mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-29 01:31:41 +00:00
4cb6735541
* fix: prevent infinite 400 failure loop on context overflow (#1630) When a gateway session exceeds the model's context window, Anthropic may return a generic 400 invalid_request_error with just 'Error' as the message. This bypassed the phrase-based context-length detection, causing the agent to treat it as a non-retryable client error. Worse, the failed user message was still persisted to the transcript, making the session even larger on each attempt — creating an infinite loop. Three-layer fix: 1. run_agent.py — Fallback heuristic: when a 400 error has a very short generic message AND the session is large (>40% of context or >80 messages), treat it as a probable context overflow and trigger compression instead of aborting. 2. run_agent.py + gateway/run.py — Don't persist failed messages: when the agent returns failed=True before generating any response, skip writing the user's message to the transcript/DB. This prevents the session from growing on each failure. 3. gateway/run.py — Smarter error messages: detect context-overflow failures and suggest /compact or /reset specifically, instead of a generic 'try again' that will fail identically. * fix(skills): detect prompt injection patterns and block cache file reads Adds two security layers to prevent prompt injection via skills hub cache files (#1558): 1. read_file: blocks direct reads of ~/.hermes/skills/.hub/ directory (index-cache, catalog files). The 3.5MB clawhub_catalog_v1.json was the original injection vector — untrusted skill descriptions in the catalog contained adversarial text that the model executed. 2. skill_view: warns when skills are loaded from outside the trusted ~/.hermes/skills/ directory, and detects common injection patterns in skill content ("ignore previous instructions", "<system>", etc.). Cherry-picked from PR #1562 by ygd58. * fix(tools): chunk long messages in send_message_tool before dispatch (#1552) Long messages sent via send_message tool or cron delivery silently failed when exceeding platform limits. Gateway adapters handle this via truncate_message(), but the standalone senders in send_message_tool bypassed that entirely. - Apply truncate_message() chunking in _send_to_platform() before dispatching to individual platform senders - Remove naive message[i:i+2000] character split in _send_discord() in favor of centralized smart splitting - Attach media files to last chunk only for Telegram - Add regression tests for chunking and media placement Cherry-picked from PR #1557 by llbn. * fix(approval): show full command in dangerous command approval (#1553) Previously the command was truncated to 80 chars in CLI (with a [v]iew full option), 500 chars in Discord embeds, and missing entirely in Telegram/Slack approval messages. Now the full command is always displayed everywhere: - CLI: removed 80-char truncation and [v]iew full menu option - Gateway (TG/Slack): approval_required message includes full command in a code block - Discord: embed shows full command up to 4096-char limit - Windows: skip SIGALRM-based test timeout (Unix-only) - Updated tests: replaced view-flow tests with direct approval tests Cherry-picked from PR #1566 by crazywriter1. --------- Co-authored-by: buray <ygd58@users.noreply.github.com> Co-authored-by: lbn <llbn@users.noreply.github.com> Co-authored-by: crazywriter1 <53251494+crazywriter1@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| acp | ||
| agent | ||
| cron | ||
| fakes | ||
| gateway | ||
| hermes_cli | ||
| honcho_integration | ||
| integration | ||
| skills | ||
| tools | ||
| __init__.py | ||
| conftest.py | ||
| run_interrupt_test.py | ||
| test_413_compression.py | ||
| test_860_dedup.py | ||
| test_1630_context_overflow_loop.py | ||
| test_agent_loop.py | ||
| test_agent_loop_tool_calling.py | ||
| test_agent_loop_vllm.py | ||
| test_anthropic_adapter.py | ||
| test_anthropic_error_handling.py | ||
| test_anthropic_oauth_flow.py | ||
| test_anthropic_provider_persistence.py | ||
| test_api_key_providers.py | ||
| test_atomic_json_write.py | ||
| test_atomic_yaml_write.py | ||
| test_auth_codex_provider.py | ||
| test_auth_nous_provider.py | ||
| test_auxiliary_config_bridge.py | ||
| test_batch_runner_checkpoint.py | ||
| test_cli_approval_ui.py | ||
| test_cli_init.py | ||
| test_cli_interrupt_subagent.py | ||
| test_cli_loading_indicator.py | ||
| test_cli_mcp_config_watch.py | ||
| test_cli_model_command.py | ||
| test_cli_new_session.py | ||
| test_cli_plan_command.py | ||
| test_cli_prefix_matching.py | ||
| test_cli_preloaded_skills.py | ||
| test_cli_provider_resolution.py | ||
| test_cli_retry.py | ||
| test_cli_secret_capture.py | ||
| test_cli_skin_integration.py | ||
| test_cli_status_bar.py | ||
| test_codex_execution_paths.py | ||
| test_codex_models.py | ||
| test_context_token_tracking.py | ||
| test_dict_tool_call_args.py | ||
| test_display.py | ||
| test_evidence_store.py | ||
| test_external_credential_detection.py | ||
| test_fallback_model.py | ||
| test_file_permissions.py | ||
| test_flush_memories_codex.py | ||
| test_hermes_state.py | ||
| test_honcho_client_config.py | ||
| test_insights.py | ||
| test_interactive_interrupt.py | ||
| test_interrupt_propagation.py | ||
| test_managed_server_tool_support.py | ||
| test_minisweagent_path.py | ||
| test_model_provider_persistence.py | ||
| test_model_tools.py | ||
| test_openai_client_lifecycle.py | ||
| test_personality_none.py | ||
| test_plugins.py | ||
| test_provider_parity.py | ||
| test_quick_commands.py | ||
| test_real_interrupt_subagent.py | ||
| test_reasoning_command.py | ||
| test_redirect_stdout_issue.py | ||
| test_resume_display.py | ||
| test_run_agent.py | ||
| test_run_agent_codex_responses.py | ||
| test_runtime_provider_resolution.py | ||
| test_setup_model_selection.py | ||
| test_streaming.py | ||
| test_timezone.py | ||
| test_tool_call_parsers.py | ||
| test_toolset_distributions.py | ||
| test_toolsets.py | ||
| test_trajectory_compressor.py | ||
| test_worktree.py | ||
| test_worktree_security.py | ||