mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-24 10:52:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/gateway/platforms
History
teknium1 7726ce3040 fix(security): close hermes-0day MCP-persistence attack surface 
Remove the dashboard --insecure auth-bypass, add an MCP persistence guard +
IOC blocklist, and raise the API-server key entropy floor.

Driven by the June 2026 hermes-0day campaign (r/hermesagent, live 854.media
instance): scanners find exposed Hermes dashboards/API servers, drive the
root agent to plant a 'command: bash' MCP entry that appends an attacker SSH
key to authorized_keys, which cron + startup then re-execute every tick.

- dashboard: --insecure no longer disables the auth gate. should_require_auth
  returns True for every non-loopback bind; a public bind ALWAYS requires an
  auth provider (bundled password provider or OAuth). --insecure kept as a
  warned no-op for backward compat. Fail-closed error now points at the
  password provider, not at --insecure.
- mcp_security: validate_mcp_server_entry now also rejects shell payloads that
  write to OS persistence surfaces (authorized_keys/.ssh/pam.d/sudoers/cron/
  rc files) and hard-rejects a hermes-0day IOC blocklist (attacker SSH key +
  source IPs) anywhere in command/args/env. Runs at save AND spawn time.
- api_server: raise network-bind API_SERVER_KEY entropy floor 8->16 chars;
  warn when a network-accessible API server runs an unsandboxed local backend.
2026-06-21 19:05:27 -07:00
..
qqbot fix(qqbot): stop 100% CPU spin when WebSocket is closed but not None (#31193, #31771) (#40574) 2026-06-06 18:44:44 -07:00
__init__.py perf(gateway): defer QQAdapter and YuanbaoAdapter imports via PEP 562 (#22790) 2026-05-09 13:17:48 -07:00
_http_client_limits.py fix(gateway): tighten httpx keepalive and close whatsapp typing-response leak (#18451) 2026-05-02 02:23:37 -07:00
ADDING_A_PLATFORM.md feat(whatsapp): add WhatsApp Business Cloud API adapter 2026-05-23 01:07:01 -04:00
api_server.py fix(security): close hermes-0day MCP-persistence attack surface 2026-06-21 19:05:27 -07:00
base.py feat(gateway): typed send-error classification (SendResult.error_kind) (#50342) 2026-06-21 12:34:22 -07:00
bluebubbles.py refactor(bluebubbles): simplify mention-gating helpers 2026-06-01 18:52:05 -07:00
helpers.py fix(gateway): preserve underscores in plain-text identifiers 2026-05-16 23:11:43 -07:00
msgraph_webhook.py fix(security): require source CIDR allowlisting for public msgraph webhook binds 2026-05-28 01:26:18 -07:00
signal.py fix(signal): FIFO-evict the quote-detection timestamp cache 2026-06-20 21:00:46 +05:30
signal_format.py fix(signal): share markdown formatting across send paths 2026-06-20 13:47:14 +05:30
signal_rate_limit.py feat(gateway/signal): add support for multiple images sending 2026-04-30 04:28:08 -07:00
webhook.py feat(gateway): multiplex phase 1 — HTTP-inbound /p/<profile>/ routing (webhook) 2026-06-19 07:34:15 -07:00
weixin.py fix(weixin): add rate-limit circuit breaker 2026-06-07 22:10:17 -07:00
whatsapp_cloud.py fix(whatsapp-cloud): review follow-ups for #43921 2026-06-11 07:51:01 -07:00
whatsapp_common.py fix(whatsapp): resolve bridge dir with HERMES_HOME mirror in Docker 2026-06-20 17:05:27 -07:00
yuanbao.py feat(Yuanbao): support wechat forward msg (#43508) 2026-06-12 02:06:47 -07:00
yuanbao_media.py chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937) 2026-05-11 11:13:25 -07:00
yuanbao_proto.py feat(Yuanbao): support wechat forward msg (#43508) 2026-06-12 02:06:47 -07:00
yuanbao_sticker.py yuanbao platform (#16298) 2026-04-26 18:50:49 -07:00