hermes-agent/infographic
Teknium e5d22ab80d
fix(daytona): quote single-upload mkdir parent path (#54440)
* fix(daytona): quote single-upload mkdir parent path

The single-file _daytona_upload() path shelled out 'mkdir -p {parent}'
with the remote parent interpolated unquoted, so shell metacharacters in
the path could break the command or inject arbitrary commands into the
sandbox. The bulk-upload, bulk-download, and delete paths were already
hardened with shlex-quoting helpers; this single-upload path was missed.

Route it through the existing quoted_mkdir_command() helper and add a
regression test covering a path with shell metacharacters.

Reported by @Gutslabs (#3960); the original branch predated the
file_sync refactor, so the fix is re-applied to the current code path.

* docs(infographic): daytona quote-sync fix
2026-06-28 14:33:03 -07:00
..
43083-secret-redaction docs: add infographic for #43083 secret-redaction fix 2026-06-28 02:44:06 -07:00
53175-gateway-cleanup-off-loop docs: add infographic for #53175 gateway cleanup off-loop fix 2026-06-28 02:41:36 -07:00
atomic-env-snapshot-38249 docs: add infographic for #38249 atomic env-snapshot fix 2026-06-28 02:08:57 -07:00
auth-login-hint-fix fix(cli): correct stale hermes auth login nous hints to hermes auth add nous (#53929) 2026-06-27 21:30:37 -07:00
ci-file-timeout-300 test(ci): raise per-file timeout 140s → 300s to stop false timeouts (#54143) 2026-06-28 02:41:07 -07:00
clarify-expiry-32762 docs: add PR infographic for #32762 clarify-expiry fix 2026-06-28 01:07:53 -07:00
clarify-typed-replies docs: add infographic for clarify typed-replies fix 2026-06-28 04:13:19 -07:00
content-filter-fallback docs: add infographic for #32421 content-filter fallback fix 2026-06-28 01:15:21 -07:00
daytona-quote-sync fix(daytona): quote single-upload mkdir parent path (#54440) 2026-06-28 14:33:03 -07:00
discord-no-bot2bot docs(discord): document bot-to-bot comms as unsupported (#32791) (#54063) 2026-06-28 01:15:34 -07:00
docs-audit-3releases docs: reconcile docs with code across last 3 releases (#54254) 2026-06-28 12:47:50 -07:00
eager-fallback-transport docs(infographic): eager fallback on persistent transport failures 2026-06-27 19:12:21 -07:00
empty-400-unmasked docs: add infographic for #36109 empty-400 diagnostics 2026-06-28 02:05:20 -07:00
gateway-force-exit-53107 docs: add infographic for #53107 gateway force-exit fix 2026-06-28 02:34:23 -07:00
intent-ack-continuation fix(agent): config-driven intent-ack continuation for all api_modes (#27881) (#53943) 2026-06-27 20:46:00 -07:00
launchd-bootout-42006 docs: add infographic for #42006 launchd bootout fix 2026-06-28 04:17:13 -07:00
mcp-ws-discovery docs: add infographic for MCP WS discovery fix (#38945) 2026-06-28 04:14:12 -07:00
model-name-canon fix(config): canonicalize model.name/model.model to model.default (#34500) 2026-06-28 02:05:13 -07:00
model-picker-fixes docs(infographic): model picker fixes (#49129 + #51488) 2026-06-27 21:23:25 -07:00
partial-stream-recovery infographic: partial-stream recovery fix (salvage #41498) 2026-06-27 22:03:14 -07:00
pr-27539 docs: add PR infographic for config-defaults fix 2026-06-27 19:38:11 -07:00
pr-29285-provider-precedence docs: add infographic for provider-precedence fix (#29285) 2026-06-27 19:49:02 -07:00
pr-54028-pty-fd-leak fix(dashboard): close PTY WebSocket on child EOF to stop FD leak (#54028) (#54123) 2026-06-28 02:42:21 -07:00
redact-terminal-43025 fix(security): redact secrets in background process + foreground env-dump output (#43025) (#54149) 2026-06-28 02:44:21 -07:00
skills-sync-external-dirs docs(infographic): skill sync external_dirs shadow fix 2026-06-27 21:07:53 -07:00
standalone-plugin-policy docs: third-party-product plugins ship standalone, not into core tree (#54001) 2026-06-27 22:23:50 -07:00
state-db-fullfsync docs: add infographic for #30636 macOS state.db fix 2026-06-28 00:53:19 -07:00
telegram-send-path-35205 fix(telegram): clear send_path_degraded on successful reconnect (#35205) (#54076) 2026-06-28 01:38:17 -07:00
vision-any-provider fix(tools): let vision pick any provider+model, not just OpenRouter (#53606) 2026-06-27 04:41:42 -07:00
whatsapp-lid-session-fix docs: add infographic for #36664 WhatsApp LID session-path fix 2026-06-28 02:05:26 -07:00
whatsapp-send-queue infographic: whatsapp send-queue serialization (#33360) 2026-06-28 01:10:14 -07:00
windows-update-loop-52378 docs: add infographic for #52378 Windows update-loop salvage 2026-06-28 02:40:37 -07:00
readme-provider-trim.png docs(readme): trim provider list to a few names plus docs link (#54169) 2026-06-28 04:14:59 -07:00