mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hermes-agent/tools
History
Teknium e5d14445ef
fix(security): restrict subagent toolsets to parent's enabled set (#3269) 
The delegate_task tool accepts a toolsets parameter directly from the
LLM's function call arguments. When provided, these toolsets are passed
through _strip_blocked_tools but never intersected with the parent
agent's enabled_toolsets. A model can request toolsets the parent does
not have (e.g., web, browser, rl), granting the subagent tools that
were explicitly disabled for the parent.

Intersect LLM-requested toolsets with the parent's enabled set before
applying the blocked-tool filter, so subagents can only receive a
subset of the parent's tools.

Co-authored-by: dieutx <dangtc94@gmail.com>
2026-03-26 14:50:26 -07:00
..
browser_providers feat(browser): multi-provider cloud browser support + Browser Use integration 2026-03-17 00:16:34 -07:00
environments fix(shell): exponential backoff for persistent shell polling (#2996) 2026-03-25 10:56:48 -07:00
neutts_samples refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow 2026-03-17 02:33:12 -07:00
__init__.py chore: remove all remaining mini-swe-agent references 2026-03-24 08:19:23 -07:00
ansi_strip.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
approval.py fix(security): normalize input before dangerous command detection (#3260) 2026-03-26 14:33:18 -07:00
browser_tool.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
checkpoint_manager.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
clarify_tool.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
code_execution_tool.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
cronjob_tools.py fix: normalize repeat<=0 to None to prevent cron jobs deleting after first run (#2612) 2026-03-23 06:35:43 -07:00
debug_helpers.py refactor: consolidate debug logging across tools with shared DebugSession class 2026-02-21 03:53:24 -08:00
delegate_tool.py fix(security): restrict subagent toolsets to parent's enabled set (#3269) 2026-03-26 14:50:26 -07:00
env_passthrough.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
file_operations.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
file_tools.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
fuzzy_match.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
homeassistant_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
honcho_tools.py fix(honcho): isolate session routing for multi-user gateway (#1500) 2026-03-16 00:23:47 -07:00
image_generation_tool.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
interrupt.py feat: enhance interrupt handling and container resource configuration 2026-02-23 02:11:33 -08:00
mcp_oauth.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
mcp_tool.py fix: add MCP tool name collision protection (#3077) 2026-03-25 16:52:04 -07:00
memory_tool.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00
mixture_of_agents_tool.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
neutts_synth.py fix(tts): document NeuTTS provider and align install guidance (#1903) 2026-03-18 02:55:30 -07:00
openrouter_client.py refactor: route ad-hoc LLM consumers through centralized provider router 2026-03-11 20:02:36 -07:00
patch_parser.py fix(patch): use regex to detect line-number prefix to avoid corrupting pipe chars 2026-03-14 03:47:13 -07:00
process_registry.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
registry.py fix: add MCP tool name collision protection (#3077) 2026-03-25 16:52:04 -07:00
rl_training_tool.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
send_message_tool.py fix: add request timeouts to send_message_tool HTTP calls (#3162) 2026-03-26 01:58:11 -07:00
session_search_tool.py feat(sessions): add --source flag for third-party session isolation (#3255) 2026-03-26 14:35:31 -07:00
skill_manager_tool.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00
skills_guard.py fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251) 2026-03-26 13:40:21 -07:00
skills_hub.py fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251) 2026-03-26 13:40:21 -07:00
skills_sync.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00
skills_tool.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00
terminal_tool.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
tirith_security.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
todo_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
transcription_tools.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00
tts_tool.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
url_safety.py fix(security): add SSRF protection to vision_tools and web_tools (hardened) 2026-03-23 15:40:42 -07:00
vision_tools.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
voice_mode.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
web_tools.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
website_policy.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00