mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-03 02:11:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/gateway/platforms
History
UgwujaGeorge b7ad3f478f fix(yuanbao): enforce owner identity check on group slash commands 
The bot-owner identity check inside OwnerCommandMiddleware was commented
out and replaced with a hardcoded `is_owner = True`, so any group member
could trigger allowlisted privileged commands (/approve, /deny, /stop,
/reset, /retry, /undo, /new, /background, /bg, /btw, /queue, /q) by
sending the slash command without @-mentioning the bot. The most severe
case is /approve: a non-owner could approve a dangerous tool call the
bot was waiting on the owner to confirm.

Re-enable the documented identity check (push.from_account ==
push.bot_owner_id) so only the configured owner can issue these
commands.
2026-04-30 23:57:55 -07:00
..
qqbot fix(security): apply ACL checks to QQBot guild messages and guild DMs to prevent allowlist bypass 2026-04-29 21:08:28 -07:00
__init__.py yuanbao platform (#16298) 2026-04-26 18:50:49 -07:00
ADDING_A_PLATFORM.md feat: final platform plugin parity — webhook delivery, platform hints, docs 2026-04-29 21:56:51 -07:00
api_server.py fix(api-server): use session-scoped task IDs for tool isolation 2026-04-30 19:59:38 -07:00
base.py feat(gateway): auto-delete slash-command system notices after TTL (#18266) 2026-04-30 23:05:48 -07:00
bluebubbles.py fix(gateway/bluebubbles): align iMessage delivery with non-editable UX 2026-04-24 16:04:37 -07:00
dingtalk.py feat(dingtalk): AI Cards streaming, emoji reactions, and media handling 2026-04-17 19:26:53 -07:00
discord.py fix(gateway): preserve thread routing for /update progress and prompts 2026-04-30 20:19:23 -07:00
email.py feat(gateway): native send_multiple_images for Telegram, Discord, Slack, Mattermost, Email 2026-04-30 04:28:08 -07:00
feishu.py feat(feishu): operator-configurable bot admission and mention policy 2026-04-30 20:30:31 -07:00
feishu_comment.py chore: remove unused imports and dead locals (ruff F401, F841) (#17010) 2026-04-28 06:46:45 -07:00
feishu_comment_rules.py fix(feishu-comment): use get_hermes_home(); drop dead asyncio wrapper; AUTHOR_MAP 2026-04-17 19:04:11 -07:00
helpers.py fix(gateway): atomic writes for sibling recovery/dedup state files 2026-04-30 19:58:16 -07:00
homeassistant.py fix(gateway): add request timeouts to HA, Email, Mattermost, SMS adapters (#3258) 2026-03-26 14:36:07 -07:00
matrix.py fix(matrix): stop tagging the user on every reply (#16932) 2026-04-28 02:00:37 -07:00
mattermost.py feat(gateway): native send_multiple_images for Telegram, Discord, Slack, Mattermost, Email 2026-04-30 04:28:08 -07:00
signal.py fix(signal): skip contentless envelopes (profile key updates, empty messages) 2026-04-30 19:42:59 -07:00
signal_rate_limit.py feat(gateway/signal): add support for multiple images sending 2026-04-30 04:28:08 -07:00
slack.py feat(gateway): native send_multiple_images for Telegram, Discord, Slack, Mattermost, Email 2026-04-30 04:28:08 -07:00
sms.py remove unused import and fix misleading log 2026-04-11 14:05:38 -07:00
telegram.py fix(gateway): preserve thread routing for /update progress and prompts 2026-04-30 20:19:23 -07:00
telegram_network.py fix(telegram): honor no_proxy for explicit proxy setup 2026-04-24 14:31:04 -07:00
webhook.py feat: final platform plugin parity — webhook delivery, platform hints, docs 2026-04-29 21:56:51 -07:00
wecom.py fix(wecom): strip @mention prefix in group chats for slash command recognition 2026-04-23 02:00:56 -07:00
wecom_callback.py fix: activate WeCom callback message deduplication (#10305) (#10588) 2026-04-15 17:22:58 -07:00
wecom_crypto.py feat(gateway): add WeCom callback-mode adapter for self-built apps 2026-04-11 15:22:49 -07:00
weixin.py feat(gateway): centralize audio routing + FLAC support + Telegram doc fallback (#17833) 2026-04-30 01:32:31 -07:00
whatsapp.py refactor: remove remaining redundant local imports (comprehensive sweep) 2026-04-21 00:50:58 -07:00
yuanbao.py fix(yuanbao): enforce owner identity check on group slash commands 2026-04-30 23:57:55 -07:00
yuanbao_media.py chore: remove unused imports and dead locals (ruff F401, F841) (#17010) 2026-04-28 06:46:45 -07:00
yuanbao_proto.py chore: remove unused imports and dead locals (ruff F401, F841) (#17010) 2026-04-28 06:46:45 -07:00
yuanbao_sticker.py yuanbao platform (#16298) 2026-04-26 18:50:49 -07:00