mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-27 01:11:40 +00:00
12afccd9ca
* fix: prevent infinite 400 failure loop on context overflow (#1630) When a gateway session exceeds the model's context window, Anthropic may return a generic 400 invalid_request_error with just 'Error' as the message. This bypassed the phrase-based context-length detection, causing the agent to treat it as a non-retryable client error. Worse, the failed user message was still persisted to the transcript, making the session even larger on each attempt — creating an infinite loop. Three-layer fix: 1. run_agent.py — Fallback heuristic: when a 400 error has a very short generic message AND the session is large (>40% of context or >80 messages), treat it as a probable context overflow and trigger compression instead of aborting. 2. run_agent.py + gateway/run.py — Don't persist failed messages: when the agent returns failed=True before generating any response, skip writing the user's message to the transcript/DB. This prevents the session from growing on each failure. 3. gateway/run.py — Smarter error messages: detect context-overflow failures and suggest /compact or /reset specifically, instead of a generic 'try again' that will fail identically. * fix(skills): detect prompt injection patterns and block cache file reads Adds two security layers to prevent prompt injection via skills hub cache files (#1558): 1. read_file: blocks direct reads of ~/.hermes/skills/.hub/ directory (index-cache, catalog files). The 3.5MB clawhub_catalog_v1.json was the original injection vector — untrusted skill descriptions in the catalog contained adversarial text that the model executed. 2. skill_view: warns when skills are loaded from outside the trusted ~/.hermes/skills/ directory, and detects common injection patterns in skill content ("ignore previous instructions", "<system>", etc.). Cherry-picked from PR #1562 by ygd58. * fix(tools): chunk long messages in send_message_tool before dispatch (#1552) Long messages sent via send_message tool or cron delivery silently failed when exceeding platform limits. Gateway adapters handle this via truncate_message(), but the standalone senders in send_message_tool bypassed that entirely. - Apply truncate_message() chunking in _send_to_platform() before dispatching to individual platform senders - Remove naive message[i:i+2000] character split in _send_discord() in favor of centralized smart splitting - Attach media files to last chunk only for Telegram - Add regression tests for chunking and media placement Cherry-picked from PR #1557 by llbn. --------- Co-authored-by: buray <ygd58@users.noreply.github.com> Co-authored-by: lbn <llbn@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_approval.py | ||
| test_browser_cleanup.py | ||
| test_browser_console.py | ||
| test_checkpoint_manager.py | ||
| test_clarify_tool.py | ||
| test_clipboard.py | ||
| test_code_execution.py | ||
| test_command_guards.py | ||
| test_cron_prompt_injection.py | ||
| test_cronjob_tools.py | ||
| test_daytona_environment.py | ||
| test_debug_helpers.py | ||
| test_delegate.py | ||
| test_docker_environment.py | ||
| test_docker_find.py | ||
| test_file_operations.py | ||
| test_file_tools.py | ||
| test_file_tools_live.py | ||
| test_force_dangerous_override.py | ||
| test_fuzzy_match.py | ||
| test_hidden_dir_filter.py | ||
| test_homeassistant_tool.py | ||
| test_honcho_tools.py | ||
| test_interrupt.py | ||
| test_local_env_blocklist.py | ||
| test_local_persistent.py | ||
| test_mcp_tool.py | ||
| test_mcp_tool_issue_948.py | ||
| test_memory_tool.py | ||
| test_mixture_of_agents_tool.py | ||
| test_modal_sandbox_fixes.py | ||
| test_parse_env_var.py | ||
| test_patch_parser.py | ||
| test_process_registry.py | ||
| test_read_loop_detection.py | ||
| test_registry.py | ||
| test_rl_training_tool.py | ||
| test_send_message_tool.py | ||
| test_session_search.py | ||
| test_singularity_preflight.py | ||
| test_skill_manager_tool.py | ||
| test_skill_view_path_check.py | ||
| test_skill_view_traversal.py | ||
| test_skills_guard.py | ||
| test_skills_hub.py | ||
| test_skills_hub_clawhub.py | ||
| test_skills_sync.py | ||
| test_skills_tool.py | ||
| test_ssh_environment.py | ||
| test_symlink_prefix_confusion.py | ||
| test_terminal_disk_usage.py | ||
| test_terminal_requirements.py | ||
| test_terminal_tool_requirements.py | ||
| test_tirith_security.py | ||
| test_todo_tool.py | ||
| test_transcription.py | ||
| test_transcription_tools.py | ||
| test_vision_tools.py | ||
| test_voice_cli_integration.py | ||
| test_voice_mode.py | ||
| test_web_tools_config.py | ||
| test_windows_compat.py | ||
| test_write_deny.py | ||
| test_yolo_mode.py | ||