mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-04 02:21:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/tools
History
Teknium 42c076d349
feat(browser): auto-spawn local Chromium for LAN/localhost URLs in cloud mode (#16136) 
When a cloud browser provider (Browserbase / Browser-Use / Firecrawl) is
configured, browser_navigate now transparently spawns a local Chromium
sidecar for URLs whose host resolves to a private/loopback/LAN address
(localhost, 127.0.0.1, 192.168.x.x, 10.x.x.x, *.local, *.lan, *.internal,
::1, 169.254.x.x). Public URLs continue to use the cloud provider in the
same conversation.

Previously, setting BROWSERBASE_API_KEY / cloud_provider: browserbase
pinned the whole tool to cloud for the process — localhost URLs were
either SSRF-blocked (default) or sent to Browserbase (where they 404'd
because the cloud can't reach your LAN). Users who wanted 'cloud for
public, local for localhost' had no way to express it short of toggling
providers mid-session.

Implementation uses a composite session key scheme: the bare task_id
serves the cloud session, and a '{task_id}::local' sidecar serves the
local Chromium. _last_active_session_key[task_id] tracks which of the
two served the most recent nav so snapshot/click/fill/etc. hit the
correct one. cleanup_browser(bare_task_id) reaps both.

Feature is on by default. Opt out via:
  browser:
    auto_local_for_private_urls: false

The cloud provider never sees private URLs. Post-redirect SSRF guard
is preserved: redirects from public onto private addresses still block.
2026-04-26 09:57:58 -07:00
..
browser_providers feat: ungate Tool Gateway — subscription-based access with per-tool opt-in 2026-04-16 12:36:49 -07:00
environments fix(env): safely quote ~/ subpaths in wrapped cd commands 2026-04-24 15:25:12 -07:00
neutts_samples
__init__.py
ansi_strip.py
approval.py feat(approval): hardline blocklist for unrecoverable commands (#15878) 2026-04-25 22:07:12 -07:00
binary_extensions.py
browser_camofox.py refactor: remove remaining redundant local imports (comprehensive sweep) 2026-04-21 00:50:58 -07:00
browser_camofox_state.py
browser_cdp_tool.py fix: sanitize tool schemas for llama.cpp backends; restore MCP in TUI (#15032) 2026-04-24 02:44:46 -07:00
browser_dialog_tool.py feat(browser): CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540) 2026-04-23 22:23:37 -07:00
browser_supervisor.py feat(browser): CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540) 2026-04-23 22:23:37 -07:00
browser_tool.py feat(browser): auto-spawn local Chromium for LAN/localhost URLs in cloud mode (#16136) 2026-04-26 09:57:58 -07:00
budget_config.py
checkpoint_manager.py refactor: remove redundant local imports already available at module level 2026-04-21 00:50:58 -07:00
clarify_tool.py
code_execution_tool.py fix(tools): restrict RPC socket permissions to owner-only 2026-04-22 17:27:18 -07:00
credential_files.py
cronjob_tools.py fix(cron): wire context_from through the update action 2026-04-25 04:49:28 -07:00
debug_helpers.py
delegate_tool.py fix(delegate): resolve subagent approval prompts without deadlocking parent TUI (#15491) 2026-04-24 22:37:22 -07:00
discord_tool.py feat(discord): split discord_server into discord + discord_admin tools 2026-04-25 04:50:14 -07:00
env_passthrough.py fix(env_passthrough): reject Hermes provider credentials from skill passthrough (#13523) 2026-04-21 06:14:25 -07:00
feishu_doc_tool.py fix(feishu-comment): use get_hermes_home(); drop dead asyncio wrapper; AUTHOR_MAP 2026-04-17 19:04:11 -07:00
feishu_drive_tool.py fix(feishu-comment): use get_hermes_home(); drop dead asyncio wrapper; AUTHOR_MAP 2026-04-17 19:04:11 -07:00
file_operations.py feat(skills): add design-md skill for Google's DESIGN.md spec (#14876) 2026-04-23 21:51:19 -07:00
file_state.py feat(delegate): cross-agent file state coordination for concurrent subagents (#13718) 2026-04-21 16:41:26 -07:00
file_tools.py fix(file_tools): resolve bookkeeping paths against live terminal cwd 2026-04-23 15:11:52 -07:00
fuzzy_match.py fix(patch): gate 'did you mean?' to no-match + extend to v4a/skill_manage 2026-04-21 02:03:46 -07:00
homeassistant_tool.py
image_generation_tool.py fix(image-gen): force-refresh plugin providers in long-lived sessions 2026-04-23 03:01:18 -07:00
interrupt.py fix(interrupt): propagate to concurrent-tool workers + opt-in debug trace (#11907) 2026-04-17 20:39:25 -07:00
managed_tool_gateway.py
mcp_oauth.py fix(mcp-oauth): preserve server_url path for protected-resource validation (#16031) 2026-04-26 05:43:54 -07:00
mcp_oauth_manager.py fix(mcp-oauth): preserve server_url path for protected-resource validation (#16031) 2026-04-26 05:43:54 -07:00
mcp_tool.py fix(mcp): auto-reconnect + retry once when the transport session expires (#13383) 2026-04-24 05:28:45 -07:00
memory_tool.py
mixture_of_agents_tool.py Fix (mixture_of_agents): replace deprecated Gemini model and forward max_tokens to OpenRouter (#6621) 2026-04-23 15:14:11 -07:00
neutts_synth.py
openrouter_client.py
osv_check.py
patch_parser.py fix(patch): gate 'did you mean?' to no-match + extend to v4a/skill_manage 2026-04-21 02:03:46 -07:00
path_security.py
process_registry.py chore: extend [SYSTEM:→[IMPORTANT: rename + AUTHOR_MAP 2026-04-26 08:44:58 -07:00
registry.py
rl_training_tool.py
schema_sanitizer.py fix: sanitize tool schemas for llama.cpp backends; restore MCP in TUI (#15032) 2026-04-24 02:44:46 -07:00
send_message_tool.py refactor: remove remaining redundant local imports (comprehensive sweep) 2026-04-21 00:50:58 -07:00
session_search_tool.py fix(aux): add session_search extra_body and concurrency controls 2026-04-20 00:47:39 -07:00
skill_manager_tool.py feat(skills-guard): gate agent-created scanner on config.skills.guard_agent_created (default off) 2026-04-23 06:20:47 -07:00
skills_guard.py feat(skills-guard): gate agent-created scanner on config.skills.guard_agent_created (default off) 2026-04-23 06:20:47 -07:00
skills_hub.py feat(skills): add MiniMax-AI/cli as default skill tap 2026-04-23 02:35:13 -07:00
skills_sync.py feat(skills_sync): surface collision with reset-hint 2026-04-23 05:09:08 -07:00
skills_tool.py fix(skills): drop raw_content to avoid doubling skill payload 2026-04-24 15:15:07 -07:00
terminal_tool.py fix(terminal): three-layer defense against watch_patterns notification spam (#15642) 2026-04-25 06:41:58 -07:00
tirith_security.py fix: guard against None tirith path in security scanner 2026-04-23 03:08:53 -07:00
todo_tool.py
tool_backend_helpers.py fix(fal): extend whitespace-only FAL_KEY handling to all call sites 2026-04-21 02:04:21 -07:00
tool_output_limits.py feat(skills): add design-md skill for Google's DESIGN.md spec (#14876) 2026-04-23 21:51:19 -07:00
tool_result_storage.py
transcription_tools.py fix(transcription): fall back to CPU when CUDA runtime libs are missing 2026-04-24 02:50:14 -07:00
tts_tool.py fix(tts): use per-provider input-character caps instead of global 4000 (#13743) 2026-04-21 17:49:39 -07:00
url_safety.py feat(security): add global toggle to allow private/internal URL resolution 2026-04-22 14:38:59 -07:00
vision_tools.py fix: vision tool respects auxiliary.vision.temperature from config (#4661) 2026-04-20 00:32:09 -07:00
voice_mode.py fix: point optional-dep install hints at the venv's python (#11938) 2026-04-17 21:16:33 -07:00
web_tools.py feat(web): support TAVILY_BASE_URL env var for custom proxy endpoints 2026-04-22 17:36:33 -07:00
website_policy.py
xai_http.py