mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-12 13:52:15 +00:00
Two correctness gaps surfaced in the review thread (texasich) that survived the prior rounds: - GOOGLE_API_KEY was warn-only while GEMINI_API_KEY was fail-closed, despite both authenticating the same generativelanguage LLM endpoint (auth.py treats them as interchangeable). An operator with only GOOGLE_API_KEY set + fail_on_uncovered_providers got false coverage. Added it to _LLM_SPECIFIC_NON_BEARER_PROVIDERS. - write_proxy_config / write_mappings chmod'd AFTER os.replace, leaving the token-bearing files briefly world-readable under a slack umask (the 0o700 state dir mitigates but same-uid race remained). chmod the temp file BEFORE the atomic replace, matching the CA-key write path. Tests: assert GOOGLE_API_KEY in blocked tier; assert proxy.yaml + mappings.json land at 0o600. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| iron_proxy.py | ||