mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-30 06:41:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
hermes-agent/website
History
m0n3r0 f378f00bfb fix(feishu): validate verification token before reflecting url_verification challenge 
When FEISHU_VERIFICATION_TOKEN is configured, an unauthenticated remote
could previously prove endpoint control by sending a url_verification
payload with any attacker-controlled challenge string — the handler
reflected the challenge BEFORE running the token check.

Move the verification_token check ahead of the url_verification echo so
the challenge response is gated on a valid token. Add a regression test
covering the wrong-token case. Also fix the stale
test_connect_webhook_mode_starts_local_server fixture to set
FEISHU_VERIFICATION_TOKEN (post #30746 webhook mode requires a secret).

Salvaged from PR #29663 by @m0n3r0 — kept the url_verification reorder
and its regression test; dropped the host-conditional weakening of the
#30746 secret guard (we want webhook secrets required regardless of
bind host, not only on 0.0.0.0/::).

Docs updated to call out the gating.

Co-authored-by: teknium1 <127238744+teknium1@users.noreply.github.com>
2026-05-24 04:51:19 -07:00
..
docs fix(feishu): validate verification token before reflecting url_verification challenge 2026-05-24 04:51:19 -07:00
i18n feat(kanban): warn users that scratch workspaces are deleted on completion (#30949) 2026-05-23 11:27:00 -07:00
scripts fix(docs): unique sidebar keys for duplicate skill categories (#26726) 2026-05-15 20:29:20 -07:00
src docs(user-stories): add 116 stories from the Hermes Discord archive (#23436) 2026-05-10 15:21:40 -07:00
static rebuild model catalog 2026-05-11 09:54:31 -07:00
.gitignore docs: publish llms.txt and llms-full.txt for agent-friendly ingestion (#18276) 2026-04-30 23:17:14 -07:00
docusaurus.config.ts docs: add Korean Kanban documentation 2026-05-18 21:42:13 -07:00
package-lock.json chore(deps): bump mermaid from 11.13.0 to 11.15.0 in /website (#24011) 2026-05-19 09:19:06 -04:00
package.json feat(profile): shareable profile distributions via git (#20831) 2026-05-08 10:04:32 -07:00
README.md docs: replace ASCII diagrams with Mermaid/lists, add linting note 2026-03-21 17:58:30 -07:00
sidebars.ts docs: dedicated Nous Portal integration page and setup guide (#31296) 2026-05-23 21:07:58 -07:00
tsconfig.json feat: add documentation website (Docusaurus) 2026-03-05 05:24:55 -08:00

README.md

Website

This website is built using Docusaurus, a modern static website generator.

Installation

yarn

Local Development

yarn start

This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.

Build

yarn build

This command generates static content into the build directory and can be served using any static contents hosting service.

Deployment

Using SSH:

USE_SSH=true yarn deploy

Not using SSH:

GIT_USER=<Your GitHub username> yarn deploy

If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the gh-pages branch.

Diagram Linting

CI runs ascii-guard to lint docs for ASCII box diagrams. Use Mermaid (````mermaid`) or plain lists/tables instead of ASCII boxes to avoid CI failures.