hermes-agent/tools
srojk34 9ae17b8ac5 security(vision): route local-file inputs through the shared credential-read guard
video_analyze_tool's local-path branch read raw bytes via
_detect_video_mime_type (extension-only, no magic-byte check) with no
call to agent.file_safety.raise_if_read_blocked, unlike the image-gen
and video-gen provider plugins that already route local inputs through
that shared chokepoint (#57698). A model could point video_url at a
credential store (e.g. .env, auth.json) renamed or symlinked to a
video-like extension and have its raw bytes base64-encoded and sent to
the vision provider.

vision_analyze_tool and its native fast path (_vision_analyze_native)
had the same gap in their local-file branches; they were only
incidentally protected by the image magic-byte sniff rejecting
non-image content, not by the intended read guard.

Add raise_if_read_blocked() to all three local-file branches, mirroring
the existing plugins/image_gen and plugins/video_gen call sites.
2026-07-05 00:47:54 -07:00
..
computer_use Fix computer-use crash on X11 windows with null PID 2026-07-04 02:37:33 -07:00
environments Revert "Merge pull request #30179 from NousResearch/feat/iron-proxy" 2026-07-04 13:38:59 -07:00
neutts_samples
__init__.py
ansi_strip.py
approval.py
async_delegation.py fix(cli): reliable interrupts, bounded exit, and exit feedback (#57000) 2026-07-02 04:20:43 -07:00
binary_extensions.py
blueprints.py
browser_camofox.py fix(browser): block Camofox input on private pages 2026-07-03 03:27:47 -07:00
browser_camofox_state.py
browser_cdp_tool.py fix(browser): apply private-page guard to browser_cdp frame_id routing 2026-07-03 03:27:47 -07:00
browser_dialog_tool.py
browser_supervisor.py
browser_tool.py fix(browser): guard Camofox eval private pages 2026-07-02 13:10:30 +05:30
budget_config.py
checkpoint_manager.py
clarify_gateway.py
clarify_tool.py
close_terminal_tool.py fix(config): accept 'on' as truthy for env flags via shared env_var_enabled helper 2026-07-02 03:00:59 -07:00
code_execution_tool.py
computer_use_tool.py
credential_files.py fix(vision): unified image-source resolver + terminal-backend confinement 2026-07-04 15:30:50 -07:00
cronjob_tools.py
daemon_pool.py fix(cli): reliable interrupts, bounded exit, and exit feedback (#57000) 2026-07-02 04:20:43 -07:00
debug_helpers.py
delegate_tool.py fix(security): remove model-controlled delegate ACP transport 2026-07-03 03:27:47 -07:00
discord_tool.py
env_passthrough.py
env_probe.py
fal_common.py
feishu_doc_tool.py
feishu_drive_tool.py
file_operations.py
file_state.py
file_tools.py fix(file-tools): preserve container paths for docker file ops (#56637) 2026-07-03 14:18:20 +10:00
fuzzy_match.py
homeassistant_tool.py
image_generation_tool.py
image_source.py security(vision): route local-file inputs through the shared credential-read guard 2026-07-05 00:47:54 -07:00
interrupt.py
kanban_tools.py feat(kanban): route notifications via owning profile + wake creator agent 2026-07-02 00:05:48 +05:30
lazy_deps.py fix(update): skip unsupported Matrix refresh on Windows 2026-07-04 13:40:59 -07:00
managed_tool_gateway.py
mcp_oauth.py refactor(mcp): DRY the non-interactive OAuth guard + positive-control test 2026-07-04 14:10:33 +05:30
mcp_oauth_manager.py
mcp_tool.py feat(mcp): first-class MCP tab — catalog, GUI auth/probe/logs, per-tool gating 2026-07-03 05:08:28 -05:00
memory_tool.py
microsoft_graph_auth.py
microsoft_graph_client.py
neutts_synth.py
openrouter_client.py
osv_check.py
patch_parser.py
path_security.py
process_registry.py
project_tools.py
read_extract.py
read_terminal_tool.py fix(config): accept 'on' as truthy for env flags via shared env_var_enabled helper 2026-07-02 03:00:59 -07:00
registry.py
schema_sanitizer.py
send_message_tool.py
session_search_tool.py
skill_manager_tool.py
skill_provenance.py
skill_usage.py
skills_ast_audit.py
skills_guard.py
skills_hub.py fix(skills): retry rate-limited Contents API directory listings 2026-07-04 15:15:31 -07:00
skills_sync.py
skills_tool.py
slash_confirm.py
terminal_tool.py refactor(ssh): extract shared _is_ssh_remote_tilde_cwd predicate 2026-07-04 14:17:11 +05:30
thread_context.py
threat_patterns.py
tirith_security.py
todo_tool.py
tool_backend_helpers.py
tool_output_limits.py
tool_result_storage.py
tool_search.py
transcription_tools.py
tts_tool.py fix(tts): coerce direct-only OpenAI model on the managed audio gateway 2026-07-03 05:30:16 -05:00
url_safety.py
video_generation_tool.py
vision_tools.py security(vision): route local-file inputs through the shared credential-read guard 2026-07-05 00:47:54 -07:00
voice_mode.py
web_tools.py refactor(web_tools): single registry authority for custom-provider availability 2026-07-03 20:14:27 +05:30
website_policy.py fix(website-policy): key blocklist cache on the real default config path 2026-07-04 15:08:49 -07:00
write_approval.py
x_search_tool.py
xai_http.py
xai_video_tools.py
yuanbao_tools.py