hermes-agent/plugins
Teknium 2ecca1e7d3
fix(windows): capture is not a no-window boundary; route flashing spawns through chokepoint (#53829)
Follow-up to #53791 addressing review feedback: the footgun checker treated
capture_output=/stdout=/stderr=/check_output as proof a subprocess can't pop a
Windows console. That invariant is false — stream redirection controls where a
child's output goes, not whether a console is allocated. From a console-less
parent (Desktop/Electron, pythonw.exe, detached gateway/cron) a console-subsystem
child still flashes a window even when fully captured.

- check-windows-footguns.py: capture/redirect/check_output is no longer a blanket
  safe-pass. Added _WINDOWS_FLASHING_PROGRAMS (git/gh/npm/node/python/uv/ffmpeg/
  docker/powershell/…); calls to those are flagged even when captured. Non-flashing
  programs keep the capture exemption (no 271-site noise). _subprocess_compat.run/
  popen calls are inherently safe (wrapper injects CREATE_NO_WINDOW).
- Routed the 35 genuine flashing git/gh/npm/uv/ffmpeg/docker spawns through the
  _subprocess_compat.run/popen chokepoint (Brooklyn's wrapper from #53810) — the
  durable fix, not per-site annotations. cmd.exe /c start stays # ok (intentional).
- Updated tests + CONTRIBUTING.md rule #17 to the corrected invariant.
2026-06-27 14:49:41 -07:00
..
browser fix: guard int(os.getenv()) casts against malformed env vars (#40598) 2026-06-07 06:14:24 -07:00
context_engine feat(context-engine): host contract for external context engines 2026-05-28 01:45:30 -07:00
cron_providers fix(cron): avoid provider package shadowing core cron 2026-06-23 23:39:22 -07:00
dashboard_auth fix(dashboard-auth): follow redirects on self-hosted OIDC discovery (#53399) 2026-06-27 14:14:51 +10:00
disk-cleanup 🐛 fix(disk-cleanup): avoid brittle sweep review issues 2026-06-15 05:25:27 -07:00
google_meet fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
hermes-achievements revert(plugins): restore user dashboard plugin backend API auto-import (#43719) (#51950) 2026-06-24 07:46:54 -07:00
image_gen fix shape 2026-06-25 12:38:33 -07:00
kanban fix(security): sanitize kanban markdown html 2026-06-21 13:10:17 -07:00
memory fix(windows): capture is not a no-window boundary; route flashing spawns through chokepoint (#53829) 2026-06-27 14:49:41 -07:00
model-providers feat: add reasoning_effort support to ollama-cloud provider 2026-06-23 11:51:43 -07:00
observability fix(langfuse): bound _TRACE_STATE growth from non-finalizing turns 2026-06-18 12:59:41 +05:30
platforms fix(windows): capture is not a no-window boundary; route flashing spawns through chokepoint (#53829) 2026-06-27 14:49:41 -07:00
security-guidance plugins: add security-guidance — pattern-matched warnings on dangerous code writes (#33131) 2026-05-27 02:07:21 -07:00
spotify chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
teams_pipeline chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
video_gen fix(plugins): thread-safe lazy-singleton helpers; fix honcho TOCTOU (#24759) (#42150) 2026-06-08 09:35:22 -07:00
web fix(ddgs): bound DuckDuckGo search with a wall-clock timeout (#36776) 2026-06-25 01:45:06 +05:30
__init__.py feat(memory): pluggable memory provider interface with profile isolation, review fixes, and honcho CLI restoration (#4623) 2026-04-02 15:33:51 -07:00
plugin_utils.py fix(plugins): thread-safe lazy-singleton helpers; fix honcho TOCTOU (#24759) (#42150) 2026-06-08 09:35:22 -07:00