mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-10 08:32:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
hermes-agent/scripts
History
Philip D'Souza 92dfd70d6a
fix(photon): production hardening for the gRPC-native iMessage channel (#42732) 
* fix(photon): override transitive CVEs in the sidecar deps

`npm audit` flagged 7 high-severity transitive CVEs (protobufjs code injection
GHSA-66ff-xgx4-vchm + outdated @opentelemetry OTLP exporters) pulled in via
spectrum-ts -> @photon-ai/otel. npm's suggested fix downgrades spectrum-ts to a
version that targets the decommissioned spectrum host, so instead pin patched
versions via `overrides` (protobufjs 8.6.1, @opentelemetry/* 0.218.0) without
touching spectrum-ts. `npm audit` -> 0; spectrum-ts + provider still import.

* fix(photon): harden the sidecar bridge + bound the dedup cache

- constant-time sidecar control-token comparison (was `!==`, timing-attackable).
- cap the control-channel request body (2 MiB) so a compromised local peer can't
  OOM the sidecar.
- wrap the inbound gRPC stream consumer in a re-subscribe loop with capped
  exponential backoff + jitter — if the async iterator throws/ends it would
  otherwise stop inbound forever (the adapter dedupes any replay).
- add an unhandledRejection handler so a stray rejection logs instead of killing
  the process.
- dedup cache (adapter) was a true bounded LRU only for expired entries; a burst
  of unique ids within the window grew it without limit. Evict oldest at the cap.

* chore: add AUTHOR_MAP entry for PhilipAD

---------

Co-authored-by: PhilipAD <philipadsouza@gmail.com>
2026-06-09 11:12:58 -04:00
..
lib fix(installer): symlink bundled node/npm into command bin dir for FHS root installs 2026-06-04 02:31:49 -07:00
tests fix(install.ps1): trim completion banner + strip em-dash in test 2026-05-16 22:55:12 -07:00
whatsapp-bridge Add Hermes desktop app (#20059) 2026-05-31 17:46:56 -05:00
analyze_livetest.py test(tool-search): add live A/B harness, drop checked-in transcripts 2026-05-29 02:04:12 -07:00
benchmark_browser_eval.py perf(browser): route browser_console eval through supervisor's persistent CDP WS (180x faster) (#23226) 2026-05-10 07:37:55 -07:00
build_model_catalog.py codebase: add encoding='utf-8' to all bare open() calls (PLW1514) 2026-05-08 14:27:40 -07:00
build_skills_index.py fix(skills-hub): stop shipping a degenerate index when GitHub taps collapse (#42347) 2026-06-08 15:21:28 -07:00
check-windows-footguns.py fix(scripts): fix UnicodeEncodeError in footgun checker on Windows 2026-05-16 23:05:27 -07:00
check_subprocess_stdin.py fix: keep interactive OAuth setup-token inheriting stdin 2026-06-08 22:46:57 -07:00
contributor_audit.py chore: release v0.16.0 (2026.6.5) (#40206) 2026-06-05 17:55:43 -07:00
discord-voice-doctor.py codebase: add encoding='utf-8' to all bare open() calls (PLW1514) 2026-05-08 14:27:40 -07:00
docker_config_migrate.py fix(docker): run config migrations during container boot (salvage #35508) (#36627) 2026-06-04 11:11:27 +10:00
hermes-gateway fix: prevent systemd restart storm on gateway connection failure 2026-03-21 09:26:39 -07:00
install.cmd fix(docs): update all install instructions everywhere 2026-06-04 21:07:45 -04:00
install.ps1 fix(update): scope git fetch to target branch 2026-06-08 15:24:31 -04:00
install.sh fix(update): scope git fetch to target branch 2026-06-08 15:24:31 -04:00
install_psutil_android.py fix(android): reject unsafe tar members in psutil compatibility installer 2026-05-28 02:36:09 -07:00
keystroke_diagnostic.py docs: add Windows-Specific Quirks section to hermes-agent skill + keystroke diagnostic 2026-05-08 14:27:40 -07:00
kill_modal.sh refactor: replace swe-rex with native Modal SDK for Modal backend (#3538) 2026-03-28 11:21:44 -07:00
lint_diff.py feat(ci): add typecheck (warnings only in CI) 2026-05-06 10:58:12 -04:00
LIVETEST_README.md test(tool-search): add live A/B harness, drop checked-in transcripts 2026-05-29 02:04:12 -07:00
profile-tui.py Merge remote-tracking branch 'origin/main' into fix/bundle-size 2026-05-11 16:01:04 -04:00
release.py fix(photon): production hardening for the gRPC-native iMessage channel (#42732) 2026-06-09 11:12:58 -04:00
run_tests.sh test: use subprocesses for each test file (#29016) 2026-05-21 16:40:04 +05:30
run_tests_parallel.py fix(tests): retry per-file pytest subprocess once on exit-4 when the file exists 2026-06-08 13:38:30 -07:00
sample_and_compress.py refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821) 2026-04-07 10:25:31 -07:00
setup_open_webui.sh fix(install): use resolved python variable in setup_open_webui.sh 2026-05-16 22:54:22 -07:00
tool_search_livetest.py test(tool-search): redact secrets from harness transcripts + console 2026-05-29 02:04:12 -07:00