mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-30 06:41:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
hermes-agent/website/docs/reference
History
Teknium 7ab1677362
feat(security): on-demand supply-chain audit via OSV.dev (#31460) 
Adds 'hermes security audit' — a one-shot vulnerability scan against
OSV.dev covering three surfaces a Hermes user actually controls:

  1. The running Python's installed PyPI dists (importlib.metadata)
  2. Plugin requirements.txt / pyproject.toml pins under ~/.hermes/plugins/
  3. Pinned npx/uvx MCP servers in config.yaml

Zero new dependencies (stdlib urllib + importlib.metadata + tomllib +
concurrent.futures). No auth required for OSV's public batch API.

Flags: --json, --fail-on {low,moderate,high,critical} (default: critical),
       --skip-venv, --skip-plugins, --skip-mcp

Output groups findings by source, sorts by severity descending, surfaces
fixed-versions inline. Exit 1 when any finding meets the --fail-on tier.

Deliberately out of scope: globally-installed pip/npm, editor/browser
extensions, daily background scans, auto-blocking of installs. The audit
is on-demand by design — daily scans become noise the user trains
themselves to ignore.
2026-05-24 15:15:16 -07:00
..
_category_.json feat: add documentation website (Docusaurus) 2026-03-05 05:24:55 -08:00
cli-commands.md feat(security): on-demand supply-chain audit via OSV.dev (#31460) 2026-05-24 15:15:16 -07:00
environment-variables.md fix(provider): make config.yaml model.provider the single source of truth (#31222) 2026-05-23 18:18:41 -07:00
faq.md docs: deep audit — fix stale config keys, missing commands, and registry drift (#22784) 2026-05-09 13:19:51 -07:00
mcp-config-reference.md feat: add supports_parallel_tool_calls for MCP servers (#26825) 2026-05-16 01:04:28 -07:00
model-catalog.md feat(models): remote model catalog manifest for OpenRouter + Nous Portal (#16033) 2026-04-26 05:46:43 -07:00
optional-skills-catalog.md feat(skills): add osint-investigation optional skill (closes #355) (#26729) 2026-05-16 01:55:06 -07:00
profile-commands.md docs: comprehensive 2-week sweep of feature/PR coverage gaps (#28497) 2026-05-18 23:55:25 -07:00
skills-catalog.md chore(skills/baoyu-article-illustrator): tighten description, add platforms, regen docs 2026-05-18 18:28:56 -07:00
slash-commands.md feat: auto-launch Chromium-family browser for CDP 2026-05-19 22:34:05 -07:00
tools-reference.md docs: comprehensive 2-week sweep of feature/PR coverage gaps (#28497) 2026-05-18 23:55:25 -07:00
toolsets-reference.md docs: align kanban readiness docs and smoke tests 2026-05-18 21:07:03 -07:00