hermes-agent/website/docs
entropidelic 989b950fbc fix(security): enforce API_SERVER_KEY for non-loopback binding
Add is_network_accessible() helper using Python's ipaddress module to
robustly classify bind addresses (IPv4/IPv6 loopback, wildcards,
mapped addresses, hostname resolution with DNS-failure-fails-closed).

The API server connect() now refuses to start when the bind address is
network-accessible and no API_SERVER_KEY is set, preventing RCE from
other machines on the network.

Co-authored-by: entropidelic <entropidelic@users.noreply.github.com>
2026-04-10 16:51:44 -07:00
..
developer-guide fix: complete Weixin platform parity audit — 16 missing integration points 2026-04-10 05:54:37 -07:00
getting-started fix(termux): improve status and install UX 2026-04-09 16:24:53 -07:00
guides fix: complete Weixin platform parity audit — 16 missing integration points 2026-04-10 05:54:37 -07:00
integrations fix: complete Weixin platform parity audit — 16 missing integration points 2026-04-10 05:54:37 -07:00
reference fix(security): enforce API_SERVER_KEY for non-loopback binding 2026-04-10 16:51:44 -07:00
user-guide fix(security): enforce API_SERVER_KEY for non-loopback binding 2026-04-10 16:51:44 -07:00
index.md fix(bluebubbles): add missing integration points and documentation (#6460) 2026-04-09 00:19:05 -07:00