mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-01 01:51:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
hermes-agent/agent
History
Teknium 8c3935ebe8
fix: is_local_endpoint misses Docker/Podman DNS names (#7950) 
* fix(tools): neutralize shell injection in _write_to_sandbox via path quoting

_write_to_sandbox interpolated storage_dir and remote_path directly into
a shell command passed to env.execute(). Paths containing shell
metacharacters (spaces, semicolons, $(), backticks) could trigger
arbitrary command execution inside the sandbox.

Fix: wrap both paths with shlex.quote(). Clean paths (alphanumeric +
slashes/hyphens/dots) are left unmodified by shlex.quote, so existing
behavior is unchanged. Paths with unsafe characters get single-quoted.

Tests added for spaces, $(command) substitution, and semicolon injection.

* fix: is_local_endpoint misses Docker/Podman DNS names

host.docker.internal, host.containers.internal, gateway.docker.internal,
and host.lima.internal are well-known DNS names that container runtimes
use to resolve the host machine. Users running Ollama on the host with
the agent in Docker/Podman hit the default 120s stream timeout instead
of the bumped 1800s because these hostnames weren't recognized as local.

Add _CONTAINER_LOCAL_SUFFIXES tuple and suffix check in
is_local_endpoint(). Tests cover all three runtime families plus a
negative case for domains that merely contain the suffix as a substring.
2026-04-11 14:46:18 -07:00
..
__init__.py Refactor Terminal and AIAgent cleanup 2026-02-21 22:31:43 -08:00
anthropic_adapter.py fix: align MiniMax provider with official API docs 2026-04-11 01:04:41 -07:00
auxiliary_client.py refactor(auxiliary): config.yaml takes priority over env vars for aux task settings (#7889) 2026-04-11 11:21:59 -07:00
context_compressor.py fix: robust context engine interface — config selection, plugin discovery, ABC completeness 2026-04-10 19:15:50 -07:00
context_engine.py fix: robust context engine interface — config selection, plugin discovery, ABC completeness 2026-04-10 19:15:50 -07:00
context_references.py fix(agent): preserve quoted @file references with spaces 2026-04-10 13:05:01 -07:00
copilot_acp_client.py fix: bridge tool-calls in copilot-acp adapter 2026-04-06 01:47:57 -07:00
credential_pool.py fix(auth): make 'auth remove' for claude_code prevent re-seeding 2026-04-10 05:19:21 -07:00
display.py refactor: extract shared helpers to deduplicate repeated code patterns (#7917) 2026-04-11 13:59:52 -07:00
error_classifier.py fix: add Alibaba/DashScope rate-limit pattern to error classifier 2026-04-10 05:52:45 -07:00
insights.py fix: remove 115 verified dead code symbols across 46 production files 2026-04-10 03:44:43 -07:00
manual_compression_feedback.py fix(gateway): make manual compression feedback truthful 2026-04-10 21:16:53 -07:00
memory_manager.py fix: remove 115 verified dead code symbols across 46 production files 2026-04-10 03:44:43 -07:00
memory_provider.py refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821) 2026-04-07 10:25:31 -07:00
model_metadata.py fix: is_local_endpoint misses Docker/Podman DNS names (#7950) 2026-04-11 14:46:18 -07:00
models_dev.py feat(xiaomi): add Xiaomi MiMo as first-class provider 2026-04-11 11:17:52 -07:00
prompt_builder.py refactor: extract shared helpers to deduplicate repeated code patterns (#7917) 2026-04-11 13:59:52 -07:00
prompt_caching.py fix(prompt-caching): skip top-level cache_control on role:tool for OpenRouter 2026-03-21 16:54:43 -07:00
rate_limit_tracker.py fix: UTF-8 config encoding, pairing hint, credential_pool key, header normalization (#7174) 2026-04-10 05:33:48 -07:00
redact.py fix: mem0 API v2 compat, prefetch context fencing, secret redaction (#5423) 2026-04-05 22:43:33 -07:00
retry_utils.py feat(agent): add jittered retry backoff 2026-04-08 00:41:36 -07:00
skill_commands.py fix: prevent zombie processes, redact cron stderr, skip symlinks in skill enumeration 2026-04-11 02:03:20 -07:00
skill_utils.py refactor: extract shared helpers to deduplicate repeated code patterns (#7917) 2026-04-11 13:59:52 -07:00
smart_model_routing.py fix: UTF-8 config encoding, pairing hint, credential_pool key, header normalization (#7174) 2026-04-10 05:33:48 -07:00
subdirectory_hints.py fix(agent): catch PermissionError in subdirectory hint discovery 2026-04-09 03:10:30 -07:00
title_generator.py feat(agent): configurable timeouts for auxiliary LLM calls via config.yaml (#3597) 2026-03-28 14:35:28 -07:00
trajectory.py Refactor Terminal and AIAgent cleanup 2026-02-21 22:31:43 -08:00
usage_pricing.py fix: remove 115 verified dead code symbols across 46 production files 2026-04-10 03:44:43 -07:00