mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-21 10:22:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
hermes-agent/tools/computer_use
History
Luke The Dev 2e5c04aaf7 fix(#37878): scrub operator environment before launching cua-driver MCP 
- Use _sanitize_subprocess_env() to filter Hermes-managed credentials
  from the cua-driver subprocess environment (issue #37878)
- Prevents credential exfiltration to the third-party cua-driver binary
- Aligns with existing pattern used by browser-tool and other tools
- Add regression test to verify environment sanitization

The cua-driver is a lower-trust MCP subprocess per SECURITY.md §2.3.
Its inherited environment is now scrubbed by default, removing provider
API keys, gateway tokens, and platform credentials that should not leak
to third-party binaries.

Fixes #37878
2026-06-18 08:53:31 -07:00
..
__init__.py feat(computer-use): cua-driver backend, universal any-model schema 2026-05-08 11:07:38 -07:00
backend.py fix(computer-use): add set_value to ComputerUseBackend ABC and _NoopBackend stub 2026-05-22 01:14:15 -07:00
cua_backend.py fix(#37878): scrub operator environment before launching cua-driver MCP 2026-06-18 08:53:31 -07:00
schema.py fix(computer-use): address Copilot review on max_elements cap 2026-05-21 19:07:32 -07:00
tool.py fix(xai): accept Grok Build code during loopback wait + tiny screenshot guard 2026-06-09 23:21:24 -07:00
vision_routing.py fix(computer_use): honor custom vision routing 2026-06-07 02:09:20 -07:00