mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-15 14:22:43 +00:00
`hermes debug share` printed a privacy notice and then uploaded the report to a public paste service in the same breath — the user never got to say yes or no. Add a consent gate: an interactive [y/N] prompt, a --yes/-y flag to skip it, and a hard refusal (exit 1) in non-interactive contexts (no TTY on stdin) so debug data can't be exposed silently in scripts/CI. - New _confirm_upload() helper gates the actual upload after the notice. - Applied to BOTH upload paths: the public paste.rs path and the --nous Nous-S3 path (the latter is a sibling site the original PR missed). - The /debug slash command passes yes=True (typing /debug is itself the consent action, and input() would hang inside prompt_toolkit). - Rewrote the privacy notice for accuracy: secrets (API keys/tokens/ passwords) ARE force-redacted before upload; PII (display name, platform user ID, verbatim message content, filesystem paths) is NOT, and that URL is public. Fixes #22016. Co-authored-by: liuhao1024 <liuhao1024@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| _shared.py | ||
| acp.py | ||
| auth.py | ||
| backup.py | ||
| claw.py | ||
| config.py | ||
| cron.py | ||
| dashboard.py | ||
| debug.py | ||
| doctor.py | ||
| dump.py | ||
| gateway.py | ||
| gui.py | ||
| hooks.py | ||
| import_cmd.py | ||
| insights.py | ||
| login.py | ||
| logout.py | ||
| logs.py | ||
| mcp.py | ||
| memory.py | ||
| model.py | ||
| pairing.py | ||
| plugins.py | ||
| postinstall.py | ||
| profile.py | ||
| prompt_size.py | ||
| security.py | ||
| setup.py | ||
| skills.py | ||
| slack.py | ||
| status.py | ||
| tools.py | ||
| uninstall.py | ||
| update.py | ||
| version.py | ||
| webhook.py | ||
| whatsapp.py | ||