type in ("memories", "resources", "skills"): items = result.get(ctx_type, []) for item in items: + raw_score = item.get("score") + sort_score = raw_score if raw_score is not None else 0.0 entry = { "uri": item.get("uri", ""), "type": ctx_type.rstrip("s"), - "score": round(item.get("score", 0), 3), + "score": round(raw_score, 3) if raw_score is not None else 0.0, "abstract": item.get("abstract", ""), } if item.get("relations"): entry["related"] = [r.get("uri") for r in item["relations"][:3]] - formatted.append(entry) + scored_entries.append((sort_score, entry)) + + scored_entries.sort(key=lambda x: x[0], reverse=True) + formatted = [entry for _, entry in scored_entries] return json.dumps({ "results": formatted, diff --git a/tests/plugins/memory/test_openviking_provider.py b/tests/plugins/memory/test_openviking_provider.py new file mode 100644 index 000000000..c2408f0ae --- /dev/null +++ b/tests/plugins/memory/test_openviking_provider.py @@ -0,0 +1,62 @@ +import json +from unittest.mock import MagicMock + +from plugins.memory.openviking import OpenVikingMemoryProvider + + +def test_tool_search_sorts_by_raw_score_across_buckets(): + provider = OpenVikingMemoryProvider() + provider._client = MagicMock() + provider._client.post.return_value = { + "result": { + "memories": [ + {"uri": "viking://memories/1", "score": 0.9003, "abstract": "memory result"}, + ], + "resources": [ + {"uri": "viking://resources/1", "score": 0.9004, "abstract": "resource result"}, + ], + "skills": [ + {"uri": "viking://skills/1", "score": 0.8999, "abstract": "skill result"}, + ], + "total": 3, + } + } + + result = json.loads(provider._tool_search({"query": "ranking"})) + + assert [entry["uri"] for entry in result["results"]] == [ + "viking://resources/1", + "viking://memories/1", + "viking://skills/1", + ] + assert [entry["score"] for entry in result["results"]] == [0.9, 0.9, 0.9] + assert result["total"] == 3 + + +def test_tool_search_sorts_missing_raw_score_after_negative_scores(): + provider = OpenVikingMemoryProvider() + provider._client = MagicMock() + provider._client.post.return_value = { + "result": { + "memories": [ + {"uri": "viking://memories/missing", "abstract": "missing score"}, + ], + "resources": [ + {"uri": "viking://resources/negative", "score": -0.25, "abstract": "negative score"}, + ], + "skills": [ + {"uri": "viking://skills/positive", "score": 0.1, "abstract": "positive score"}, + ], + "total": 3, + } + } + + result = json.loads(provider._tool_search({"query": "ranking"})) + + assert [entry["uri"] for entry in result["results"]] == [ + "viking://skills/positive", + "viking://memories/missing", + "viking://resources/negative", + ] + assert [entry["score"] for entry in result["results"]] == [0.1, 0.0, -0.25] + assert result["total"] == 3 From e964cfc403bf66fe5b9b4f3153019401d736f9a2 Mon Sep 17 00:00:00 2001 From: dirtyfancy Date: Sat, 11 Apr 2026 22:26:24 +0800 Subject: [PATCH 15/41] fix(gateway): trigger memory provider shutdown on /new and /reset The /new and /reset commands were not calling shutdown_memory_provider() on the cached agent before eviction. This caused OpenViking (and any memory provider that relies on session-end shutdown) to skip commit, leaving memories un-indexed until idle timeout or gateway shutdown. Add the missing shutdown_memory_provider() call in _handle_reset_command(), matching the behavior already present in the session expiry watcher. Fixes #7759 --- gateway/run.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gateway/run.py b/gateway/run.py index c8c25256b..568ffd61b 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -3971,6 +3971,11 @@ class GatewayRunner: _cached = self._agent_cache.get(session_key) _old_agent = _cached[0] if isinstance(_cached, tuple) else _cached if _cached else None if _old_agent is not None: + try: + if hasattr(_old_agent, "shutdown_memory_provider"): + _old_agent.shutdown_memory_provider() + except Exception: + pass try: if hasattr(_old_agent, "close"): _old_agent.close() From 1ace9b4dc4b472e812cb276868eace6423e40fed Mon Sep 17 00:00:00 2001 From: "zhiheng.liu" Date: Tue, 14 Apr 2026 01:19:46 +0800 Subject: [PATCH 16/41] fix: memory_setup.py - write non-secret env vars, check all fields in status Critical bug fixes only (no redundant changes): 1. **Write non-secret fields to .env** - Add non-secret fields with env_var to env_writes so they get saved to .env 2. **Status checks all fields** - Check all fields with env_var (both secret and non-secret), not just secrets Fixes: - OPENVIKING_ENDPOINT and similar non-secret env vars now get written to .env - hermes memory status now shows ALL missing required fields --- hermes_cli/memory_setup.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/hermes_cli/memory_setup.py b/hermes_cli/memory_setup.py index 1aa431367..e6a61316a 100644 --- a/hermes_cli/memory_setup.py +++ b/hermes_cli/memory_setup.py @@ -324,6 +324,9 @@ def cmd_setup(args) -> None: val = _prompt(desc, default=str(effective_default) if effective_default else None) if val: provider_config[key] = val + # Also write to .env if this field has an env_var + if env_var and env_var not in env_writes: + env_writes[env_var] = val # Write activation key to config.yaml config["memory"]["provider"] = name @@ -409,12 +412,13 @@ def cmd_status(args) -> None: else: print(f" Status: not available ✗") schema = p.get_config_schema() if hasattr(p, "get_config_schema") else [] - secrets = [f for f in schema if f.get("secret")] - if secrets: + # Check all fields that have env_var (both secret and non-secret) + required_fields = [f for f in schema if f.get("env_var")] + if required_fields: print(f" Missing:") - for s in secrets: - env_var = s.get("env_var", "") - url = s.get("url", "") + for f in required_fields: + env_var = f.get("env_var", "") + url = f.get("url", "") is_set = bool(os.environ.get(env_var)) mark = "✓" if is_set else "✗" line = f" {mark} {env_var}" From 90c98345c94c3098011521db3aa3374c71607436 Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 10:33:02 -0700 Subject: [PATCH 17/41] =?UTF-8?q?feat:=20gateway=20proxy=20mode=20?= =?UTF-8?q?=E2=80=94=20forward=20messages=20to=20remote=20API=20server?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When GATEWAY_PROXY_URL (or gateway.proxy_url in config.yaml) is set, the gateway becomes a thin relay: it handles platform I/O (encryption, threading, media) and delegates all agent work to a remote Hermes API server via POST /v1/chat/completions with SSE streaming. This enables the primary use case of running a Matrix E2EE gateway in Docker on Linux while the actual agent runs on the host (e.g. macOS) with full access to local files, memory, skills, and a unified session store. Works for any platform adapter, not just Matrix. Configuration: - GATEWAY_PROXY_URL env var (Docker-friendly) - gateway.proxy_url in config.yaml - GATEWAY_PROXY_KEY env var for API auth (matches API_SERVER_KEY) - X-Hermes-Session-Id header for session continuity Architecture: - _get_proxy_url() checks env var first, then config.yaml - _run_agent_via_proxy() handles HTTP forwarding with SSE streaming - _run_agent() delegates to proxy path when URL is configured - Platform streaming (GatewayStreamConsumer) works through proxy - Returns compatible result dict for session store recording Files changed: - gateway/run.py: proxy mode implementation (~250 lines) - hermes_cli/config.py: GATEWAY_PROXY_URL + GATEWAY_PROXY_KEY env vars - tests/gateway/test_proxy_mode.py: 17 tests covering config resolution, dispatch, HTTP forwarding, error handling, message filtering, and result shape validation Closes discussion from Cars29 re: Matrix gateway mixed-mode issue. --- gateway/run.py | 269 +++++++++++++++++++ hermes_cli/config.py | 16 ++ tests/gateway/test_proxy_mode.py | 445 +++++++++++++++++++++++++++++++ 3 files changed, 730 insertions(+) create mode 100644 tests/gateway/test_proxy_mode.py diff --git a/gateway/run.py b/gateway/run.py index 568ffd61b..222e28c3e 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -7408,6 +7408,263 @@ class GatewayRunner: with _lock: self._agent_cache.pop(session_key, None) + # ------------------------------------------------------------------ + # Proxy mode: forward messages to a remote Hermes API server + # ------------------------------------------------------------------ + + def _get_proxy_url(self) -> Optional[str]: + """Return the proxy URL if proxy mode is configured, else None. + + Checks GATEWAY_PROXY_URL env var first (convenient for Docker), + then ``gateway.proxy_url`` in config.yaml. + """ + url = os.getenv("GATEWAY_PROXY_URL", "").strip() + if url: + return url.rstrip("/") + cfg = _load_gateway_config() + url = (cfg.get("gateway") or {}).get("proxy_url", "").strip() + if url: + return url.rstrip("/") + return None + + async def _run_agent_via_proxy( + self, + message: str, + context_prompt: str, + history: List[Dict[str, Any]], + source: "SessionSource", + session_id: str, + session_key: str = None, + event_message_id: Optional[str] = None, + ) -> Dict[str, Any]: + """Forward the message to a remote Hermes API server instead of + running a local AIAgent. + + When ``GATEWAY_PROXY_URL`` (or ``gateway.proxy_url`` in config.yaml) + is set, the gateway becomes a thin relay: it handles platform I/O + (encryption, threading, media) and delegates all agent work to the + remote server via ``POST /v1/chat/completions`` with SSE streaming. + + This lets a Docker container handle Matrix E2EE while the actual + agent runs on the host with full access to local files, memory, + skills, and a unified session store. + """ + try: + from aiohttp import ClientSession as _AioClientSession, ClientTimeout + except ImportError: + return { + "final_response": "⚠️ Proxy mode requires aiohttp. Install with: pip install aiohttp", + "messages": [], + "api_calls": 0, + "tools": [], + } + + proxy_url = self._get_proxy_url() + if not proxy_url: + return { + "final_response": "⚠️ Proxy URL not configured (GATEWAY_PROXY_URL or gateway.proxy_url)", + "messages": [], + "api_calls": 0, + "tools": [], + } + + proxy_key = os.getenv("GATEWAY_PROXY_KEY", "").strip() + + # Build messages in OpenAI chat format -------------------------- + # + # The remote api_server can maintain session continuity via + # X-Hermes-Session-Id, so it loads its own history. We only + # need to send the current user message. If the remote has + # no history for this session yet, include what we have locally + # so the first exchange has context. + # + # We always include the current message. For history, send a + # compact version (text-only user/assistant turns) — the remote + # handles tool replay and system prompts. + api_messages: List[Dict[str, str]] = [] + + if context_prompt: + api_messages.append({"role": "system", "content": context_prompt}) + + for msg in history: + role = msg.get("role") + content = msg.get("content") + if role in ("user", "assistant") and content: + api_messages.append({"role": role, "content": content}) + + api_messages.append({"role": "user", "content": message}) + + # HTTP headers --------------------------------------------------- + headers: Dict[str, str] = {"Content-Type": "application/json"} + if proxy_key: + headers["Authorization"] = f"Bearer {proxy_key}" + if session_id: + headers["X-Hermes-Session-Id"] = session_id + + body = { + "model": "hermes-agent", + "messages": api_messages, + "stream": True, + } + + # Set up platform streaming if available ------------------------- + _stream_consumer = None + _scfg = getattr(getattr(self, "config", None), "streaming", None) + if _scfg is None: + from gateway.config import StreamingConfig + _scfg = StreamingConfig() + + platform_key = _platform_config_key(source.platform) + user_config = _load_gateway_config() + from gateway.display_config import resolve_display_setting + _plat_streaming = resolve_display_setting( + user_config, platform_key, "streaming" + ) + _streaming_enabled = ( + _scfg.enabled and _scfg.transport != "off" + if _plat_streaming is None + else bool(_plat_streaming) + ) + + if source.thread_id: + _thread_metadata: Optional[Dict[str, Any]] = {"thread_id": source.thread_id} + else: + _thread_metadata = None + + if _streaming_enabled: + try: + from gateway.stream_consumer import GatewayStreamConsumer, StreamConsumerConfig + from gateway.config import Platform + _adapter = self.adapters.get(source.platform) + if _adapter: + _adapter_supports_edit = getattr(_adapter, "SUPPORTS_MESSAGE_EDITING", True) + _effective_cursor = _scfg.cursor if _adapter_supports_edit else "" + if source.platform == Platform.MATRIX: + _effective_cursor = "" + _consumer_cfg = StreamConsumerConfig( + edit_interval=_scfg.edit_interval, + buffer_threshold=_scfg.buffer_threshold, + cursor=_effective_cursor, + ) + _stream_consumer = GatewayStreamConsumer( + adapter=_adapter, + chat_id=source.chat_id, + config=_consumer_cfg, + metadata=_thread_metadata, + ) + except Exception as _sc_err: + logger.debug("Proxy: could not set up stream consumer: %s", _sc_err) + + # Run the stream consumer task in the background + stream_task = None + if _stream_consumer: + stream_task = asyncio.create_task(_stream_consumer.run()) + + # Send typing indicator + _adapter = self.adapters.get(source.platform) + if _adapter: + try: + await _adapter.send_typing(source.chat_id, metadata=_thread_metadata) + except Exception: + pass + + # Make the HTTP request with SSE streaming ----------------------- + full_response = "" + _start = time.time() + + try: + _timeout = ClientTimeout(total=0, sock_read=1800) + async with _AioClientSession(timeout=_timeout) as session: + async with session.post( + f"{proxy_url}/v1/chat/completions", + json=body, + headers=headers, + ) as resp: + if resp.status != 200: + error_text = await resp.text() + logger.warning( + "Proxy error (%d) from %s: %s", + resp.status, proxy_url, error_text[:500], + ) + return { + "final_response": f"⚠️ Proxy error ({resp.status}): {error_text[:300]}", + "messages": [], + "api_calls": 0, + "tools": [], + } + + # Parse SSE stream + buffer = "" + async for chunk in resp.content.iter_any(): + text = chunk.decode("utf-8", errors="replace") + buffer += text + + # Process complete SSE lines + while "\n" in buffer: + line, buffer = buffer.split("\n", 1) + line = line.strip() + if not line: + continue + if line.startswith("data: "): + data = line[6:] + if data.strip() == "[DONE]": + break + try: + obj = json.loads(data) + choices = obj.get("choices", []) + if choices: + delta = choices[0].get("delta", {}) + content = delta.get("content", "") + if content: + full_response += content + if _stream_consumer: + _stream_consumer.on_delta(content) + except json.JSONDecodeError: + pass + + except asyncio.CancelledError: + raise + except Exception as e: + logger.error("Proxy connection error to %s: %s", proxy_url, e) + if not full_response: + return { + "final_response": f"⚠️ Proxy connection error: {e}", + "messages": [], + "api_calls": 0, + "tools": [], + } + # Partial response — return what we got + finally: + # Finalize stream consumer + if _stream_consumer: + _stream_consumer.finish() + if stream_task: + try: + await asyncio.wait_for(stream_task, timeout=5.0) + except (asyncio.TimeoutError, asyncio.CancelledError): + stream_task.cancel() + + _elapsed = time.time() - _start + logger.info( + "proxy response: url=%s session=%s time=%.1fs response=%d chars", + proxy_url, (session_id or "")[:20], _elapsed, len(full_response), + ) + + return { + "final_response": full_response or "(No response from remote agent)", + "messages": [ + {"role": "user", "content": message}, + {"role": "assistant", "content": full_response}, + ], + "api_calls": 1, + "tools": [], + "history_offset": len(history), + "session_id": session_id, + "response_previewed": _stream_consumer is not None and bool(full_response), + } + + # ------------------------------------------------------------------ + async def _run_agent( self, message: str, @@ -7431,6 +7688,18 @@ class GatewayRunner: This is run in a thread pool to not block the event loop. Supports interruption via new messages. """ + # ---- Proxy mode: delegate to remote API server ---- + if self._get_proxy_url(): + return await self._run_agent_via_proxy( + message=message, + context_prompt=context_prompt, + history=history, + source=source, + session_id=session_id, + session_key=session_key, + event_message_id=event_message_id, + ) + from run_agent import AIAgent import queue diff --git a/hermes_cli/config.py b/hermes_cli/config.py index 78cc30157..d121bc517 100644 --- a/hermes_cli/config.py +++ b/hermes_cli/config.py @@ -1429,6 +1429,22 @@ OPTIONAL_ENV_VARS = { "category": "messaging", "advanced": True, }, + "GATEWAY_PROXY_URL": { + "description": "URL of a remote Hermes API server to forward messages to (proxy mode). When set, the gateway handles platform I/O only — all agent work is delegated to the remote server. Use for Docker E2EE containers that relay to a host agent. Also configurable via gateway.proxy_url in config.yaml.", + "prompt": "Remote Hermes API server URL (e.g. http://192.168.1.100:8642)", + "url": None, + "password": False, + "category": "messaging", + "advanced": True, + }, + "GATEWAY_PROXY_KEY": { + "description": "Bearer token for authenticating with the remote Hermes API server (proxy mode). Must match the API_SERVER_KEY on the remote host.", + "prompt": "Remote API server auth key", + "url": None, + "password": True, + "category": "messaging", + "advanced": True, + }, "WEBHOOK_ENABLED": { "description": "Enable the webhook platform adapter for receiving events from GitHub, GitLab, etc.", "prompt": "Enable webhooks (true/false)", diff --git a/tests/gateway/test_proxy_mode.py b/tests/gateway/test_proxy_mode.py new file mode 100644 index 000000000..f3024cb09 --- /dev/null +++ b/tests/gateway/test_proxy_mode.py @@ -0,0 +1,445 @@ +"""Tests for gateway proxy mode — forwarding messages to a remote API server.""" + +import asyncio +import json +import os +from unittest.mock import AsyncMock, MagicMock, patch + +import pytest + +from gateway.config import Platform, StreamingConfig +from gateway.run import GatewayRunner +from gateway.session import SessionSource + + +def _make_runner(proxy_url=None): + """Create a minimal GatewayRunner for proxy tests.""" + runner = object.__new__(GatewayRunner) + runner.adapters = {} + runner.config = MagicMock() + runner.config.streaming = StreamingConfig() + runner._running_agents = {} + runner._session_model_overrides = {} + runner._agent_cache = {} + runner._agent_cache_lock = None + return runner + + +def _make_source(platform=Platform.MATRIX): + return SessionSource( + platform=platform, + chat_id="!room:server.org", + chat_name="Test Room", + chat_type="group", + user_id="@user:server.org", + user_name="testuser", + thread_id=None, + ) + + +class _FakeSSEResponse: + """Simulates an aiohttp response with SSE streaming.""" + + def __init__(self, status=200, sse_chunks=None, error_text=""): + self.status = status + self._sse_chunks = sse_chunks or [] + self._error_text = error_text + self.content = self + + async def text(self): + return self._error_text + + async def iter_any(self): + for chunk in self._sse_chunks: + if isinstance(chunk, str): + chunk = chunk.encode("utf-8") + yield chunk + + async def __aenter__(self): + return self + + async def __aexit__(self, *args): + pass + + +class _FakeSession: + """Simulates an aiohttp.ClientSession with captured request args.""" + + def __init__(self, response): + self._response = response + self.captured_url = None + self.captured_json = None + self.captured_headers = None + + def post(self, url, json=None, headers=None, **kwargs): + self.captured_url = url + self.captured_json = json + self.captured_headers = headers + return self._response + + async def __aenter__(self): + return self + + async def __aexit__(self, *args): + pass + + +def _patch_aiohttp(session): + """Patch aiohttp.ClientSession to return our fake session.""" + return patch( + "aiohttp.ClientSession", + return_value=session, + ) + + +class TestGetProxyUrl: + """Test _get_proxy_url() config resolution.""" + + def test_returns_none_when_not_configured(self, monkeypatch): + monkeypatch.delenv("GATEWAY_PROXY_URL", raising=False) + runner = _make_runner() + with patch("gateway.run._load_gateway_config", return_value={}): + assert runner._get_proxy_url() is None + + def test_reads_from_env_var(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://192.168.1.100:8642") + runner = _make_runner() + assert runner._get_proxy_url() == "http://192.168.1.100:8642" + + def test_strips_trailing_slash(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://host:8642/") + runner = _make_runner() + assert runner._get_proxy_url() == "http://host:8642" + + def test_reads_from_config_yaml(self, monkeypatch): + monkeypatch.delenv("GATEWAY_PROXY_URL", raising=False) + runner = _make_runner() + cfg = {"gateway": {"proxy_url": "http://10.0.0.1:8642"}} + with patch("gateway.run._load_gateway_config", return_value=cfg): + assert runner._get_proxy_url() == "http://10.0.0.1:8642" + + def test_env_var_overrides_config(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://env-host:8642") + runner = _make_runner() + cfg = {"gateway": {"proxy_url": "http://config-host:8642"}} + with patch("gateway.run._load_gateway_config", return_value=cfg): + assert runner._get_proxy_url() == "http://env-host:8642" + + def test_empty_string_treated_as_unset(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", " ") + runner = _make_runner() + with patch("gateway.run._load_gateway_config", return_value={}): + assert runner._get_proxy_url() is None + + +class TestRunAgentProxyDispatch: + """Test that _run_agent() delegates to proxy when configured.""" + + @pytest.mark.asyncio + async def test_run_agent_delegates_to_proxy(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://host:8642") + runner = _make_runner() + source = _make_source() + + expected_result = { + "final_response": "Hello from remote!", + "messages": [ + {"role": "user", "content": "hi"}, + {"role": "assistant", "content": "Hello from remote!"}, + ], + "api_calls": 1, + "tools": [], + } + + runner._run_agent_via_proxy = AsyncMock(return_value=expected_result) + + result = await runner._run_agent( + message="hi", + context_prompt="", + history=[], + source=source, + session_id="test-session-123", + session_key="test-key", + ) + + assert result["final_response"] == "Hello from remote!" + runner._run_agent_via_proxy.assert_called_once() + + @pytest.mark.asyncio + async def test_run_agent_skips_proxy_when_not_configured(self, monkeypatch): + monkeypatch.delenv("GATEWAY_PROXY_URL", raising=False) + runner = _make_runner() + + runner._run_agent_via_proxy = AsyncMock() + + with patch("gateway.run._load_gateway_config", return_value={}): + try: + await runner._run_agent( + message="hi", + context_prompt="", + history=[], + source=_make_source(), + session_id="test-session", + ) + except Exception: + pass # Expected — bare runner can't create a real agent + + runner._run_agent_via_proxy.assert_not_called() + + +class TestRunAgentViaProxy: + """Test the actual proxy HTTP forwarding logic.""" + + @pytest.mark.asyncio + async def test_builds_correct_request(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://host:8642") + monkeypatch.setenv("GATEWAY_PROXY_KEY", "test-key-123") + runner = _make_runner() + source = _make_source() + + resp = _FakeSSEResponse( + status=200, + sse_chunks=[ + 'data: {"choices":[{"delta":{"content":"Hello"}}]}\n\n' + 'data: {"choices":[{"delta":{"content":" world"}}]}\n\n' + "data: [DONE]\n\n" + ], + ) + session = _FakeSession(resp) + + with patch("gateway.run._load_gateway_config", return_value={}): + with _patch_aiohttp(session): + with patch("aiohttp.ClientTimeout"): + result = await runner._run_agent_via_proxy( + message="How are you?", + context_prompt="You are helpful.", + history=[ + {"role": "user", "content": "Hello"}, + {"role": "assistant", "content": "Hi there!"}, + ], + source=source, + session_id="session-abc", + ) + + # Verify request URL + assert session.captured_url == "http://host:8642/v1/chat/completions" + + # Verify auth header + assert session.captured_headers["Authorization"] == "Bearer test-key-123" + + # Verify session ID header + assert session.captured_headers["X-Hermes-Session-Id"] == "session-abc" + + # Verify messages include system, history, and current message + messages = session.captured_json["messages"] + assert messages[0] == {"role": "system", "content": "You are helpful."} + assert messages[1] == {"role": "user", "content": "Hello"} + assert messages[2] == {"role": "assistant", "content": "Hi there!"} + assert messages[3] == {"role": "user", "content": "How are you?"} + + # Verify streaming is requested + assert session.captured_json["stream"] is True + + # Verify response was assembled + assert result["final_response"] == "Hello world" + + @pytest.mark.asyncio + async def test_handles_http_error(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://host:8642") + monkeypatch.delenv("GATEWAY_PROXY_KEY", raising=False) + runner = _make_runner() + source = _make_source() + + resp = _FakeSSEResponse(status=401, error_text="Unauthorized: invalid API key") + session = _FakeSession(resp) + + with patch("gateway.run._load_gateway_config", return_value={}): + with _patch_aiohttp(session): + with patch("aiohttp.ClientTimeout"): + result = await runner._run_agent_via_proxy( + message="hi", + context_prompt="", + history=[], + source=source, + session_id="test", + ) + + assert "Proxy error (401)" in result["final_response"] + assert result["api_calls"] == 0 + + @pytest.mark.asyncio + async def test_handles_connection_error(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://unreachable:8642") + monkeypatch.delenv("GATEWAY_PROXY_KEY", raising=False) + runner = _make_runner() + source = _make_source() + + class _ErrorSession: + def post(self, *args, **kwargs): + raise ConnectionError("Connection refused") + + async def __aenter__(self): + return self + + async def __aexit__(self, *args): + pass + + with patch("gateway.run._load_gateway_config", return_value={}): + with patch("aiohttp.ClientSession", return_value=_ErrorSession()): + with patch("aiohttp.ClientTimeout"): + result = await runner._run_agent_via_proxy( + message="hi", + context_prompt="", + history=[], + source=source, + session_id="test", + ) + + assert "Proxy connection error" in result["final_response"] + + @pytest.mark.asyncio + async def test_skips_tool_messages_in_history(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://host:8642") + monkeypatch.delenv("GATEWAY_PROXY_KEY", raising=False) + runner = _make_runner() + source = _make_source() + + resp = _FakeSSEResponse( + status=200, + sse_chunks=[b'data: {"choices":[{"delta":{"content":"ok"}}]}\n\ndata: [DONE]\n\n'], + ) + session = _FakeSession(resp) + + history = [ + {"role": "user", "content": "search for X"}, + {"role": "assistant", "content": None, "tool_calls": [{"id": "tc1"}]}, + {"role": "tool", "content": "search results...", "tool_call_id": "tc1"}, + {"role": "assistant", "content": "Found results."}, + ] + + with patch("gateway.run._load_gateway_config", return_value={}): + with _patch_aiohttp(session): + with patch("aiohttp.ClientTimeout"): + await runner._run_agent_via_proxy( + message="tell me more", + context_prompt="", + history=history, + source=source, + session_id="test", + ) + + # Only user and assistant with content should be forwarded + messages = session.captured_json["messages"] + roles = [m["role"] for m in messages] + assert "tool" not in roles + # assistant with None content should be skipped + assert all(m.get("content") for m in messages) + + @pytest.mark.asyncio + async def test_result_shape_matches_run_agent(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://host:8642") + monkeypatch.delenv("GATEWAY_PROXY_KEY", raising=False) + runner = _make_runner() + source = _make_source() + + resp = _FakeSSEResponse( + status=200, + sse_chunks=[b'data: {"choices":[{"delta":{"content":"answer"}}]}\n\ndata: [DONE]\n\n'], + ) + session = _FakeSession(resp) + + with patch("gateway.run._load_gateway_config", return_value={}): + with _patch_aiohttp(session): + with patch("aiohttp.ClientTimeout"): + result = await runner._run_agent_via_proxy( + message="hi", + context_prompt="", + history=[{"role": "user", "content": "prev"}, {"role": "assistant", "content": "ok"}], + source=source, + session_id="sess-123", + ) + + # Required keys that callers depend on + assert "final_response" in result + assert result["final_response"] == "answer" + assert "messages" in result + assert "api_calls" in result + assert "tools" in result + assert "history_offset" in result + assert result["history_offset"] == 2 # len(history) + assert "session_id" in result + assert result["session_id"] == "sess-123" + + @pytest.mark.asyncio + async def test_no_auth_header_without_key(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://host:8642") + monkeypatch.delenv("GATEWAY_PROXY_KEY", raising=False) + runner = _make_runner() + source = _make_source() + + resp = _FakeSSEResponse( + status=200, + sse_chunks=[b'data: {"choices":[{"delta":{"content":"ok"}}]}\n\ndata: [DONE]\n\n'], + ) + session = _FakeSession(resp) + + with patch("gateway.run._load_gateway_config", return_value={}): + with _patch_aiohttp(session): + with patch("aiohttp.ClientTimeout"): + await runner._run_agent_via_proxy( + message="hi", + context_prompt="", + history=[], + source=source, + session_id="test", + ) + + assert "Authorization" not in session.captured_headers + + @pytest.mark.asyncio + async def test_no_system_message_when_context_empty(self, monkeypatch): + monkeypatch.setenv("GATEWAY_PROXY_URL", "http://host:8642") + monkeypatch.delenv("GATEWAY_PROXY_KEY", raising=False) + runner = _make_runner() + source = _make_source() + + resp = _FakeSSEResponse( + status=200, + sse_chunks=[b'data: {"choices":[{"delta":{"content":"ok"}}]}\n\ndata: [DONE]\n\n'], + ) + session = _FakeSession(resp) + + with patch("gateway.run._load_gateway_config", return_value={}): + with _patch_aiohttp(session): + with patch("aiohttp.ClientTimeout"): + await runner._run_agent_via_proxy( + message="hello", + context_prompt="", + history=[], + source=source, + session_id="test", + ) + + # No system message should appear when context_prompt is empty + messages = session.captured_json["messages"] + assert len(messages) == 1 + assert messages[0]["role"] == "user" + assert messages[0]["content"] == "hello" + + +class TestEnvVarRegistration: + """Verify GATEWAY_PROXY_URL and GATEWAY_PROXY_KEY are registered.""" + + def test_proxy_url_in_optional_env_vars(self): + from hermes_cli.config import OPTIONAL_ENV_VARS + assert "GATEWAY_PROXY_URL" in OPTIONAL_ENV_VARS + info = OPTIONAL_ENV_VARS["GATEWAY_PROXY_URL"] + assert info["category"] == "messaging" + assert info["password"] is False + + def test_proxy_key_in_optional_env_vars(self): + from hermes_cli.config import OPTIONAL_ENV_VARS + assert "GATEWAY_PROXY_KEY" in OPTIONAL_ENV_VARS + info = OPTIONAL_ENV_VARS["GATEWAY_PROXY_KEY"] + assert info["category"] == "messaging" + assert info["password"] is True From 8bb5973950073aa0696d885223b41674c41d0440 Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 10:46:45 -0700 Subject: [PATCH 18/41] docs: add proxy mode documentation - Matrix docs: full Proxy Mode section with architecture diagram, step-by-step setup (host + Docker), docker-compose.yml/Dockerfile examples, configuration reference, and limitations notes - API Server docs: add Proxy Mode section explaining the api_server serves as the backend for gateway proxy mode - Environment variables reference: add GATEWAY_PROXY_URL and GATEWAY_PROXY_KEY entries --- .../docs/reference/environment-variables.md | 2 + .../docs/user-guide/features/api-server.md | 6 + website/docs/user-guide/messaging/matrix.md | 135 ++++++++++++++++++ 3 files changed, 143 insertions(+) diff --git a/website/docs/reference/environment-variables.md b/website/docs/reference/environment-variables.md index 54cba2b89..8167b353e 100644 --- a/website/docs/reference/environment-variables.md +++ b/website/docs/reference/environment-variables.md @@ -301,6 +301,8 @@ For cloud sandbox backends, persistence is filesystem-oriented. `TERMINAL_LIFETI | `API_SERVER_PORT` | Port for the API server (default: `8642`) | | `API_SERVER_HOST` | Host/bind address for the API server (default: `127.0.0.1`). Use `0.0.0.0` for network access — requires `API_SERVER_KEY` and a narrow `API_SERVER_CORS_ORIGINS` allowlist. | | `API_SERVER_MODEL_NAME` | Model name advertised on `/v1/models`. Defaults to the profile name (or `hermes-agent` for the default profile). Useful for multi-user setups where frontends like Open WebUI need distinct model names per connection. | +| `GATEWAY_PROXY_URL` | URL of a remote Hermes API server to forward messages to ([proxy mode](/docs/user-guide/messaging/matrix#proxy-mode-e2ee-on-macos)). When set, the gateway handles platform I/O only — all agent work is delegated to the remote server. Also configurable via `gateway.proxy_url` in `config.yaml`. | +| `GATEWAY_PROXY_KEY` | Bearer token for authenticating with the remote API server in proxy mode. Must match `API_SERVER_KEY` on the remote host. | | `MESSAGING_CWD` | Working directory for terminal commands in messaging mode (default: `~`) | | `GATEWAY_ALLOWED_USERS` | Comma-separated user IDs allowed across all platforms | | `GATEWAY_ALLOW_ALL_USERS` | Allow all users without allowlists (`true`/`false`, default: `false`) | diff --git a/website/docs/user-guide/features/api-server.md b/website/docs/user-guide/features/api-server.md index 95982d06e..efb254a00 100644 --- a/website/docs/user-guide/features/api-server.md +++ b/website/docs/user-guide/features/api-server.md @@ -278,3 +278,9 @@ In Open WebUI, add each as a separate connection. The model dropdown shows `alic - **Response storage** — stored responses (for `previous_response_id`) are persisted in SQLite and survive gateway restarts. Max 100 stored responses (LRU eviction). - **No file upload** — vision/document analysis via uploaded files is not yet supported through the API. - **Model field is cosmetic** — the `model` field in requests is accepted but the actual LLM model used is configured server-side in config.yaml. + +## Proxy Mode + +The API server also serves as the backend for **gateway proxy mode**. When another Hermes gateway instance is configured with `GATEWAY_PROXY_URL` pointing at this API server, it forwards all messages here instead of running its own agent. This enables split deployments — for example, a Docker container handling Matrix E2EE that relays to a host-side agent. + +See [Matrix Proxy Mode](/docs/user-guide/messaging/matrix#proxy-mode-e2ee-on-macos) for the full setup guide. diff --git a/website/docs/user-guide/messaging/matrix.md b/website/docs/user-guide/messaging/matrix.md index de03ff817..b742e0cfa 100644 --- a/website/docs/user-guide/messaging/matrix.md +++ b/website/docs/user-guide/messaging/matrix.md @@ -439,6 +439,141 @@ security breach). A new access token gets a new device ID with no stale key history, so other clients trust it immediately. ::: +## Proxy Mode (E2EE on macOS) + +Matrix E2EE requires `libolm`, which doesn't compile on macOS ARM64 (Apple Silicon). The `hermes-agent[matrix]` extra is gated to Linux only. If you're on macOS, proxy mode lets you run E2EE in a Docker container on a Linux VM while the actual agent runs natively on macOS with full access to your local files, memory, and skills. + +### How It Works + +``` +macOS (Host): + └─ hermes gateway + ├─ api_server adapter ← listens on 0.0.0.0:8642 + ├─ AIAgent ← single source of truth + ├─ Sessions, memory, skills + └─ Local file access (Obsidian, projects, etc.) + +Linux VM (Docker): + └─ hermes gateway (proxy mode) + ├─ Matrix adapter ← E2EE decryption/encryption + └─ HTTP forward → macOS:8642/v1/chat/completions + (no LLM API keys, no agent, no inference) +``` + +The Docker container only handles Matrix protocol + E2EE. When a message arrives, it decrypts it and forwards the text to the host via a standard HTTP request. The host runs the agent, calls tools, generates a response, and streams it back. The container encrypts and sends the response to Matrix. All sessions are unified — CLI, Matrix, Telegram, and any other platform share the same memory and conversation history. + +### Step 1: Configure the Host (macOS) + +Enable the API server so the host accepts incoming requests from the Docker container. + +Add to `~/.hermes/.env`: + +```bash +API_SERVER_ENABLED=true +API_SERVER_KEY=your-secret-key-here +API_SERVER_HOST=0.0.0.0 +``` + +- `API_SERVER_HOST=0.0.0.0` binds to all interfaces so the Docker container can reach it. +- `API_SERVER_KEY` is required for non-loopback binding. Pick a strong random string. +- The API server runs on port 8642 by default (change with `API_SERVER_PORT` if needed). + +Start the gateway: + +```bash +hermes gateway +``` + +You should see the API server start alongside any other platforms you have configured. Verify it's reachable from the VM: + +```bash +# From the Linux VM +curl http://:8642/health +``` + +### Step 2: Configure the Docker Container (Linux VM) + +The container needs Matrix credentials and the proxy URL. It does NOT need LLM API keys. + +**`docker-compose.yml`:** + +```yaml +services: + hermes-matrix: + build: . + environment: + # Matrix credentials + MATRIX_HOMESERVER: "https://matrix.example.org" + MATRIX_ACCESS_TOKEN: "syt_..." + MATRIX_ALLOWED_USERS: "@you:matrix.example.org" + MATRIX_ENCRYPTION: "true" + MATRIX_DEVICE_ID: "HERMES_BOT" + + # Proxy mode — forward to host agent + GATEWAY_PROXY_URL: "http://192.168.1.100:8642" + GATEWAY_PROXY_KEY: "your-secret-key-here" + volumes: + - ./matrix-store:/root/.hermes/platforms/matrix/store +``` + +**`Dockerfile`:** + +```dockerfile +FROM python:3.11-slim + +RUN apt-get update && apt-get install -y libolm-dev && rm -rf /var/lib/apt/lists/* +RUN pip install 'hermes-agent[matrix]' + +CMD ["hermes", "gateway"] +``` + +That's the entire container. No API keys for OpenRouter, Anthropic, or any inference provider. + +### Step 3: Start Both + +1. Start the host gateway first: + ```bash + hermes gateway + ``` + +2. Start the Docker container: + ```bash + docker compose up -d + ``` + +3. Send a message in an encrypted Matrix room. The container decrypts it, forwards it to the host, and streams the response back. + +### Configuration Reference + +Proxy mode is configured on the **container side** (the thin gateway): + +| Setting | Description | +|---------|-------------| +| `GATEWAY_PROXY_URL` | URL of the remote Hermes API server (e.g., `http://192.168.1.100:8642`) | +| `GATEWAY_PROXY_KEY` | Bearer token for authentication (must match `API_SERVER_KEY` on the host) | +| `gateway.proxy_url` | Same as `GATEWAY_PROXY_URL` but in `config.yaml` | + +The host side needs: + +| Setting | Description | +|---------|-------------| +| `API_SERVER_ENABLED` | Set to `true` | +| `API_SERVER_KEY` | Bearer token (shared with the container) | +| `API_SERVER_HOST` | Set to `0.0.0.0` for network access | +| `API_SERVER_PORT` | Port number (default: `8642`) | + +### Works for Any Platform + +Proxy mode is not limited to Matrix. Any platform adapter can use it — set `GATEWAY_PROXY_URL` on any gateway instance and it will forward to the remote agent instead of running one locally. This is useful for any deployment where the platform adapter needs to run in a different environment from the agent (network isolation, E2EE requirements, resource constraints). + +:::tip +Session continuity is maintained via the `X-Hermes-Session-Id` header. The host's API server tracks sessions by this ID, so conversations persist across messages just like they would with a local agent. +::: + +:::note +**Limitations (v1):** Tool progress messages from the remote agent are not relayed back — the user sees the streamed final response only, not individual tool calls. Dangerous command approval prompts are handled on the host side, not relayed to the Matrix user. These can be addressed in future updates. +::: + ### Sync issues / bot falls behind **Cause**: Long-running tool executions can delay the sync loop, or the homeserver is slow. From b583210c974b7143cccb8e32a3e50992393b5a66 Mon Sep 17 00:00:00 2001 From: asheriif Date: Sun, 12 Apr 2026 11:50:24 +0000 Subject: [PATCH 19/41] fix(gateway): fix regression causing display.streaming to override root streaming key --- gateway/display_config.py | 15 +++++++++++---- tests/gateway/test_display_config.py | 9 +++++++++ tests/gateway/test_run_progress_topics.py | 21 +++++++++++++++++++++ 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/gateway/display_config.py b/gateway/display_config.py index c1dcf2a64..78e8bc9af 100644 --- a/gateway/display_config.py +++ b/gateway/display_config.py @@ -9,6 +9,10 @@ Resolution order (first non-None wins): 3. ``_PLATFORM_DEFAULTS[][]`` — built-in sensible default 4. ``_GLOBAL_DEFAULTS[]`` — built-in global default +Exception: ``display.streaming`` is CLI-only. Gateway streaming follows the +top-level ``streaming`` config unless ``display.platforms..streaming`` +sets an explicit per-platform override. + Backward compatibility: ``display.tool_progress_overrides`` is still read as a fallback for ``tool_progress`` when no ``display.platforms`` entry exists. A config migration (version bump) automatically moves the old format into the new @@ -143,10 +147,13 @@ def resolve_display_setting( if val is not None: return _normalise(setting, val) - # 2. Global user setting (display.) - val = display_cfg.get(setting) - if val is not None: - return _normalise(setting, val) + # 2. Global user setting (display.). Skip display.streaming because + # that key controls only CLI terminal streaming; gateway token streaming is + # governed by the top-level streaming config plus per-platform overrides. + if setting != "streaming": + val = display_cfg.get(setting) + if val is not None: + return _normalise(setting, val) # 3. Built-in platform default plat_defaults = _PLATFORM_DEFAULTS.get(platform_key) diff --git a/tests/gateway/test_display_config.py b/tests/gateway/test_display_config.py index ae2eac66e..2192d67bc 100644 --- a/tests/gateway/test_display_config.py +++ b/tests/gateway/test_display_config.py @@ -297,6 +297,15 @@ class TestStreamingPerPlatform: result = resolve_display_setting(config, "telegram", "streaming") assert result is None # caller should check global StreamingConfig + def test_global_display_streaming_is_cli_only(self): + """display.streaming must not act as a gateway streaming override.""" + from gateway.display_config import resolve_display_setting + + for value in (True, False): + config = {"display": {"streaming": value}} + assert resolve_display_setting(config, "telegram", "streaming") is None + assert resolve_display_setting(config, "discord", "streaming") is None + def test_explicit_false_disables(self): """Explicit False disables streaming for that platform.""" from gateway.display_config import resolve_display_setting diff --git a/tests/gateway/test_run_progress_topics.py b/tests/gateway/test_run_progress_topics.py index 7859edd74..1b7829616 100644 --- a/tests/gateway/test_run_progress_topics.py +++ b/tests/gateway/test_run_progress_topics.py @@ -572,6 +572,27 @@ async def test_run_agent_streaming_does_not_enable_completed_interim_commentary( assert not any(call["content"] == "I'll inspect the repo first." for call in adapter.sent) +@pytest.mark.asyncio +async def test_display_streaming_does_not_enable_gateway_streaming(monkeypatch, tmp_path): + adapter, result = await _run_with_agent( + monkeypatch, + tmp_path, + CommentaryAgent, + session_id="sess-display-streaming-cli-only", + config_data={ + "display": { + "streaming": True, + "interim_assistant_messages": True, + }, + "streaming": {"enabled": False}, + }, + ) + + assert result.get("already_sent") is not True + assert adapter.edits == [] + assert [call["content"] for call in adapter.sent] == ["I'll inspect the repo first."] + + @pytest.mark.asyncio async def test_run_agent_interim_commentary_works_with_tool_progress_off(monkeypatch, tmp_path): adapter, result = await _run_with_agent( From 99bcc2de5bf433d799ea7af782c72ac9bdfd6595 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Tue, 14 Apr 2026 10:57:56 -0700 Subject: [PATCH 20/41] fix(security): harden dashboard API against unauthenticated access (#9800) Addresses responsible disclosure from FuzzMind Security Lab (CVE pending). The web dashboard API server had 36 endpoints, of which only 5 checked the session token. The token itself was served from an unauthenticated GET /api/auth/session-token endpoint, rendering the protection circular. When bound to 0.0.0.0 (--host flag), all API keys, config, and cron management were accessible to any machine on the network. Changes: - Add auth middleware requiring session token on ALL /api/ routes except a small public whitelist (status, config/defaults, config/schema, model/info) - Remove GET /api/auth/session-token endpoint entirely; inject the token into index.html via a ' + ) + html = html.replace("", f"{token_script}", 1) + return HTMLResponse( + html, + headers={"Cache-Control": "no-store, no-cache, must-revalidate"}, + ) + application.mount("/assets", StaticFiles(directory=WEB_DIST / "assets"), name="assets") @application.get("/{full_path:path}") @@ -1955,24 +1992,32 @@ def mount_spa(application: FastAPI): and file_path.is_file() ): return FileResponse(file_path) - return FileResponse( - WEB_DIST / "index.html", - headers={"Cache-Control": "no-store, no-cache, must-revalidate"}, - ) + return _serve_index() mount_spa(app) -def start_server(host: str = "127.0.0.1", port: int = 9119, open_browser: bool = True): +def start_server( + host: str = "127.0.0.1", + port: int = 9119, + open_browser: bool = True, + allow_public: bool = False, +): """Start the web UI server.""" import uvicorn - if host not in ("127.0.0.1", "localhost", "::1"): - import logging - logging.warning( - "Binding to %s — the web UI exposes config and API keys. " - "Only bind to non-localhost if you trust all users on the network.", host, + _LOCALHOST = ("127.0.0.1", "localhost", "::1") + if host not in _LOCALHOST and not allow_public: + raise SystemExit( + f"Refusing to bind to {host} — the dashboard exposes API keys " + f"and config without robust authentication.\n" + f"Use --insecure to override (NOT recommended on untrusted networks)." + ) + if host not in _LOCALHOST: + _log.warning( + "Binding to %s with --insecure — the dashboard has no robust " + "authentication. Only use on trusted networks.", host, ) if open_browser: diff --git a/tests/hermes_cli/test_web_server.py b/tests/hermes_cli/test_web_server.py index 1bbbdba1c..ebcb2c95c 100644 --- a/tests/hermes_cli/test_web_server.py +++ b/tests/hermes_cli/test_web_server.py @@ -108,8 +108,9 @@ class TestWebServerEndpoints: except ImportError: pytest.skip("fastapi/starlette not installed") - from hermes_cli.web_server import app + from hermes_cli.web_server import app, _SESSION_TOKEN self.client = TestClient(app) + self.client.headers["Authorization"] = f"Bearer {_SESSION_TOKEN}" def test_get_status(self): resp = self.client.get("/api/status") @@ -239,9 +240,13 @@ class TestWebServerEndpoints: def test_reveal_env_var_no_token(self, tmp_path): """POST /api/env/reveal without token should return 401.""" + from starlette.testclient import TestClient + from hermes_cli.web_server import app from hermes_cli.config import save_env_value save_env_value("TEST_REVEAL_NOAUTH", "secret-value") - resp = self.client.post( + # Use a fresh client WITHOUT the Authorization header + unauth_client = TestClient(app) + resp = unauth_client.post( "/api/env/reveal", json={"key": "TEST_REVEAL_NOAUTH"}, ) @@ -258,12 +263,32 @@ class TestWebServerEndpoints: ) assert resp.status_code == 401 - def test_session_token_endpoint(self): - """GET /api/auth/session-token should return a token.""" - from hermes_cli.web_server import _SESSION_TOKEN + def test_session_token_endpoint_removed(self): + """GET /api/auth/session-token should no longer exist (token injected via HTML).""" resp = self.client.get("/api/auth/session-token") + # The endpoint is gone — the catch-all SPA route serves index.html + # or the middleware returns 401 for unauthenticated /api/ paths. + assert resp.status_code in (200, 404) + # Either way, it must NOT return the token as JSON + try: + data = resp.json() + assert "token" not in data + except Exception: + pass # Not JSON — that's fine (SPA HTML) + + def test_unauthenticated_api_blocked(self): + """API requests without the session token should be rejected.""" + from starlette.testclient import TestClient + from hermes_cli.web_server import app + # Create a client WITHOUT the Authorization header + unauth_client = TestClient(app) + resp = unauth_client.get("/api/env") + assert resp.status_code == 401 + resp = unauth_client.get("/api/config") + assert resp.status_code == 401 + # Public endpoints should still work + resp = unauth_client.get("/api/status") assert resp.status_code == 200 - assert resp.json()["token"] == _SESSION_TOKEN def test_path_traversal_blocked(self): """Verify URL-encoded path traversal is blocked.""" @@ -358,8 +383,9 @@ class TestConfigRoundTrip: from starlette.testclient import TestClient except ImportError: pytest.skip("fastapi/starlette not installed") - from hermes_cli.web_server import app + from hermes_cli.web_server import app, _SESSION_TOKEN self.client = TestClient(app) + self.client.headers["Authorization"] = f"Bearer {_SESSION_TOKEN}" def test_get_config_no_internal_keys(self): """GET /api/config should not expose _config_version or _model_meta.""" @@ -490,8 +516,9 @@ class TestNewEndpoints: from starlette.testclient import TestClient except ImportError: pytest.skip("fastapi/starlette not installed") - from hermes_cli.web_server import app + from hermes_cli.web_server import app, _SESSION_TOKEN self.client = TestClient(app) + self.client.headers["Authorization"] = f"Bearer {_SESSION_TOKEN}" def test_get_logs_default(self): resp = self.client.get("/api/logs") @@ -668,11 +695,16 @@ class TestNewEndpoints: assert isinstance(data["daily"], list) assert "total_sessions" in data["totals"] - def test_session_token_endpoint(self): - from hermes_cli.web_server import _SESSION_TOKEN + def test_session_token_endpoint_removed(self): + """GET /api/auth/session-token no longer exists.""" resp = self.client.get("/api/auth/session-token") - assert resp.status_code == 200 - assert resp.json()["token"] == _SESSION_TOKEN + # Should not return a JSON token object + assert resp.status_code in (200, 404) + try: + data = resp.json() + assert "token" not in data + except Exception: + pass # --------------------------------------------------------------------------- diff --git a/web/src/lib/api.ts b/web/src/lib/api.ts index 82353f649..e61043993 100644 --- a/web/src/lib/api.ts +++ b/web/src/lib/api.ts @@ -1,11 +1,22 @@ const BASE = ""; -// Ephemeral session token for protected endpoints (reveal). -// Fetched once on first reveal request and cached in memory. +// Ephemeral session token for protected endpoints. +// Injected into index.html by the server — never fetched via API. +declare global { + interface Window { + __HERMES_SESSION_TOKEN__?: string; + } +} let _sessionToken: string | null = null; async function fetchJSON(url: string, init?: RequestInit): Promise { - const res = await fetch(`${BASE}${url}`, init); + // Inject the session token into all /api/ requests. + const headers = new Headers(init?.headers); + const token = window.__HERMES_SESSION_TOKEN__; + if (token && !headers.has("Authorization")) { + headers.set("Authorization", `Bearer ${token}`); + } + const res = await fetch(`${BASE}${url}`, { ...init, headers }); if (!res.ok) { const text = await res.text().catch(() => res.statusText); throw new Error(`${res.status}: ${text}`); @@ -15,9 +26,12 @@ async function fetchJSON(url: string, init?: RequestInit): Promise { async function getSessionToken(): Promise { if (_sessionToken) return _sessionToken; - const resp = await fetchJSON<{ token: string }>("/api/auth/session-token"); - _sessionToken = resp.token; - return _sessionToken; + const injected = window.__HERMES_SESSION_TOKEN__; + if (injected) { + _sessionToken = injected; + return _sessionToken; + } + throw new Error("Session token not available — page must be served by the Hermes dashboard server"); } export const api = { From 064f8d74de083255086e4739583d48b9b1be19aa Mon Sep 17 00:00:00 2001 From: cypres0099 Date: Tue, 14 Apr 2026 10:35:22 -0500 Subject: [PATCH 21/41] fix(gateway/bluebubbles): remove invalid "message" from webhook event registration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The BlueBubbles adapter registers its webhook with three events: ["new-message", "updated-message", "message"]. The third, "message", is not a valid event type in the BlueBubbles server API — BB rejects the registration payload with HTTP 400 Bad Request. Currently this is masked by the "crash resilience" check in _register_webhook, which reuses any existing registration matching the webhook URL and short-circuits before reaching the API call. So an already-registered webhook from a prior run keeps working. But any fresh install, or any restart after _unregister_webhook has run during a clean shutdown, fails to re-register and silently stops receiving messages. Observed in production: after a gateway restart in v0.9.0 (which auto- unregisters on shutdown), the next startup hit this 400 and the bot went silent until the invalid event was removed. BlueBubbles documents "new-message" and "updated-message" as the message event types (see https://docs.bluebubbles.app/). There is no "message" event, and no harm in dropping it — the two remaining events cover all inbound message webhooks. Co-Authored-By: Claude Opus 4.6 (1M context) --- gateway/platforms/bluebubbles.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gateway/platforms/bluebubbles.py b/gateway/platforms/bluebubbles.py index af71619f4..fc179154f 100644 --- a/gateway/platforms/bluebubbles.py +++ b/gateway/platforms/bluebubbles.py @@ -257,7 +257,7 @@ class BlueBubblesAdapter(BasePlatformAdapter): payload = { "url": webhook_url, - "events": ["new-message", "updated-message", "message"], + "events": ["new-message", "updated-message"], } try: From 8b523568492a68ea0c8af1108ff4bb9be7c28e45 Mon Sep 17 00:00:00 2001 From: cypres0099 Date: Tue, 14 Apr 2026 10:30:58 -0500 Subject: [PATCH 22/41] fix(gateway/bluebubbles): fall back to data.chats[0].guid when chatGuid missing BlueBubbles v1.9+ webhook payloads for new-message events do not always include a top-level chatGuid field on the message data object. Instead, the chat GUID is nested under data.chats[0].guid. The adapter currently checks five top-level fallback locations (record and payload, snake_case and camelCase, plus payload.guid) but never looks inside the chats array. When none of those top-level fields contain the GUID, the adapter falls through to using the sender's phone/email as the session chat ID. This causes two observable bugs when a user is a participant in both a DM and a group chat with the bot: 1. DM and group sessions merge. Every message from that user ends up with the same session_chat_id (their own address), so the bot cannot distinguish which thread the message came from. 2. Outbound routing becomes ambiguous. _resolve_chat_guid() iterates all chats and returns the first one where the address appears as a participant; group chats typically sort ahead of DMs by activity, so replies and cron messages intended for the DM can land in a group. This was observed in production: a user's morning brief cron delivered to a group chat with his spouse instead of his DM thread. The fix adds a single fallback that extracts chat_guid from record["chats"][0]["guid"] when the top-level fields are empty. The chats array is included in every new-message webhook payload in BB v1.9.9 (verified against a live server). It is backwards compatible: if a future BB version starts including chatGuid at the top level, that still wins. Co-Authored-By: Claude Opus 4.6 (1M context) --- gateway/platforms/bluebubbles.py | 6 ++++ tests/gateway/test_bluebubbles.py | 57 +++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/gateway/platforms/bluebubbles.py b/gateway/platforms/bluebubbles.py index fc179154f..909a0be66 100644 --- a/gateway/platforms/bluebubbles.py +++ b/gateway/platforms/bluebubbles.py @@ -835,6 +835,12 @@ class BlueBubblesAdapter(BasePlatformAdapter): payload.get("chat_guid"), payload.get("guid"), ) + # Fallback: BlueBubbles v1.9+ webhook payloads omit top-level chatGuid; + # the chat GUID is nested under data.chats[0].guid instead. + if not chat_guid: + _chats = record.get("chats") or [] + if _chats and isinstance(_chats[0], dict): + chat_guid = _chats[0].get("guid") or _chats[0].get("chatGuid") chat_identifier = self._value( record.get("chatIdentifier"), record.get("identifier"), diff --git a/tests/gateway/test_bluebubbles.py b/tests/gateway/test_bluebubbles.py index 86220d440..639f81ae0 100644 --- a/tests/gateway/test_bluebubbles.py +++ b/tests/gateway/test_bluebubbles.py @@ -167,6 +167,63 @@ class TestBlueBubblesWebhookParsing: chat_identifier = sender assert chat_identifier == "user@example.com" + def test_webhook_extracts_chat_guid_from_chats_array_dm(self, monkeypatch): + """BB v1.9+ webhook payloads omit top-level chatGuid; GUID is in chats[0].guid.""" + adapter = _make_adapter(monkeypatch) + payload = { + "type": "new-message", + "data": { + "guid": "MESSAGE-GUID", + "text": "hello", + "handle": {"address": "+15551234567"}, + "isFromMe": False, + "chats": [ + {"guid": "any;-;+15551234567", "chatIdentifier": "+15551234567"} + ], + }, + } + record = adapter._extract_payload_record(payload) or {} + chat_guid = adapter._value( + record.get("chatGuid"), + payload.get("chatGuid"), + record.get("chat_guid"), + payload.get("chat_guid"), + payload.get("guid"), + ) + if not chat_guid: + _chats = record.get("chats") or [] + if _chats and isinstance(_chats[0], dict): + chat_guid = _chats[0].get("guid") or _chats[0].get("chatGuid") + assert chat_guid == "any;-;+15551234567" + + def test_webhook_extracts_chat_guid_from_chats_array_group(self, monkeypatch): + """Group chat GUIDs contain ;+; and must be extracted from chats array.""" + adapter = _make_adapter(monkeypatch) + payload = { + "type": "new-message", + "data": { + "guid": "MESSAGE-GUID", + "text": "hello everyone", + "handle": {"address": "+15551234567"}, + "isFromMe": False, + "isGroup": True, + "chats": [{"guid": "any;+;chat-uuid-abc123"}], + }, + } + record = adapter._extract_payload_record(payload) or {} + chat_guid = adapter._value( + record.get("chatGuid"), + payload.get("chatGuid"), + record.get("chat_guid"), + payload.get("chat_guid"), + payload.get("guid"), + ) + if not chat_guid: + _chats = record.get("chats") or [] + if _chats and isinstance(_chats[0], dict): + chat_guid = _chats[0].get("guid") or _chats[0].get("chatGuid") + assert chat_guid == "any;+;chat-uuid-abc123" + def test_extract_payload_record_accepts_list_data(self, monkeypatch): adapter = _make_adapter(monkeypatch) payload = { From 326cbbe40ea05bdef1871ac60c57f10abf5bdf41 Mon Sep 17 00:00:00 2001 From: cypres0099 Date: Tue, 14 Apr 2026 10:39:51 -0500 Subject: [PATCH 23/41] fix(gateway/bluebubbles): embed password in registered webhook URL for inbound auth MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When BlueBubbles posts webhook events to the adapter, it uses the exact URL registered via /api/v1/webhook — and BB's registration API does not support custom headers. The adapter currently registers the bare URL (no credentials), but then requires password auth on inbound POSTs, rejecting every webhook with HTTP 401. This is masked on fresh BB installs by a race condition: the webhook might register once with a prior (possibly patched) URL and keep working until the first restart. On v0.9.0, _unregister_webhook runs on clean shutdown, so the next startup re-registers with the bare URL and the 401s begin. Users see the bot go silent with no obvious cause. Root cause: there's no way to pass auth credentials from BB to the webhook handler except via the URL itself. BB accepts query params and preserves them on outbound POSTs. ## Fix Introduce `_webhook_register_url` — the URL handed to BB's registration API, with the configured password appended as a `?password=` query param. The existing webhook auth handler already accepts this form (it reads `request.query.get("password")`), so no change to the receive side is needed. The bare `_webhook_url` is still used for logging and for binding the local listener, so credentials don't leak into log output. Only the registration/find/unregister paths use the password-bearing form. ## Notes - Password is URL-encoded via urllib.parse.quote, handling special characters (&, *, @, etc.) that would otherwise break parsing. - Storing the password in BB's webhook table is not a new disclosure: anyone with access to that table already has the BB admin password (same credential used for every other API call). - If `self.password` is empty (no auth configured), the register URL is the bare URL — preserves current behavior for unauthenticated local-only setups. Co-Authored-By: Claude Opus 4.6 (1M context) --- gateway/platforms/bluebubbles.py | 19 +++++++++++++++++-- tests/gateway/test_bluebubbles.py | 22 ++++++++++++++++++++++ 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/gateway/platforms/bluebubbles.py b/gateway/platforms/bluebubbles.py index 909a0be66..a8a292969 100644 --- a/gateway/platforms/bluebubbles.py +++ b/gateway/platforms/bluebubbles.py @@ -224,6 +224,21 @@ class BlueBubblesAdapter(BasePlatformAdapter): host = "localhost" return f"http://{host}:{self.webhook_port}{self.webhook_path}" + @property + def _webhook_register_url(self) -> str: + """Webhook URL registered with BlueBubbles, including the password as + a query param so inbound webhook POSTs carry credentials. + + BlueBubbles posts events to the exact URL registered via + ``/api/v1/webhook``. Its webhook registration API does not support + custom headers, so embedding the password in the URL is the only + way to authenticate inbound webhooks without disabling auth. + """ + base = self._webhook_url + if self.password: + return f"{base}?password={quote(self.password, safe='')}" + return base + async def _find_registered_webhooks(self, url: str) -> list: """Return list of BB webhook entries matching *url*.""" try: @@ -245,7 +260,7 @@ class BlueBubblesAdapter(BasePlatformAdapter): if not self.client: return False - webhook_url = self._webhook_url + webhook_url = self._webhook_register_url # Crash resilience — reuse an existing registration if present existing = await self._find_registered_webhooks(webhook_url) @@ -292,7 +307,7 @@ class BlueBubblesAdapter(BasePlatformAdapter): if not self.client: return False - webhook_url = self._webhook_url + webhook_url = self._webhook_register_url removed = False try: diff --git a/tests/gateway/test_bluebubbles.py b/tests/gateway/test_bluebubbles.py index 639f81ae0..c84b1e477 100644 --- a/tests/gateway/test_bluebubbles.py +++ b/tests/gateway/test_bluebubbles.py @@ -442,6 +442,28 @@ class TestBlueBubblesWebhookUrl: adapter = _make_adapter(monkeypatch, webhook_host="192.168.1.50") assert "192.168.1.50" in adapter._webhook_url + def test_register_url_embeds_password(self, monkeypatch): + """_webhook_register_url should append ?password=... for inbound auth.""" + adapter = _make_adapter(monkeypatch, password="secret123") + assert adapter._webhook_register_url.endswith("?password=secret123") + assert adapter._webhook_register_url.startswith(adapter._webhook_url) + + def test_register_url_url_encodes_password(self, monkeypatch): + """Passwords with special characters must be URL-encoded.""" + adapter = _make_adapter(monkeypatch, password="W9fTC&L5JL*@") + assert "password=W9fTC%26L5JL%2A%40" in adapter._webhook_register_url + + def test_register_url_omits_query_when_no_password(self, monkeypatch): + """If no password is configured, the register URL should be the bare URL.""" + monkeypatch.delenv("BLUEBUBBLES_PASSWORD", raising=False) + from gateway.platforms.bluebubbles import BlueBubblesAdapter + cfg = PlatformConfig( + enabled=True, + extra={"server_url": "http://localhost:1234", "password": ""}, + ) + adapter = BlueBubblesAdapter(cfg) + assert adapter._webhook_register_url == adapter._webhook_url + class TestBlueBubblesWebhookRegistration: """Tests for _register_webhook, _unregister_webhook, _find_registered_webhooks.""" From 3e0bccc54c7ccc2ee27c16ab439de56aa66bc246 Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 10:58:07 -0700 Subject: [PATCH 24/41] fix: update existing webhook tests to use _webhook_register_url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow-up for cherry-picked PR #9746 — three pre-existing tests used adapter._webhook_url (bare URL) in mock data, but _register_webhook and _unregister_webhook now compare against _webhook_register_url (password-bearing URL). Updated to match. --- tests/gateway/test_bluebubbles.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/gateway/test_bluebubbles.py b/tests/gateway/test_bluebubbles.py index c84b1e477..a027bcd7c 100644 --- a/tests/gateway/test_bluebubbles.py +++ b/tests/gateway/test_bluebubbles.py @@ -579,7 +579,7 @@ class TestBlueBubblesWebhookRegistration: """Crash resilience — existing registration is reused, no POST needed.""" import asyncio adapter = _make_adapter(monkeypatch) - url = adapter._webhook_url + url = adapter._webhook_register_url adapter.client = self._mock_client( get_response={"status": 200, "data": [ {"id": 7, "url": url, "events": ["new-message"]}, @@ -627,7 +627,7 @@ class TestBlueBubblesWebhookRegistration: def test_unregister_removes_matching(self, monkeypatch): import asyncio adapter = _make_adapter(monkeypatch) - url = adapter._webhook_url + url = adapter._webhook_register_url adapter.client = self._mock_client( get_response={"status": 200, "data": [ {"id": 10, "url": url}, @@ -642,7 +642,7 @@ class TestBlueBubblesWebhookRegistration: """Multiple orphaned registrations for same URL — all get removed.""" import asyncio adapter = _make_adapter(monkeypatch) - url = adapter._webhook_url + url = adapter._webhook_register_url deleted_ids = [] async def mock_delete(*args, **kwargs): From 0bd3f521ae253e751aa643811c40ae9a8bae783d Mon Sep 17 00:00:00 2001 From: Marvae Date: Tue, 14 Apr 2026 11:03:49 -0700 Subject: [PATCH 25/41] fix: detect copilot provider via gh auth token in /model picker Seed copilot credentials from resolve_copilot_token() in the credential pool's _seed_from_singletons(), alongside the existing anthropic and openai-codex seeding logic. This makes copilot appear in the /model provider picker when the user authenticates solely through gh auth token. Cherry-picked from PR #9767 by Marvae. --- agent/credential_pool.py | 24 +++++++++++++++++++ tests/agent/test_credential_pool.py | 37 +++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/agent/credential_pool.py b/agent/credential_pool.py index c4905fc3f..e5127ad7d 100644 --- a/agent/credential_pool.py +++ b/agent/credential_pool.py @@ -1152,6 +1152,30 @@ def _seed_from_singletons(provider: str, entries: List[PooledCredential]) -> Tup }, ) + elif provider == "copilot": + # Copilot tokens are resolved dynamically via `gh auth token` or + # env vars (COPILOT_GITHUB_TOKEN / GH_TOKEN). They don't live in + # the auth store or credential pool, so we resolve them here. + try: + from hermes_cli.copilot_auth import resolve_copilot_token + token, source = resolve_copilot_token() + if token: + source_name = "gh_cli" if "gh" in source.lower() else f"env:{source}" + active_sources.add(source_name) + changed |= _upsert_entry( + entries, + provider, + source_name, + { + "source": source_name, + "auth_type": AUTH_TYPE_API_KEY, + "access_token": token, + "label": source, + }, + ) + except Exception as exc: + logger.debug("Copilot token seed failed: %s", exc) + elif provider == "openai-codex": state = _load_provider_state(auth_store, "openai-codex") tokens = state.get("tokens") if isinstance(state, dict) else None diff --git a/tests/agent/test_credential_pool.py b/tests/agent/test_credential_pool.py index de6ffba5c..466d92153 100644 --- a/tests/agent/test_credential_pool.py +++ b/tests/agent/test_credential_pool.py @@ -1071,3 +1071,40 @@ def test_load_pool_does_not_seed_claude_code_when_anthropic_not_configured(tmp_p # Should NOT have seeded the claude_code entry assert pool.entries() == [] + + +def test_load_pool_seeds_copilot_via_gh_auth_token(tmp_path, monkeypatch): + """Copilot credentials from `gh auth token` should be seeded into the pool.""" + monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes")) + _write_auth_store(tmp_path, {"version": 1, "credential_pool": {}}) + + monkeypatch.setattr( + "hermes_cli.copilot_auth.resolve_copilot_token", + lambda: ("gho_fake_token_abc123", "gh auth token"), + ) + + from agent.credential_pool import load_pool + pool = load_pool("copilot") + + assert pool.has_credentials() + entries = pool.entries() + assert len(entries) == 1 + assert entries[0].source == "gh_cli" + assert entries[0].access_token == "gho_fake_token_abc123" + + +def test_load_pool_does_not_seed_copilot_when_no_token(tmp_path, monkeypatch): + """Copilot pool should be empty when resolve_copilot_token() returns nothing.""" + monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes")) + _write_auth_store(tmp_path, {"version": 1, "credential_pool": {}}) + + monkeypatch.setattr( + "hermes_cli.copilot_auth.resolve_copilot_token", + lambda: ("", ""), + ) + + from agent.credential_pool import load_pool + pool = load_pool("copilot") + + assert not pool.has_credentials() + assert pool.entries() == [] From a37a095980e51e26731ce85b565839154feaa127 Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 11:05:41 -0700 Subject: [PATCH 26/41] fix: detect qwen-oauth provider via CLI tokens in /model picker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Seed qwen-oauth credentials from resolve_qwen_runtime_credentials() in _seed_from_singletons(). Users who authenticate via 'qwen auth qwen-oauth' store tokens in ~/.qwen/oauth_creds.json which the runtime resolver reads but the credential pool couldn't detect — same gap pattern as copilot. Uses refresh_if_expiring=False to avoid network calls during discovery. --- agent/credential_pool.py | 29 +++++++++++++++++ tests/agent/test_credential_pool.py | 48 +++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/agent/credential_pool.py b/agent/credential_pool.py index e5127ad7d..8a2fecf5d 100644 --- a/agent/credential_pool.py +++ b/agent/credential_pool.py @@ -1176,6 +1176,35 @@ def _seed_from_singletons(provider: str, entries: List[PooledCredential]) -> Tup except Exception as exc: logger.debug("Copilot token seed failed: %s", exc) + elif provider == "qwen-oauth": + # Qwen OAuth tokens live in ~/.qwen/oauth_creds.json, written by + # the Qwen CLI (`qwen auth qwen-oauth`). They aren't in the + # Hermes auth store or env vars, so resolve them here. + # Use refresh_if_expiring=False to avoid network calls during + # pool loading / provider discovery. + try: + from hermes_cli.auth import resolve_qwen_runtime_credentials + creds = resolve_qwen_runtime_credentials(refresh_if_expiring=False) + token = creds.get("api_key", "") + if token: + source_name = creds.get("source", "qwen-cli") + active_sources.add(source_name) + changed |= _upsert_entry( + entries, + provider, + source_name, + { + "source": source_name, + "auth_type": AUTH_TYPE_OAUTH, + "access_token": token, + "expires_at_ms": creds.get("expires_at_ms"), + "base_url": creds.get("base_url", ""), + "label": creds.get("auth_file", source_name), + }, + ) + except Exception as exc: + logger.debug("Qwen OAuth token seed failed: %s", exc) + elif provider == "openai-codex": state = _load_provider_state(auth_store, "openai-codex") tokens = state.get("tokens") if isinstance(state, dict) else None diff --git a/tests/agent/test_credential_pool.py b/tests/agent/test_credential_pool.py index 466d92153..ca232c12f 100644 --- a/tests/agent/test_credential_pool.py +++ b/tests/agent/test_credential_pool.py @@ -1108,3 +1108,51 @@ def test_load_pool_does_not_seed_copilot_when_no_token(tmp_path, monkeypatch): assert not pool.has_credentials() assert pool.entries() == [] + + +def test_load_pool_seeds_qwen_oauth_via_cli_tokens(tmp_path, monkeypatch): + """Qwen OAuth credentials from ~/.qwen/oauth_creds.json should be seeded into the pool.""" + monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes")) + _write_auth_store(tmp_path, {"version": 1, "credential_pool": {}}) + + monkeypatch.setattr( + "hermes_cli.auth.resolve_qwen_runtime_credentials", + lambda **kw: { + "provider": "qwen-oauth", + "base_url": "https://portal.qwen.ai/v1", + "api_key": "qwen_fake_token_xyz", + "source": "qwen-cli", + "expires_at_ms": 1900000000000, + "auth_file": str(tmp_path / ".qwen" / "oauth_creds.json"), + }, + ) + + from agent.credential_pool import load_pool + pool = load_pool("qwen-oauth") + + assert pool.has_credentials() + entries = pool.entries() + assert len(entries) == 1 + assert entries[0].source == "qwen-cli" + assert entries[0].access_token == "qwen_fake_token_xyz" + + +def test_load_pool_does_not_seed_qwen_oauth_when_no_token(tmp_path, monkeypatch): + """Qwen OAuth pool should be empty when no CLI credentials exist.""" + monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes")) + _write_auth_store(tmp_path, {"version": 1, "credential_pool": {}}) + + from hermes_cli.auth import AuthError + + monkeypatch.setattr( + "hermes_cli.auth.resolve_qwen_runtime_credentials", + lambda **kw: (_ for _ in ()).throw( + AuthError("Qwen CLI credentials not found.", provider="qwen-oauth", code="qwen_auth_missing") + ), + ) + + from agent.credential_pool import load_pool + pool = load_pool("qwen-oauth") + + assert not pool.has_credentials() + assert pool.entries() == [] From 95d11dfd8e6e86e97657598450efe065f33e9cdd Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Tue, 14 Apr 2026 12:30:50 -0700 Subject: [PATCH 27/41] docs: automation templates gallery + comparison post (#9821) * feat(skills): add fitness-nutrition skill to optional-skills Cherry-picked from PR #9177 by @haileymarshall. Adds a fitness and nutrition skill for gym-goers and health-conscious users: - Exercise search via wger API (690+ exercises, free, no auth) - Nutrition lookup via USDA FoodData Central (380K+ foods, DEMO_KEY fallback) - Offline body composition calculators (BMI, TDEE, 1RM, macros, body fat %) - Pure stdlib Python, no pip dependencies Changes from original PR: - Moved from skills/ to optional-skills/health/ (correct location) - Fixed BMR formula in FORMULAS.md (removed confusing -5+10, now just +5) - Fixed author attribution to match PR submitter - Marked USDA_API_KEY as optional (DEMO_KEY works without signup) Also adds optional env var support to the skill readiness checker: - New 'optional: true' field in required_environment_variables entries - Optional vars are preserved in metadata but don't block skill readiness - Optional vars skip the CLI capture prompt flow - Skills with only optional missing vars show as 'available' not 'setup_needed' * docs: add automation templates gallery and comparison post - New docs page: guides/automation-templates.md with 15+ ready-to-use automation recipes covering development workflow, devops, research, GitHub events, and business operations - Comparison post (hermes-already-has-routines.md) showing Hermes has had schedule/webhook/API triggers since March 2026 - Added automation-templates to sidebar navigation --------- Co-authored-by: haileymarshall --- hermes-already-has-routines.md | 160 ++++++ website/docs/guides/automation-templates.md | 593 ++++++++++++++++++++ website/sidebars.ts | 1 + 3 files changed, 754 insertions(+) create mode 100644 hermes-already-has-routines.md create mode 100644 website/docs/guides/automation-templates.md diff --git a/hermes-already-has-routines.md b/hermes-already-has-routines.md new file mode 100644 index 000000000..fd4c04d67 --- /dev/null +++ b/hermes-already-has-routines.md @@ -0,0 +1,160 @@ +# Hermes Agent Has Had "Routines" Since March + +Anthropic just announced [Claude Code Routines](https://claude.com/blog/introducing-routines-in-claude-code) — scheduled tasks, GitHub event triggers, and API-triggered agent runs. Bundled prompt + repo + connectors, running on their infrastructure. + +It's a good feature. We shipped it two months ago. + +--- + +## The Three Trigger Types — Side by Side + +Claude Code Routines offers three ways to trigger an automation: + +**1. Scheduled (cron)** +> "Every night at 2am: pull the top bug from Linear, attempt a fix, and open a draft PR." + +Hermes equivalent — works today: +```bash +hermes cron create "0 2 * * *" \ + "Pull the top bug from the issue tracker, attempt a fix, and open a draft PR." \ + --name "Nightly bug fix" \ + --deliver telegram +``` + +**2. GitHub Events (webhook)** +> "Flag PRs that touch the /auth-provider module and post to #auth-changes." + +Hermes equivalent — works today: +```bash +hermes webhook subscribe auth-watch \ + --events "pull_request" \ + --prompt "PR #{pull_request.number}: {pull_request.title} by {pull_request.user.login}. Check if it touches the auth-provider module. If yes, summarize the changes." \ + --deliver slack +``` + +**3. API Triggers** +> "Read the alert payload, find the owning service, post a triage summary to #oncall." + +Hermes equivalent — works today: +```bash +hermes webhook subscribe alert-triage \ + --prompt "Alert: {alert.name} — Severity: {alert.severity}. Find the owning service, investigate, and post a triage summary with proposed first steps." \ + --deliver slack +``` + +Every use case in their blog post — backlog triage, docs drift, deploy verification, alert correlation, library porting, bespoke PR review — has a working Hermes implementation. No new features needed. It's been shipping since March 2026. + +--- + +## What's Different + +| | Claude Code Routines | Hermes Agent | +|---|---|---| +| **Scheduled tasks** | ✅ Schedule-based | ✅ Any cron expression + human-readable intervals | +| **GitHub triggers** | ✅ PR, issue, push events | ✅ Any GitHub event via webhook subscriptions | +| **API triggers** | ✅ POST to unique endpoint | ✅ POST to webhook routes with HMAC auth | +| **MCP connectors** | ✅ Native connectors | ✅ Full MCP client support | +| **Script pre-processing** | ❌ | ✅ Python scripts run before agent, inject context | +| **Skill chaining** | ❌ | ✅ Load multiple skills per automation | +| **Daily limit** | 5-25 runs/day | **Unlimited** | +| **Model choice** | Claude only | **Any model** — Claude, GPT, Gemini, DeepSeek, Qwen, local | +| **Delivery targets** | GitHub comments | Telegram, Discord, Slack, SMS, email, GitHub comments, webhooks, local files | +| **Infrastructure** | Anthropic's servers | **Your infrastructure** — VPS, home server, laptop | +| **Data residency** | Anthropic's cloud | **Your machines** | +| **Cost** | Pro/Max/Team/Enterprise subscription | Your API key, your rates | +| **Open source** | No | **Yes** — MIT license | + +--- + +## Things Hermes Does That Routines Can't + +### Script Injection + +Run a Python script *before* the agent. The script's stdout becomes context. The script handles mechanical work (fetching, diffing, computing); the agent handles reasoning. + +```bash +hermes cron create "every 1h" \ + "If CHANGE DETECTED, summarize what changed. If NO_CHANGE, respond with [SILENT]." \ + --script ~/.hermes/scripts/watch-site.py \ + --name "Pricing monitor" \ + --deliver telegram +``` + +The `[SILENT]` pattern means you only get notified when something actually happens. No spam. + +### Multi-Skill Workflows + +Chain specialized skills together. Each skill teaches the agent a specific capability, and the prompt ties them together. + +```bash +hermes cron create "0 8 * * *" \ + "Search arXiv for papers on language model reasoning. Save the top 3 as Obsidian notes." \ + --skills "arxiv,obsidian" \ + --name "Paper digest" +``` + +### Deliver Anywhere + +One automation, any destination: + +```bash +--deliver telegram # Telegram home channel +--deliver discord # Discord home channel +--deliver slack # Slack channel +--deliver sms:+15551234567 # Text message +--deliver telegram:-1001234567890:42 # Specific Telegram forum topic +--deliver local # Save to file, no notification +``` + +### Model-Agnostic + +Your nightly triage can run on Claude. Your deploy verification can run on GPT. Your cost-sensitive monitors can run on DeepSeek or a local model. Same automation system, any backend. + +--- + +## The Limits Tell the Story + +Claude Code Routines: **5 routines per day** on Pro. **25 on Enterprise.** That's their ceiling. + +Hermes has no daily limit. Run 500 automations a day if you want. The only constraint is your API budget, and you choose which models to use for which tasks. + +A nightly backlog triage on Sonnet costs roughly $0.02-0.05. A monitoring check on DeepSeek costs fractions of a cent. You control the economics. + +--- + +## Get Started + +Hermes Agent is open source and free. The automation infrastructure — cron scheduler, webhook platform, skill system, multi-platform delivery — is built in. + +```bash +pip install hermes-agent +hermes setup +``` + +Set up a scheduled task in 30 seconds: +```bash +hermes cron create "0 9 * * 1" \ + "Generate a weekly AI news digest. Search the web for major announcements, trending repos, and notable papers. Keep it under 500 words with links." \ + --name "Weekly digest" \ + --deliver telegram +``` + +Set up a GitHub webhook in 60 seconds: +```bash +hermes gateway setup # enable webhooks +hermes webhook subscribe pr-review \ + --events "pull_request" \ + --prompt "Review PR #{pull_request.number}: {pull_request.title}" \ + --skills "github-code-review" \ + --deliver github_comment +``` + +Full automation templates gallery: [hermes-agent.nousresearch.com/docs/guides/automation-templates](https://hermes-agent.nousresearch.com/docs/guides/automation-templates) + +Documentation: [hermes-agent.nousresearch.com](https://hermes-agent.nousresearch.com) + +GitHub: [github.com/NousResearch/hermes-agent](https://github.com/NousResearch/hermes-agent) + +--- + +*Hermes Agent is built by [Nous Research](https://nousresearch.com). Open source, model-agnostic, runs on your infrastructure.* diff --git a/website/docs/guides/automation-templates.md b/website/docs/guides/automation-templates.md new file mode 100644 index 000000000..a4f47e0bd --- /dev/null +++ b/website/docs/guides/automation-templates.md @@ -0,0 +1,593 @@ +--- +sidebar_position: 15 +title: "Automation Templates" +description: "Ready-to-use automation recipes — scheduled tasks, GitHub event triggers, API webhooks, and multi-skill workflows" +--- + +# Automation Templates + +Copy-paste recipes for common automation patterns. Each template uses Hermes's built-in [cron scheduler](/docs/user-guide/features/cron) for time-based triggers and [webhook platform](/docs/user-guide/messaging/webhooks) for event-driven triggers. + +Every template works with **any model** — not locked to a single provider. + +:::tip Three Trigger Types +| Trigger | How | Tool | +|---------|-----|------| +| **Schedule** | Runs on a cadence (hourly, nightly, weekly) | `cronjob` tool or `/cron` slash command | +| **GitHub Event** | Fires on PR opens, pushes, issues, CI results | Webhook platform (`hermes webhook subscribe`) | +| **API Call** | External service POSTs JSON to your endpoint | Webhook platform (config.yaml routes or `hermes webhook subscribe`) | + +All three support delivery to Telegram, Discord, Slack, SMS, email, GitHub comments, or local files. +::: + +--- + +## Development Workflow + +### Nightly Backlog Triage + +Label, prioritize, and summarize new issues every night. Delivers a digest to your team channel. + +**Trigger:** Schedule (nightly) + +```bash +hermes cron create "0 2 * * *" \ + "You are a project manager triaging the NousResearch/hermes-agent GitHub repo. + +1. Run: gh issue list --repo NousResearch/hermes-agent --state open --json number,title,labels,author,createdAt --limit 30 +2. Identify issues opened in the last 24 hours +3. For each new issue: + - Suggest a priority label (P0-critical, P1-high, P2-medium, P3-low) + - Suggest a category label (bug, feature, docs, security) + - Write a one-line triage note +4. Summarize: total open issues, new today, breakdown by priority + +Format as a clean digest. If no new issues, respond with [SILENT]." \ + --name "Nightly backlog triage" \ + --deliver telegram +``` + +### Automatic PR Code Review + +Review every pull request automatically when it's opened. Posts a review comment directly on the PR. + +**Trigger:** GitHub webhook + +**Option A — Dynamic subscription (CLI):** + +```bash +hermes webhook subscribe github-pr-review \ + --events "pull_request" \ + --prompt "Review this pull request: +Repository: {repository.full_name} +PR #{pull_request.number}: {pull_request.title} +Author: {pull_request.user.login} +Action: {action} +Diff URL: {pull_request.diff_url} + +Fetch the diff with: curl -sL {pull_request.diff_url} + +Review for: +- Security issues (injection, auth bypass, secrets in code) +- Performance concerns (N+1 queries, unbounded loops, memory leaks) +- Code quality (naming, duplication, error handling) +- Missing tests for new behavior + +Post a concise review. If the PR is a trivial docs/typo change, say so briefly." \ + --skills "github-code-review" \ + --deliver github_comment +``` + +**Option B — Static route (config.yaml):** + +```yaml +platforms: + webhook: + enabled: true + extra: + port: 8644 + secret: "your-global-secret" + routes: + github-pr-review: + events: ["pull_request"] + secret: "github-webhook-secret" + prompt: | + Review PR #{pull_request.number}: {pull_request.title} + Repository: {repository.full_name} + Author: {pull_request.user.login} + Diff URL: {pull_request.diff_url} + Review for security, performance, and code quality. + skills: ["github-code-review"] + deliver: "github_comment" + deliver_extra: + repo: "{repository.full_name}" + pr_number: "{pull_request.number}" +``` + +Then in GitHub: **Settings → Webhooks → Add webhook** → Payload URL: `http://your-server:8644/webhooks/github-pr-review`, Content type: `application/json`, Secret: `github-webhook-secret`, Events: **Pull requests**. + +### Docs Drift Detection + +Weekly scan of merged PRs to find API changes that need documentation updates. + +**Trigger:** Schedule (weekly) + +```bash +hermes cron create "0 9 * * 1" \ + "Scan the NousResearch/hermes-agent repo for documentation drift. + +1. Run: gh pr list --repo NousResearch/hermes-agent --state merged --json number,title,files,mergedAt --limit 30 +2. Filter to PRs merged in the last 7 days +3. For each merged PR, check if it modified: + - Tool schemas (tools/*.py) — may need docs/reference/tools-reference.md update + - CLI commands (hermes_cli/commands.py, hermes_cli/main.py) — may need docs/reference/cli-commands.md update + - Config options (hermes_cli/config.py) — may need docs/user-guide/configuration.md update + - Environment variables — may need docs/reference/environment-variables.md update +4. Cross-reference: for each code change, check if the corresponding docs page was also updated in the same PR + +Report any gaps where code changed but docs didn't. If everything is in sync, respond with [SILENT]." \ + --name "Docs drift detection" \ + --deliver telegram +``` + +### Dependency Security Audit + +Daily scan for known vulnerabilities in project dependencies. + +**Trigger:** Schedule (daily) + +```bash +hermes cron create "0 6 * * *" \ + "Run a dependency security audit on the hermes-agent project. + +1. cd ~/.hermes/hermes-agent && source .venv/bin/activate +2. Run: pip audit --format json 2>/dev/null || pip audit 2>&1 +3. Run: npm audit --json 2>/dev/null (in website/ directory if it exists) +4. Check for any CVEs with CVSS score >= 7.0 + +If vulnerabilities found: +- List each one with package name, version, CVE ID, severity +- Check if an upgrade is available +- Note if it's a direct dependency or transitive + +If no vulnerabilities, respond with [SILENT]." \ + --name "Dependency audit" \ + --deliver telegram +``` + +--- + +## DevOps & Monitoring + +### Deploy Verification + +Trigger smoke tests after every deployment. Your CI/CD pipeline POSTs to the webhook when a deploy completes. + +**Trigger:** API call (webhook) + +```bash +hermes webhook subscribe deploy-verify \ + --events "deployment" \ + --prompt "A deployment just completed: +Service: {service} +Environment: {environment} +Version: {version} +Deployed by: {deployer} + +Run these verification steps: +1. Check if the service is responding: curl -s -o /dev/null -w '%{http_code}' {health_url} +2. Search recent logs for errors: check the deployment payload for any error indicators +3. Verify the version matches: curl -s {health_url}/version + +Report: deployment status (healthy/degraded/failed), response time, any errors found. +If healthy, keep it brief. If degraded or failed, provide detailed diagnostics." \ + --deliver telegram +``` + +Your CI/CD pipeline triggers it: + +```bash +curl -X POST http://your-server:8644/webhooks/deploy-verify \ + -H "Content-Type: application/json" \ + -H "X-Hub-Signature-256: sha256=$(echo -n '{"service":"api","environment":"prod","version":"2.1.0","deployer":"ci","health_url":"https://api.example.com/health"}' | openssl dgst -sha256 -hmac 'your-secret' | cut -d' ' -f2)" \ + -d '{"service":"api","environment":"prod","version":"2.1.0","deployer":"ci","health_url":"https://api.example.com/health"}' +``` + +### Alert Triage + +Correlate monitoring alerts with recent changes to draft a response. Works with Datadog, PagerDuty, Grafana, or any alerting system that can POST JSON. + +**Trigger:** API call (webhook) + +```bash +hermes webhook subscribe alert-triage \ + --prompt "Monitoring alert received: +Alert: {alert.name} +Severity: {alert.severity} +Service: {alert.service} +Message: {alert.message} +Timestamp: {alert.timestamp} + +Investigate: +1. Search the web for known issues with this error pattern +2. Check if this correlates with any recent deployments or config changes +3. Draft a triage summary with: + - Likely root cause + - Suggested first response steps + - Escalation recommendation (P1-P4) + +Be concise. This goes to the on-call channel." \ + --deliver slack +``` + +### Uptime Monitor + +Check endpoints every 30 minutes. Only notify when something is down. + +**Trigger:** Schedule (every 30 min) + +```python title="~/.hermes/scripts/check-uptime.py" +import urllib.request, json, time + +ENDPOINTS = [ + {"name": "API", "url": "https://api.example.com/health"}, + {"name": "Web", "url": "https://www.example.com"}, + {"name": "Docs", "url": "https://docs.example.com"}, +] + +results = [] +for ep in ENDPOINTS: + try: + start = time.time() + req = urllib.request.Request(ep["url"], headers={"User-Agent": "Hermes-Monitor/1.0"}) + resp = urllib.request.urlopen(req, timeout=10) + elapsed = round((time.time() - start) * 1000) + results.append({"name": ep["name"], "status": resp.getcode(), "ms": elapsed}) + except Exception as e: + results.append({"name": ep["name"], "status": "DOWN", "error": str(e)}) + +down = [r for r in results if r.get("status") == "DOWN" or (isinstance(r.get("status"), int) and r["status"] >= 500)] +if down: + print("OUTAGE DETECTED") + for r in down: + print(f" {r['name']}: {r.get('error', f'HTTP {r[\"status\"]}')} ") + print(f"\nAll results: {json.dumps(results, indent=2)}") +else: + print("NO_ISSUES") +``` + +```bash +hermes cron create "every 30m" \ + "If the script reports OUTAGE DETECTED, summarize which services are down and suggest likely causes. If NO_ISSUES, respond with [SILENT]." \ + --script ~/.hermes/scripts/check-uptime.py \ + --name "Uptime monitor" \ + --deliver telegram +``` + +--- + +## Research & Intelligence + +### Competitive Repository Scout + +Monitor competitor repos for interesting PRs, features, and architectural decisions. + +**Trigger:** Schedule (daily) + +```bash +hermes cron create "0 8 * * *" \ + "Scout these AI agent repositories for notable activity in the last 24 hours: + +Repos to check: +- anthropics/claude-code +- openai/codex +- All-Hands-AI/OpenHands +- Aider-AI/aider + +For each repo: +1. gh pr list --repo --state all --json number,title,author,createdAt,mergedAt --limit 15 +2. gh issue list --repo --state open --json number,title,labels,createdAt --limit 10 + +Focus on: +- New features being developed +- Architectural changes +- Integration patterns we could learn from +- Security fixes that might affect us too + +Skip routine dependency bumps and CI fixes. If nothing notable, respond with [SILENT]. +If there are findings, organize by repo with brief analysis of each item." \ + --skills "competitive-pr-scout" \ + --name "Competitor scout" \ + --deliver telegram +``` + +### AI News Digest + +Weekly roundup of AI/ML developments. + +**Trigger:** Schedule (weekly) + +```bash +hermes cron create "0 9 * * 1" \ + "Generate a weekly AI news digest covering the past 7 days: + +1. Search the web for major AI announcements, model releases, and research breakthroughs +2. Search for trending ML repositories on GitHub +3. Check arXiv for highly-cited papers on language models and agents + +Structure: +## Headlines (3-5 major stories) +## Notable Papers (2-3 papers with one-sentence summaries) +## Open Source (interesting new repos or major releases) +## Industry Moves (funding, acquisitions, launches) + +Keep each item to 1-2 sentences. Include links. Total under 600 words." \ + --name "Weekly AI digest" \ + --deliver telegram +``` + +### Paper Digest with Notes + +Daily arXiv scan that saves summaries to your note-taking system. + +**Trigger:** Schedule (daily) + +```bash +hermes cron create "0 8 * * *" \ + "Search arXiv for the 3 most interesting papers on 'language model reasoning' OR 'tool-use agents' from the past day. For each paper, create an Obsidian note with the title, authors, abstract summary, key contribution, and potential relevance to Hermes Agent development." \ + --skills "arxiv,obsidian" \ + --name "Paper digest" \ + --deliver local +``` + +--- + +## GitHub Event Automations + +### Issue Auto-Labeling + +Automatically label and respond to new issues. + +**Trigger:** GitHub webhook + +```bash +hermes webhook subscribe github-issues \ + --events "issues" \ + --prompt "New GitHub issue received: +Repository: {repository.full_name} +Issue #{issue.number}: {issue.title} +Author: {issue.user.login} +Action: {action} +Body: {issue.body} +Labels: {issue.labels} + +If this is a new issue (action=opened): +1. Read the issue title and body carefully +2. Suggest appropriate labels (bug, feature, docs, security, question) +3. If it's a bug report, check if you can identify the affected component from the description +4. Post a helpful initial response acknowledging the issue + +If this is a label or assignment change, respond with [SILENT]." \ + --deliver github_comment +``` + +### CI Failure Analysis + +Analyze CI failures and post diagnostics on the PR. + +**Trigger:** GitHub webhook + +```yaml +# config.yaml route +platforms: + webhook: + enabled: true + extra: + routes: + ci-failure: + events: ["check_run"] + secret: "ci-secret" + prompt: | + CI check failed: + Repository: {repository.full_name} + Check: {check_run.name} + Status: {check_run.conclusion} + PR: #{check_run.pull_requests.0.number} + Details URL: {check_run.details_url} + + If conclusion is "failure": + 1. Fetch the log from the details URL if accessible + 2. Identify the likely cause of failure + 3. Suggest a fix + If conclusion is "success", respond with [SILENT]. + deliver: "github_comment" + deliver_extra: + repo: "{repository.full_name}" + pr_number: "{check_run.pull_requests.0.number}" +``` + +### Auto-Port Changes Across Repos + +When a PR merges in one repo, automatically port the equivalent change to another. + +**Trigger:** GitHub webhook + +```bash +hermes webhook subscribe auto-port \ + --events "pull_request" \ + --prompt "PR merged in the source repository: +Repository: {repository.full_name} +PR #{pull_request.number}: {pull_request.title} +Author: {pull_request.user.login} +Action: {action} +Merge commit: {pull_request.merge_commit_sha} + +If action is 'closed' and pull_request.merged is true: +1. Fetch the diff: curl -sL {pull_request.diff_url} +2. Analyze what changed +3. Determine if this change needs to be ported to the Go SDK equivalent +4. If yes, create a branch, apply the equivalent changes, and open a PR on the target repo +5. Reference the original PR in the new PR description + +If action is not 'closed' or not merged, respond with [SILENT]." \ + --skills "github-pr-workflow" \ + --deliver log +``` + +--- + +## Business Operations + +### Stripe Payment Monitoring + +Track payment events and get summaries of failures. + +**Trigger:** API call (webhook) + +```bash +hermes webhook subscribe stripe-payments \ + --events "payment_intent.succeeded,payment_intent.payment_failed,charge.dispute.created" \ + --prompt "Stripe event received: +Event type: {type} +Amount: {data.object.amount} cents ({data.object.currency}) +Customer: {data.object.customer} +Status: {data.object.status} + +For payment_intent.payment_failed: +- Identify the failure reason from {data.object.last_payment_error} +- Suggest whether this is a transient issue (retry) or permanent (contact customer) + +For charge.dispute.created: +- Flag as urgent +- Summarize the dispute details + +For payment_intent.succeeded: +- Brief confirmation only + +Keep responses concise for the ops channel." \ + --deliver slack +``` + +### Daily Revenue Summary + +Compile key business metrics every morning. + +**Trigger:** Schedule (daily) + +```bash +hermes cron create "0 8 * * *" \ + "Generate a morning business metrics summary. + +Search the web for: +1. Current Bitcoin and Ethereum prices +2. S&P 500 status (pre-market or previous close) +3. Any major tech/AI industry news from the last 12 hours + +Format as a brief morning briefing, 3-4 bullet points max. +Deliver as a clean, scannable message." \ + --name "Morning briefing" \ + --deliver telegram +``` + +--- + +## Multi-Skill Workflows + +### Security Audit Pipeline + +Combine multiple skills for a comprehensive weekly security review. + +**Trigger:** Schedule (weekly) + +```bash +hermes cron create "0 3 * * 0" \ + "Run a comprehensive security audit of the hermes-agent codebase. + +1. Check for dependency vulnerabilities (pip audit, npm audit) +2. Search the codebase for common security anti-patterns: + - Hardcoded secrets or API keys + - SQL injection vectors (string formatting in queries) + - Path traversal risks (user input in file paths without validation) + - Unsafe deserialization (pickle.loads, yaml.load without SafeLoader) +3. Review recent commits (last 7 days) for security-relevant changes +4. Check if any new environment variables were added without being documented + +Write a security report with findings categorized by severity (Critical, High, Medium, Low). +If nothing found, report a clean bill of health." \ + --skills "codebase-security-audit" \ + --name "Weekly security audit" \ + --deliver telegram +``` + +### Content Pipeline + +Research, draft, and prepare content on a schedule. + +**Trigger:** Schedule (weekly) + +```bash +hermes cron create "0 10 * * 3" \ + "Research and draft a technical blog post outline about a trending topic in AI agents. + +1. Search the web for the most discussed AI agent topics this week +2. Pick the most interesting one that's relevant to open-source AI agents +3. Create an outline with: + - Hook/intro angle + - 3-4 key sections + - Technical depth appropriate for developers + - Conclusion with actionable takeaway +4. Save the outline to ~/drafts/blog-$(date +%Y%m%d).md + +Keep the outline to ~300 words. This is a starting point, not a finished post." \ + --name "Blog outline" \ + --deliver local +``` + +--- + +## Quick Reference + +### Cron Schedule Syntax + +| Expression | Meaning | +|-----------|---------| +| `every 30m` | Every 30 minutes | +| `every 2h` | Every 2 hours | +| `0 2 * * *` | Daily at 2:00 AM | +| `0 9 * * 1` | Every Monday at 9:00 AM | +| `0 9 * * 1-5` | Weekdays at 9:00 AM | +| `0 3 * * 0` | Every Sunday at 3:00 AM | +| `0 */6 * * *` | Every 6 hours | + +### Delivery Targets + +| Target | Flag | Notes | +|--------|------|-------| +| Same chat | `--deliver origin` | Default — delivers to where the job was created | +| Local file | `--deliver local` | Saves output, no notification | +| Telegram | `--deliver telegram` | Home channel, or `telegram:CHAT_ID` for specific | +| Discord | `--deliver discord` | Home channel, or `discord:CHANNEL_ID` | +| Slack | `--deliver slack` | Home channel | +| SMS | `--deliver sms:+15551234567` | Direct to phone number | +| Specific thread | `--deliver telegram:-100123:456` | Telegram forum topic | + +### Webhook Template Variables + +| Variable | Description | +|----------|-------------| +| `{pull_request.title}` | PR title | +| `{issue.number}` | Issue number | +| `{repository.full_name}` | `owner/repo` | +| `{action}` | Event action (opened, closed, etc.) | +| `{__raw__}` | Full JSON payload (truncated at 4000 chars) | +| `{sender.login}` | GitHub user who triggered the event | + +### The [SILENT] Pattern + +When a cron job's response contains `[SILENT]`, delivery is suppressed. Use this to avoid notification spam on quiet runs: + +``` +If nothing noteworthy happened, respond with [SILENT]. +``` + +This means you only get notified when the agent has something to report. diff --git a/website/sidebars.ts b/website/sidebars.ts index 111d70e0e..771bd07a7 100644 --- a/website/sidebars.ts +++ b/website/sidebars.ts @@ -153,6 +153,7 @@ const sidebars: SidebarsConfig = { 'guides/use-voice-mode-with-hermes', 'guides/build-a-hermes-plugin', 'guides/automate-with-cron', + 'guides/automation-templates', 'guides/cron-troubleshooting', 'guides/work-with-skills', 'guides/delegation-patterns', From fa8c448f7dbd3f18639b65f51d21114069ca0537 Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 12:44:46 -0700 Subject: [PATCH 28/41] fix: notify active sessions on gateway shutdown + update health check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three fixes for gateway lifecycle stability: 1. Notify active sessions before shutdown (#new) When the gateway receives SIGTERM or /restart, it now sends a notification to every chat with an active agent BEFORE starting the drain. Users see: - Shutdown: 'Gateway shutting down — your task will be interrupted.' - Restart: 'Gateway restarting — use /retry after restart to continue.' Deduplicates per-chat so group sessions with multiple users get one notification. Best-effort: send failures are logged and swallowed. 2. Skip .clean_shutdown marker when drain timed out Previously, a graceful SIGTERM always wrote .clean_shutdown, even if agents were force-interrupted when the drain timed out. This meant the next startup skipped session suspension, leaving interrupted sessions in a broken state (trailing tool response, no final message). Now the marker is only written if the drain completed without timeout, so interrupted sessions get properly suspended on next startup. 3. Post-restart health check for hermes update (#6631) cmd_update() now verifies the gateway actually survived after systemctl restart (sleep 3s + is-active check). If the service crashed immediately, it retries once. If still dead, prints actionable diagnostics (journalctl command, manual restart hint). Also closes #8104 — already fixed on main (the /restart handler correctly detects systemd via INVOCATION_ID and uses via_service=True). Test plan: - 6 new tests for shutdown notifications (dedup, restart vs shutdown messaging, sentinel filtering, send failure resilience) - Existing restart drain + update tests pass (47 total) --- gateway/run.py | 86 +++++++++++++++++++++++++-- hermes_cli/main.py | 35 ++++++++++- tests/gateway/restart_test_helpers.py | 6 ++ tests/gateway/test_restart_drain.py | 81 +++++++++++++++++++++++++ 4 files changed, 201 insertions(+), 7 deletions(-) diff --git a/gateway/run.py b/gateway/run.py index 222e28c3e..0cdfb7146 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -1391,6 +1391,65 @@ class GatewayRunner: except Exception as e: logger.debug("Failed interrupting agent during shutdown: %s", e) + async def _notify_active_sessions_of_shutdown(self) -> None: + """Send a notification to every chat with an active agent. + + Called at the very start of stop() — adapters are still connected so + messages can be delivered. Best-effort: individual send failures are + logged and swallowed so they never block the shutdown sequence. + """ + active = self._snapshot_running_agents() + if not active: + return + + action = "restarting" if self._restart_requested else "shutting down" + hint = ( + "Your current task will be interrupted. " + "Use /retry after restart to continue." + if self._restart_requested + else "Your current task will be interrupted." + ) + msg = f"⚠️ Gateway {action} — {hint}" + + notified: set = set() + for session_key in active: + # Parse platform + chat_id from the session key. + # Format: agent:main:{platform}:{chat_type}:{chat_id}[:{extra}...] + parts = session_key.split(":") + if len(parts) < 5: + continue + platform_str = parts[2] + chat_id = parts[4] + + # Deduplicate: one notification per chat, even if multiple + # sessions (different users/threads) share the same chat. + dedup_key = (platform_str, chat_id) + if dedup_key in notified: + continue + + try: + platform = Platform(platform_str) + adapter = self.adapters.get(platform) + if not adapter: + continue + + # Include thread_id if present so the message lands in the + # correct forum topic / thread. + thread_id = parts[5] if len(parts) > 5 else None + metadata = {"thread_id": thread_id} if thread_id else None + + await adapter.send(chat_id, msg, metadata=metadata) + notified.add(dedup_key) + logger.info( + "Sent shutdown notification to %s:%s", + platform_str, chat_id, + ) + except Exception as e: + logger.debug( + "Failed to send shutdown notification to %s:%s: %s", + platform_str, chat_id, e, + ) + def _finalize_shutdown_agents(self, active_agents: Dict[str, Any]) -> None: for agent in active_agents.values(): try: @@ -2018,6 +2077,10 @@ class GatewayRunner: self._running = False self._draining = True + # Notify all chats with active agents BEFORE draining. + # Adapters are still connected here, so messages can be sent. + await self._notify_active_sessions_of_shutdown() + timeout = self._restart_drain_timeout active_agents, timed_out = await self._drain_active_agents(timeout) if timed_out: @@ -2088,12 +2151,23 @@ class GatewayRunner: # Write a clean-shutdown marker so the next startup knows this # wasn't a crash. suspend_recently_active() only needs to run - # after unexpected exits — graceful shutdowns already drain - # active agents, so there's no stuck-session risk. - try: - (_hermes_home / ".clean_shutdown").touch() - except Exception: - pass + # after unexpected exits. However, if the drain timed out and + # agents were force-interrupted, their sessions may be in an + # incomplete state (trailing tool response, no final assistant + # message). Skip the marker in that case so the next startup + # suspends those sessions — giving users a clean slate instead + # of resuming a half-finished tool loop. + if not timed_out: + try: + (_hermes_home / ".clean_shutdown").touch() + except Exception: + pass + else: + logger.info( + "Skipping .clean_shutdown marker — drain timed out with " + "interrupted agents; next startup will suspend recently " + "active sessions." + ) if self._restart_requested and self._restart_via_service: self._exit_code = GATEWAY_SERVICE_RESTART_EXIT_CODE diff --git a/hermes_cli/main.py b/hermes_cli/main.py index 721e68143..c73344be4 100644 --- a/hermes_cli/main.py +++ b/hermes_cli/main.py @@ -4036,7 +4036,40 @@ def cmd_update(args): capture_output=True, text=True, timeout=15, ) if restart.returncode == 0: - restarted_services.append(svc_name) + # Verify the service actually survived the + # restart. systemctl restart returns 0 even + # if the new process crashes immediately. + import time as _time + _time.sleep(3) + verify = subprocess.run( + scope_cmd + ["is-active", svc_name], + capture_output=True, text=True, timeout=5, + ) + if verify.stdout.strip() == "active": + restarted_services.append(svc_name) + else: + # Retry once — transient startup failures + # (stale module cache, import race) often + # resolve on the second attempt. + print(f" ⚠ {svc_name} died after restart, retrying...") + retry = subprocess.run( + scope_cmd + ["restart", svc_name], + capture_output=True, text=True, timeout=15, + ) + _time.sleep(3) + verify2 = subprocess.run( + scope_cmd + ["is-active", svc_name], + capture_output=True, text=True, timeout=5, + ) + if verify2.stdout.strip() == "active": + restarted_services.append(svc_name) + print(f" ✓ {svc_name} recovered on retry") + else: + print( + f" ✗ {svc_name} failed to stay running after restart.\n" + f" Check logs: journalctl --user -u {svc_name} --since '2 min ago'\n" + f" Restart manually: systemctl {'--user ' if scope == 'user' else ''}restart {svc_name}" + ) else: print(f" ⚠ Failed to restart {svc_name}: {restart.stderr.strip()}") except (FileNotFoundError, subprocess.TimeoutExpired): diff --git a/tests/gateway/restart_test_helpers.py b/tests/gateway/restart_test_helpers.py index 8b4897467..75665325b 100644 --- a/tests/gateway/restart_test_helpers.py +++ b/tests/gateway/restart_test_helpers.py @@ -93,6 +93,12 @@ def make_restart_runner( runner._running_agent_count = GatewayRunner._running_agent_count.__get__( runner, GatewayRunner ) + runner._snapshot_running_agents = GatewayRunner._snapshot_running_agents.__get__( + runner, GatewayRunner + ) + runner._notify_active_sessions_of_shutdown = ( + GatewayRunner._notify_active_sessions_of_shutdown.__get__(runner, GatewayRunner) + ) runner._launch_detached_restart_command = GatewayRunner._launch_detached_restart_command.__get__( runner, GatewayRunner ) diff --git a/tests/gateway/test_restart_drain.py b/tests/gateway/test_restart_drain.py index cfc2c364c..732470c12 100644 --- a/tests/gateway/test_restart_drain.py +++ b/tests/gateway/test_restart_drain.py @@ -161,3 +161,84 @@ async def test_launch_detached_restart_command_uses_setsid(monkeypatch): assert kwargs["start_new_session"] is True assert kwargs["stdout"] is subprocess.DEVNULL assert kwargs["stderr"] is subprocess.DEVNULL + + +# ── Shutdown notification tests ────────────────────────────────────── + + +@pytest.mark.asyncio +async def test_shutdown_notification_sent_to_active_sessions(): + """Active sessions receive a notification when the gateway starts shutting down.""" + runner, adapter = make_restart_runner() + source = make_restart_source(chat_id="999", chat_type="dm") + session_key = f"agent:main:telegram:dm:999" + runner._running_agents[session_key] = MagicMock() + + await runner._notify_active_sessions_of_shutdown() + + assert len(adapter.sent) == 1 + assert "shutting down" in adapter.sent[0] + assert "interrupted" in adapter.sent[0] + + +@pytest.mark.asyncio +async def test_shutdown_notification_says_restarting_when_restart_requested(): + """When _restart_requested is True, the message says 'restarting' and mentions /retry.""" + runner, adapter = make_restart_runner() + runner._restart_requested = True + session_key = "agent:main:telegram:dm:999" + runner._running_agents[session_key] = MagicMock() + + await runner._notify_active_sessions_of_shutdown() + + assert len(adapter.sent) == 1 + assert "restarting" in adapter.sent[0] + assert "/retry" in adapter.sent[0] + + +@pytest.mark.asyncio +async def test_shutdown_notification_deduplicates_per_chat(): + """Multiple sessions in the same chat only get one notification.""" + runner, adapter = make_restart_runner() + # Two sessions (different users) in the same chat + runner._running_agents["agent:main:telegram:group:chat1:u1"] = MagicMock() + runner._running_agents["agent:main:telegram:group:chat1:u2"] = MagicMock() + + await runner._notify_active_sessions_of_shutdown() + + assert len(adapter.sent) == 1 + + +@pytest.mark.asyncio +async def test_shutdown_notification_skipped_when_no_active_agents(): + """No notification is sent when there are no active agents.""" + runner, adapter = make_restart_runner() + + await runner._notify_active_sessions_of_shutdown() + + assert len(adapter.sent) == 0 + + +@pytest.mark.asyncio +async def test_shutdown_notification_ignores_pending_sentinels(): + """Pending sentinels (not-yet-started agents) don't trigger notifications.""" + from gateway.run import _AGENT_PENDING_SENTINEL + + runner, adapter = make_restart_runner() + runner._running_agents["agent:main:telegram:dm:999"] = _AGENT_PENDING_SENTINEL + + await runner._notify_active_sessions_of_shutdown() + + assert len(adapter.sent) == 0 + + +@pytest.mark.asyncio +async def test_shutdown_notification_send_failure_does_not_block(): + """If sending a notification fails, the method still completes.""" + runner, adapter = make_restart_runner() + adapter.send = AsyncMock(side_effect=Exception("network error")) + session_key = "agent:main:telegram:dm:999" + runner._running_agents[session_key] = MagicMock() + + # Should not raise + await runner._notify_active_sessions_of_shutdown() From 1aa76620d464f5ec105e01a67d0e336b5612feaf Mon Sep 17 00:00:00 2001 From: Roy-oss1 <268667990+Roy-oss1@users.noreply.github.com> Date: Wed, 15 Apr 2026 03:55:12 +0800 Subject: [PATCH 29/41] fix(feishu): keep approval clicks synchronized with callback card state Feishu approval clicks need the resolved card to come back from the synchronous callback path itself. Leaving approval resolution to the generic asynchronous card-action flow made button feedback depend on later loop work instead of the callback response the client is waiting for. Change-Id: I574997cbbcaa097fdba759b47367e28d1b56b040 Constraint: Feishu card-action callbacks must acknowledge quickly and reflect final approval state from the callback response path Rejected: Keep approval handling on the generic async card-action route | leaves card state synchronization vulnerable to callback timing and follow-up update ordering Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep approval callback response construction separate from async queue unblocking unless Feishu callback semantics change Tested: pytest tests/gateway/test_feishu.py tests/gateway/test_feishu_approval_buttons.py tests/gateway/test_approve_deny_commands.py tests/gateway/test_slack_approval_buttons.py tests/gateway/test_telegram_approval_buttons.py -q Not-tested: Live Feishu workspace end-to-end callback rendering --- gateway/platforms/feishu.py | 182 +++++++----- tests/gateway/test_feishu_approval_buttons.py | 274 +++++++++--------- 2 files changed, 252 insertions(+), 204 deletions(-) diff --git a/gateway/platforms/feishu.py b/gateway/platforms/feishu.py index fdfdd78b0..01b1c3a14 100644 --- a/gateway/platforms/feishu.py +++ b/gateway/platforms/feishu.py @@ -72,7 +72,10 @@ try: UpdateMessageRequestBody, ) from lark_oapi.core.const import FEISHU_DOMAIN, LARK_DOMAIN - from lark_oapi.event.callback.model.p2_card_action_trigger import P2CardActionTriggerResponse + from lark_oapi.event.callback.model.p2_card_action_trigger import ( + CallBackCard, + P2CardActionTriggerResponse, + ) from lark_oapi.event.dispatcher_handler import EventDispatcherHandler from lark_oapi.ws import Client as FeishuWSClient @@ -80,6 +83,7 @@ try: except ImportError: FEISHU_AVAILABLE = False lark = None # type: ignore[assignment] + CallBackCard = None # type: ignore[assignment] P2CardActionTriggerResponse = None # type: ignore[assignment] EventDispatcherHandler = None # type: ignore[assignment] FeishuWSClient = None # type: ignore[assignment] @@ -169,6 +173,19 @@ _FEISHU_WEBHOOK_BODY_TIMEOUT_SECONDS = 30 # max seconds to read request _FEISHU_WEBHOOK_ANOMALY_THRESHOLD = 25 # consecutive error responses before WARNING log _FEISHU_WEBHOOK_ANOMALY_TTL_SECONDS = 6 * 60 * 60 # anomaly tracker TTL (6 hours) — matches openclaw _FEISHU_CARD_ACTION_DEDUP_TTL_SECONDS = 15 * 60 # card action token dedup window (15 min) + +_APPROVAL_CHOICE_MAP: Dict[str, str] = { + "approve_once": "once", + "approve_session": "session", + "approve_always": "always", + "deny": "deny", +} +_APPROVAL_LABEL_MAP: Dict[str, str] = { + "once": "Approved once", + "session": "Approved for session", + "always": "Approved permanently", + "deny": "Denied", +} _FEISHU_BOT_MSG_TRACK_SIZE = 512 # LRU size for tracking sent message IDs _FEISHU_REPLY_FALLBACK_CODES = frozenset({230011, 231003}) # reply target withdrawn/missing → create fallback _FEISHU_ACK_EMOJI = "OK" @@ -1490,14 +1507,12 @@ class FeishuAdapter(BasePlatformAdapter): logger.warning("[Feishu] send_exec_approval failed: %s", exc) return SendResult(success=False, error=str(exc)) - async def _update_approval_card( - self, message_id: str, label: str, user_name: str, choice: str, - ) -> None: - """Replace the approval card with a resolved status card.""" - if not self._client or not message_id: - return + @staticmethod + def _build_resolved_approval_card(*, choice: str, user_name: str) -> Dict[str, Any]: + """Build raw card JSON for a resolved approval action.""" icon = "❌" if choice == "deny" else "✅" - card = { + label = _APPROVAL_LABEL_MAP.get(choice, "Resolved") + return { "config": {"wide_screen_mode": True}, "header": { "title": {"content": f"{icon} {label}", "tag": "plain_text"}, @@ -1510,13 +1525,6 @@ class FeishuAdapter(BasePlatformAdapter): }, ], } - try: - payload = json.dumps(card, ensure_ascii=False) - body = self._build_update_message_body(msg_type="interactive", content=payload) - request = self._build_update_message_request(message_id=message_id, request_body=body) - await asyncio.to_thread(self._client.im.v1.message.update, request) - except Exception as exc: - logger.warning("[Feishu] Failed to update approval card %s: %s", message_id, exc) async def send_voice( self, @@ -1845,20 +1853,82 @@ class FeishuAdapter(BasePlatformAdapter): future.add_done_callback(self._log_background_failure) def _on_card_action_trigger(self, data: Any) -> Any: - """Schedule Feishu card actions on the adapter loop and acknowledge immediately.""" + """Handle card-action callback from the Feishu SDK (synchronous). + + For approval actions: parses the event once, returns the resolved card + inline (the only reliable way to sync all clients), and schedules a + lightweight async method to actually unblock the agent. + + For other card actions: delegates to ``_handle_card_action_event``. + """ loop = self._loop - if loop is None or bool(getattr(loop, "is_closed", lambda: False)()): + if not self._loop_accepts_callbacks(loop): logger.warning("[Feishu] Dropping card action before adapter loop is ready") - else: - future = asyncio.run_coroutine_threadsafe( - self._handle_card_action_event(data), - loop, - ) - future.add_done_callback(self._log_background_failure) + return P2CardActionTriggerResponse() if P2CardActionTriggerResponse else None + + event = getattr(data, "event", None) + action = getattr(event, "action", None) + action_value = getattr(action, "value", {}) or {} + hermes_action = action_value.get("hermes_action") if isinstance(action_value, dict) else None + + if hermes_action: + return self._handle_approval_card_action(event=event, action_value=action_value, loop=loop) + + self._submit_on_loop(loop, self._handle_card_action_event(data)) if P2CardActionTriggerResponse is None: return None return P2CardActionTriggerResponse() + @staticmethod + def _loop_accepts_callbacks(loop: Any) -> bool: + """Return True when the adapter loop can accept thread-safe submissions.""" + return loop is not None and not bool(getattr(loop, "is_closed", lambda: False)()) + + def _submit_on_loop(self, loop: Any, coro: Any) -> None: + """Schedule background work on the adapter loop with shared failure logging.""" + future = asyncio.run_coroutine_threadsafe(coro, loop) + future.add_done_callback(self._log_background_failure) + + def _handle_approval_card_action(self, *, event: Any, action_value: Dict[str, Any], loop: Any) -> Any: + """Schedule approval resolution and build the synchronous callback response.""" + approval_id = action_value.get("approval_id") + if approval_id is None: + logger.debug("[Feishu] Card action missing approval_id, ignoring") + return P2CardActionTriggerResponse() if P2CardActionTriggerResponse else None + choice = _APPROVAL_CHOICE_MAP.get(action_value.get("hermes_action"), "deny") + + operator = getattr(event, "operator", None) + open_id = str(getattr(operator, "open_id", "") or "") + user_name = self._get_cached_sender_name(open_id) or open_id + + self._submit_on_loop(loop, self._resolve_approval(approval_id, choice, user_name)) + + if P2CardActionTriggerResponse is None: + return None + response = P2CardActionTriggerResponse() + if CallBackCard is not None: + card = CallBackCard() + card.type = "raw" + card.data = self._build_resolved_approval_card(choice=choice, user_name=user_name) + response.card = card + return response + + async def _resolve_approval(self, approval_id: Any, choice: str, user_name: str) -> None: + """Pop approval state and unblock the waiting agent thread.""" + state = self._approval_state.pop(approval_id, None) + if not state: + logger.debug("[Feishu] Approval %s already resolved or unknown", approval_id) + return + try: + from tools.approval import resolve_gateway_approval + count = resolve_gateway_approval(state["session_key"], choice) + logger.info( + "Feishu button resolved %d approval(s) for session %s (choice=%s, user=%s)", + count, state["session_key"], choice, user_name, + ) + except Exception as exc: + logger.error("Failed to resolve gateway approval from Feishu button: %s", exc) + async def _handle_reaction_event(self, event_type: str, data: Any) -> None: """Fetch the reacted-to message; if it was sent by this bot, emit a synthetic text event.""" if not self._client: @@ -1950,51 +2020,6 @@ class FeishuAdapter(BasePlatformAdapter): action_tag = str(getattr(action, "tag", "") or "button") action_value = getattr(action, "value", {}) or {} - # --- Exec approval button intercept --- - hermes_action = action_value.get("hermes_action") if isinstance(action_value, dict) else None - if hermes_action: - approval_id = action_value.get("approval_id") - state = self._approval_state.pop(approval_id, None) - if not state: - logger.debug("[Feishu] Approval %s already resolved or unknown", approval_id) - return - - choice_map = { - "approve_once": "once", - "approve_session": "session", - "approve_always": "always", - "deny": "deny", - } - choice = choice_map.get(hermes_action, "deny") - - label_map = { - "once": "Approved once", - "session": "Approved for session", - "always": "Approved permanently", - "deny": "Denied", - } - label = label_map.get(choice, "Resolved") - - # Resolve sender name for the status card - sender_id = SimpleNamespace(open_id=open_id, user_id=None, union_id=None) - sender_profile = await self._resolve_sender_profile(sender_id) - user_name = sender_profile.get("user_name") or open_id - - # Resolve the approval — unblocks the agent thread - try: - from tools.approval import resolve_gateway_approval - count = resolve_gateway_approval(state["session_key"], choice) - logger.info( - "Feishu button resolved %d approval(s) for session %s (choice=%s, user=%s)", - count, state["session_key"], choice, user_name, - ) - except Exception as exc: - logger.error("Failed to resolve gateway approval from Feishu button: %s", exc) - - # Update the card to show the decision - await self._update_approval_card(state.get("message_id", ""), label, user_name, choice) - return - synthetic_text = f"/card {action_tag}" if action_value: try: @@ -2897,6 +2922,19 @@ class FeishuAdapter(BasePlatformAdapter): "user_id_alt": union_id, } + def _get_cached_sender_name(self, sender_id: Optional[str]) -> Optional[str]: + """Return a cached sender name only while its TTL is still valid.""" + if not sender_id: + return None + cached = self._sender_name_cache.get(sender_id) + if cached is None: + return None + name, expire_at = cached + if time.time() < expire_at: + return name + self._sender_name_cache.pop(sender_id, None) + return None + async def _resolve_sender_name_from_api(self, sender_id: Optional[str]) -> Optional[str]: """Fetch the sender's display name from the Feishu contact API with a 10-minute cache. @@ -2909,11 +2947,9 @@ class FeishuAdapter(BasePlatformAdapter): if not trimmed: return None now = time.time() - cached = self._sender_name_cache.get(trimmed) - if cached is not None: - name, expire_at = cached - if now < expire_at: - return name + cached_name = self._get_cached_sender_name(trimmed) + if cached_name is not None: + return cached_name try: from lark_oapi.api.contact.v3 import GetUserRequest # lazy import if trimmed.startswith("ou_"): diff --git a/tests/gateway/test_feishu_approval_buttons.py b/tests/gateway/test_feishu_approval_buttons.py index 9c51d1ac4..954e9c061 100644 --- a/tests/gateway/test_feishu_approval_buttons.py +++ b/tests/gateway/test_feishu_approval_buttons.py @@ -1,12 +1,11 @@ """Tests for Feishu interactive card approval buttons.""" -import asyncio +import importlib.util import json -import os import sys from pathlib import Path from types import SimpleNamespace -from unittest.mock import AsyncMock, MagicMock, Mock, patch +from unittest.mock import AsyncMock, MagicMock, patch import pytest @@ -23,14 +22,14 @@ if _repo not in sys.path: # --------------------------------------------------------------------------- def _ensure_feishu_mocks(): """Provide stubs for lark-oapi / aiohttp.web so the import succeeds.""" - if "lark_oapi" not in sys.modules: + if importlib.util.find_spec("lark_oapi") is None and "lark_oapi" not in sys.modules: mod = MagicMock() for name in ( "lark_oapi", "lark_oapi.api.im.v1", "lark_oapi.event", "lark_oapi.event.callback_type", ): sys.modules.setdefault(name, mod) - if "aiohttp" not in sys.modules: + if importlib.util.find_spec("aiohttp") is None and "aiohttp" not in sys.modules: aio = MagicMock() sys.modules.setdefault("aiohttp", aio) sys.modules.setdefault("aiohttp.web", aio.web) @@ -39,6 +38,7 @@ def _ensure_feishu_mocks(): _ensure_feishu_mocks() from gateway.config import PlatformConfig +import gateway.platforms.feishu as feishu_module from gateway.platforms.feishu import FeishuAdapter @@ -74,6 +74,12 @@ def _make_card_action_data( ) +def _close_submitted_coro(coro, _loop): + """Close scheduled coroutines in sync-handler tests to avoid unawaited warnings.""" + coro.close() + return SimpleNamespace(add_done_callback=lambda *_args, **_kwargs: None) + + # =========================================================================== # send_exec_approval — interactive card with buttons # =========================================================================== @@ -203,14 +209,14 @@ class TestFeishuExecApproval: # =========================================================================== -# _handle_card_action_event — approval button clicks +# _resolve_approval — approval state pop + gateway resolution # =========================================================================== -class TestFeishuApprovalCallback: - """Test the approval intercept in _handle_card_action_event.""" +class TestResolveApproval: + """Test _resolve_approval pops state and calls resolve_gateway_approval.""" @pytest.mark.asyncio - async def test_resolves_approval_on_click(self): + async def test_resolves_once(self): adapter = _make_adapter() adapter._approval_state[1] = { "session_key": "agent:main:feishu:group:oc_12345", @@ -218,28 +224,14 @@ class TestFeishuApprovalCallback: "chat_id": "oc_12345", } - data = _make_card_action_data( - action_value={"hermes_action": "approve_once", "approval_id": 1}, - ) - - with ( - patch.object( - adapter, "_resolve_sender_profile", new_callable=AsyncMock, - return_value={"user_id": "ou_user1", "user_name": "Norbert", "user_id_alt": None}, - ), - patch.object(adapter, "_update_approval_card", new_callable=AsyncMock) as mock_update, - patch("tools.approval.resolve_gateway_approval", return_value=1) as mock_resolve, - ): - await adapter._handle_card_action_event(data) + with patch("tools.approval.resolve_gateway_approval", return_value=1) as mock_resolve: + await adapter._resolve_approval(1, "once", "Norbert") mock_resolve.assert_called_once_with("agent:main:feishu:group:oc_12345", "once") - mock_update.assert_called_once_with("msg_001", "Approved once", "Norbert", "once") - - # State should be cleaned up assert 1 not in adapter._approval_state @pytest.mark.asyncio - async def test_deny_button(self): + async def test_resolves_deny(self): adapter = _make_adapter() adapter._approval_state[2] = { "session_key": "some-session", @@ -247,26 +239,13 @@ class TestFeishuApprovalCallback: "chat_id": "oc_12345", } - data = _make_card_action_data( - action_value={"hermes_action": "deny", "approval_id": 2}, - token="tok_deny", - ) - - with ( - patch.object( - adapter, "_resolve_sender_profile", new_callable=AsyncMock, - return_value={"user_id": "ou_alice", "user_name": "Alice", "user_id_alt": None}, - ), - patch.object(adapter, "_update_approval_card", new_callable=AsyncMock) as mock_update, - patch("tools.approval.resolve_gateway_approval", return_value=1) as mock_resolve, - ): - await adapter._handle_card_action_event(data) + with patch("tools.approval.resolve_gateway_approval", return_value=1) as mock_resolve: + await adapter._resolve_approval(2, "deny", "Alice") mock_resolve.assert_called_once_with("some-session", "deny") - mock_update.assert_called_once_with("msg_002", "Denied", "Alice", "deny") @pytest.mark.asyncio - async def test_session_approval(self): + async def test_resolves_session(self): adapter = _make_adapter() adapter._approval_state[3] = { "session_key": "sess-3", @@ -274,26 +253,13 @@ class TestFeishuApprovalCallback: "chat_id": "oc_99", } - data = _make_card_action_data( - action_value={"hermes_action": "approve_session", "approval_id": 3}, - token="tok_ses", - ) - - with ( - patch.object( - adapter, "_resolve_sender_profile", new_callable=AsyncMock, - return_value={"user_id": "ou_u", "user_name": "Bob", "user_id_alt": None}, - ), - patch.object(adapter, "_update_approval_card", new_callable=AsyncMock) as mock_update, - patch("tools.approval.resolve_gateway_approval", return_value=1) as mock_resolve, - ): - await adapter._handle_card_action_event(data) + with patch("tools.approval.resolve_gateway_approval", return_value=1) as mock_resolve: + await adapter._resolve_approval(3, "session", "Bob") mock_resolve.assert_called_once_with("sess-3", "session") - mock_update.assert_called_once_with("msg_003", "Approved for session", "Bob", "session") @pytest.mark.asyncio - async def test_always_approval(self): + async def test_resolves_always(self): adapter = _make_adapter() adapter._approval_state[4] = { "session_key": "sess-4", @@ -301,42 +267,29 @@ class TestFeishuApprovalCallback: "chat_id": "oc_55", } - data = _make_card_action_data( - action_value={"hermes_action": "approve_always", "approval_id": 4}, - token="tok_alw", - ) - - with ( - patch.object( - adapter, "_resolve_sender_profile", new_callable=AsyncMock, - return_value={"user_id": "ou_u", "user_name": "Carol", "user_id_alt": None}, - ), - patch.object(adapter, "_update_approval_card", new_callable=AsyncMock), - patch("tools.approval.resolve_gateway_approval", return_value=1) as mock_resolve, - ): - await adapter._handle_card_action_event(data) + with patch("tools.approval.resolve_gateway_approval", return_value=1) as mock_resolve: + await adapter._resolve_approval(4, "always", "Carol") mock_resolve.assert_called_once_with("sess-4", "always") @pytest.mark.asyncio async def test_already_resolved_drops_silently(self): adapter = _make_adapter() - # No state for approval_id 99 — already resolved - - data = _make_card_action_data( - action_value={"hermes_action": "approve_once", "approval_id": 99}, - token="tok_gone", - ) with patch("tools.approval.resolve_gateway_approval") as mock_resolve: - await adapter._handle_card_action_event(data) + await adapter._resolve_approval(99, "once", "Nobody") - # Should NOT resolve — already handled mock_resolve.assert_not_called() +# =========================================================================== +# _handle_card_action_event — non-approval card actions +# =========================================================================== + +class TestNonApprovalCardAction: + """Non-approval card actions should still route as synthetic commands.""" + @pytest.mark.asyncio - async def test_non_approval_actions_route_normally(self): - """Non-approval card actions should still become synthetic commands.""" + async def test_routes_as_synthetic_command(self): adapter = _make_adapter() data = _make_card_action_data( @@ -351,82 +304,141 @@ class TestFeishuApprovalCallback: ), patch.object(adapter, "get_chat_info", new_callable=AsyncMock, return_value={"name": "Test Chat"}), patch.object(adapter, "_handle_message_with_guards", new_callable=AsyncMock) as mock_handle, - patch("tools.approval.resolve_gateway_approval") as mock_resolve, ): await adapter._handle_card_action_event(data) - # Should NOT resolve any approval - mock_resolve.assert_not_called() - # Should have routed as synthetic command mock_handle.assert_called_once() event = mock_handle.call_args[0][0] assert "/card button" in event.text # =========================================================================== -# _update_approval_card — card replacement after resolution +# _on_card_action_trigger — inline card response for approval actions # =========================================================================== -class TestFeishuUpdateApprovalCard: - """Test the card update after approval resolution.""" +class _FakeCallBackCard: + def __init__(self): + self.type = None + self.data = None - @pytest.mark.asyncio - async def test_updates_card_on_approve(self): + +class _FakeP2Response: + def __init__(self): + self.card = None + + +@pytest.fixture(autouse=False) +def _patch_callback_card_types(monkeypatch): + """Provide real-ish P2CardActionTriggerResponse / CallBackCard for tests.""" + monkeypatch.setattr(feishu_module, "P2CardActionTriggerResponse", _FakeP2Response) + monkeypatch.setattr(feishu_module, "CallBackCard", _FakeCallBackCard) + + +class TestCardActionCallbackResponse: + """Test that _on_card_action_trigger returns updated card inline.""" + + def test_drops_action_when_loop_not_ready(self, _patch_callback_card_types): adapter = _make_adapter() + adapter._loop = None + data = _make_card_action_data({"hermes_action": "approve_once", "approval_id": 1}) - mock_update = AsyncMock() - adapter._client.im.v1.message.update = MagicMock() + with patch("asyncio.run_coroutine_threadsafe") as mock_submit: + response = adapter._on_card_action_trigger(data) - with patch("asyncio.to_thread", new_callable=AsyncMock) as mock_thread: - await adapter._update_approval_card( - "msg_001", "Approved once", "Norbert", "once" - ) + assert response is not None + assert response.card is None + mock_submit.assert_not_called() - mock_thread.assert_called_once() - # Verify the update request was built - call_args = mock_thread.call_args - assert call_args[0][0] == adapter._client.im.v1.message.update - - @pytest.mark.asyncio - async def test_updates_card_on_deny(self): + def test_returns_card_for_approve_action(self, _patch_callback_card_types): adapter = _make_adapter() + adapter._loop = MagicMock() + adapter._loop.is_closed = MagicMock(return_value=False) + data = _make_card_action_data( + {"hermes_action": "approve_once", "approval_id": 1}, + open_id="ou_bob", + ) + adapter._sender_name_cache["ou_bob"] = ("Bob", 9999999999) - with patch("asyncio.to_thread", new_callable=AsyncMock) as mock_thread: - await adapter._update_approval_card( - "msg_002", "Denied", "Alice", "deny" - ) + with patch("asyncio.run_coroutine_threadsafe", side_effect=_close_submitted_coro): + response = adapter._on_card_action_trigger(data) - mock_thread.assert_called_once() + assert response is not None + assert response.card is not None + assert response.card.type == "raw" + card = response.card.data + assert card["header"]["template"] == "green" + assert "Approved once" in card["header"]["title"]["content"] + assert "Bob" in card["elements"][0]["content"] - @pytest.mark.asyncio - async def test_skips_update_when_not_connected(self): + def test_returns_card_for_deny_action(self, _patch_callback_card_types): adapter = _make_adapter() - adapter._client = None + adapter._loop = MagicMock() + adapter._loop.is_closed = MagicMock(return_value=False) + data = _make_card_action_data( + {"hermes_action": "deny", "approval_id": 2}, + ) - with patch("asyncio.to_thread", new_callable=AsyncMock) as mock_thread: - await adapter._update_approval_card( - "msg_001", "Approved", "Bob", "once" - ) + with patch("asyncio.run_coroutine_threadsafe", side_effect=_close_submitted_coro): + response = adapter._on_card_action_trigger(data) - mock_thread.assert_not_called() + assert response.card is not None + card = response.card.data + assert card["header"]["template"] == "red" + assert "Denied" in card["header"]["title"]["content"] - @pytest.mark.asyncio - async def test_skips_update_when_no_message_id(self): + def test_ignores_missing_approval_id(self, _patch_callback_card_types): adapter = _make_adapter() + adapter._loop = MagicMock() + adapter._loop.is_closed = MagicMock(return_value=False) + data = _make_card_action_data({"hermes_action": "approve_once"}) - with patch("asyncio.to_thread", new_callable=AsyncMock) as mock_thread: - await adapter._update_approval_card( - "", "Approved", "Bob", "once" - ) + with patch("asyncio.run_coroutine_threadsafe") as mock_submit: + response = adapter._on_card_action_trigger(data) - mock_thread.assert_not_called() + assert response is not None + assert response.card is None + mock_submit.assert_not_called() - @pytest.mark.asyncio - async def test_swallows_update_errors(self): + def test_no_card_for_non_approval_action(self, _patch_callback_card_types): adapter = _make_adapter() + adapter._loop = MagicMock() + adapter._loop.is_closed = MagicMock(return_value=False) + data = _make_card_action_data({"some_other": "value"}) - with patch("asyncio.to_thread", new_callable=AsyncMock, side_effect=Exception("API error")): - # Should not raise - await adapter._update_approval_card( - "msg_001", "Approved", "Bob", "once" - ) + with patch("asyncio.run_coroutine_threadsafe", side_effect=_close_submitted_coro): + response = adapter._on_card_action_trigger(data) + + assert response is not None + assert response.card is None + + def test_falls_back_to_open_id_when_name_not_cached(self, _patch_callback_card_types): + adapter = _make_adapter() + adapter._loop = MagicMock() + adapter._loop.is_closed = MagicMock(return_value=False) + data = _make_card_action_data( + {"hermes_action": "approve_session", "approval_id": 3}, + open_id="ou_unknown", + ) + + with patch("asyncio.run_coroutine_threadsafe", side_effect=_close_submitted_coro): + response = adapter._on_card_action_trigger(data) + + card = response.card.data + assert "ou_unknown" in card["elements"][0]["content"] + + def test_ignores_expired_cached_name(self, _patch_callback_card_types): + adapter = _make_adapter() + adapter._loop = MagicMock() + adapter._loop.is_closed = MagicMock(return_value=False) + data = _make_card_action_data( + {"hermes_action": "approve_once", "approval_id": 4}, + open_id="ou_expired", + ) + adapter._sender_name_cache["ou_expired"] = ("Old Name", 1) + + with patch("asyncio.run_coroutine_threadsafe", side_effect=_close_submitted_coro): + response = adapter._on_card_action_trigger(data) + + card = response.card.data + assert "Old Name" not in card["elements"][0]["content"] + assert "ou_expired" in card["elements"][0]["content"] From 9bbf7659e98928d551fb1b7a61020d4c694953ae Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 14:19:49 -0700 Subject: [PATCH 30/41] chore: add Roy-oss1 to AUTHOR_MAP --- scripts/release.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/release.py b/scripts/release.py index 419b2e89c..08af431f2 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -62,6 +62,7 @@ AUTHOR_MAP = { "258577966+voidborne-d@users.noreply.github.com": "voidborne-d", "70424851+insecurejezza@users.noreply.github.com": "insecurejezza", "259807879+Bartok9@users.noreply.github.com": "Bartok9", + "268667990+Roy-oss1@users.noreply.github.com": "Roy-oss1", # contributors (manual mapping from git names) "dmayhem93@gmail.com": "dmahan93", "samherring99@gmail.com": "samherring99", From eed891f1bb9c2da620b617cf64f63a2ee49f6aff Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Tue, 14 Apr 2026 14:23:37 -0700 Subject: [PATCH 31/41] =?UTF-8?q?security:=20supply=20chain=20hardening=20?= =?UTF-8?q?=E2=80=94=20CI=20pinning,=20dep=20pinning,=20and=20code=20fixes?= =?UTF-8?q?=20(#9801)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI/CD Hardening: - Pin all 12 GitHub Actions to full commit SHAs (was mutable @vN tags) - Add explicit permissions: {contents: read} to 4 workflows - Pin CI pip installs to exact versions (pyyaml==6.0.2, httpx==0.28.1) - Extend supply-chain-audit.yml to scan workflow, Dockerfile, dependency manifest, and Actions version changes Dependency Pinning: - Pin git-based Python deps to commit SHAs (atroposlib, tinker, yc-bench) - Pin WhatsApp Baileys from mutable branch to commit SHA Tool Registry: - Reject tool name shadowing from different tool families (plugins/MCP cannot overwrite built-in tools). MCP-to-MCP overwrites still allowed. MCP Security: - Add tool description content scanning for prompt injection patterns - Log detailed change diff on dynamic tool refresh at WARNING level Skill Manager: - Fix dangerous verdict bug: agent-created skills with dangerous findings were silently allowed (ask->None->allow). Now blocked. --- .github/workflows/contributor-check.yml | 5 +- .github/workflows/deploy-site.yml | 12 ++-- .github/workflows/docker-publish.yml | 14 ++-- .github/workflows/docs-site-checks.yml | 9 ++- .github/workflows/nix.yml | 5 +- .github/workflows/skills-index.yml | 22 +++---- .github/workflows/supply-chain-audit.yml | 58 ++++++++++++++++- .github/workflows/tests.yml | 11 ++-- pyproject.toml | 6 +- scripts/whatsapp-bridge/package.json | 2 +- tests/tools/test_mcp_tool.py | 8 ++- tools/mcp_tool.py | 83 ++++++++++++++++++++++-- tools/registry.py | 24 +++++-- tools/skill_manager_tool.py | 8 +-- 14 files changed, 214 insertions(+), 53 deletions(-) diff --git a/.github/workflows/contributor-check.yml b/.github/workflows/contributor-check.yml index f8d65a3ea..3ca4991c6 100644 --- a/.github/workflows/contributor-check.yml +++ b/.github/workflows/contributor-check.yml @@ -9,11 +9,14 @@ on: - '**/*.py' - '.github/workflows/contributor-check.yml' +permissions: + contents: read + jobs: check-attribution: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 # Full history needed for git log diff --git a/.github/workflows/deploy-site.yml b/.github/workflows/deploy-site.yml index c55a62908..480b236f8 100644 --- a/.github/workflows/deploy-site.yml +++ b/.github/workflows/deploy-site.yml @@ -28,20 +28,20 @@ jobs: name: github-pages url: ${{ steps.deploy.outputs.page_url }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 20 cache: npm cache-dependency-path: website/package-lock.json - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: '3.11' - name: Install PyYAML for skill extraction - run: pip install pyyaml httpx + run: pip install pyyaml==6.0.2 httpx==0.28.1 - name: Extract skill metadata for dashboard run: python3 website/scripts/extract-skills.py @@ -73,10 +73,10 @@ jobs: echo "hermes-agent.nousresearch.com" > _site/CNAME - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 with: path: _site - name: Deploy to GitHub Pages id: deploy - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 6b360b8c6..f9e846e68 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -23,21 +23,21 @@ jobs: timeout-minutes: 60 steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: submodules: recursive - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 # Build amd64 only so we can `load` the image for smoke testing. # `load: true` cannot export a multi-arch manifest to the local daemon. # The multi-arch build follows on push to main / release. - name: Build image (amd64, smoke test) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: . file: Dockerfile @@ -56,14 +56,14 @@ jobs: - name: Log in to Docker Hub if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'release' - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Push multi-arch image (main branch) if: github.event_name == 'push' && github.ref == 'refs/heads/main' - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: . file: Dockerfile @@ -75,7 +75,7 @@ jobs: - name: Push multi-arch image (release) if: github.event_name == 'release' - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: . file: Dockerfile diff --git a/.github/workflows/docs-site-checks.yml b/.github/workflows/docs-site-checks.yml index ea05d2804..2f985122c 100644 --- a/.github/workflows/docs-site-checks.yml +++ b/.github/workflows/docs-site-checks.yml @@ -7,13 +7,16 @@ on: - '.github/workflows/docs-site-checks.yml' workflow_dispatch: +permissions: + contents: read + jobs: docs-site-checks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 20 cache: npm @@ -23,7 +26,7 @@ jobs: run: npm ci working-directory: website - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: '3.11' diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index dba33bfff..387c9e5d1 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -14,6 +14,9 @@ on: - 'run_agent.py' - 'acp_adapter/**' +permissions: + contents: read + concurrency: group: nix-${{ github.ref }} cancel-in-progress: true @@ -26,7 +29,7 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 30 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - uses: DeterminateSystems/nix-installer-action@ef8a148080ab6020fd15196c2084a2eea5ff2d25 # v22 - uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13 - name: Check flake diff --git a/.github/workflows/skills-index.yml b/.github/workflows/skills-index.yml index 6c03e4074..8beda195c 100644 --- a/.github/workflows/skills-index.yml +++ b/.github/workflows/skills-index.yml @@ -20,14 +20,14 @@ jobs: if: github.repository == 'NousResearch/hermes-agent' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: '3.11' - name: Install dependencies - run: pip install httpx pyyaml + run: pip install httpx==0.28.1 pyyaml==6.0.2 - name: Build skills index env: @@ -35,7 +35,7 @@ jobs: run: python scripts/build_skills_index.py - name: Upload index artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: skills-index path: website/static/api/skills-index.json @@ -53,25 +53,25 @@ jobs: # Only deploy on schedule or manual trigger (not on every push to the script) if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: skills-index path: website/static/api/ - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 20 cache: npm cache-dependency-path: website/package-lock.json - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: '3.11' - name: Install PyYAML for skill extraction - run: pip install pyyaml + run: pip install pyyaml==6.0.2 - name: Extract skill metadata for dashboard run: python3 website/scripts/extract-skills.py @@ -92,10 +92,10 @@ jobs: echo "hermes-agent.nousresearch.com" > _site/CNAME - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 with: path: _site - name: Deploy to GitHub Pages id: deploy - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/.github/workflows/supply-chain-audit.yml b/.github/workflows/supply-chain-audit.yml index 1cee4564d..4aa0fd321 100644 --- a/.github/workflows/supply-chain-audit.yml +++ b/.github/workflows/supply-chain-audit.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 @@ -149,6 +149,62 @@ jobs: " fi + # --- CI/CD workflow files modified --- + WORKFLOW_HITS=$(git diff --name-only "$BASE".."$HEAD" | grep -E '\.github/workflows/.*\.ya?ml$' || true) + if [ -n "$WORKFLOW_HITS" ]; then + FINDINGS="${FINDINGS} + ### ⚠️ WARNING: CI/CD workflow files modified + Changes to workflow files can alter build pipelines, inject steps, or modify permissions. Verify no unauthorized actions or secrets access were added. + + **Files:** + \`\`\` + ${WORKFLOW_HITS} + \`\`\` + " + fi + + # --- Dockerfile / container build files modified --- + DOCKER_HITS=$(git diff --name-only "$BASE".."$HEAD" | grep -iE '(Dockerfile|\.dockerignore|docker-compose)' || true) + if [ -n "$DOCKER_HITS" ]; then + FINDINGS="${FINDINGS} + ### ⚠️ WARNING: Container build files modified + Changes to Dockerfiles or compose files can alter base images, add build steps, or expose ports. Verify base image pins and build commands. + + **Files:** + \`\`\` + ${DOCKER_HITS} + \`\`\` + " + fi + + # --- Dependency manifest files modified --- + DEP_HITS=$(git diff --name-only "$BASE".."$HEAD" | grep -E '(pyproject\.toml|requirements.*\.txt|package\.json|Gemfile|go\.mod|Cargo\.toml)$' || true) + if [ -n "$DEP_HITS" ]; then + FINDINGS="${FINDINGS} + ### ⚠️ WARNING: Dependency manifest files modified + Changes to dependency files can introduce new packages or change version pins. Verify all dependency changes are intentional and from trusted sources. + + **Files:** + \`\`\` + ${DEP_HITS} + \`\`\` + " + fi + + # --- GitHub Actions version unpinning (mutable tags instead of SHAs) --- + ACTIONS_UNPIN=$(echo "$DIFF" | grep -n '^\+' | grep 'uses:' | grep -v '#' | grep -E '@v[0-9]' | head -10 || true) + if [ -n "$ACTIONS_UNPIN" ]; then + FINDINGS="${FINDINGS} + ### ⚠️ WARNING: GitHub Actions with mutable version tags + Actions should be pinned to full commit SHAs (not \`@v4\`, \`@v5\`). Mutable tags can be retargeted silently if a maintainer account is compromised. + + **Matches:** + \`\`\` + ${ACTIONS_UNPIN} + \`\`\` + " + fi + # --- Output results --- if [ -n "$FINDINGS" ]; then echo "found=true" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1e45193b8..7d0822690 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [main] +permissions: + contents: read + # Cancel in-progress runs for the same PR/branch concurrency: group: tests-${{ github.ref }} @@ -17,13 +20,13 @@ jobs: timeout-minutes: 10 steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install system dependencies run: sudo apt-get update && sudo apt-get install -y ripgrep - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 - name: Set up Python 3.11 run: uv python install 3.11 @@ -49,10 +52,10 @@ jobs: timeout-minutes: 10 steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 - name: Set up Python 3.11 run: uv python install 3.11 diff --git a/pyproject.toml b/pyproject.toml index f1cd158d4..fa3fd4822 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,13 +78,13 @@ dingtalk = ["dingtalk-stream>=0.1.0,<1"] feishu = ["lark-oapi>=1.5.3,<2"] web = ["fastapi>=0.104.0,<1", "uvicorn[standard]>=0.24.0,<1"] rl = [ - "atroposlib @ git+https://github.com/NousResearch/atropos.git", - "tinker @ git+https://github.com/thinking-machines-lab/tinker.git", + "atroposlib @ git+https://github.com/NousResearch/atropos.git@c20c85256e5a45ad31edf8b7276e9c5ee1995a30", + "tinker @ git+https://github.com/thinking-machines-lab/tinker.git@30517b667f18a3dfb7ef33fb56cf686d5820ba2b", "fastapi>=0.104.0,<1", "uvicorn[standard]>=0.24.0,<1", "wandb>=0.15.0,<1", ] -yc-bench = ["yc-bench @ git+https://github.com/collinear-ai/yc-bench.git ; python_version >= '3.12'"] +yc-bench = ["yc-bench @ git+https://github.com/collinear-ai/yc-bench.git@bfb0c88062450f46341bd9a5298903fc2e952a5c ; python_version >= '3.12'"] all = [ "hermes-agent[modal]", "hermes-agent[daytona]", diff --git a/scripts/whatsapp-bridge/package.json b/scripts/whatsapp-bridge/package.json index 2d32560f4..cb2f6b22e 100644 --- a/scripts/whatsapp-bridge/package.json +++ b/scripts/whatsapp-bridge/package.json @@ -8,7 +8,7 @@ "start": "node bridge.js" }, "dependencies": { - "@whiskeysockets/baileys": "WhiskeySockets/Baileys#fix/abprops-abt-fetch", + "@whiskeysockets/baileys": "WhiskeySockets/Baileys#01047debd81beb20da7b7779b08edcb06aa03770", "express": "^4.21.0", "qrcode-terminal": "^0.12.0", "pino": "^9.0.0" diff --git a/tests/tools/test_mcp_tool.py b/tests/tools/test_mcp_tool.py index 883bbe318..43049c2c1 100644 --- a/tests/tools/test_mcp_tool.py +++ b/tests/tools/test_mcp_tool.py @@ -2837,7 +2837,7 @@ class TestRegistryCollisionWarning: """registry.register() warns when a tool name is overwritten by a different toolset.""" def test_overwrite_different_toolset_logs_warning(self, caplog): - """Overwriting a tool from a different toolset emits a warning.""" + """Overwriting a tool from a different toolset is REJECTED with an error.""" from tools.registry import ToolRegistry import logging @@ -2847,11 +2847,13 @@ class TestRegistryCollisionWarning: reg.register(name="my_tool", toolset="builtin", schema=schema, handler=handler) - with caplog.at_level(logging.WARNING, logger="tools.registry"): + with caplog.at_level(logging.ERROR, logger="tools.registry"): reg.register(name="my_tool", toolset="mcp-ext", schema=schema, handler=handler) - assert any("collision" in r.message.lower() for r in caplog.records) + assert any("rejected" in r.message.lower() for r in caplog.records) assert any("builtin" in r.message and "mcp-ext" in r.message for r in caplog.records) + # The original tool should still be from 'builtin', not overwritten + assert reg.get_toolset_for_tool("my_tool") == "builtin" def test_overwrite_same_toolset_no_warning(self, caplog): """Re-registering within the same toolset is silent (e.g. reconnect).""" diff --git a/tools/mcp_tool.py b/tools/mcp_tool.py index 2356830c4..d6bdc89fa 100644 --- a/tools/mcp_tool.py +++ b/tools/mcp_tool.py @@ -219,6 +219,58 @@ def _sanitize_error(text: str) -> str: return _CREDENTIAL_PATTERN.sub("[REDACTED]", text) +# --------------------------------------------------------------------------- +# MCP tool description content scanning +# --------------------------------------------------------------------------- + +# Patterns that indicate potential prompt injection in MCP tool descriptions. +# These are WARNING-level — we log but don't block, since false positives +# would break legitimate MCP servers. +_MCP_INJECTION_PATTERNS = [ + (re.compile(r"ignore\s+(all\s+)?previous\s+instructions", re.I), + "prompt override attempt ('ignore previous instructions')"), + (re.compile(r"you\s+are\s+now\s+a", re.I), + "identity override attempt ('you are now a...')"), + (re.compile(r"your\s+new\s+(task|role|instructions?)\s+(is|are)", re.I), + "task override attempt"), + (re.compile(r"system\s*:\s*", re.I), + "system prompt injection attempt"), + (re.compile(r"<\s*(system|human|assistant)\s*>", re.I), + "role tag injection attempt"), + (re.compile(r"do\s+not\s+(tell|inform|mention|reveal)", re.I), + "concealment instruction"), + (re.compile(r"(curl|wget|fetch)\s+https?://", re.I), + "network command in description"), + (re.compile(r"base64\.(b64decode|decodebytes)", re.I), + "base64 decode reference"), + (re.compile(r"exec\s*\(|eval\s*\(", re.I), + "code execution reference"), + (re.compile(r"import\s+(subprocess|os|shutil|socket)", re.I), + "dangerous import reference"), +] + + +def _scan_mcp_description(server_name: str, tool_name: str, description: str) -> List[str]: + """Scan an MCP tool description for prompt injection patterns. + + Returns a list of finding strings (empty = clean). + """ + findings = [] + if not description: + return findings + for pattern, reason in _MCP_INJECTION_PATTERNS: + if pattern.search(description): + findings.append(reason) + if findings: + logger.warning( + "MCP server '%s' tool '%s': suspicious description content — %s. " + "Description: %.200s", + server_name, tool_name, "; ".join(findings), + description, + ) + return findings + + def _prepend_path(env: dict, directory: str) -> dict: """Prepend *directory* to env PATH if it is not already present.""" updated = dict(env or {}) @@ -798,6 +850,9 @@ class MCPServerTask: from toolsets import TOOLSETS async with self._refresh_lock: + # Capture old tool names for change diff + old_tool_names = set(self._registered_tool_names) + # 1. Fetch current tool list from server tools_result = await self.session.list_tools() new_mcp_tools = tools_result.tools if hasattr(tools_result, "tools") else [] @@ -817,10 +872,26 @@ class MCPServerTask: self.name, self, self._config ) - logger.info( - "MCP server '%s': dynamically refreshed %d tool(s)", - self.name, len(self._registered_tool_names), - ) + # 5. Log what changed (user-visible notification) + new_tool_names = set(self._registered_tool_names) + added = new_tool_names - old_tool_names + removed = old_tool_names - new_tool_names + changes = [] + if added: + changes.append(f"added: {', '.join(sorted(added))}") + if removed: + changes.append(f"removed: {', '.join(sorted(removed))}") + if changes: + logger.warning( + "MCP server '%s': tools changed dynamically — %s. " + "Verify these changes are expected.", + self.name, "; ".join(changes), + ) + else: + logger.info( + "MCP server '%s': dynamically refreshed %d tool(s) (no changes)", + self.name, len(self._registered_tool_names), + ) async def _run_stdio(self, config: dict): """Run the server using stdio transport.""" @@ -1838,6 +1909,10 @@ def _register_server_tools(name: str, server: MCPServerTask, config: dict) -> Li if not _should_register(mcp_tool.name): logger.debug("MCP server '%s': skipping tool '%s' (filtered by config)", name, mcp_tool.name) continue + + # Scan tool description for prompt injection patterns + _scan_mcp_description(name, mcp_tool.name, mcp_tool.description or "") + schema = _convert_mcp_schema(name, mcp_tool) tool_name_prefixed = schema["name"] diff --git a/tools/registry.py b/tools/registry.py index d6aff8348..b7351cb16 100644 --- a/tools/registry.py +++ b/tools/registry.py @@ -117,11 +117,27 @@ class ToolRegistry: with self._lock: existing = self._tools.get(name) if existing and existing.toolset != toolset: - logger.warning( - "Tool name collision: '%s' (toolset '%s') is being " - "overwritten by toolset '%s'", - name, existing.toolset, toolset, + # Allow MCP-to-MCP overwrites (legitimate: server refresh, + # or two MCP servers with overlapping tool names). + both_mcp = ( + existing.toolset.startswith("mcp-") + and toolset.startswith("mcp-") ) + if both_mcp: + logger.debug( + "Tool '%s': MCP toolset '%s' overwriting MCP toolset '%s'", + name, toolset, existing.toolset, + ) + else: + # Reject shadowing — prevent plugins/MCP from overwriting + # built-in tools or vice versa. + logger.error( + "Tool registration REJECTED: '%s' (toolset '%s') would " + "shadow existing tool from toolset '%s'. Deregister the " + "existing tool first if this is intentional.", + name, toolset, existing.toolset, + ) + return self._tools[name] = ToolEntry( name=name, toolset=toolset, diff --git a/tools/skill_manager_tool.py b/tools/skill_manager_tool.py index 2b2625fa0..6c7307259 100644 --- a/tools/skill_manager_tool.py +++ b/tools/skill_manager_tool.py @@ -64,11 +64,11 @@ def _security_scan_skill(skill_dir: Path) -> Optional[str]: report = format_scan_report(result) return f"Security scan blocked this skill ({reason}):\n{report}" if allowed is None: - # "ask" — allow but include the warning so the user sees the findings + # "ask" verdict — for agent-created skills this means dangerous + # findings were detected. Block the skill and include the report. report = format_scan_report(result) - logger.warning("Agent-created skill has security findings: %s", reason) - # Don't block — return None to allow, but log the warning - return None + logger.warning("Agent-created skill blocked (dangerous findings): %s", reason) + return f"Security scan blocked this skill ({reason}):\n{report}" except Exception as e: logger.warning("Security scan failed for %s: %s", skill_dir, e, exc_info=True) return None From 397386cae2e2e4903aa48030c5c5c0a1c4d9126a Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 14:34:34 -0700 Subject: [PATCH 32/41] fix: gateway auto-recovers from unexpected SIGTERM via systemd (#5646) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Root cause: when the gateway received SIGTERM (from hermes update, external kill, WSL2 runtime, etc.), it exited with status 0. systemd's Restart=on-failure only restarts on non-zero exit, so the gateway stayed dead permanently. Users had to manually restart. Fix 1: Signal-initiated shutdown exits non-zero When SIGTERM/SIGINT is received and no restart was requested (via /restart, /update, or SIGUSR1), start_gateway() returns False which causes sys.exit(1). systemd sees a failure exit and auto-restarts after RestartSec=30. This is safe because systemctl stop tracks its own stop-requested state independently of exit code — Restart= never fires for a deliberate stop, regardless of exit code. Also logs 'Received SIGTERM/SIGINT — initiating shutdown' so the cause of unexpected shutdowns is visible in agent.log. Fix 2: PID file ownership guard remove_pid_file() now checks that the PID file belongs to the current process before removing it. During --replace handoffs, the old process's atexit handler could fire AFTER the new process wrote its PID file, deleting the new record. This left the gateway running but invisible to get_running_pid(), causing 'Another gateway already running' errors on next restart. Test plan: - All restart drain tests pass (13) - All gateway service tests pass (84) - All update gateway restart tests pass (34) --- gateway/run.py | 25 +++++++++++++++++++++++++ gateway/status.py | 20 ++++++++++++++++++-- 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/gateway/run.py b/gateway/run.py index 0cdfb7146..da3560cf7 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -9261,8 +9261,18 @@ async def start_gateway(config: Optional[GatewayConfig] = None, replace: bool = runner = GatewayRunner(config) + # Track whether a signal initiated the shutdown (vs. internal request). + # When an unexpected SIGTERM kills the gateway, we exit non-zero so + # systemd's Restart=on-failure revives the process. systemctl stop + # is safe: systemd tracks stop-requested state independently of exit + # code, so Restart= never fires for a deliberate stop. + _signal_initiated_shutdown = False + # Set up signal handlers def shutdown_signal_handler(): + nonlocal _signal_initiated_shutdown + _signal_initiated_shutdown = True + logger.info("Received SIGTERM/SIGINT — initiating shutdown") asyncio.create_task(runner.stop()) def restart_signal_handler(): @@ -9332,6 +9342,21 @@ async def start_gateway(config: Optional[GatewayConfig] = None, replace: bool = if runner.exit_code is not None: raise SystemExit(runner.exit_code) + # When a signal (SIGTERM/SIGINT) caused the shutdown and it wasn't a + # planned restart (/restart, /update, SIGUSR1), exit non-zero so + # systemd's Restart=on-failure revives the process. This covers: + # - hermes update killing the gateway mid-work + # - External kill commands + # - WSL2/container runtime sending unexpected signals + # systemctl stop is safe: systemd tracks "stop requested" state + # independently of exit code, so Restart= never fires for it. + if _signal_initiated_shutdown and not runner._restart_requested: + logger.info( + "Exiting with code 1 (signal-initiated shutdown without restart " + "request) so systemd Restart=on-failure can revive the gateway." + ) + return False # → sys.exit(1) in the caller + return True diff --git a/gateway/status.py b/gateway/status.py index a801cfe5b..becf9e8cb 100644 --- a/gateway/status.py +++ b/gateway/status.py @@ -266,9 +266,25 @@ def read_runtime_status() -> Optional[dict[str, Any]]: def remove_pid_file() -> None: - """Remove the gateway PID file if it exists.""" + """Remove the gateway PID file, but only if it belongs to this process. + + During --replace handoffs, the old process's atexit handler can fire AFTER + the new process has written its own PID file. Blindly removing the file + would delete the new process's record, leaving the gateway running with no + PID file (invisible to ``get_running_pid()``). + """ try: - _get_pid_path().unlink(missing_ok=True) + path = _get_pid_path() + record = _read_json_file(path) + if record is not None: + try: + file_pid = int(record["pid"]) + except (KeyError, TypeError, ValueError): + file_pid = None + if file_pid is not None and file_pid != os.getpid(): + # PID file belongs to a different process — leave it alone. + return + path.unlink(missing_ok=True) except Exception: pass From 45595f4805d1674f9b29a79544f1dbac9c0665a1 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Tue, 14 Apr 2026 05:17:17 +0000 Subject: [PATCH 33/41] feat(dashboard): add HTTP health probe for cross-container gateway detection The dashboard's gateway status detection relied solely on local PID checks (os.kill + /proc), which fails when the gateway runs in a separate container. Changes: - web_server.py: Add _probe_gateway_health() that queries the gateway's HTTP /health/detailed endpoint when the local PID check fails. Activated by setting the GATEWAY_HEALTH_URL env var (e.g. http://gateway:8642/health). Falls back to standard PID check when the env var is not set. - api_server.py: Add GET /health/detailed endpoint that returns full gateway state (platforms, gateway_state, active_agents, pid, etc.) without auth. The existing GET /health remains unchanged for backwards compatibility. - StatusPage.tsx: Handle the case where gateway_pid is null but the gateway is running remotely, displaying 'Running (remote)' instead of 'PID null'. Environment variables: - GATEWAY_HEALTH_URL: URL of the gateway health endpoint (e.g. http://gateway-container:8642/health). Unset = local PID check only. - GATEWAY_HEALTH_TIMEOUT: Probe timeout in seconds (default: 3). --- gateway/platforms/api_server.py | 23 +++++++++++++++ hermes_cli/web_server.py | 50 +++++++++++++++++++++++++++++++++ web/src/i18n/en.ts | 1 + web/src/i18n/types.ts | 1 + web/src/i18n/zh.ts | 1 + web/src/pages/StatusPage.tsx | 3 +- 6 files changed, 78 insertions(+), 1 deletion(-) diff --git a/gateway/platforms/api_server.py b/gateway/platforms/api_server.py index 9a4990465..2077c9c85 100644 --- a/gateway/platforms/api_server.py +++ b/gateway/platforms/api_server.py @@ -10,6 +10,7 @@ Exposes an HTTP server with endpoints: - POST /v1/runs — start a run, returns run_id immediately (202) - GET /v1/runs/{run_id}/events — SSE stream of structured lifecycle events - GET /health — health check +- GET /health/detailed — rich status for cross-container dashboard probing Any OpenAI-compatible frontend (Open WebUI, LobeChat, LibreChat, AnythingLLM, NextChat, ChatBox, etc.) can connect to hermes-agent @@ -565,6 +566,27 @@ class APIServerAdapter(BasePlatformAdapter): """GET /health — simple health check.""" return web.json_response({"status": "ok", "platform": "hermes-agent"}) + async def _handle_health_detailed(self, request: "web.Request") -> "web.Response": + """GET /health/detailed — rich status for cross-container dashboard probing. + + Returns gateway state, connected platforms, PID, and uptime so the + dashboard can display full status without needing a shared PID file or + /proc access. No authentication required. + """ + from gateway.status import read_runtime_status + + runtime = read_runtime_status() or {} + return web.json_response({ + "status": "ok", + "platform": "hermes-agent", + "gateway_state": runtime.get("gateway_state"), + "platforms": runtime.get("platforms", {}), + "active_agents": runtime.get("active_agents", 0), + "exit_reason": runtime.get("exit_reason"), + "updated_at": runtime.get("updated_at"), + "pid": os.getpid(), + }) + async def _handle_models(self, request: "web.Request") -> "web.Response": """GET /v1/models — return hermes-agent as an available model.""" auth_err = self._check_auth(request) @@ -1783,6 +1805,7 @@ class APIServerAdapter(BasePlatformAdapter): self._app = web.Application(middlewares=mws) self._app["api_server_adapter"] = self self._app.router.add_get("/health", self._handle_health) + self._app.router.add_get("/health/detailed", self._handle_health_detailed) self._app.router.add_get("/v1/health", self._handle_health) self._app.router.add_get("/v1/models", self._handle_models) self._app.router.add_post("/v1/chat/completions", self._handle_chat_completions) diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py index 09eb697d1..3935f8091 100644 --- a/hermes_cli/web_server.py +++ b/hermes_cli/web_server.py @@ -13,6 +13,7 @@ import asyncio import hmac import json import logging +import os import secrets import sys import threading @@ -319,12 +320,56 @@ class EnvVarReveal(BaseModel): key: str +_GATEWAY_HEALTH_URL = os.getenv("GATEWAY_HEALTH_URL") +_GATEWAY_HEALTH_TIMEOUT = float(os.getenv("GATEWAY_HEALTH_TIMEOUT", "3")) + + +def _probe_gateway_health() -> tuple[bool, dict | None]: + """Probe the gateway via its HTTP health endpoint (cross-container). + + Uses ``/health/detailed`` first (returns full state), falling back to + the simpler ``/health`` endpoint. Returns ``(is_alive, body_dict)``. + + This is a **blocking** call — run via ``run_in_executor`` from async code. + """ + if not _GATEWAY_HEALTH_URL: + return False, None + + base = _GATEWAY_HEALTH_URL.rstrip("/") + for path in (f"{base}/detailed", base): + try: + req = urllib.request.Request(path, method="GET") + with urllib.request.urlopen(req, timeout=_GATEWAY_HEALTH_TIMEOUT) as resp: + if resp.status == 200: + body = json.loads(resp.read()) + return True, body + except Exception: + continue + return False, None + + @app.get("/api/status") async def get_status(): current_ver, latest_ver = check_config_version() + # --- Gateway liveness detection --- + # Try local PID check first (same-host). If that fails and a remote + # GATEWAY_HEALTH_URL is configured, probe the gateway over HTTP so the + # dashboard works when the gateway runs in a separate container. gateway_pid = get_running_pid() gateway_running = gateway_pid is not None + remote_health_body: dict | None = None + + if not gateway_running and _GATEWAY_HEALTH_URL: + loop = asyncio.get_event_loop() + alive, remote_health_body = await loop.run_in_executor( + None, _probe_gateway_health + ) + if alive: + gateway_running = True + # PID from the remote container (display only — not locally valid) + if remote_health_body: + gateway_pid = remote_health_body.get("pid") gateway_state = None gateway_platforms: dict = {} @@ -341,7 +386,12 @@ async def get_status(): except Exception: configured_gateway_platforms = None + # Prefer the detailed health endpoint response (has full state) when the + # local runtime status file is absent or stale (cross-container). runtime = read_runtime_status() + if runtime is None and remote_health_body and remote_health_body.get("gateway_state"): + runtime = remote_health_body + if runtime: gateway_state = runtime.get("gateway_state") gateway_platforms = runtime.get("platforms") or {} diff --git a/web/src/i18n/en.ts b/web/src/i18n/en.ts index 1e77090d0..3bf693f21 100644 --- a/web/src/i18n/en.ts +++ b/web/src/i18n/en.ts @@ -80,6 +80,7 @@ export const en: Translations = { notRunning: "Not running", startFailed: "Start failed", pid: "PID", + runningRemote: "Running (remote)", noneRunning: "None", gatewayFailedToStart: "Gateway failed to start", lastUpdate: "Last update", diff --git a/web/src/i18n/types.ts b/web/src/i18n/types.ts index 6a7341ebe..34813c68f 100644 --- a/web/src/i18n/types.ts +++ b/web/src/i18n/types.ts @@ -83,6 +83,7 @@ export interface Translations { notRunning: string; startFailed: string; pid: string; + runningRemote: string; noneRunning: string; gatewayFailedToStart: string; lastUpdate: string; diff --git a/web/src/i18n/zh.ts b/web/src/i18n/zh.ts index 66f506935..18cb3ee38 100644 --- a/web/src/i18n/zh.ts +++ b/web/src/i18n/zh.ts @@ -80,6 +80,7 @@ export const zh: Translations = { notRunning: "未运行", startFailed: "启动失败", pid: "进程", + runningRemote: "运行中(远程)", noneRunning: "无", gatewayFailedToStart: "网关启动失败", lastUpdate: "最后更新", diff --git a/web/src/pages/StatusPage.tsx b/web/src/pages/StatusPage.tsx index 63b8f765c..0b71d2c96 100644 --- a/web/src/pages/StatusPage.tsx +++ b/web/src/pages/StatusPage.tsx @@ -53,7 +53,8 @@ export default function StatusPage() { }; function gatewayValue(): string { - if (status!.gateway_running) return `${t.status.pid} ${status!.gateway_pid}`; + if (status!.gateway_running && status!.gateway_pid) return `${t.status.pid} ${status!.gateway_pid}`; + if (status!.gateway_running) return t.status.runningRemote; if (status!.gateway_state === "startup_failed") return t.status.startFailed; return t.status.notRunning; } From 6ed682f111717925f57621eb41d8c0c935f9c2e2 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Tue, 14 Apr 2026 06:29:59 +0000 Subject: [PATCH 34/41] fix: normalise GATEWAY_HEALTH_URL to base URL before probing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The probe was appending '/detailed' to whatever URL was provided, so GATEWAY_HEALTH_URL=http://host:8642 would try /8642/detailed and /8642 — neither of which are valid routes. Now strips any trailing /health or /health/detailed from the env var and always probes {base}/health/detailed then {base}/health. Accepts bare base URL, /health, or /health/detailed forms. --- hermes_cli/web_server.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py index 3935f8091..d736c61fd 100644 --- a/hermes_cli/web_server.py +++ b/hermes_cli/web_server.py @@ -330,13 +330,25 @@ def _probe_gateway_health() -> tuple[bool, dict | None]: Uses ``/health/detailed`` first (returns full state), falling back to the simpler ``/health`` endpoint. Returns ``(is_alive, body_dict)``. + Accepts any of these as ``GATEWAY_HEALTH_URL``: + - ``http://gateway:8642`` (base URL — recommended) + - ``http://gateway:8642/health`` (explicit health path) + - ``http://gateway:8642/health/detailed`` (explicit detailed path) + This is a **blocking** call — run via ``run_in_executor`` from async code. """ if not _GATEWAY_HEALTH_URL: return False, None + # Normalise to base URL so we always probe the right paths regardless of + # whether the user included /health or /health/detailed in the env var. base = _GATEWAY_HEALTH_URL.rstrip("/") - for path in (f"{base}/detailed", base): + if base.endswith("/health/detailed"): + base = base[: -len("/health/detailed")] + elif base.endswith("/health"): + base = base[: -len("/health")] + + for path in (f"{base}/health/detailed", f"{base}/health"): try: req = urllib.request.Request(path, method="GET") with urllib.request.urlopen(req, timeout=_GATEWAY_HEALTH_TIMEOUT) as resp: From 673acf22aeb708122a17af6cac4f0c65c4d25f2c Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Tue, 14 Apr 2026 22:01:02 +0000 Subject: [PATCH 35/41] fix: override stale 'stopped' state when health probe confirms gateway alive When the gateway responds to the health probe but the local gateway_state.json has a stale 'stopped' state (common in cross-container setups where the file was written before the gateway restarted), the dashboard would show 'Running (remote)' but with a 'Stopped' badge. Now if the HTTP probe succeeded (remote_health_body is not None) and gateway_state is 'stopped' or None, override it to 'running'. Also handles the no-shared-volume case where runtime is None entirely. --- hermes_cli/web_server.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hermes_cli/web_server.py b/hermes_cli/web_server.py index d736c61fd..22265faa5 100644 --- a/hermes_cli/web_server.py +++ b/hermes_cli/web_server.py @@ -418,6 +418,17 @@ async def get_status(): if not gateway_running: gateway_state = gateway_state if gateway_state in ("stopped", "startup_failed") else "stopped" gateway_platforms = {} + elif gateway_running and remote_health_body is not None: + # The health probe confirmed the gateway is alive, but the local + # runtime status file may be stale (cross-container). Override + # stopped/None state so the dashboard shows the correct badge. + if gateway_state in (None, "stopped"): + gateway_state = "running" + + # If there was no runtime info at all but the health probe confirmed alive, + # ensure we still report the gateway as running (no shared volume scenario). + if gateway_running and gateway_state is None and remote_health_body is not None: + gateway_state = "running" active_sessions = 0 try: From 139a5e37a47972730f9d716ef9d96f42b32a21c3 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Tue, 14 Apr 2026 22:08:21 +0000 Subject: [PATCH 36/41] docs(docker): add dashboard section, expose API port, update Compose example - Running in gateway mode: expose port 8642 for the API server and health endpoint, with a note on when it's needed. - New 'Running the dashboard' section: docker run command with GATEWAY_HEALTH_URL and env var reference table. - Docker Compose example: updated to include both gateway and dashboard services with internal network connectivity (hermes-net), so the dashboard probes the gateway via http://hermes:8642. - Concurrent access warning: clarified that running a read-only dashboard alongside the gateway is safe. --- website/docs/user-guide/docker.md | 66 +++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 4 deletions(-) diff --git a/website/docs/user-guide/docker.md b/website/docs/user-guide/docker.md index 851cea37e..c780223b5 100644 --- a/website/docs/user-guide/docker.md +++ b/website/docs/user-guide/docker.md @@ -35,9 +35,39 @@ docker run -d \ --name hermes \ --restart unless-stopped \ -v ~/.hermes:/opt/data \ + -p 8642:8642 \ nousresearch/hermes-agent gateway run ``` +Port 8642 exposes the gateway's [OpenAI-compatible API server](./api-server.md) and health endpoint. It's optional if you only use chat platforms (Telegram, Discord, etc.), but required if you want the dashboard or external tools to reach the gateway. + +Opening any port on an internet facing machine is a security risk. You should not do it unless you understand the risks. + +## Running the dashboard + +The built-in web dashboard can run alongside the gateway as a separate container. + +To run the dashboard as its own container, point it at the gateway's health endpoint so it can detect gateway status across containers: + +```sh +docker run -d \ + --name hermes-dashboard \ + --restart unless-stopped \ + -v ~/.hermes:/opt/data \ + -p 9119:9119 \ + -e GATEWAY_HEALTH_URL=http://$HOST_IP:8642 \ + nousresearch/hermes-agent dashboard +``` + +Replace `$HOST_IP` with the IP address of the machine running the gateway container (e.g. `192.168.1.100`), or use a Docker network hostname if both containers share a network (see the [Compose example](#docker-compose-example) below). + +| Environment variable | Description | Default | +|---------------------|-------------|---------| +| `GATEWAY_HEALTH_URL` | Base URL of the gateway's API server, e.g. `http://gateway:8642` | *(unset — local PID check only)* | +| `GATEWAY_HEALTH_TIMEOUT` | Health probe timeout in seconds | `3` | + +Without `GATEWAY_HEALTH_URL`, the dashboard falls back to local process detection — which only works when the gateway runs in the same container or on the same host. + ## Running interactively (CLI chat) To open an interactive chat session against a running data directory: @@ -66,7 +96,7 @@ The `/opt/data` volume is the single source of truth for all Hermes state. It ma | `skins/` | Custom CLI skins | :::warning -Never run two Hermes containers against the same data directory simultaneously — session files and memory stores are not designed for concurrent access. +Never run two Hermes **gateway** containers against the same data directory simultaneously — session files and memory stores are not designed for concurrent write access. Running a dashboard container alongside the gateway is safe since the dashboard only reads data. ::: ## Environment variable forwarding @@ -85,18 +115,21 @@ Direct `-e` flags override values from `.env`. This is useful for CI/CD or secre ## Docker Compose example -For persistent gateway deployment, a `docker-compose.yaml` is convenient: +For persistent deployment with both the gateway and dashboard, a `docker-compose.yaml` is convenient: ```yaml -version: "3.8" services: hermes: image: nousresearch/hermes-agent:latest container_name: hermes restart: unless-stopped command: gateway run + ports: + - "8642:8642" volumes: - ~/.hermes:/opt/data + networks: + - hermes-net # Uncomment to forward specific env vars instead of using .env file: # environment: # - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY} @@ -107,9 +140,34 @@ services: limits: memory: 4G cpus: "2.0" + + dashboard: + image: nousresearch/hermes-agent:latest + container_name: hermes-dashboard + restart: unless-stopped + command: dashboard --host 0.0.0.0 + ports: + - "9119:9119" + volumes: + - ~/.hermes:/opt/data + environment: + - GATEWAY_HEALTH_URL=http://hermes:8642 + networks: + - hermes-net + depends_on: + - hermes + deploy: + resources: + limits: + memory: 512M + cpus: "0.5" + +networks: + hermes-net: + driver: bridge ``` -Start with `docker compose up -d` and view logs with `docker compose logs -f hermes`. +Start with `docker compose up -d` and view logs with `docker compose logs -f`. ## Resource limits From 353b5bacbda4317e527a66c9144cb2052695072f Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 15:39:35 -0700 Subject: [PATCH 37/41] test: add tests for /health/detailed endpoint and gateway health probe - TestHealthDetailedEndpoint: 3 tests for the new API server endpoint (returns runtime data, handles missing status, no auth required) - TestProbeGatewayHealth: 5 tests for _probe_gateway_health() (URL normalization, successful/failed probes, fallback chain) - TestStatusRemoteGateway: 4 tests for /api/status remote fallback (remote probe triggers, skipped when local PID found, null PID handling) --- tests/gateway/test_api_server.py | 53 ++++++++ tests/hermes_cli/test_web_server.py | 192 ++++++++++++++++++++++++++++ 2 files changed, 245 insertions(+) diff --git a/tests/gateway/test_api_server.py b/tests/gateway/test_api_server.py index 2be01fc2d..be1fc63bf 100644 --- a/tests/gateway/test_api_server.py +++ b/tests/gateway/test_api_server.py @@ -220,6 +220,7 @@ def _create_app(adapter: APIServerAdapter) -> web.Application: app = web.Application(middlewares=mws) app["api_server_adapter"] = adapter app.router.add_get("/health", adapter._handle_health) + app.router.add_get("/health/detailed", adapter._handle_health_detailed) app.router.add_get("/v1/health", adapter._handle_health) app.router.add_get("/v1/models", adapter._handle_models) app.router.add_post("/v1/chat/completions", adapter._handle_chat_completions) @@ -277,6 +278,58 @@ class TestHealthEndpoint: assert data["platform"] == "hermes-agent" +# --------------------------------------------------------------------------- +# /health/detailed endpoint +# --------------------------------------------------------------------------- + + +class TestHealthDetailedEndpoint: + @pytest.mark.asyncio + async def test_health_detailed_returns_ok(self, adapter): + """GET /health/detailed returns status, platform, and runtime fields.""" + app = _create_app(adapter) + with patch("gateway.status.read_runtime_status", return_value={ + "gateway_state": "running", + "platforms": {"telegram": {"state": "connected"}}, + "active_agents": 2, + "exit_reason": None, + "updated_at": "2026-04-14T00:00:00Z", + }): + async with TestClient(TestServer(app)) as cli: + resp = await cli.get("/health/detailed") + assert resp.status == 200 + data = await resp.json() + assert data["status"] == "ok" + assert data["platform"] == "hermes-agent" + assert data["gateway_state"] == "running" + assert data["platforms"] == {"telegram": {"state": "connected"}} + assert data["active_agents"] == 2 + assert isinstance(data["pid"], int) + assert "updated_at" in data + + @pytest.mark.asyncio + async def test_health_detailed_no_runtime_status(self, adapter): + """When gateway_state.json is missing, fields are None.""" + app = _create_app(adapter) + with patch("gateway.status.read_runtime_status", return_value=None): + async with TestClient(TestServer(app)) as cli: + resp = await cli.get("/health/detailed") + assert resp.status == 200 + data = await resp.json() + assert data["status"] == "ok" + assert data["gateway_state"] is None + assert data["platforms"] == {} + + @pytest.mark.asyncio + async def test_health_detailed_does_not_require_auth(self, auth_adapter): + """Health detailed endpoint should be accessible without auth, like /health.""" + app = _create_app(auth_adapter) + with patch("gateway.status.read_runtime_status", return_value=None): + async with TestClient(TestServer(app)) as cli: + resp = await cli.get("/health/detailed") + assert resp.status == 200 + + # --------------------------------------------------------------------------- # /v1/models endpoint # --------------------------------------------------------------------------- diff --git a/tests/hermes_cli/test_web_server.py b/tests/hermes_cli/test_web_server.py index ebcb2c95c..365e3d0fe 100644 --- a/tests/hermes_cli/test_web_server.py +++ b/tests/hermes_cli/test_web_server.py @@ -984,3 +984,195 @@ class TestModelInfoEndpoint: assert resp.status_code == 200 data = resp.json() assert data["auto_context_length"] == 0 + + +# --------------------------------------------------------------------------- +# Gateway health probe tests +# --------------------------------------------------------------------------- + + +class TestProbeGatewayHealth: + """Tests for _probe_gateway_health() — cross-container gateway detection.""" + + def test_returns_false_when_no_url_configured(self, monkeypatch): + """When GATEWAY_HEALTH_URL is unset, the probe returns (False, None).""" + import hermes_cli.web_server as ws + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", None) + alive, body = ws._probe_gateway_health() + assert alive is False + assert body is None + + def test_normalizes_url_with_health_suffix(self, monkeypatch): + """If the user sets the URL to include /health, it's stripped to base.""" + import hermes_cli.web_server as ws + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", "http://gw:8642/health") + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_TIMEOUT", 1) + # Both paths should fail (no server), but we verify they were constructed + # correctly by checking the URLs attempted. + calls = [] + original_urlopen = ws.urllib.request.urlopen + + def mock_urlopen(req, **kwargs): + calls.append(req.full_url) + raise ConnectionError("mock") + + monkeypatch.setattr(ws.urllib.request, "urlopen", mock_urlopen) + alive, body = ws._probe_gateway_health() + assert alive is False + assert "http://gw:8642/health/detailed" in calls + assert "http://gw:8642/health" in calls + + def test_normalizes_url_with_health_detailed_suffix(self, monkeypatch): + """If the user sets the URL to include /health/detailed, it's stripped to base.""" + import hermes_cli.web_server as ws + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", "http://gw:8642/health/detailed") + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_TIMEOUT", 1) + calls = [] + + def mock_urlopen(req, **kwargs): + calls.append(req.full_url) + raise ConnectionError("mock") + + monkeypatch.setattr(ws.urllib.request, "urlopen", mock_urlopen) + ws._probe_gateway_health() + assert "http://gw:8642/health/detailed" in calls + assert "http://gw:8642/health" in calls + + def test_successful_detailed_probe(self, monkeypatch): + """Successful /health/detailed probe returns (True, body_dict).""" + import hermes_cli.web_server as ws + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", "http://gw:8642") + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_TIMEOUT", 1) + + response_body = json.dumps({ + "status": "ok", + "gateway_state": "running", + "pid": 42, + }) + + mock_resp = MagicMock() + mock_resp.status = 200 + mock_resp.read.return_value = response_body.encode() + mock_resp.__enter__ = MagicMock(return_value=mock_resp) + mock_resp.__exit__ = MagicMock(return_value=False) + + monkeypatch.setattr(ws.urllib.request, "urlopen", lambda req, **kw: mock_resp) + alive, body = ws._probe_gateway_health() + assert alive is True + assert body["status"] == "ok" + assert body["pid"] == 42 + + def test_detailed_fails_falls_back_to_simple_health(self, monkeypatch): + """If /health/detailed fails, falls back to /health.""" + import hermes_cli.web_server as ws + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", "http://gw:8642") + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_TIMEOUT", 1) + + call_count = [0] + + def mock_urlopen(req, **kwargs): + call_count[0] += 1 + if call_count[0] == 1: + raise ConnectionError("detailed failed") + mock_resp = MagicMock() + mock_resp.status = 200 + mock_resp.read.return_value = json.dumps({"status": "ok"}).encode() + mock_resp.__enter__ = MagicMock(return_value=mock_resp) + mock_resp.__exit__ = MagicMock(return_value=False) + return mock_resp + + monkeypatch.setattr(ws.urllib.request, "urlopen", mock_urlopen) + alive, body = ws._probe_gateway_health() + assert alive is True + assert body["status"] == "ok" + assert call_count[0] == 2 + + +class TestStatusRemoteGateway: + """Tests for /api/status with remote gateway health fallback.""" + + @pytest.fixture(autouse=True) + def _setup_test_client(self): + try: + from starlette.testclient import TestClient + except ImportError: + pytest.skip("fastapi/starlette not installed") + + from hermes_cli.web_server import app, _SESSION_TOKEN + self.client = TestClient(app) + self.client.headers["Authorization"] = f"Bearer {_SESSION_TOKEN}" + + def test_status_falls_back_to_remote_probe(self, monkeypatch): + """When local PID check fails and remote probe succeeds, gateway shows running.""" + import hermes_cli.web_server as ws + + monkeypatch.setattr(ws, "get_running_pid", lambda: None) + monkeypatch.setattr(ws, "read_runtime_status", lambda: None) + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", "http://gw:8642") + monkeypatch.setattr(ws, "_probe_gateway_health", lambda: (True, { + "status": "ok", + "gateway_state": "running", + "platforms": {"telegram": {"state": "connected"}}, + "pid": 999, + })) + + resp = self.client.get("/api/status") + assert resp.status_code == 200 + data = resp.json() + assert data["gateway_running"] is True + assert data["gateway_pid"] == 999 + assert data["gateway_state"] == "running" + + def test_status_remote_probe_not_attempted_when_local_pid_found(self, monkeypatch): + """When local PID check succeeds, the remote probe is never called.""" + import hermes_cli.web_server as ws + + monkeypatch.setattr(ws, "get_running_pid", lambda: 1234) + monkeypatch.setattr(ws, "read_runtime_status", lambda: { + "gateway_state": "running", + "platforms": {}, + }) + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", "http://gw:8642") + probe_called = [False] + original = ws._probe_gateway_health + + def track_probe(): + probe_called[0] = True + return original() + + monkeypatch.setattr(ws, "_probe_gateway_health", track_probe) + + resp = self.client.get("/api/status") + assert resp.status_code == 200 + assert not probe_called[0] + + def test_status_remote_probe_not_attempted_when_no_url(self, monkeypatch): + """When GATEWAY_HEALTH_URL is unset, no probe is attempted.""" + import hermes_cli.web_server as ws + + monkeypatch.setattr(ws, "get_running_pid", lambda: None) + monkeypatch.setattr(ws, "read_runtime_status", lambda: None) + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", None) + + resp = self.client.get("/api/status") + assert resp.status_code == 200 + data = resp.json() + assert data["gateway_running"] is False + + def test_status_remote_running_null_pid(self, monkeypatch): + """Remote gateway running but PID not in response — pid should be None.""" + import hermes_cli.web_server as ws + + monkeypatch.setattr(ws, "get_running_pid", lambda: None) + monkeypatch.setattr(ws, "read_runtime_status", lambda: None) + monkeypatch.setattr(ws, "_GATEWAY_HEALTH_URL", "http://gw:8642") + monkeypatch.setattr(ws, "_probe_gateway_health", lambda: (True, { + "status": "ok", + })) + + resp = self.client.get("/api/status") + assert resp.status_code == 200 + data = resp.json() + assert data["gateway_running"] is True + assert data["gateway_pid"] is None + assert data["gateway_state"] == "running" From 1525624904159e7c2d6ac3feef951e27ad0d23bb Mon Sep 17 00:00:00 2001 From: Teknium Date: Tue, 14 Apr 2026 15:41:58 -0700 Subject: [PATCH 38/41] fix: block agent from self-destructing gateway via terminal (#6666) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add dangerous command patterns that require approval when the agent tries to run gateway lifecycle commands via the terminal tool: - hermes gateway stop/restart — kills all running agents mid-work - hermes update — pulls code and restarts the gateway - systemctl restart/stop (with optional flags like --user) These patterns fire the approval prompt so the user must explicitly approve before the agent can kill its own gateway process. In YOLO mode, the commands run without approval (by design — YOLO means the user accepts all risks). Also fixes the existing systemctl pattern to handle flags between the command and action (e.g. 'systemctl --user restart' was previously undetected because the regex expected the action immediately after 'systemctl'). Root cause: issue #6666 reported agents running 'hermes gateway restart' via terminal, killing the gateway process mid-agent-loop. The user sees the agent suddenly stop responding with no explanation. Combined with the SIGTERM auto-recovery from PR #9875, the gateway now both prevents accidental self-destruction AND recovers if it happens anyway. Test plan: - Updated test_systemctl_restart_not_flagged → test_systemctl_restart_flagged - All 119 approval tests pass - E2E verified: hermes gateway restart, hermes update, systemctl --user restart all detected; hermes gateway status, systemctl status remain safe --- tests/tools/test_approval.py | 7 ++++--- tools/approval.py | 7 ++++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/tools/test_approval.py b/tests/tools/test_approval.py index bbd11cd45..661b86bf3 100644 --- a/tests/tools/test_approval.py +++ b/tests/tools/test_approval.py @@ -550,11 +550,12 @@ class TestGatewayProtection: dangerous, key, desc = detect_dangerous_command(cmd) assert dangerous is False - def test_systemctl_restart_not_flagged(self): - """Using systemctl to manage the gateway is the correct approach.""" + def test_systemctl_restart_flagged(self): + """systemctl restart kills running agents and should require approval.""" cmd = "systemctl --user restart hermes-gateway" dangerous, key, desc = detect_dangerous_command(cmd) - assert dangerous is False + assert dangerous is True + assert "stop/restart" in desc def test_pkill_hermes_detected(self): """pkill targeting hermes/gateway processes must be caught.""" diff --git a/tools/approval.py b/tools/approval.py index 3e9ccdf75..d2d50a19a 100644 --- a/tools/approval.py +++ b/tools/approval.py @@ -87,7 +87,7 @@ DANGEROUS_PATTERNS = [ (r'\bDELETE\s+FROM\b(?!.*\bWHERE\b)', "SQL DELETE without WHERE"), (r'\bTRUNCATE\s+(TABLE)?\s*\w', "SQL TRUNCATE"), (r'>\s*/etc/', "overwrite system config"), - (r'\bsystemctl\s+(stop|disable|mask)\b', "stop/disable system service"), + (r'\bsystemctl\s+(-[^\s]+\s+)*(stop|restart|disable|mask)\b', "stop/restart system service"), (r'\bkill\s+-9\s+-1\b', "kill all processes"), (r'\bpkill\s+-9\b', "force kill processes"), (r':\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:', "fork bomb"), @@ -101,6 +101,11 @@ DANGEROUS_PATTERNS = [ (r'\bxargs\s+.*\brm\b', "xargs with rm"), (r'\bfind\b.*-exec\s+(/\S*/)?rm\b', "find -exec rm"), (r'\bfind\b.*-delete\b', "find -delete"), + # Gateway lifecycle protection: prevent the agent from killing its own + # gateway process. These commands trigger a gateway restart/stop that + # terminates all running agents mid-work. + (r'\bhermes\s+gateway\s+(stop|restart)\b', "stop/restart hermes gateway (kills running agents)"), + (r'\bhermes\s+update\b', "hermes update (restarts gateway, kills running agents)"), # Gateway protection: never start gateway outside systemd management (r'gateway\s+run\b.*(&\s*$|&\s*;|\bdisown\b|\bsetsid\b)', "start gateway outside systemd (use 'systemctl --user restart hermes-gateway')"), (r'\bnohup\b.*gateway\s+run\b', "start gateway outside systemd (use 'systemctl --user restart hermes-gateway')"), From 55ce76b37285ea2e86f3c4529f0c688143e6b02e Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Tue, 14 Apr 2026 16:10:18 -0700 Subject: [PATCH 39/41] feat: add architecture-diagram skill (Cocoon AI port) (#9906) Port of Cocoon AI's architecture-diagram-generator (MIT) as a Hermes skill. Generates professional dark-themed system architecture diagrams as standalone HTML/SVG files. Self-contained output, no dependencies. - SKILL.md with design system specs, color palette, layout rules - HTML template with all component types, arrow styles, legend examples - Fits alongside excalidraw in creative/ category Source: https://github.com/Cocoon-AI/architecture-diagram-generator --- skills/creative/architecture-diagram/SKILL.md | 129 +++++++ .../templates/template.html | 319 ++++++++++++++++++ 2 files changed, 448 insertions(+) create mode 100644 skills/creative/architecture-diagram/SKILL.md create mode 100644 skills/creative/architecture-diagram/templates/template.html diff --git a/skills/creative/architecture-diagram/SKILL.md b/skills/creative/architecture-diagram/SKILL.md new file mode 100644 index 000000000..aa95b76ea --- /dev/null +++ b/skills/creative/architecture-diagram/SKILL.md @@ -0,0 +1,129 @@ +--- +name: architecture-diagram +description: Generate professional dark-themed system architecture diagrams as standalone HTML/SVG files. Self-contained output with no external dependencies. Based on Cocoon AI's architecture-diagram-generator (MIT). +version: 1.0.0 +author: Cocoon AI (hello@cocoon-ai.com), ported by Hermes Agent +license: MIT +dependencies: [] +metadata: + hermes: + tags: [architecture, diagrams, SVG, HTML, visualization, infrastructure, cloud] + related_skills: [excalidraw] +--- + +# Architecture Diagram Skill + +Generate professional, dark-themed technical architecture diagrams as standalone HTML files with inline SVG graphics. No external tools, no API keys, no rendering libraries — just write the HTML file and open it in a browser. + +Based on [Cocoon AI's architecture-diagram-generator](https://github.com/Cocoon-AI/architecture-diagram-generator) (MIT). + +## Workflow + +1. User describes their system architecture (components, connections, technologies) +2. Generate the HTML file following the design system below +3. Save with `write_file` to a `.html` file (e.g. `~/architecture-diagram.html`) +4. User opens in any browser — works offline, no dependencies + +### Output Location + +Save diagrams to a user-specified path, or default to the current working directory: +``` +./[project-name]-architecture.html +``` + +### Preview + +After saving, suggest the user open it: +```bash +# macOS +open ./my-architecture.html +# Linux +xdg-open ./my-architecture.html +``` + +## Design System & Visual Language + +### Color Palette (Semantic Mapping) + +Use specific `rgba` fills and hex strokes to categorize components: + +| Component Type | Fill (rgba) | Stroke (Hex) | +| :--- | :--- | :--- | +| **Frontend** | `rgba(8, 51, 68, 0.4)` | `#22d3ee` (cyan-400) | +| **Backend** | `rgba(6, 78, 59, 0.4)` | `#34d399` (emerald-400) | +| **Database** | `rgba(76, 29, 149, 0.4)` | `#a78bfa` (violet-400) | +| **AWS/Cloud** | `rgba(120, 53, 15, 0.3)` | `#fbbf24` (amber-400) | +| **Security** | `rgba(136, 19, 55, 0.4)` | `#fb7185` (rose-400) | +| **Message Bus** | `rgba(251, 146, 60, 0.3)` | `#fb923c` (orange-400) | +| **External** | `rgba(30, 41, 59, 0.5)` | `#94a3b8` (slate-400) | + +### Typography & Background +- **Font:** JetBrains Mono (Monospace), loaded from Google Fonts +- **Sizes:** 12px (Names), 9px (Sublabels), 8px (Annotations), 7px (Tiny labels) +- **Background:** Slate-950 (`#020617`) with a subtle 40px grid pattern + +```svg + + + + +``` + +## Technical Implementation Details + +### Component Rendering +Components are rounded rectangles (`rx="6"`) with 1.5px strokes. To prevent arrows from showing through semi-transparent fills, use a **double-rect masking technique**: +1. Draw an opaque background rect (`#0f172a`) +2. Draw the semi-transparent styled rect on top + +### Connection Rules +- **Z-Order:** Draw arrows *early* in the SVG (after the grid) so they render behind component boxes +- **Arrowheads:** Defined via SVG markers +- **Security Flows:** Use dashed lines in rose color (`#fb7185`) +- **Boundaries:** + - *Security Groups:* Dashed (`4,4`), rose color + - *Regions:* Large dashed (`8,4`), amber color, `rx="12"` + +### Spacing & Layout Logic +- **Standard Height:** 60px (Services); 80-120px (Large components) +- **Vertical Gap:** Minimum 40px between components +- **Message Buses:** Must be placed *in the gap* between services, not overlapping them +- **Legend Placement:** **CRITICAL.** Must be placed outside all boundary boxes. Calculate the lowest Y-coordinate of all boundaries and place the legend at least 20px below it. + +## Document Structure + +The generated HTML file follows a four-part layout: +1. **Header:** Title with a pulsing dot indicator and subtitle +2. **Main SVG:** The diagram contained within a rounded border card +3. **Summary Cards:** A grid of three cards below the diagram for high-level details +4. **Footer:** Minimal metadata + +### Info Card Pattern +```html +
+
+
+

Title

+
+
    +
  • • Item one
    • +
  • • Item two
    • +
+
+``` + +## Output Requirements +- **Single File:** One self-contained `.html` file +- **No External Dependencies:** All CSS and SVG must be inline (except Google Fonts) +- **No JavaScript:** Use pure CSS for any animations (like pulsing dots) +- **Compatibility:** Must render correctly in any modern web browser + +## Template Reference + +Load the full HTML template for the exact structure, CSS, and SVG component examples: + +``` +skill_view(name="architecture-diagram", file_path="templates/template.html") +``` + +The template contains working examples of every component type (frontend, backend, database, cloud, security), arrow styles (standard, dashed, curved), security groups, region boundaries, and the legend — use it as your structural reference when generating diagrams. diff --git a/skills/creative/architecture-diagram/templates/template.html b/skills/creative/architecture-diagram/templates/template.html new file mode 100644 index 000000000..f5b32fbe7 --- /dev/null +++ b/skills/creative/architecture-diagram/templates/template.html @@ -0,0 +1,319 @@ + + + + + + [PROJECT NAME] Architecture Diagram + + + + +
+ +
+
+
+

[PROJECT NAME] Architecture

+
+

[Subtitle description]

+
+ + +
+ + + + + + + + + + + + + + + + + + + Users + Browser/Mobile + + + + Auth Provider + OAuth 2.0 + + + + AWS Region: us-west-2 + + + + CloudFront + CDN + + + + S3 Buckets + • bucket-one + • bucket-two + • bucket-three + OAI Protected + + + + sg-name :port + + + + Load Balancer + HTTPS :443 + + + + API Server + FastAPI :8000 + + + + Database + PostgreSQL + + + + Frontend + React + TypeScript + Additional detail + More info + domain.example.com + + + + + + HTTPS + + + + + + + OAI + + + + + TLS + + + + JWT + PKCE + + + Legend + + + Frontend + + + Backend + + + Cloud Service + + + Database + + + Security + + + Auth Flow + + + Security Group + +
+ + +
+
+
+
+

Card Title 1

+
+
    +
  • • Item one
    • +
  • • Item two
    • +
  • • Item three
    • +
  • • Item four
    • +
+
+ +
+
+
+

Card Title 2

+
+
    +
  • • Item one
    • +
  • • Item two
    • +
  • • Item three
    • +
  • • Item four
    • +
+
+ +
+
+
+

Card Title 3

+
+
    +
  • • Item one
    • +
  • • Item two
    • +
  • • Item three
    • +
  • • Item four
    • +
+
+
+ + +

+ [Project Name] • [Additional metadata] +

+
+ + From 1e5e1e822bc7bbf2a9bdefe12384745dc8730c23 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Tue, 14 Apr 2026 16:11:37 -0700 Subject: [PATCH 40/41] fix: ESC cancels secret/sudo prompts, clearer skip messaging (#9902) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add ESC key binding (eager) for secret_state and sudo_state modal prompts — fires immediately, same behavior as Ctrl+C cancel - Update placeholder text: 'Enter to submit · ESC to skip' (was 'Enter to skip' which was confusing — Enter on empty looked like submitting nothing rather than intentionally skipping) - Update widget body text: 'ESC or Ctrl+C to skip' - Change feedback message from 'Secret entry cancelled' to 'Secret entry skipped' — more accurate for the action taken - getpass fallback prompt also updated for non-TUI mode --- cli.py | 24 +++++++++++++++++++++--- hermes_cli/callbacks.py | 6 +++--- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/cli.py b/cli.py index 970c98b06..ebc8b7637 100644 --- a/cli.py +++ b/cli.py @@ -8631,6 +8631,24 @@ class HermesCLI: self._should_exit = True event.app.exit() + _modal_prompt_active = Condition( + lambda: bool(self._secret_state or self._sudo_state) + ) + + @kb.add('escape', filter=_modal_prompt_active, eager=True) + def handle_escape_modal(event): + """ESC cancels active secret/sudo prompts.""" + if self._secret_state: + self._cancel_secret_capture() + event.app.current_buffer.reset() + event.app.invalidate() + return + if self._sudo_state: + self._sudo_state["response_queue"].put("") + self._sudo_state = None + event.app.invalidate() + return + @kb.add('c-z') def handle_ctrl_z(event): """Handle Ctrl+Z - suspend process to background (Unix only).""" @@ -8928,9 +8946,9 @@ class HermesCLI: if cli_ref._voice_processing: return "transcribing..." if cli_ref._sudo_state: - return "type password (hidden), Enter to skip" + return "type password (hidden), Enter to submit · ESC to skip" if cli_ref._secret_state: - return "type secret (hidden), Enter to skip" + return "type secret (hidden), Enter to submit · ESC to skip" if cli_ref._approval_state: return "" if cli_ref._clarify_freetext: @@ -9173,7 +9191,7 @@ class HermesCLI: prompt = state.get("prompt") or f"Enter value for {state.get('var_name', 'secret')}" metadata = state.get("metadata") or {} help_text = metadata.get("help") - body = 'Enter secret below (hidden), or press Enter to skip' + body = 'Enter secret below (hidden), ESC or Ctrl+C to skip' content_lines = [prompt, body] if help_text: content_lines.insert(1, str(help_text)) diff --git a/hermes_cli/callbacks.py b/hermes_cli/callbacks.py index 724e6e4c8..fa40eced5 100644 --- a/hermes_cli/callbacks.py +++ b/hermes_cli/callbacks.py @@ -75,12 +75,12 @@ def prompt_for_secret(cli, var_name: str, prompt: str, metadata=None) -> dict: if not hasattr(cli, "_secret_deadline"): cli._secret_deadline = 0 try: - value = getpass.getpass(f"{prompt} (hidden, Enter to skip): ") + value = getpass.getpass(f"{prompt} (hidden, ESC or empty Enter to skip): ") except (EOFError, KeyboardInterrupt): value = "" if not value: - cprint(f"\n{_DIM} ⏭ Secret entry cancelled{_RST}") + cprint(f"\n{_DIM} ⏭ Secret entry skipped{_RST}") return { "success": True, "reason": "cancelled", @@ -133,7 +133,7 @@ def prompt_for_secret(cli, var_name: str, prompt: str, metadata=None) -> dict: cli._app.invalidate() if not value: - cprint(f"\n{_DIM} ⏭ Secret entry cancelled{_RST}") + cprint(f"\n{_DIM} ⏭ Secret entry skipped{_RST}") return { "success": True, "reason": "cancelled", From 6448e1da23e938e5ef5672defc688777fbe5ef11 Mon Sep 17 00:00:00 2001 From: Teknium <127238744+teknium1@users.noreply.github.com> Date: Tue, 14 Apr 2026 16:26:01 -0700 Subject: [PATCH 41/41] feat(zai): add GLM-5V-Turbo support for coding plan (#9907) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add glm-5v-turbo to OpenRouter, Nous, and native Z.AI model lists - Add glm-5v context length entry (200K tokens) to model metadata - Update Z.AI endpoint probe to try multiple candidate models per endpoint (glm-5.1, glm-5v-turbo, glm-4.7) — fixes detection for newer coding plan accounts that lack older models - Add zai to _PROVIDER_VISION_MODELS so auxiliary vision tasks (vision_analyze, browser screenshots) route through 5v Fixes #9888 --- agent/auxiliary_client.py | 1 + hermes_cli/auth.py | 71 +++++++++++++++++++++------------------ hermes_cli/models.py | 3 ++ 3 files changed, 42 insertions(+), 33 deletions(-) diff --git a/agent/auxiliary_client.py b/agent/auxiliary_client.py index 49dea65f9..4d2331548 100644 --- a/agent/auxiliary_client.py +++ b/agent/auxiliary_client.py @@ -112,6 +112,7 @@ _API_KEY_PROVIDER_AUX_MODELS: Dict[str, str] = { # "exotic provider" branch checks this before falling back to the main model. _PROVIDER_VISION_MODELS: Dict[str, str] = { "xiaomi": "mimo-v2-omni", + "zai": "glm-5v-turbo", } # OpenRouter app attribution headers diff --git a/hermes_cli/auth.py b/hermes_cli/auth.py index e63a1ebb6..636416a97 100644 --- a/hermes_cli/auth.py +++ b/hermes_cli/auth.py @@ -383,13 +383,16 @@ def _resolve_api_key_provider_secret( # Z.AI has separate billing for general vs coding plans, and global vs China # endpoints. A key that works on one may return "Insufficient balance" on # another. We probe at setup time and store the working endpoint. +# Each entry lists candidate models to try in order — newer coding plan accounts +# may only have access to recent models (glm-5.1, glm-5v-turbo) while older +# ones still use glm-4.7. ZAI_ENDPOINTS = [ - # (id, base_url, default_model, label) - ("global", "https://api.z.ai/api/paas/v4", "glm-5", "Global"), - ("cn", "https://open.bigmodel.cn/api/paas/v4", "glm-5", "China"), - ("coding-global", "https://api.z.ai/api/coding/paas/v4", "glm-4.7", "Global (Coding Plan)"), - ("coding-cn", "https://open.bigmodel.cn/api/coding/paas/v4", "glm-4.7", "China (Coding Plan)"), + # (id, base_url, probe_models, label) + ("global", "https://api.z.ai/api/paas/v4", ["glm-5"], "Global"), + ("cn", "https://open.bigmodel.cn/api/paas/v4", ["glm-5"], "China"), + ("coding-global", "https://api.z.ai/api/coding/paas/v4", ["glm-5.1", "glm-5v-turbo", "glm-4.7"], "Global (Coding Plan)"), + ("coding-cn", "https://open.bigmodel.cn/api/coding/paas/v4", ["glm-5.1", "glm-5v-turbo", "glm-4.7"], "China (Coding Plan)"), ] @@ -397,35 +400,37 @@ def detect_zai_endpoint(api_key: str, timeout: float = 8.0) -> Optional[Dict[str """Probe z.ai endpoints to find one that accepts this API key. Returns {"id": ..., "base_url": ..., "model": ..., "label": ...} for the - first working endpoint, or None if all fail. + first working endpoint, or None if all fail. For endpoints with multiple + candidate models, tries each in order and returns the first that succeeds. """ - for ep_id, base_url, model, label in ZAI_ENDPOINTS: - try: - resp = httpx.post( - f"{base_url}/chat/completions", - headers={ - "Authorization": f"Bearer {api_key}", - "Content-Type": "application/json", - }, - json={ - "model": model, - "stream": False, - "max_tokens": 1, - "messages": [{"role": "user", "content": "ping"}], - }, - timeout=timeout, - ) - if resp.status_code == 200: - logger.debug("Z.AI endpoint probe: %s (%s) OK", ep_id, base_url) - return { - "id": ep_id, - "base_url": base_url, - "model": model, - "label": label, - } - logger.debug("Z.AI endpoint probe: %s returned %s", ep_id, resp.status_code) - except Exception as exc: - logger.debug("Z.AI endpoint probe: %s failed: %s", ep_id, exc) + for ep_id, base_url, probe_models, label in ZAI_ENDPOINTS: + for model in probe_models: + try: + resp = httpx.post( + f"{base_url}/chat/completions", + headers={ + "Authorization": f"Bearer {api_key}", + "Content-Type": "application/json", + }, + json={ + "model": model, + "stream": False, + "max_tokens": 1, + "messages": [{"role": "user", "content": "ping"}], + }, + timeout=timeout, + ) + if resp.status_code == 200: + logger.debug("Z.AI endpoint probe: %s (%s) model=%s OK", ep_id, base_url, model) + return { + "id": ep_id, + "base_url": base_url, + "model": model, + "label": label, + } + logger.debug("Z.AI endpoint probe: %s model=%s returned %s", ep_id, model, resp.status_code) + except Exception as exc: + logger.debug("Z.AI endpoint probe: %s model=%s failed: %s", ep_id, model, exc) return None diff --git a/hermes_cli/models.py b/hermes_cli/models.py index 852601229..18f29c6cd 100644 --- a/hermes_cli/models.py +++ b/hermes_cli/models.py @@ -44,6 +44,7 @@ OPENROUTER_MODELS: list[tuple[str, str]] = [ ("minimax/minimax-m2.7", ""), ("minimax/minimax-m2.5", ""), ("z-ai/glm-5.1", ""), + ("z-ai/glm-5v-turbo", ""), ("z-ai/glm-5-turbo", ""), ("moonshotai/kimi-k2.5", ""), ("x-ai/grok-4.20", ""), @@ -89,6 +90,7 @@ _PROVIDER_MODELS: dict[str, list[str]] = { "minimax/minimax-m2.7", "minimax/minimax-m2.5", "z-ai/glm-5.1", + "z-ai/glm-5v-turbo", "z-ai/glm-5-turbo", "moonshotai/kimi-k2.5", "x-ai/grok-4.20-beta", @@ -134,6 +136,7 @@ _PROVIDER_MODELS: dict[str, list[str]] = { "zai": [ "glm-5.1", "glm-5", + "glm-5v-turbo", "glm-5-turbo", "glm-4.7", "glm-4.5",