mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-27 11:22:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/agent/pet
History
Brooklyn Nicholson 6afeea2bea harden(pets): host-pin asset downloads + sanitize slug paths 
install_pet now refuses spritesheet/pet.json URLs that aren't on a petdex
host (matching thumbnail_png's existing _is_petdex_host guard), so a
spoofed manifest can't redirect a download at an arbitrary host. Slugs
are normalized to a single path segment before indexing into pets_dir(),
closing a path-traversal vector in load_pet/remove_pet/install_pet.
2026-06-23 19:13:08 -05:00
..
__init__.py feat(pets): pet engine + display.pet config 2026-06-20 14:18:30 -05:00
constants.py feat(pets): pet engine + display.pet config 2026-06-20 14:18:30 -05:00
manifest.py feat(pets): pet engine + display.pet config 2026-06-20 14:18:30 -05:00
render.py feat(pets): pet engine + display.pet config 2026-06-20 14:18:30 -05:00
state.py feat(pets): pet engine + display.pet config 2026-06-20 14:18:30 -05:00
store.py harden(pets): host-pin asset downloads + sanitize slug paths 2026-06-23 19:13:08 -05:00