Eugeniusz Gilewski 8845f3316c fix(security): restrict dashboard plugin backend import to bundled plugins (#43719) ... Defense-in-depth for the dashboard plugin auto-import path. The web server auto-imports and mounts the Python backend (dashboard/manifest.json -> api file) of plugins found in ~/.hermes/plugins/ (user) and ./.hermes/plugins/ (project), not just bundled plugins. So any plugin that reaches one of those dirs gets arbitrary Python executed on the next dashboard start. NOTE ON THREAT MODEL: #43719's originally-documented delivery chain (a public --insecure dashboard + open API used to git clone a malicious repo into ~/.hermes/plugins/) is ALREADY mitigated on main — since the June 2026 hermes-0day hardening, a non-loopback bind ALWAYS requires an auth provider and --insecure no longer bypasses the auth gate. This change is therefore NOT closing that (now-authenticated) network path; it removes the residual 'arbitrary code executes merely because a plugin is on disk' hazard, which still applies when a plugin arrives by other means: a socially-engineered git clone, a supply-chain drop, an authenticated-but-malicious actor, or a future regression in the auth gate. Untrusted on-disk code should not auto-execute. Restrict dashboard backend Python auto-import to BUNDLED plugins only. User and project plugins may still extend the dashboard UI via static JS/CSS, but their api Python file is never auto-imported. Two layers: _discover_dashboard_plugins scrubs api/_api_file for user/project sources (and bundled wins name conflicts so a non-bundled plugin cannot shadow a trusted backend route); _mount_plugin_api_routes re-refuses user/project at mount time. Tightens the prior GHSA-5qr3-c538-wm9j / #29156 hardening (bundled+user) to bundled-only. Salvaged from #44472 (@egilewski) onto current main.		2026-06-22 17:51:37 +05:30
..
features	fix(security): restrict dashboard plugin backend import to bundled plugins (#43719)	2026-06-22 17:51:37 +05:30
messaging	Make email pairing opt-in	2026-06-21 22:43:57 -07:00
secrets	feat(secrets/bitwarden): EU Cloud + self-hosted server URL support (#31378)	2026-05-24 02:19:57 -07:00
skills	feat(providers): remove google-gemini-cli + google-antigravity OAuth providers (#50492)	2026-06-21 19:53:27 -07:00
_category_.json	feat: add documentation website (Docusaurus)	2026-03-05 05:24:55 -08:00
checkpoints-and-rollback.md	feat(checkpoints): v2 single-store rewrite with real pruning + disk guardrails (#20709)	2026-05-06 05:44:35 -07:00
cli.md	docs: deep audit — registry drift, stale claims, 2-week PR coverage, dashboard screenshot (#40952)	2026-06-07 01:39:06 -07:00
configuration.md	Make email pairing opt-in	2026-06-21 22:43:57 -07:00
configuring-models.md	fix(cli): warn when in-session model switch will preflight-compress	2026-06-21 16:29:31 +05:30
desktop.md	docs: sync documentation with current implementation	2026-06-20 23:23:47 -07:00
docker.md	fix(docker): replace dashboard --insecure with basic-auth provider	2026-06-21 19:05:27 -07:00
git-worktrees.md	docs: deep audit — registry drift, stale claims, 2-week PR coverage, dashboard screenshot (#40952)	2026-06-07 01:39:06 -07:00
managed-scope.md	docs: add managed scope admin guide + cross-link from configuration	2026-06-19 07:46:33 -07:00
multi-profile-gateways.md	docs(gateway): document multiplexing opt-in + contract changes	2026-06-19 07:34:15 -07:00
profile-distributions.md	Expand .gitignore example	2026-06-20 20:42:49 -07:00
profiles.md	fix: make profile subprocess HOME policy explicit	2026-06-14 03:20:21 -07:00
security.md	Make email pairing opt-in	2026-06-21 22:43:57 -07:00
sessions.md	docs: fix session recap image baseUrl	2026-05-29 12:06:22 -07:00
tui.md	docs(tui): correct HERMES_TUI_GATEWAY_URL — dashboard-internal, not remote-attach (#42162)	2026-06-08 09:37:03 -07:00
windows-native.md	docs(windows): correct native data dir to %LOCALAPPDATA%\hermes (#42856)	2026-06-09 14:11:20 -05:00
windows-wsl-quickstart.md	fix(docs): update all install instructions everywhere	2026-06-04 21:07:45 -04:00