hermes-agent

mirrors/hermes-agent

Fork 0

mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-28 11:32:22 +00:00

Commit graph

Author	SHA1	Message	Date
Brooklyn Nicholson	6afeea2bea	harden(pets): host-pin asset downloads + sanitize slug paths install_pet now refuses spritesheet/pet.json URLs that aren't on a petdex host (matching thumbnail_png's existing _is_petdex_host guard), so a spoofed manifest can't redirect a download at an arbitrary host. Slugs are normalized to a single path segment before indexing into pets_dir(), closing a path-traversal vector in load_pet/remove_pet/install_pet.	2026-06-23 19:13:08 -05:00
Brooklyn Nicholson	e7dbfdaad7	feat(pets): pet engine + display.pet config Add the shared pet engine under agent/pet/: spritesheet manifest loading and in-process caching, six-state animation model, frame rendering, and the persistent pet store. Register the display.pet config block (pet, scale, enabled, etc.) that every surface reads from. Covered by tests/agent/test_pet_engine.py.	2026-06-20 14:18:30 -05:00

Author

SHA1

Message

Date

Brooklyn Nicholson

6afeea2bea

harden(pets): host-pin asset downloads + sanitize slug paths

install_pet now refuses spritesheet/pet.json URLs that aren't on a petdex
host (matching thumbnail_png's existing _is_petdex_host guard), so a
spoofed manifest can't redirect a download at an arbitrary host. Slugs
are normalized to a single path segment before indexing into pets_dir(),
closing a path-traversal vector in load_pet/remove_pet/install_pet.

2026-06-23 19:13:08 -05:00

Brooklyn Nicholson

e7dbfdaad7

feat(pets): pet engine + display.pet config

Add the shared pet engine under agent/pet/: spritesheet manifest loading
and in-process caching, six-state animation model, frame rendering, and
the persistent pet store. Register the display.pet config block (pet,
scale, enabled, etc.) that every surface reads from. Covered by
tests/agent/test_pet_engine.py.

2026-06-20 14:18:30 -05:00

2 commits