hermes-agent/plugins
Teknium a0a3c716fc
fix(telegram): dedup saturated mid-stream overflow previews to stop flood-control edit storms (#58563)
Post-#48648, oversized mid-stream edits truncate to a 4096-char preview
instead of splitting. But when rich messages raise the consumer's overflow
budget to 32k, the consumer keeps accumulating past 4096 and keeps issuing
progressive edits every edit_interval — each one truncating to the SAME
preview text. Telegram counts every one of those no-op requests against the
flood budget: a long streamed reply fires ~1 identical edit per 0.8s for
the rest of the stream, trips flood control (200s+ penalties), and the
final delivery hangs behind inline flood sleeps. Users see the bot stuck
'streaming' and the chat unresponsive.

Fix at the chokepoint: track the last truncated preview per
(chat_id, message_id) and skip the API call when the new truncation is
identical. Previews still update when the visible prefix actually changes
(e.g. chunk-count marker 1/2 → 1/3). State clears on finalize and when
content shrinks back under the cap, so dedup can never mask a real edit.

Live repro: 19,956-char streamed reply, transport=edit, rich available —
4x flood-control hits within ~700ms, 250s penalties, hung final delivery.
E2E harness on the same stream: 14 edit calls on main vs 7 with the fix
(the delta is pure no-op duplicates; scales with stream length).
2026-07-05 00:32:35 -07:00
..
browser fix: guard int(os.getenv()) casts against malformed env vars (#40598) 2026-06-07 06:14:24 -07:00
context_engine feat(context-engine): host contract for external context engines 2026-05-28 01:45:30 -07:00
cron_providers fix(cron): avoid provider package shadowing core cron 2026-06-23 23:39:22 -07:00
dashboard_auth feat(dashboard_auth): support confidential clients (client_secret) in self-hosted OIDC (#55344) 2026-06-30 13:32:51 +10:00
disk-cleanup docs(disk-cleanup): clarify cron output-root protection is exact-match 2026-07-01 15:42:04 +05:30
google_meet fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
hermes-achievements revert(plugins): restore user dashboard plugin backend API auto-import (#43719) (#51950) 2026-06-24 07:46:54 -07:00
image_gen fix(image-gen): route local-input credential guard through one shared chokepoint + cover xai (#57698) 2026-07-03 18:47:53 +05:30
kanban fix(security): sanitize kanban markdown html 2026-06-21 13:10:17 -07:00
memory fix(memory/holographic): apply FTS5 sanitizer to search_facts sibling 2026-06-30 15:55:11 -07:00
model-providers fix(custom-provider): emit reasoning_effort at the live profile path 2026-07-04 14:19:44 +05:30
observability fix(langfuse): bound _TRACE_STATE growth from non-finalizing turns 2026-06-18 12:59:41 +05:30
platforms fix(telegram): dedup saturated mid-stream overflow previews to stop flood-control edit storms (#58563) 2026-07-05 00:32:35 -07:00
security-guidance plugins: add security-guidance — pattern-matched warnings on dangerous code writes (#33131) 2026-05-27 02:07:21 -07:00
spotify chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
teams_pipeline fix(teams-pipeline): reject dot-only recording display_name 2026-07-01 02:03:48 -07:00
video_gen fix(xai): route video-gen local inputs through the shared read guard 2026-07-03 18:47:53 +05:30
web fix(web): re-check Firecrawl final URLs for SSRF 2026-07-01 00:49:38 -07:00
__init__.py feat(memory): pluggable memory provider interface with profile isolation, review fixes, and honcho CLI restoration (#4623) 2026-04-02 15:33:51 -07:00
plugin_utils.py fix(plugins): thread-safe lazy-singleton helpers; fix honcho TOCTOU (#24759) (#42150) 2026-06-08 09:35:22 -07:00