mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-01 12:02:05 +00:00
The Keys page only rendered env vars present in a catalog (OPTIONAL_ENV_VARS or the provider catalog); any other key a user set in .env was invisible, and there was no way to add an arbitrary env var from the GUI (e.g. to inject a var a skill or MCP server needs). Backend: GET /api/env now also emits a row for every on-disk .env key that isn't in any catalog, flagged category="custom" + custom=true and password-masked (an unrecognised key could hold anything, so it's redacted and reveal-gated like any secret). Channel-managed credentials stay excluded. The write (PUT /api/env) and reveal (POST /api/env/reveal) paths already handle arbitrary keys, with the existing env-name guard + denylist (PATH, LD_PRELOAD, PYTHONPATH, …) enforced server-side — no new write surface. Frontend: a new "Custom Keys" section lists those custom rows and carries an add-a-key form (client-side name validation mirroring the backend regex; the new row reuses the normal edit/save flow, so on save it round-trips back from the backend as a durable custom row). i18n added for en + zh + types. Tests: behavior-contract coverage that an unknown .env key surfaces as a masked custom row and a catalogued key does not — verified to fail on the pre-fix backend.
61 lines
2.5 KiB
Python
61 lines
2.5 KiB
Python
"""GET /api/env surfaces arbitrary/custom .env keys (not just catalogued ones).
|
|
|
|
The dashboard Keys page previously rendered only keys present in a catalog
|
|
(``OPTIONAL_ENV_VARS`` or the provider catalog); any other key the user had set
|
|
in ``.env`` was invisible. This asserts the behavior contract that an
|
|
unrecognised on-disk key is surfaced as a ``custom`` row — set, redacted, and
|
|
password-masked — so the page can list and manage it, while a catalogued key is
|
|
NOT mislabelled custom.
|
|
"""
|
|
|
|
from fastapi.testclient import TestClient
|
|
|
|
import hermes_cli.web_server as web_server
|
|
from hermes_cli.web_server import _SESSION_TOKEN, app
|
|
|
|
client = TestClient(app)
|
|
HEADERS = {"X-Hermes-Session-Token": _SESSION_TOKEN}
|
|
|
|
|
|
def _env_rows(monkeypatch, env_on_disk):
|
|
"""Drive GET /api/env with a controlled on-disk env mapping."""
|
|
monkeypatch.setattr(web_server, "load_env", lambda: dict(env_on_disk))
|
|
# Channel-managed key detection reads real config; force empty so the test
|
|
# is hermetic and the custom-key path is exercised directly.
|
|
monkeypatch.setattr(web_server, "_channel_managed_env_keys", lambda: set())
|
|
resp = client.get("/api/env", headers=HEADERS)
|
|
assert resp.status_code == 200
|
|
return resp.json()
|
|
|
|
|
|
def test_unknown_env_key_surfaces_as_custom(monkeypatch):
|
|
rows = _env_rows(monkeypatch, {"MY_CUSTOM_THING": "s3cret-value"})
|
|
assert "MY_CUSTOM_THING" in rows, "unknown .env key not surfaced by /api/env"
|
|
row = rows["MY_CUSTOM_THING"]
|
|
assert row["custom"] is True
|
|
assert row["category"] == "custom"
|
|
assert row["is_set"] is True
|
|
|
|
|
|
def test_custom_key_is_password_masked(monkeypatch):
|
|
"""A custom key could hold anything → treated as a secret (redacted)."""
|
|
rows = _env_rows(monkeypatch, {"MY_CUSTOM_THING": "s3cret-value"})
|
|
row = rows["MY_CUSTOM_THING"]
|
|
assert row["is_password"] is True
|
|
# The raw value must never ride in the listing payload.
|
|
assert row["redacted_value"] != "s3cret-value"
|
|
assert "s3cret-value" not in str(row)
|
|
|
|
|
|
def test_catalogued_key_is_not_marked_custom(monkeypatch):
|
|
"""A key present in OPTIONAL_ENV_VARS keeps its real category, not custom."""
|
|
rows = _env_rows(monkeypatch, {"HONCHO_API_KEY": "abc123"})
|
|
row = rows["HONCHO_API_KEY"]
|
|
assert row.get("custom") is not True
|
|
assert row["category"] == "tool"
|
|
|
|
|
|
def test_every_row_has_custom_flag(monkeypatch):
|
|
"""The ``custom`` field is always present so the SPA can branch on it."""
|
|
rows = _env_rows(monkeypatch, {"MY_CUSTOM_THING": "x"})
|
|
assert all("custom" in row for row in rows.values())
|