mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-06-17 09:41:58 +00:00
a68ac0c49a
* fix(skills): guard recursive skill delete against tree-escape Port from Kilo-Org/kilocode#11240. Their issue #11227 lost a user's entire working directory: a built-in-skill sentinel location resolved to the server cwd and the skill-removal endpoint ran a recursive delete on it. Hermes' /skills uninstall path (skills_hub.py) is already hardened, but the agent-facing skill_manage(action='delete') path did a bare shutil.rmtree(skill_dir) with no last-line validation. Add _validate_delete_target(): refuse to rmtree a path that (1) isn't strictly inside a known skills root, (2) is a skills root itself, or (3) is reached via a symlink/junction. Tests: 4 cases (normal delete works; symlinked dir, skills-root, out-of-tree all refused). E2E verified with real symlink + file I/O. * feat(desktop): allow /browser connect on a local gateway /browser was hardcoded as terminal-only in the desktop slash palette, so the chat GUI rejected it with "only available in the terminal interface." The TUI already drives the live CDP connection via the browser.manage RPC. Wire the same RPC into the desktop dispatcher as a /browser action handler, gated to local-gateway connections ($connection.mode !== 'remote'). connect mutates BROWSER_CDP_URL (and may launch Chrome) in the gateway process, so it's only meaningful when that process runs on this machine; a remote gateway gets a clear "local gateway only" message instead. |
||
|---|---|---|
| .. | ||
| bootstrap-installer | ||
| desktop | ||
| shared | ||