hermes-agent/agent
Taylor H. Perkins 5c4c0e9d9b feat(secrets): add 1Password (op://) secret source
Resolve provider credentials from 1Password op://vault/item/field references
at startup via the official `op` CLI, alongside the existing Bitwarden source.
Users map env-var names to references in secrets.onepassword.env; after .env
loads, each is resolved with `op read` and injected into os.environ. Auth is
whatever `op` already uses (service-account token or desktop/interactive
session) — Hermes never authenticates or installs `op` itself.

Startup-safe and fail-open: a missing binary, expired auth, a bad reference,
or an empty value each warn and fall back to existing credentials, never
blocking startup. Successful, complete pulls are cached in-process and on disk
(<hermes_home>/cache/op_cache.json, 0600) via the shared DiskCache; only
secret values are stored, never the token (auth is fingerprinted into the
key). Adds `hermes secrets onepassword {setup,status,set,remove,sync,disable}`
(aliases op/1password), config defaults, the cli-config example, docs, and
hermetic tests.

Hardening applied across both backends in env_loader: each source runs in its
own guard, config sections are coerced to dict, and cache_ttl_seconds is
coerced defensively — so a malformed secrets: section can't abort startup.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-06 04:58:07 -07:00
..
lsp fix: remove dead f-string prefixes via ruff F541 (216 sites) (#52336) 2026-07-05 13:42:46 -07:00
pet fix: remove dead f-string prefixes via ruff F541 (216 sites) (#52336) 2026-07-05 13:42:46 -07:00
secret_sources feat(secrets): add 1Password (op://) secret source 2026-07-06 04:58:07 -07:00
transports feat(mcp): adopt mcp__server__tool naming convention 2026-07-05 13:40:21 -07:00
__init__.py
account_usage.py
agent_init.py perf: cut first-turn time-to-first-token by ~80% (all platforms) (#59332) 2026-07-05 21:37:33 -07:00
agent_runtime_helpers.py fix(agent): drop empty tool_calls arrays in pre-API sanitizer (#58755) 2026-07-05 21:36:37 -07:00
anthropic_adapter.py fix: complete OAuth-UA salvage follow-up (stale comment + test keychain isolation) 2026-07-04 15:16:13 +05:30
async_utils.py
auxiliary_client.py refactor(auxiliary): fold main_runtime custom-endpoint reuse into the shared client-build path 2026-07-05 19:23:26 -07:00
azure_identity_adapter.py
background_review.py fix(background-review): guard summarize against list-shaped tool responses (#59437) 2026-07-06 03:28:30 -07:00
bedrock_adapter.py
billing_view.py
bounded_response.py fix(agents): bound streaming error-response body reads 2026-07-05 14:00:20 -07:00
browser_provider.py
browser_registry.py
chat_completion_helpers.py fix(poolside): handle integer finish_reason and tool_call id 2026-07-04 15:44:50 -07:00
codex_responses_adapter.py fix(codex): route commentary-phase preamble text to reasoning channel (fixes #41293) 2026-07-05 06:29:45 -07:00
codex_runtime.py fix(codex): stream commentary deltas through the reasoning channel 2026-07-05 06:29:45 -07:00
coding_context.py feat(agent): add configurable coding_instructions 2026-06-30 00:59:59 -05:00
context_breakdown.py feat(desktop): add context usage breakdown popover 2026-06-29 09:18:10 -04:00
context_compressor.py fix(compressor): keep a user turn when compression would drop the last one 2026-07-05 21:41:44 +05:30
context_engine.py fix(context): clamp -1 post-compression sentinel in sibling status paths 2026-07-01 13:36:50 +05:30
context_references.py fix(security): anchor @file context refs to canonical read deny-list 2026-07-01 02:43:49 -07:00
conversation_compression.py refactor(compression): reuse _fresh_compaction_message_copy in user-turn guard 2026-07-04 21:04:27 +05:30
conversation_loop.py chore(providers): remove dead cloudcode-pa quota-fallback branches (#51489) 2026-07-05 13:44:33 -07:00
copilot_acp_client.py fix(agent): stream copilot ACP chat completions 2026-06-28 22:52:51 -07:00
credential_persistence.py feat(auth): make xAI Grok OAuth device-code-only, drop loopback login 2026-07-02 13:17:41 -07:00
credential_pool.py fix(auth): remove stale loopback_pkce reference in xAI quarantine removal list 2026-07-02 13:17:41 -07:00
credential_sources.py feat(auth): make xAI Grok OAuth device-code-only, drop loopback login 2026-07-02 13:17:41 -07:00
credits_tracker.py
curator.py fix(curator): never archive cron-referenced skills + floor use=0 pruning (#54443) 2026-06-28 15:10:21 -07:00
curator_backup.py fix: remove dead f-string prefixes via ruff F541 (216 sites) (#52336) 2026-07-05 13:42:46 -07:00
display.py feat(display): friendly human-phrased tool labels for built-in tools (#55166) 2026-06-29 20:31:17 -07:00
error_classifier.py fix(error-classifier): retry HTTP 408 as timeout instead of aborting as format_error 2026-07-06 01:56:09 -07:00
errors.py
file_safety.py fix(image-gen): route local-input credential guard through one shared chokepoint + cover xai (#57698) 2026-07-03 18:47:53 +05:30
gemini_native_adapter.py fix(agents): bound streaming error-response body reads 2026-07-05 14:00:20 -07:00
gemini_schema.py
i18n.py
image_gen_provider.py
image_gen_registry.py
image_routing.py Guard native image routing with file safety 2026-07-05 03:15:03 -07:00
insights.py
iteration_budget.py
jiter_preload.py
learn_prompt.py fix(learn): honor requirements mixed with sources in /learn requests (#55956) 2026-06-30 16:56:01 -07:00
learning_graph.py fix(learning_graph): guard non-dict metadata so /journey can't crash 2026-07-01 16:25:48 -05:00
learning_graph_render.py fix: cover remaining GNU-only %-d strftime site in learning graph render 2026-07-05 00:59:35 -07:00
learning_mutations.py refactor(journey): route memory mutations through MemoryStore atomic I/O 2026-06-30 15:16:21 -05:00
lmstudio_reasoning.py
manual_compression_feedback.py
markdown_tables.py
memory_manager.py fix(cli): reliable interrupts, bounded exit, and exit feedback (#57000) 2026-07-02 04:20:43 -07:00
memory_provider.py
message_content.py
message_sanitization.py
moa_loop.py fix(moa): apply prompt-caching decoration to the aggregator's one-shot synthesis call 2026-07-04 20:59:02 +05:30
moa_trace.py fix(moa): capture streamed aggregator output into full-turn traces (#56312) 2026-07-01 04:07:46 -07:00
model_metadata.py perf: cut first-turn time-to-first-token by ~80% (all platforms) (#59332) 2026-07-05 21:37:33 -07:00
models_dev.py
moonshot_schema.py
nous_rate_guard.py
onboarding.py fix(config): close unreadable-overwrite bug class at a single chokepoint 2026-07-05 23:00:34 +05:30
oneshot.py
plugin_llm.py
portal_tags.py
process_bootstrap.py fix(agent): apply pool-level keepalive to the process_bootstrap sibling builder 2026-07-05 03:14:55 -07:00
prompt_builder.py fix(agent): limit .hermes.md parent walk to git repos only 2026-06-28 20:46:32 -07:00
prompt_caching.py fix(prompt-caching): align _can_carry_marker with last-part-dict marking 2026-07-04 13:54:27 +05:30
rate_limit_tracker.py
reasoning_timeouts.py
redact.py fix(redact): skip env-lookup exception for JSON/YAML config field redaction 2026-07-05 13:58:19 -07:00
replay_cleanup.py fix(tui): sanitize replay history on WebUI/TUI session resume (#29086) (#53939) 2026-06-27 20:56:49 -07:00
retry_utils.py
runtime_cwd.py
secret_scope.py
shell_hooks.py feat(hooks): spill oversized hook-injected context to disk (#20468) 2026-07-05 13:51:26 -07:00
skill_bundles.py fix(gateway): apply platform-disabled skill gate to bundle invocations (#59156) 2026-07-05 14:48:11 -07:00
skill_commands.py fix(skills): apply disabled-skill gate to CLI/TUI preloaded skills 2026-07-06 02:43:37 -07:00
skill_preprocessing.py fix(windows): hide console-window flash on backend git/gh/wmic/bash subprocess spawns 2026-06-28 05:28:45 -07:00
skill_utils.py fix(curator): protect external skills from background curation 2026-06-25 22:03:02 -07:00
ssl_guard.py
ssl_verify.py fix(agent): honor custom CA certs on aux client + harden TLS resolution 2026-07-02 04:51:56 +05:30
stream_diag.py
subdirectory_hints.py fix(subdirectory_hints): catch RuntimeError from Path.expanduser() 2026-07-01 04:55:15 -07:00
system_prompt.py
think_scrubber.py
thinking_timeout_guidance.py
thread_scoped_output.py fix(bg-review): scope stdout/stderr silencing to the worker thread (#55966) 2026-06-30 17:28:33 -07:00
title_generator.py fix(title_generator): strip think blocks from LLM output before extracting title 2026-07-01 04:18:48 -07:00
tool_dispatch_helpers.py fix(agent): wrap list-type untrusted content in untrusted_tool_result 2026-07-01 02:44:09 -07:00
tool_executor.py Revert "Merge pull request #58698 from kshitijk4poor/feat/pre-tool-call-approve-escalation" 2026-07-06 02:36:52 +05:30
tool_guardrails.py
tool_result_classification.py
trajectory.py
transcription_provider.py
transcription_registry.py
tts_provider.py
tts_registry.py
turn_context.py perf: cut first-turn time-to-first-token by ~80% (all platforms) (#59332) 2026-07-05 21:37:33 -07:00
turn_finalizer.py fix(agent): persist recovered final responses 2026-07-01 03:34:49 -07:00
turn_retry_state.py feat(vertex): add Google Vertex AI provider for Gemini (OAuth2) 2026-07-01 05:25:33 -07:00
usage_pricing.py fix(usage): capture reasoning_tokens from completion_tokens_details on chat_completions (#57340) 2026-07-02 13:52:42 -07:00
verification_evidence.py
verification_stop.py feat(agent): restore surface-aware "auto" default for verify_on_stop 2026-06-30 01:43:08 -05:00
verify_hooks.py feat(agent): add pre_verify hook and verify-on-stop coding guidance 2026-06-30 00:59:29 -05:00
vertex_adapter.py security(vertex): route credential/project/region resolution through the profile secret scope 2026-07-02 06:07:56 +05:30
video_gen_provider.py
video_gen_registry.py
web_search_provider.py fix(web): widen config-aware env resolution to exa/parallel/tavily/brave-free providers 2026-07-06 02:42:24 -07:00
web_search_registry.py fix(web): correct 'disabled plugin' diagnosis for web backends (#59573) 2026-07-06 04:38:17 -07:00