mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-27 11:22:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/plugins/platforms
History
liuhao1024 7ff48a6291 fix(discord): check pairing store for component button auth 
Component button interactions (approve/deny, slash confirm, model
picker, clarify) were not checking the pairing store for authorization.
Users approved via `hermes pairing approve` could send messages and use
slash commands (which go through the gateway authz_mixin), but button
clicks were rejected because `_component_check_auth` only checked
env-var allowlists (DISCORD_ALLOWED_USERS, GATEWAY_ALLOW_ALL_USERS,
etc.) and not the pairing store.

This was a regression from commit f6f363662 which intentionally made
component auth fail-closed when no allowlist is set (security fix for
GHSA-mc26-p6fw-7pp6), but did not account for pairing-based auth.

Fix: add a `PairingStore.is_approved("discord", uid)` check to
`_component_check_auth`, mirroring `authz_mixin._check_authorization`.
The pairing store check runs after all allowlist checks, preserving the
fail-closed behavior for non-paired, non-allowed users.

Fixes #50627
2026-06-23 23:55:18 -07:00
..
dingtalk refactor(gateway): migrate slack/dingtalk/whatsapp/matrix/feishu/telegram/wecom/email/sms adapters to bundled plugins 2026-06-20 10:26:45 -07:00
discord fix(discord): check pairing store for component button auth 2026-06-23 23:55:18 -07:00
email fix(email): mark missing-config as non-retryable + reject blank env vars (#40715) 2026-06-21 13:33:52 -07:00
feishu fix(delivery): drop env-var knob, flag all chunking adapters 2026-06-22 05:41:22 -07:00
google_chat fix: guard int(os.getenv()) casts against malformed env vars (#40598) 2026-06-07 06:14:24 -07:00
homeassistant refactor(gateway): migrate Home Assistant adapter to bundled plugin 2026-06-06 11:46:24 -07:00
irc fix: guard int(os.getenv()) casts against malformed env vars (#40598) 2026-06-07 06:14:24 -07:00
line fix(line): map inbound message types to the correct MessageType 2026-06-04 21:55:20 -07:00
matrix fix(delivery): drop env-var knob, flag all chunking adapters 2026-06-22 05:41:22 -07:00
mattermost fix(delivery): drop env-var knob, flag all chunking adapters 2026-06-22 05:41:22 -07:00
ntfy test(ntfy): cover echo-tag filter; tag standalone send path 2026-05-29 13:17:46 -07:00
photon fix(photon): intercept console.log so 'stream interrupted' bursts escalate 2026-06-23 21:33:10 -07:00
raft fix(gateway): correct sys.path insertion in plugins to prevent cron namespace collision (#49410) 2026-06-20 20:45:12 -07:00
simplex fix(gateway): classify SimpleX non-image/non-audio files as DOCUMENT 2026-06-12 01:07:50 -07:00
slack fix(slack): report ext-matched audio mimetype for rerouted voice clips 2026-06-23 14:44:12 +05:30
sms refactor(gateway): migrate slack/dingtalk/whatsapp/matrix/feishu/telegram/wecom/email/sms adapters to bundled plugins 2026-06-20 10:26:45 -07:00
teams fix(delivery): drop env-var knob, flag all chunking adapters 2026-06-22 05:41:22 -07:00
telegram fix(telegram): raise default command-menu cap to 60 so skills stay visible 2026-06-23 23:49:22 -07:00
wecom refactor(gateway): migrate slack/dingtalk/whatsapp/matrix/feishu/telegram/wecom/email/sms adapters to bundled plugins 2026-06-20 10:26:45 -07:00
whatsapp fix(delivery): drop env-var knob, flag all chunking adapters 2026-06-22 05:41:22 -07:00