mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-09 08:21:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
hermes-agent/plugins
History
Ray Sun 37561c214b fix(photon): use allowlisted device client_id + validate token before save 
Photon now allowlists registered device clients on the device-code
endpoint; the old client_id "hermes-agent" is rejected with
400 invalid_client, breaking the entire login flow. Switch to Photon's
published "photon-cli" device client and send the standard scope.

Also validate the device-flow token against /api/auth/get-session and
/api/projects/ before persisting it, and extract token candidates from
every response shape Photon has used (access_token, accessToken,
data.*, set-auth-token header) so a token that authenticates the
session lookup but is rejected by the project API fails loudly at
login instead of 404ing downstream.

Verified live: request_device_code() now returns 200 + a valid
user_code where "hermes-agent" returned 400 invalid_client.

Salvaged from #34467 by @yanxue06.
2026-06-08 15:52:33 -07:00
..
browser fix: guard int(os.getenv()) casts against malformed env vars (#40598) 2026-06-07 06:14:24 -07:00
context_engine feat(context-engine): host contract for external context engines 2026-05-28 01:45:30 -07:00
dashboard_auth fix(desktop): gate OAuth remote connect on AT-or-RT, not access token alone 2026-06-04 22:18:46 -07:00
disk-cleanup fix(cron): re-validate stale cron-output entries before deletion (#37721) 2026-06-04 07:52:04 -07:00
google_meet fix: reap zombie subprocesses in web_server action status and meet_bot cleanup 2026-06-07 21:50:57 -07:00
hermes-achievements fix(dashboard): sanction plugin WS/upload auth via SDK helpers (gated mode) 2026-06-03 16:59:36 -07:00
image_gen fix(image_gen): use gpt-5.5 for Codex image host 2026-06-06 19:31:51 -07:00
kanban docs(kanban): clarify orchestrator profile role in dashboard panel 2026-06-06 19:29:00 -07:00
memory fix(plugins): thread-safe lazy-singleton helpers; fix honcho TOCTOU (#24759) (#42150) 2026-06-08 09:35:22 -07:00
model-providers fix(vision): proactive downgrade for providers rejecting list-type tool content (#41072) 2026-06-07 21:50:57 -07:00
observability Merge pull request #40560 from kamonspecial/fix/langfuse-usage-sanitized-response 2026-06-08 15:04:37 -07:00
platforms fix(photon): use allowlisted device client_id + validate token before save 2026-06-08 15:52:33 -07:00
security-guidance plugins: add security-guidance — pattern-matched warnings on dangerous code writes (#33131) 2026-05-27 02:07:21 -07:00
spotify chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
teams_pipeline chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
video_gen fix(plugins): thread-safe lazy-singleton helpers; fix honcho TOCTOU (#24759) (#42150) 2026-06-08 09:35:22 -07:00
web fix(web): honor Hermes config-aware SEARXNG_URL lookup 2026-06-08 01:11:08 +05:30
__init__.py feat(memory): pluggable memory provider interface with profile isolation, review fixes, and honcho CLI restoration (#4623) 2026-04-02 15:33:51 -07:00
plugin_utils.py fix(plugins): thread-safe lazy-singleton helpers; fix honcho TOCTOU (#24759) (#42150) 2026-06-08 09:35:22 -07:00