mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-28 01:21:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/tools
History
0xbyt4 712aa44325 security: block secret exfiltration via browser URLs and auxiliary LLM calls 
Three exfiltration vectors closed:

1. Browser URL exfil — agent could embed secrets in URL params and
   navigate to attacker-controlled server. Now scans URLs for known
   API key patterns before navigating (browser_navigate, web_extract).

2. Browser snapshot leak — page displaying env vars or API keys would
   send secrets to auxiliary LLM via _extract_relevant_content before
   run_agent.py's redaction layer sees the result. Now redacts snapshot
   text before the auxiliary call.

3. Camofox annotation leak — accessibility tree text sent to vision
   LLM could contain secrets visible on screen. Now redacts annotation
   context before the vision call.

10 new tests covering URL blocking, snapshot redaction, and annotation
redaction for both browser and camofox backends.
2026-04-01 12:03:56 -07:00
..
browser_providers feat(browser): multi-provider cloud browser support + Browser Use integration 2026-03-17 00:16:34 -07:00
environments feat: mount skills directory into all remote backends with live sync (#3890) 2026-03-30 02:45:41 -07:00
neutts_samples refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow 2026-03-17 02:33:12 -07:00
__init__.py chore: remove all remaining mini-swe-agent references 2026-03-24 08:19:23 -07:00
ansi_strip.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
approval.py feat(approvals): make dangerous command approval timeout configurable (#3886) 2026-03-30 00:02:02 -07:00
browser_camofox.py security: block secret exfiltration via browser URLs and auxiliary LLM calls 2026-04-01 12:03:56 -07:00
browser_camofox_state.py feat(browser): add persistent Camofox sessions and VNC URL discovery (salvage #4400) (#4419) 2026-04-01 04:18:50 -07:00
browser_tool.py security: block secret exfiltration via browser URLs and auxiliary LLM calls 2026-04-01 12:03:56 -07:00
checkpoint_manager.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
clarify_tool.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
code_execution_tool.py fix(security): redact secrets from execute_code sandbox output 2026-03-31 18:52:11 -07:00
credential_files.py fix: apply same path traversal checks to config-based credential files 2026-03-31 12:16:37 -07:00
cronjob_tools.py feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847) 2026-03-29 21:29:13 -07:00
debug_helpers.py refactor: consolidate debug logging across tools with shared DebugSession class 2026-02-21 03:53:24 -08:00
delegate_tool.py fix: report subagent status as completed when summary exists (#3829) 2026-03-29 18:21:36 -07:00
env_passthrough.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
file_operations.py fix(security): protect .docker, .azure, and .config/gh from read and write 2026-03-31 12:47:10 -07:00
file_tools.py fix(file_tools): refresh staleness timestamp after writes (#4390) 2026-04-01 00:50:08 -07:00
fuzzy_match.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
homeassistant_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
honcho_tools.py fix(banner): show honcho tools as available when configured (#3810) 2026-03-29 15:55:05 -07:00
image_generation_tool.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
interrupt.py feat: enhance interrupt handling and container resource configuration 2026-02-23 02:11:33 -08:00
mcp_oauth.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
mcp_tool.py feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812) 2026-03-29 15:52:54 -07:00
memory_tool.py fix: cap percentage displays at 100% in stats, gateway, and memory tool (#3599) 2026-03-28 14:55:18 -07:00
mixture_of_agents_tool.py fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449) 2026-03-27 15:28:19 -07:00
neutts_synth.py fix(tts): document NeuTTS provider and align install guidance (#1903) 2026-03-18 02:55:30 -07:00
openrouter_client.py refactor: route ad-hoc LLM consumers through centralized provider router 2026-03-11 20:02:36 -07:00
patch_parser.py fix: handle addition-only hunks in V4A patch parser (#3325) 2026-03-26 19:38:04 -07:00
process_registry.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
registry.py feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812) 2026-03-29 15:52:54 -07:00
rl_training_tool.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
send_message_tool.py feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847) 2026-03-29 21:29:13 -07:00
session_search_tool.py fix: session_search fallback preview on summarization failure (salvage #3413) (#3478) 2026-03-27 21:27:51 -07:00
skill_manager_tool.py feat(skills): size limits for agent writes + fuzzy matching for patch (#4414) 2026-04-01 04:19:19 -07:00
skills_guard.py fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449) 2026-03-27 15:28:19 -07:00
skills_hub.py feat(skills): size limits for agent writes + fuzzy matching for patch (#4414) 2026-04-01 04:19:19 -07:00
skills_sync.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00
skills_tool.py feat(skills): support external skill directories via config (#3678) 2026-03-29 00:33:30 -07:00
terminal_tool.py fix: make display_hermes_home imports lazy to prevent ImportError during hermes update (#3776) 2026-03-29 15:15:17 -07:00
tirith_security.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
todo_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
transcription_tools.py add .aac audio file format support to transcription tool (#3865) 2026-03-29 21:27:03 -07:00
tts_tool.py fix: make display_hermes_home imports lazy to prevent ImportError during hermes update (#3776) 2026-03-29 15:15:17 -07:00
url_safety.py fix(security): add SSRF protection to vision_tools and web_tools (hardened) 2026-03-23 15:40:42 -07:00
vision_tools.py fix: background task media delivery + vision download timeout (#3919) 2026-03-30 02:59:39 -07:00
voice_mode.py fix: allow voice mode in WSL when PulseAudio bridge is configured 2026-03-31 12:13:33 -07:00
web_tools.py security: block secret exfiltration via browser URLs and auxiliary LLM calls 2026-04-01 12:03:56 -07:00
website_policy.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00