Teknium 771b8c4a36 test(conftest): plug every gateway-kill leak path (#23486) ... The existing _live_system_guard (PR #23397) blocked os.kill / os.killpg and a narrow subset of subprocess invocations. Tests still SIGTERMed the live gateway today (May 10) because the guard had structural holes. Plug them all: - subprocess: also wrap getoutput, getstatusoutput - os.system, os.popen - completely unwrapped before - pty.spawn - completely unwrapped before - asyncio.create_subprocess_exec / create_subprocess_shell - bypassed the subprocess module entirely; now wrapped - Subprocess command inspection now looks at the WHOLE command string, not just tokens[0]. Catches sudo systemctl, env systemctl, bash -c 'systemctl', setsid systemctl, /usr/bin/systemctl, etc. - New process-killer block: pkill / killall / taskkill / fuser targeting hermes/python patterns is now refused - os.kill PID 0 (own group) allowed; PID -1 (every process we can signal) refused - subprocess.Popen wrapper preserves __class_getitem__ so third-party packages that use Popen[bytes] as a type annotation still import Coverage is locked in by tests/test_live_system_guard_self_test.py - exercises every primitive against a guaranteed-foreign PID and asserts the guard fires. Adding a new kill primitive without updating the guard breaks CI. scripts/run_tests.sh now also force-loads ~/.hermes/pytest_live_guard.py when present (developer-machine convenience), so even worktrees that predate this commit get the protection on subsequent test runs through the canonical wrapper.		2026-05-10 18:55:28 -07:00
..
lib	feat: lazy bootstrap node	2026-04-16 10:47:37 -05:00
whatsapp-bridge	fix(whatsapp): reject strangers by default, never respond in self-chat (#8389) (#21291)	2026-05-07 06:53:04 -07:00
benchmark_browser_eval.py	perf(browser): route browser_console eval through supervisor's persistent CDP WS (180x faster) (#23226)	2026-05-10 07:37:55 -07:00
build_model_catalog.py	codebase: add encoding='utf-8' to all bare open() calls (PLW1514)	2026-05-08 14:27:40 -07:00
build_skills_index.py	codebase: add encoding='utf-8' to all bare open() calls (PLW1514)	2026-05-08 14:27:40 -07:00
check-windows-footguns.py	feat(cross-platform): psutil for PID/process management + Windows footgun checker	2026-05-08 14:27:40 -07:00
contributor_audit.py	codebase: add encoding='utf-8' to all bare open() calls (PLW1514)	2026-05-08 14:27:40 -07:00
discord-voice-doctor.py	codebase: add encoding='utf-8' to all bare open() calls (PLW1514)	2026-05-08 14:27:40 -07:00
hermes-gateway	fix: prevent systemd restart storm on gateway connection failure	2026-03-21 09:26:39 -07:00
install.cmd	feat: Windows native support via Git Bash	2026-03-02 22:03:29 -08:00
install.ps1	fix(install.ps1): strip UTF-8 BOM that broke [scriptblock]::Create	2026-05-08 14:27:40 -07:00
install.sh	fix(install): also patch psutil on Termux fresh-install path	2026-05-09 17:53:15 -07:00
install_psutil_android.py	fix(install): also patch psutil on Termux fresh-install path	2026-05-09 17:53:15 -07:00
keystroke_diagnostic.py	docs: add Windows-Specific Quirks section to hermes-agent skill + keystroke diagnostic	2026-05-08 14:27:40 -07:00
kill_modal.sh	refactor: replace swe-rex with native Modal SDK for Modal backend (#3538)	2026-03-28 11:21:44 -07:00
lint_diff.py	feat(ci): add typecheck (warnings only in CI)	2026-05-06 10:58:12 -04:00
profile-tui.py	feat(cross-platform): psutil for PID/process management + Windows footgun checker	2026-05-08 14:27:40 -07:00
release.py	chore: AUTHOR_MAP entry for rahimsais	2026-05-10 18:09:31 -07:00
run_tests.sh	test(conftest): plug every gateway-kill leak path (#23486)	2026-05-10 18:55:28 -07:00
sample_and_compress.py	refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)	2026-04-07 10:25:31 -07:00
setup_open_webui.sh	docs: add Open WebUI bootstrap script	2026-05-05 14:12:09 -07:00