hermes-agent/tools
srojk34 47764f19f4 fix(browser): apply private-page guard to browser_cdp frame_id routing
browser_cdp's frame_id (OOPIF) path returned early via
_browser_cdp_via_supervisor before _browser_cdp_private_guard ever ran,
unlike the stateless path a few lines below. A model that navigated a
cloud browser to a private/internal URL could still read page content
by passing frame_id, bypassing the same SSRF/private-page boundary
already enforced on Runtime.evaluate, Page.navigate, and other raw CDP
calls.

Apply the same guard call used by the stateless path before dispatching
to the supervisor, so both routing modes share one boundary.
2026-07-03 03:27:47 -07:00
..
computer_use revert(windows): roll back terminal-popup PRs #53791 #53810 #53829 (#53853) 2026-06-27 15:59:00 -07:00
environments fix(terminal): also set MSYS2_ARG_CONV_EXCL for MSYS2/Cygwin bash fallback 2026-07-02 11:48:03 -07:00
neutts_samples
__init__.py
ansi_strip.py
approval.py refactor(approval): extract is_approval_bypass_active(); use frozen-env bypass in codex routing 2026-07-01 22:58:37 +05:30
async_delegation.py fix(cli): reliable interrupts, bounded exit, and exit feedback (#57000) 2026-07-02 04:20:43 -07:00
binary_extensions.py
blueprints.py refactor(cron): rebrand Cron Recipes -> Automation Blueprints 2026-06-11 10:49:47 -07:00
browser_camofox.py fix(browser): block Camofox input on private pages 2026-07-03 03:27:47 -07:00
browser_camofox_state.py
browser_cdp_tool.py fix(browser): apply private-page guard to browser_cdp frame_id routing 2026-07-03 03:27:47 -07:00
browser_dialog_tool.py feat: auto-launch Chromium-family browser for CDP 2026-05-19 22:34:05 -07:00
browser_supervisor.py fix(browser): harden browser tool safety boundaries 2026-07-01 05:04:41 -07:00
browser_tool.py fix(browser): guard Camofox eval private pages 2026-07-02 13:10:30 +05:30
budget_config.py fix(agent): scale tool-output budget to the model context window (#23767) 2026-06-21 17:46:38 +05:30
checkpoint_manager.py refactor(windows): unify windowless spawn form across the touched sites 2026-06-28 17:44:47 -05:00
clarify_gateway.py fix: accept typed clarify choice replies 2026-06-28 04:13:19 -07:00
clarify_tool.py fix(clarify): docstring — put options in choices[] only, never enumerate in question text 2026-06-19 07:34:02 -07:00
close_terminal_tool.py fix(config): accept 'on' as truthy for env flags via shared env_var_enabled helper 2026-07-02 03:00:59 -07:00
code_execution_tool.py fix(code-exec): bind execute_code tool socket to a per-session RPC token 2026-07-01 04:08:37 -07:00
computer_use_tool.py feat(computer_use): cross-platform cua-driver (macOS/Windows/Linux) 2026-06-22 06:42:30 -07:00
credential_files.py fix(delegation): budget subagent summaries against parent context headroom 2026-06-30 03:07:40 -07:00
cronjob_tools.py security(cron): block base_url overrides that exfiltrate provider credentials 2026-07-01 14:23:01 +05:30
daemon_pool.py fix(cli): reliable interrupts, bounded exit, and exit feedback (#57000) 2026-07-02 04:20:43 -07:00
debug_helpers.py feat(moa): expose MoA presets as selectable virtual models (#46081) 2026-06-25 13:52:06 -07:00
delegate_tool.py fix(desktop,tui-gateway,zai): stop thinking-off from reverting to medium 2026-07-02 15:23:47 -05:00
discord_tool.py feat: add Discord message deletion action 2026-05-07 05:11:09 -07:00
env_passthrough.py fix(security): strip dynamic Hermes secrets from all subprocess spawn env 2026-07-01 14:37:22 +05:30
env_probe.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
fal_common.py refactor(image_gen): port FAL backend to plugins/image_gen/fal 2026-05-22 04:10:45 -07:00
feishu_doc_tool.py perf(cli): cut ~19s from 'hermes' cold start (skills cache + lazy Feishu + no Nous HTTP) (#22138) 2026-05-08 16:39:32 -07:00
feishu_drive_tool.py perf(cli): cut ~19s from 'hermes' cold start (skills cache + lazy Feishu + no Nous HTTP) (#22138) 2026-05-08 16:39:32 -07:00
file_operations.py fix: warn on line-oriented newline search patterns 2026-06-20 23:23:47 -07:00
file_state.py feat(delegate): cross-agent file state coordination for concurrent subagents (#13718) 2026-04-21 16:41:26 -07:00
file_tools.py fix(file-tools): preserve container paths for docker file ops (#56637) 2026-07-03 14:18:20 +10:00
fuzzy_match.py fix(patch): preserve file Unicode when unicode_normalized strategy matches 2026-07-01 17:48:32 +05:30
homeassistant_tool.py
image_generation_tool.py krea 2026-06-25 12:38:33 -07:00
interrupt.py fix(interrupt): propagate to concurrent-tool workers + opt-in debug trace (#11907) 2026-04-17 20:39:25 -07:00
kanban_tools.py feat(kanban): route notifications via owning profile + wake creator agent 2026-07-02 00:05:48 +05:30
lazy_deps.py feat(vertex): add Google Vertex AI provider for Gemini (OAuth2) 2026-07-01 05:25:33 -07:00
managed_tool_gateway.py fix(managed-gateway): keep tool availability scans off the Nous token-refresh path 2026-05-30 07:58:08 -07:00
mcp_oauth.py fix(mcp): suppress interactive OAuth stdin prompts during background discovery (#35927) 2026-06-27 04:59:23 +05:30
mcp_oauth_manager.py fix(mcp-oauth): anchor 401 handler task to prevent GC mid-flight 2026-06-30 16:56:15 -07:00
mcp_tool.py fix(tui): prevent killpg suicide during MCP shutdown 2026-07-01 04:54:46 -07:00
memory_tool.py fix(memory): degrade gracefully after repeated at-capacity consolidation failures (#42405) 2026-06-30 20:01:16 +05:30
microsoft_graph_auth.py feat(msgraph): add auth and client foundation 2026-05-08 09:27:26 -07:00
microsoft_graph_client.py fix(msgraph): stream download_to_file body instead of buffering 2026-05-08 09:27:26 -07:00
neutts_synth.py
openrouter_client.py
osv_check.py fix(osv_check): honor npx --package/-p install target when parsing package arg (#40567) 2026-06-06 18:30:39 -07:00
patch_parser.py fix(lint): skip per-file shell linter when LSP will handle the file (#29054) 2026-05-20 01:46:40 -05:00
path_security.py
process_registry.py fix(desktop): tree-kill Windows terminal descendants 2026-06-30 04:23:27 -05:00
project_tools.py feat(tools): add project workspace tools 2026-06-25 16:40:27 -05:00
read_extract.py feat(read): extract notebook and office documents (#37082) 2026-06-13 14:42:51 -07:00
read_terminal_tool.py fix(config): accept 'on' as truthy for env flags via shared env_var_enabled helper 2026-07-02 03:00:59 -07:00
registry.py fix(security): use caller package root for deregister opt-in policy lookup 2026-07-01 15:37:58 +05:30
schema_sanitizer.py fix(tools): strip default from $ref nodes in tool schemas 2026-06-12 00:30:51 -05:00
send_message_tool.py fix(matrix): route text-only send_message through adapter for E2EE support 2026-07-01 00:12:11 -07:00
session_search_tool.py fix(session_search): demote cron below interactive sessions in discover ranking (#53597) 2026-06-27 04:41:22 -07:00
skill_manager_tool.py fix(skills): require review forks to read before writing skills 2026-06-30 15:49:36 -07:00
skill_provenance.py fix(curator): only mark agent-created for background-review sediment (#19621) 2026-05-04 02:42:16 -07:00
skill_usage.py fix(curator): protect external skills from background curation 2026-06-25 22:03:02 -07:00
skills_ast_audit.py refactor(skills): slim AST diagnostic to single entry point 2026-05-23 17:47:26 -07:00
skills_guard.py fix(skills-guard): stop flagging benign skill content + honor skill ignore files (#36231) 2026-06-01 01:58:48 -07:00
skills_hub.py fix(cli): reliable interrupts, bounded exit, and exit feedback (#57000) 2026-07-02 04:20:43 -07:00
skills_sync.py fix(skills): skip shadowing when external_dirs provides the skill 2026-06-27 21:07:53 -07:00
skills_tool.py fix(skills): require review forks to read before writing skills 2026-06-30 15:49:36 -07:00
slash_confirm.py fix(async): close unscheduled coroutines in all threadsafe bridges (#26584) 2026-05-15 14:00:01 -07:00
terminal_tool.py fix(terminal): require approval for host-bound Docker commands (#54483) 2026-06-29 11:35:41 +10:00
thread_context.py fix(code-exec): propagate agent-turn context into tool worker threads 2026-05-29 03:44:49 -07:00
threat_patterns.py fix: bound threat-pattern/FTS5 regex input and cover V4A Move-File edits 2026-07-01 01:05:28 -07:00
tirith_security.py fix(security): add circuit breaker for tirith crashes to prevent agent hangs (#41400) 2026-06-26 15:26:08 +05:30
todo_tool.py fix(agent): restrict todo hydration to paired assistant todo calls 2026-07-01 01:02:17 -07:00
tool_backend_helpers.py feat(tools): surface the free tool pool in entitlement + setup (#36153) 2026-06-01 06:32:48 +05:30
tool_output_limits.py fix: tool_output_limits re-reads config on every call (no caching) 2026-05-31 00:50:19 -07:00
tool_result_storage.py fix: keep persisted tool results inside their storage directory 2026-06-30 16:39:41 -07:00
tool_search.py fix(tool-search): scope bridge catalog + dispatch to the session's toolsets 2026-05-29 02:04:12 -07:00
transcription_tools.py fix(windows): hide remaining backend console-flash legs missed on main 2026-06-28 10:19:21 -05:00
tts_tool.py fix(windows): hide remaining backend console-flash legs missed on main 2026-06-28 10:19:21 -05:00
url_safety.py fix(browser): narrow credential-query denylist to unambiguous names 2026-07-01 05:04:41 -07:00
video_generation_tool.py feat(xai): Imagine public-URL storage, chaining & video edit/extend 2026-06-29 21:11:58 -07:00
vision_tools.py fix(security): close SSRF redirect-guard bypass across all httpx download hooks 2026-07-01 01:18:53 -07:00
voice_mode.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
web_tools.py fix(browser): harden browser tool safety boundaries 2026-07-01 05:04:41 -07:00
website_policy.py chore(web): remove web_crawl tool + provider crawl plumbing (#33824) 2026-05-28 04:52:42 -07:00
write_approval.py fix(memory,skills): repair write-approval inline prompt, gateway staging, and gateway /skills review (#43452) 2026-06-10 02:57:15 -07:00
x_search_tool.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
xai_http.py feat(xai): Imagine public-URL storage, chaining & video edit/extend 2026-06-29 21:11:58 -07:00
xai_video_tools.py feat(xai): Imagine public-URL storage, chaining & video edit/extend 2026-06-29 21:11:58 -07:00
yuanbao_tools.py Fix unsafe gateway media path delivery 2026-05-23 01:40:35 -07:00