Commit graph

14766 commits

Author SHA1 Message Date
Eugeniusz Gilewski
a1e6ea7d71 fix(tools): keep shell snapshots owner-only
BaseEnvironment writes shell snapshots and cwd metadata through the process
umask. With a common 022 umask, snapshot files containing exported environment
state landed at mode 0644 even though they can include env-carried credentials
from the parent process.

Set umask 077 only around Hermes metadata writes: the initial snapshot
bootstrap and the post-command snapshot/cwd refresh. User commands still run
under the caller's original umask, while Hermes-owned snapshot and cwd files
are created owner-only.

This intentionally does not copy the source PR's global orphan sweep; deleting
all matching /tmp snapshot files could interfere with concurrent Hermes
processes. The security-critical local disclosure fix is the file mode clamp.

This is salvageable because the source report still identifies a concrete
credential-disclosure path, but the safe subset is smaller than the original
proposal: clamp only the Hermes-owned snapshot writes and leave process-wide
cleanup, user command umask, and concurrent sessions alone.

Salvages source PR: https://github.com/NousResearch/hermes-agent/pull/20056
Related issue: https://github.com/NousResearch/hermes-agent/issues/48441

Co-authored-by: Andrew Homeyer <andrew@hndl.app>
2026-07-07 05:22:42 -07:00
teknium1
4f6313eadc test(tui): accept profile_home kwarg in _FakeWorker doubles
_SlashWorker call sites now pass profile_home=; the fakes' 2-arg
__init__ raised TypeError inside the spawn guard, leaving
slash_worker=None and failing the orphan-race regression tests.
2026-07-07 05:14:00 -07:00
teknium1
c6a3d412d4 fix(skills): widen call-time skills-dir resolution to skill_manager_tool
Same bug class as skills_tool: module-level SKILLS_DIR pinned at import
under the launch HERMES_HOME makes skill_manage() write/edit against the
wrong profile in long-lived multi-profile runtimes. Apply the same
_skills_dir() call-time resolution (honoring explicit test patches of
SKILLS_DIR) to _containing_skills_root, _resolve_skill_dir,
_find_skill_in_other_profiles, and create-result path reporting.

Refs #40677
2026-07-07 05:14:00 -07:00
Luke The Dev
4a99571d54 fix(tui): pass profile_home to slash_worker subprocess for profile-local skill discovery (#40677)
Profile-local skills are unavailable in Dashboard/TUI/Desktop GUI because the
_SlashWorker subprocess is spawned with os.environ.copy() but does NOT receive
the profile-specific HERMES_HOME from the parent session. This causes the
subprocess to search ~/.hermes instead of the active profile's skills directory.

1. Modify _SlashWorker.__init__ to accept optional profile_home parameter
2. When profile_home is provided, set env['HERMES_HOME'] = profile_home before
   spawning the subprocess
3. Update all 4 call sites to pass profile_home=session.get('profile_home')
4. Add regression tests for profile-home propagation

- Full TUI gateway test suite: 107 tests pass
- New tests cover:
  - profile_home parameter acceptance
  - backward compatibility (None, omitted)
  - argv correctness

Fixes #40677
2026-07-07 05:14:00 -07:00
JP Lew
f8723c4781 fix(skills): resolve skills dir from active profile 2026-07-07 05:14:00 -07:00
Teknium
491689784e feat: add uninstall dry-run mode
Port from qwibitai/nanoclaw#2719: let operators preview the uninstall plan without stopping services or deleting files.
2026-07-07 05:12:24 -07:00
teknium1
1deeaf71ab fix(discord): truncate thread titles by UTF-16 units + AUTHOR_MAP
Discord thread names share the same UTF-16 component budget as select
labels and buttons — route the sanitizers in gateway/run.py and the
adapter's rename_thread through utf16_len/_prefix_within_utf16_limit
instead of code-point slices. Adds rungmc357 to AUTHOR_MAP.
2026-07-07 05:11:59 -07:00
Georgio Constantinou
0d9ed9214d Add semantic titles for Discord auto-threads 2026-07-07 05:11:59 -07:00
Teknium
9c272a306e
feat(gateway): default session auto-reset to off (mode: none) (#60194)
Sessions no longer auto-reset by default. SessionResetPolicy.mode now
defaults to "none" (was "both": 24h idle + daily 4am), matching the
setup wizard's existing no-reset default and community feedback that
surprise context loss hurts more than it helps.

- gateway/config.py: dataclass default + from_dict fallback -> "none";
  installs whose config.yaml lacks a session_reset section stop
  auto-resetting
- hermes_cli/setup.py: "Never auto-reset" is now the recommended/default
  choice in hermes setup agent; stale comment updated
- docs (en + zh-Hans): default is no auto-reset, opt in via
  session_reset in config.yaml

Users who explicitly configured idle/daily/both resets keep them.
2026-07-07 05:11:10 -07:00
Teknium
b899ffd1ea
test(e2e): stub reset-notice session info to deflake test_new_resets_session (#60175)
/new's handler calls _reset_notice_session_info, which resolves live
provider credentials and can probe model context length over HTTP. In
CI there are no credentials, so resolution walks the entire fallback
chain (the failed run's log shows 'Primary provider auth failed ...
trying fallback' captured inside the test) and on a slow runner the
first parametrization can blow past send_and_capture's 2s poll window,
making adapter.send appear never-called.

Stub it to return an empty info block in the e2e runner fixture — these
tests exercise gateway command dispatch, not provider resolution, and no
other network-touching path exists in the /new flow. Flaked in run
28856659216 (telegram param only); tests/e2e now 57/57 locally.
2026-07-07 04:28:12 -07:00
teknium1
9420f1acb6 test(google_meet): assert ladder-based dependency install instead of bespoke pip argv 2026-07-07 04:09:35 -07:00
teknium1
ba865e4038 refactor(setup): route dependency installs through the canonical uv→pip→ensurepip ladder
Replace the hand-rolled ensurepip bootstrap (and five other one-off
pip-install code paths) with hermes_cli.tools_config._pip_install, which
prefers the bundled uv (fast, needs no pip in the venv), falls back to
python -m pip, and bootstraps pip via ensurepip only when missing.

Sites unified:
- hermes_cli/setup.py: _install_neutts_deps, _install_kittentts_deps,
  modal SDK install, daytona SDK install
- hermes_cli/memory_setup.py: memory-plugin pip deps (previously dead-ended
  when uv AND pip binaries were both absent)
- hermes_cli/dingtalk_auth.py: qrcode auto-install (previously invoked
  'python -m uv' which is not how uv ships)
- agent/lsp/install.py: --target LSP server installs
- plugins/google_meet/cli.py, plugins/platforms/matrix/adapter.py,
  plugins/platforms/google_chat/oauth.py, plugins/memory/honcho/cli.py

Tests updated to assert the ladder behavior (uv-first, pip fallback,
ensurepip bootstrap) instead of the removed bespoke branches.
2026-07-07 04:09:35 -07:00
ygd58
569b78c1f9 fix(setup): bootstrap pip with ensurepip when not available in venv before neutts install 2026-07-07 04:09:35 -07:00
teknium1
b2c66681c4 chore: add flo1t to AUTHOR_MAP 2026-07-07 04:09:09 -07:00
floit
2718179134 fix(docs): discord permissions (add Create Public Threads, remove Use External Emojis) 2026-07-07 04:09:09 -07:00
kshitijk4poor
aaeba213d9 fix(telegram): bound start_polling() at bootstrap and conflict-retry sites too; strengthen tests
Follow-up on the salvaged fix, which bounded start_polling() only in
_handle_polling_network_error. The same wedge (#59614) exists at the two
sibling call sites:

1. _start_polling_resilient (bootstrap): an exhausted pool hangs connect()
   forever. The TimeoutError from wait_for is a builtins TimeoutError
   (OSError subclass), so the existing except classifies it via
   _looks_like_network_error and schedules background recovery.
2. _handle_polling_conflict (conflict-retry ladder): identical hang wedges
   conflict attempt N forever; timeout now converts to RuntimeError and the
   existing except schedules the next attempt.

Tests replaced with a stronger suite: hung-network-ladder repro (RED without
the fix), bootstrap hang schedules recovery, success-path sanity, and a
bug-class contract test asserting EVERY updater.start_polling( call site is
wrapped in wait_for so a new unbounded site can't reintroduce the wedge.
Verified RED (3 failures) with the wrappers removed, GREEN with them.
2026-07-07 15:50:41 +05:30
liuhao1024
4aaaa206aa fix(telegram): add timeout to start_polling() in network error handler
When the connection pool is in a degraded state after
_drain_polling_connections(), start_polling() can hang indefinitely
when both primary and fallback Telegram endpoints are unreachable. The
httpx client may hold a stale socket that neither connects nor times out
within PTB's internal flow, causing the reconnect ladder to stall at
attempt 1/10 forever.

Wrap start_polling() in asyncio.wait_for() with a 30-second timeout so a
hung call raises asyncio.TimeoutError and feeds back into the existing
retry ladder. This unblocks:
- The 10-retry ladder advances to attempt 2, 3, ...
- The heartbeat loop sees _polling_error_task.done() and can trigger recovery
- The reconnect watcher gets the adapter in _failed_platforms

Fixes #59614
2026-07-07 15:50:41 +05:30
teknium1
ce038a0e05 fix(schema): preserve multi-type arrays as anyOf instead of dropping branches
Port from anomalyco/opencode#31877: JSON Schema type arrays like
["number","string"] (common in MCP tool schemas) were collapsed to the
first non-null type, silently dropping every other branch. Several
tool-call backends reject the array form outright — llama.cpp's grammar
generator and Gemini via OpenAI-compatible transports (e.g. GitHub
Copilot proxying to Gemini) 400 on it.

_sanitize_node now mirrors @ai-sdk/google: a single non-null type stays
type:X (+nullable if null was present), multiple non-null types become
an anyOf of single-type schemas so no branch is lost, and an all-null
array becomes type:null. Single-null collapse is unchanged.

Verified nested (object props, array items) survive the full sanitize
pipeline — combinator stripping is top-level-only and nullable-union
collapse only fires on single-survivor unions, so multi-type anyOf is
left intact.
2026-07-07 02:52:17 -07:00
kshitij
7647eff360
Merge pull request #60117 from kshitijk4poor/fix/59607-cached-agent-expiry
fix(gateway): re-apply confirmation expiry on the cached-agent live-history path (#59607)
2026-07-07 15:14:24 +05:30
teknium1
f341cadb71 refactor(discord): detect streaming bodies structurally, not by mock-module sniffing
Replace the unittest.mock module-name check with an
inspect.iscoroutinefunction probe on content.read, and collapse the
duplicate read/iter_chunked reader paths into one. Non-streaming
objects (test doubles, proxy wrappers) fall back to the response's
native json()/text() as before.
2026-07-07 02:40:15 -07:00
ooiuuii
e0bca1cbe2 fix(discord): bound standalone response reads 2026-07-07 02:40:15 -07:00
ooiuuii
87be36c240 fix(discord): bound component labels by UTF-16 units 2026-07-07 02:40:12 -07:00
ooiuuii
b8ce583e05 fix(discord): bound REST response reads
Refs NousResearch/hermes-agent#54745
2026-07-07 02:40:04 -07:00
teknium1
87b65e24a7 refactor(compression): scope Codex-native compaction to the app-server runtime
Drop the Responses-API native compaction path and its opt-in umbrella
flag from the salvaged feature. On the Codex OAuth chat route Hermes
owns the message list and the summary compressor works (and stays
provider-portable — encrypted compaction items would lock the session
history to chatgpt.com and break /model switches and provider
fallback). On the app-server runtime (codex CLI/agent) the codex agent
owns the real thread context, so thread/compact/start is the only
mechanism that can actually shrink it (#36801) — that path is now the
default behavior for codex_app_server sessions, controlled by
compression.codex_app_server_auto (native|hermes|off), no umbrella
flag.

Removed: responses.compact() call path, codex_compaction_items replay/
persistence plumbing, codex_native_compaction + codex_responses_threshold
config keys, desktop settings fields, and their tests. Kept: everything
app-server (compact_thread(), compaction notifications, bookkeeping,
docs, tests) plus cache-busting keys for the surviving knobs.
2026-07-07 02:39:54 -07:00
hmirin
d1c8c03416 feat(agent): add Codex-native compaction paths 2026-07-07 02:39:54 -07:00
Teknium
8fc1cb754b
fix: repair URL authority whitespace before web fetches (#46363)
Port from openclaw/openclaw#91950: normalize LLM-generated URLs like 'https:// docs.example' before web tool safety checks while preserving path and query encoding semantics.
2026-07-07 02:39:36 -07:00
Teknium
a796e0b796
fix: cool down transient Telegram typing failures (#46355)
* fix: cool down transient Telegram typing failures

Port from openclaw/openclaw#93020: add per-chat cooldown for transient sendChatAction failures so keep-typing refreshes do not hammer Telegram during network blips or rate limits.

* fix: support bare Telegram adapters in typing cooldown

* test: update typing backoff imports for relocated Telegram adapter

The Telegram adapter moved from gateway/platforms/telegram.py to
plugins/platforms/telegram/adapter.py since this branch was created;
point the test imports and monkeypatch targets at the new module.
2026-07-07 02:39:31 -07:00
teknium1
7ff86f4458 refactor(desktop): route preview-pane mermaid fences through shared embeds registry
Drop the duplicate mermaid-block.tsx (own mermaid.initialize + render path,
theme frozen at first load) and wire preview-file.tsx's MarkdownCode through
the existing RichCodeBlock registry from #52935 instead. One mermaid init
path, theme-flip re-init, Zoomable + copy-as-PNG, RichBoundary error
fallback — and the preview pane gets svg fences for free. Shiki block stays
as the fallback for all other languages.
2026-07-07 02:39:18 -07:00
teknium1
c0adfd4a67 feat(desktop): render Mermaid code blocks in markdown file preview
Salvaged from #40531; surgically reapplied onto current main (i18n'd
preview-file.tsx). mermaid dep already present on main.

Co-authored-by: liuhao1024 <liuhao1024@users.noreply.github.com>
2026-07-07 02:39:18 -07:00
Teknium
299d5c6603 fix(cli): safe mode also skips shell-hook registration
--safe-mode promised to disable ALL customizations, but shell hooks
declared in config.yaml's hooks: block registered anyway —
register_from_config() runs independently of plugin discovery and
load_config() does not honor HERMES_IGNORE_USER_CONFIG. Gate it on
HERMES_SAFE_MODE at the single chokepoint so troubleshooting runs fire
zero user-configured code (plugins, MCP, and hooks).

Docs (en + zh) updated; positive + negative tests added.
2026-07-07 02:32:32 -07:00
Teknium
fc02b1c276 refactor(cli): simplify safe-mode startup wiring
Since safe mode already landed on main via #45488, reduce this branch to cleanup: centralize env setup, remove duplicated comments, and tighten tests.
2026-07-07 02:32:32 -07:00
kshitijk4poor
144457d801 fix(interrupt): extend post-worker /stop guard to Bedrock streaming path
The salvaged fix added a post-worker _interrupt_requested re-check to the
main OpenAI/Anthropic streaming poll loop. The Bedrock Converse poll loop
(interruptible_streaming_api_call, api_mode='bedrock_converse') has the same
bug class: its worker calls stream_converse_with_callbacks(on_interrupt_check=
...), which breaks out of the event loop on interrupt and returns a PARTIAL
response WITHOUT raising (bedrock_adapter.py). The worker sets result[
'response'] and exits with _interrupt_requested still True, so the in-loop
raise never fires and the poll loop returns the partial — silently swallowing
/stop on Bedrock exactly as it was on the paths the salvaged commit fixed.

Add the identical post-worker re-check before the Bedrock loop's return.
The non-streaming loop (interruptible_api_call) is structurally immune: its
worker's only early return fires off _request_cancelled, which is set by the
main loop immediately before it raises in-loop, so no swallow window exists.

Guard test flips _interrupt_requested True mid-stream (after the pre-flight
check) and asserts InterruptedError is raised; verified RED without the fix
(DID NOT RAISE) and GREEN with it.
2026-07-07 14:54:50 +05:30
isheng
c2c73605e0 test: set pool.provider= on mocks to avoid MagicMock truthy guard trigger
The provider-mismatch guard now checks pool_provider and
current_provider != pool_provider. MagicMock.provider returns
a truthy child mock by default, which would trigger the guard
and skip the pool recovery tests. Set pool.provider='' explicitly.
2026-07-07 14:54:50 +05:30
isheng
2e30a5e628 fix: prevent /stop signal loss and empty provider credential corruption
Two deep bugs found through systematic analysis of the streaming API
call and fallback credential subsystems:

1. Interrupt signal loss (chat_completion_helpers.py):
   When the worker thread exits before the main thread's poll loop
   checks the interrupt flag (e.g. _call_anthropic() detects the flag
   and returns None), the while loop exits normally and the
   InterruptedError is never raised. /stop is silently swallowed.
   Fix: re-check _interrupt_requested after the while loop exits.

2. Empty provider bypasses credential guard (agent_runtime_helpers.py):
   recover_with_credential_pool() guards against cross-provider pool
   swaps with 'if current_provider and pool_provider and current !=
   pool_provider'.  When agent.provider is '' (valid unset state from
   agent_init.py:326), current_provider is falsy, the guard is skipped,
   and the pool swaps credentials onto an agent with empty provider.
   This is the root cause of the 'provider= model=' empty-string error.
   Fix: only skip the guard when pool_provider is empty (unscoped pool),
   not when agent provider is empty.
2026-07-07 14:54:50 +05:30
teknium1
179ca25a38 chore: add williamumu to AUTHOR_MAP for PR #31041 salvage 2026-07-07 02:18:17 -07:00
williamumu
8a7d0790df fix: merge split gateway pairing stores 2026-07-07 02:18:17 -07:00
kshitijk4poor
3c8130a826 fix: re-apply confirmation expiry on the cached-agent live-history path
Review finding: when the FTS write-corruption guard (#50502) prefers the
cached agent's live _session_messages over the reloaded transcript, that
history bypasses the replay-cleanup pass in _build_gateway_agent_history
— a stale dangerous confirmation could slip through unredacted on the
same-process salvage path. Re-apply the (idempotent) expiry stripper to
the selected live history.
2026-07-07 14:46:10 +05:30
kshitijk4poor
2c5762f575 chore: debug log for untrusted absolute skill paths; drop misleading test patch
Review findings: (a) an absolute path outside trusted roots passes
through unchanged and gets rejected downstream by skill_view — add a
debug log at the pass-through so the cron 'skill not found' symptom is
diagnosable next time; (b) test_relative_path_unchanged patched
get_skills_dir although the relative branch early-returns before any
root lookup — drop the misleading patch.
2026-07-07 14:40:56 +05:30
kshitijk4poor
713e50e7d2 fix: normalize against tools.skills_tool.SKILLS_DIR, the root skill_view enforces
The extracted normalize_skill_lookup_name() resolved trusted roots via
agent.skill_utils.get_skills_dir(), but skill_view() enforces
tools.skills_tool.SKILLS_DIR — a separate module attribute that callers
and 60+ existing tests patch directly. With the helper reading a
different symbol than the enforcer, any SKILLS_DIR patch (or future
divergence between the two resolvers) makes normalization disagree with
enforcement and absolute-path loads regress silently. Read SKILLS_DIR at
call time (deferred import, cycle-safe) with get_skills_dir() as the
fallback, and align the new tests to patch the enforced symbol.

Follow-up to the salvage of #59829 by @HexLab98.
2026-07-07 14:40:56 +05:30
HexLab98
e7082ea99f test(cron): cover absolute skill path normalization (#59824)
Add unit tests for normalize_skill_lookup_name and a cron scheduler
regression that absolute paths under the skills dir reach skill_view as
relative lookups.
2026-07-07 14:40:56 +05:30
HexLab98
62972060ca fix(cron): normalize absolute skill paths before skill_view (#59824)
Cron jobs may store absolute paths to skills under HERMES_HOME/skills or
external_dirs, but skill_view rejects absolute names for security. Extract
the slash-command normalization into agent.skill_utils and reuse it when
cron loads job skills.
2026-07-07 14:40:56 +05:30
Teknium
07d93413e5
fix: default memory null target to memory store (#46356)
Port from nearai/ironclaw#4547: treat a JSON null memory target as omitted so strict providers that fill optional fields with null use the documented default target instead of failing validation.
2026-07-07 02:10:43 -07:00
kshitijk4poor
6d3d9d0baf fix: drop timestamp in handle_max_iterations' hand-built api_messages
Gateway user replay entries now carry a timestamp (read by the
stale-confirmation expiry check). The transports already sanitize it
(#47868), but handle_max_iterations hand-builds api_messages and calls
chat.completions.create() directly, bypassing the transport — a strict
provider would 400 on the foreign key. Mirror the transport's pop here,
alongside the existing tool_name/codex_* sanitization.
2026-07-07 14:40:32 +05:30
kshitijk4poor
e7a6d676c8 fix: redact expired confirmations in place to preserve role alternation
Deleting the matched user message breaks the strict role-alternation
invariant on the exact incident tail this fix targets — user(confirm) →
assistant('OK, restarting') becomes two consecutive assistant messages,
which strict providers reject and which the alternation-repair passes
upstream don't cover.  Replace the message content with an explicit
'confirmation EXPIRED, re-confirm before any destructive action'
sentinel instead: the trigger text is still neutralized, the model gets
an affirmative instruction not to act, and the message sequence stays
valid.  Adds an alternation-preservation regression test.

Follow-up to the salvage of #59640 by @knoal.
2026-07-07 14:40:32 +05:30
knoal
33a529538d fix(gateway): strip stale dangerous-confirmation text in user messages (#59607)
When a high-risk side effect (e.g. host restart via shutdown.exe) runs,
the user's plain-text confirmation phrase is persisted in the conversation
transcript. If the host restart killed the gateway process before the
assistant's tool result was written, the transcript tail ends on the
assistant's text response - and the dangerous confirmation text remains
in the user role.

On the next inbound message - possibly a casual 'are you there?' from
the user minutes later - the LLM sees the stale confirmation and may
interpret the new turn as a fresh re-confirmation, re-executing the
destructive action. This is the failure mode reported in #59607.

Fix:
- Add strip_stale_dangerous_confirmations() in agent/replay_cleanup.py
  that removes user messages whose content matches a known dangerous
  confirmation pattern AND whose timestamp is older than 60 seconds.
- Add is_dangerous_confirmation() helper with the matched patterns
  (i18n-aware: covers 確認強制重開機 from the original incident).
- Wire the stripper into _build_gateway_agent_history() right after the
  existing 75ed07ace strippers, so the strip chain is:
  strip_interrupted_tool_tails -> strip_dangling_tool_call_tail ->
  strip_stale_dangerous_confirmations.
- Update _build_replay_entry() to preserve the timestamp on user
  messages (it was previously dropped), since the new stripper needs it.

Complements 75ed07ace (which strips the assistant side of the broken
tail) by handling the user side: a stale plain-text confirmation that
the assistant has not yet responded to in a way the resume logic
recognises.

Failing-test-first discipline: the bug-detection test
test_stale_confirmation_text_is_stripped_on_resume fails on unfixed
code (proves the test catches the bug) and passes after the fix.
Five additional safety tests confirm no regression on:
- fresh confirmations (within expiry) are preserved
- non-confirmation text is preserved
- non-matching histories are untouched
- dangerous-pattern detection works in all cases (case, i18n, None)
- direct unit test of the strip helper

Refs: #59607
2026-07-07 14:40:32 +05:30
kshitijk4poor
11516f3cc3 perf: partial index so the startup NULL-active repair skips the table scan
Review finding: EXPLAIN QUERY PLAN showed the unconditional repair
UPDATE doing SCAN messages (~75-135ms on 500k rows, every startup) —
the existing idx_messages_session_active can't serve an active-only
predicate. A partial index on (active) WHERE active IS NULL costs
near-zero storage on healthy DBs (no NULL rows) and drops the 0-match
repair to ~0.04ms. Lives in DEFERRED_INDEX_SQL because it references
the reconciler-added column.
2026-07-07 14:40:18 +05:30
kshitijk4poor
b75783e6dc fix(state): heal NULL active rows on every startup, not just pre-v12 DBs
The repair UPDATE ('SET active = 1 WHERE active IS NULL') was gated at
schema_version < 12, so already-v12+ databases — the exact population hit
by #51646, where the reconciler-added active column lacks its NOT NULL
DEFAULT 1 — never healed rows written as NULL by the pre-fix INSERTs.
Move the idempotent repair into unconditional startup so historical
gateway transcripts become visible again after upgrading.

Follow-up to the salvage of #59832 by @HexLab98.
2026-07-07 14:40:18 +05:30
HexLab98
7445df1505 test(state): cover explicit active=1 on message INSERT (#51646)
Add a regression for legacy DBs whose active column has no INSERT default,
and assert gateway conversation replay sees newly appended rows.
2026-07-07 14:40:18 +05:30
HexLab98
ae878e1aee fix(state): set active=1 explicitly in message INSERTs (#51646)
append_message() and _insert_message_rows() relied on the schema DEFAULT
for messages.active. Legacy databases that gained the column via ALTER TABLE
without a working INSERT default can store active=NULL, which makes
get_messages_as_conversation()'s active=1 filter drop every gateway turn.
2026-07-07 14:40:18 +05:30
Teknium
043e71f1f4
fix(gateway): use process-level HERMES_HOME for identity files (#56993 salvage) (#59341)
* fix(gateway): use process-level HERMES_HOME for identity files

Gateway identity files (PID, lock, runtime status, takeover/stop markers)
were written via get_hermes_home() which honours the _HERMES_HOME_OVERRIDE
contextvar used for per-session profile dispatch.  When a profile-context
task happened to be active at write time, files landed in the wrong profile
directory.

Add _get_process_hermes_home() that skips the contextvar and uses only the
HERMES_HOME env var or platform default, and route all gateway identity file
paths through it.

Fixes #56986

* chore(release): map liuhao1024 author email for PR #56993 salvage

---------

Co-authored-by: liuhao1024 <sunsky.lau@gmail.com>
Co-authored-by: Ben <ben@nousresearch.com>
2026-07-07 09:05:21 +00:00