hermes-agent/agent/proxy_sources
teknium1 ae1bfa1806
fix(egress): close GOOGLE_API_KEY coverage gap + config/mappings write TOCTOU
Two correctness gaps surfaced in the review thread (texasich) that
survived the prior rounds:

- GOOGLE_API_KEY was warn-only while GEMINI_API_KEY was fail-closed,
  despite both authenticating the same generativelanguage LLM endpoint
  (auth.py treats them as interchangeable). An operator with only
  GOOGLE_API_KEY set + fail_on_uncovered_providers got false coverage.
  Added it to _LLM_SPECIFIC_NON_BEARER_PROVIDERS.
- write_proxy_config / write_mappings chmod'd AFTER os.replace, leaving
  the token-bearing files briefly world-readable under a slack umask
  (the 0o700 state dir mitigates but same-uid race remained). chmod the
  temp file BEFORE the atomic replace, matching the CA-key write path.

Tests: assert GOOGLE_API_KEY in blocked tier; assert proxy.yaml +
mappings.json land at 0o600.
2026-06-26 01:11:38 -07:00
..
__init__.py feat(egress): iron-proxy credential-injection firewall for sandboxes 2026-06-26 01:11:38 -07:00
iron_proxy.py fix(egress): close GOOGLE_API_KEY coverage gap + config/mappings write TOCTOU 2026-06-26 01:11:38 -07:00