mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-25 00:51:20 +00:00
19db7fa3d1
PR #12681 removed the audit entirely because it fired on nearly every PR (Dockerfile edits, dependency bumps, Actions version strings, plain base64 usage, etc.) — reviewers were ignoring it like cancer warnings. Restore it with aggressive scope reduction: Kept (real attack signatures): - .pth file additions (litellm-attack mechanism) - base64 decode + exec/eval on the same line - subprocess with base64/hex/chr-encoded command argument - install-hook files (setup.py, sitecustomize.py, usercustomize.py, __init__.pth) Removed (low-signal noise that fired constantly): - plain base64 encode/decode - plain exec/eval - outbound requests.post / httpx.post / urllib - CI/CD workflow file edits - Dockerfile / compose edits - pyproject.toml / requirements.txt edits - GitHub Actions version-tag unpinning - marshal / pickle / compile usage Also gates the workflow itself on path filters so it only runs on PRs touching Python or install-hook files — no more firing on docs/CI PRs. The workflow still fails the check and posts a PR comment on critical findings, but by design those findings are now rare and worth inspecting when they occur. |
||
|---|---|---|
| .. | ||
| ISSUE_TEMPLATE | ||
| workflows | ||
| PULL_REQUEST_TEMPLATE.md | ||