hermes-agent/website/docs/reference
entropidelic 989b950fbc fix(security): enforce API_SERVER_KEY for non-loopback binding
Add is_network_accessible() helper using Python's ipaddress module to
robustly classify bind addresses (IPv4/IPv6 loopback, wildcards,
mapped addresses, hostname resolution with DNS-failure-fails-closed).

The API server connect() now refuses to start when the bind address is
network-accessible and no API_SERVER_KEY is set, preventing RCE from
other machines on the network.

Co-authored-by: entropidelic <entropidelic@users.noreply.github.com>
2026-04-10 16:51:44 -07:00
..
_category_.json feat: add documentation website (Docusaurus) 2026-03-05 05:24:55 -08:00
cli-commands.md docs: add hermes dump and hermes logs to CLI commands reference (#6552) 2026-04-09 04:11:03 -07:00
environment-variables.md fix(security): enforce API_SERVER_KEY for non-loopback binding 2026-04-10 16:51:44 -07:00
faq.md docs: document streaming timeout auto-detection for local LLMs (#6990) 2026-04-09 23:28:25 -07:00
mcp-config-reference.md docs: comprehensive documentation audit — fix 9 HIGH, 20+ MEDIUM gaps (#4087) 2026-03-30 17:15:21 -07:00
optional-skills-catalog.md docs: comprehensive documentation audit — fix stale info, expand thin pages, add depth (#5393) 2026-04-05 19:45:50 -07:00
profile-commands.md docs: fix stale references across 8 doc pages 2026-04-03 23:30:29 -07:00
skills-catalog.md docs: comprehensive docs audit — cover 13 features from last week's PRs (#5815) 2026-04-07 10:21:03 -07:00
slash-commands.md fix: remove /prompt slash command — footgun via prefix expansion (#6752) 2026-04-09 11:27:27 -07:00
tools-reference.md docs: comprehensive docs audit — cover 13 features from last week's PRs (#5815) 2026-04-07 10:21:03 -07:00
toolsets-reference.md fix: complete Weixin platform parity audit — 16 missing integration points 2026-04-10 05:54:37 -07:00