hermes-agent

mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-04 02:21:47 +00:00

History

Teknium 2c7c30be69 fix(security): harden terminal safety and sandbox file writes (#1653 ) * fix(security): harden terminal safety and sandbox file writes Two security improvements: 1. Dangerous command detection: expand shell -c pattern to catch combined flags (bash -lc, bash -ic, ksh -c) that were previously undetected. Pattern changed from matching only 'bash -c' to matching any shell invocation with -c anywhere in the flags. 2. File write sandboxing: add HERMES_WRITE_SAFE_ROOT env var that constrains all write_file/patch operations to a configured directory tree. Opt-in — when unset, behavior is unchanged. Useful for gateway/messaging deployments that should only touch a workspace. Based on PR #1085 by ismoilh. * fix: correct "POSIDEON" typo to "POSEIDON" in banner ASCII art The poseidon skin's banner_logo had the E and I letters swapped, spelling "POSIDEON-AGENT" instead of "POSEIDON-AGENT". --------- Co-authored-by: ismoilh <ismoilh@users.noreply.github.com> Co-authored-by: unmodeled-tyler <unmodeled.tyler@proton.me>		2026-03-17 02:22:12 -07:00
..
__init__.py	chore: release v0.3.0 (v2026.3.17)	2026-03-17 00:38:48 -07:00
auth.py	feat(provider): add OpenCode Zen and OpenCode Go providers	2026-03-17 02:02:43 -07:00
banner.py	fix(cli): non-blocking startup update check and banner deduplication	2026-03-14 21:45:50 -07:00
callbacks.py	refactor(cli): implement approval locking mechanism to serialize concurrent requests	2026-03-13 23:59:18 -07:00
checklist.py	fix: skip hanging tests + add global test timeout	2026-03-12 01:23:28 -07:00
claw.py	fix(claw): warn when API keys are skipped during OpenClaw migration (#1580 )	2026-03-17 02:10:36 -07:00
clipboard.py	fix: clean up empty file after failed wl-paste clipboard extraction	2026-03-11 02:56:19 -07:00
codex_models.py	fix: add codex forward-compat model listing	2026-03-13 21:34:01 -07:00
colors.py	Cleanup time!	2026-02-20 23:23:32 -08:00
commands.py	feat: add /tools disable/enable/list slash commands with session reset (#1652 )	2026-03-17 02:05:26 -07:00
config.py	feat: add NeuTTS optional skill + local TTS provider backend	2026-03-17 02:13:34 -07:00
cron.py	docs: clarify gateway service scopes (#1378 )	2026-03-14 21:17:41 -07:00
curses_ui.py	refactor: extract shared curses checklist, fix skill discovery perf	2026-03-11 03:06:15 -07:00
default_soul.py	feat: seed a default global SOUL.md	2026-03-14 08:05:30 -07:00
doctor.py	feat: add Vercel AI Gateway provider (#1628 )	2026-03-17 00:12:16 -07:00
env_loader.py	fix(config): reload .env over stale shell overrides	2026-03-15 06:46:28 -07:00
gateway.py	fix(gateway): Recover stale service state	2026-03-17 11:05:28 +08:00
main.py	feat: add /tools disable/enable/list slash commands with session reset (#1652 )	2026-03-17 02:05:26 -07:00
models.py	feat(provider): add OpenCode Zen and OpenCode Go providers	2026-03-17 02:02:43 -07:00
pairing.py	Cleanup time!	2026-02-20 23:23:32 -08:00
plugins.py	feat: first-class plugin architecture (#1555 )	2026-03-16 07:17:36 -07:00
runtime_provider.py	refactor: tie api_mode to provider config instead of env var (#1656 )	2026-03-17 02:13:26 -07:00
setup.py	feat(provider): add OpenCode Zen and OpenCode Go providers	2026-03-17 02:02:43 -07:00
skills_config.py	fix: wire email platform into toolset mappings + add documentation	2026-03-11 06:34:32 -07:00
skills_hub.py	fix: add --yes flag to bypass confirmation in /skills install and uninstall (#1647 )	2026-03-17 01:59:07 -07:00
skin_engine.py	fix(security): harden terminal safety and sandbox file writes (#1653 )	2026-03-17 02:22:12 -07:00
status.py	feat(gateway): scope systemd service name to HERMES_HOME	2026-03-16 04:42:46 -07:00
tools_config.py	feat: add /tools disable/enable/list slash commands with session reset (#1652 )	2026-03-17 02:05:26 -07:00
uninstall.py	feat(gateway): scope systemd service name to HERMES_HOME	2026-03-16 04:42:46 -07:00