mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hermes-agent/hermes_cli
History
Teknium 745859babb
feat: env var passthrough for skills and user config (#2807) 
* feat: env var passthrough for skills and user config

Skills that declare required_environment_variables now have those vars
passed through to sandboxed execution environments (execute_code and
terminal).  Previously, execute_code stripped all vars containing KEY,
TOKEN, SECRET, etc. and the terminal blocklist removed Hermes
infrastructure vars — both blocked skill-declared env vars.

Two passthrough sources:

1. Skill-scoped (automatic): when a skill is loaded via skill_view and
   declares required_environment_variables, vars that are present in
   the environment are registered in a session-scoped passthrough set.

2. Config-based (manual): terminal.env_passthrough in config.yaml lets
   users explicitly allowlist vars for non-skill use cases.

Changes:
- New module: tools/env_passthrough.py — shared passthrough registry
- hermes_cli/config.py: add terminal.env_passthrough to DEFAULT_CONFIG
- tools/skills_tool.py: register available skill env vars on load
- tools/code_execution_tool.py: check passthrough before filtering
- tools/environments/local.py: check passthrough in _sanitize_subprocess_env
  and _make_run_env
- 19 new tests covering all layers

* docs: add environment variable passthrough documentation

Document the env var passthrough feature across four docs pages:

- security.md: new 'Environment Variable Passthrough' section with
  full explanation, comparison table, and security considerations
- code-execution.md: update security section, add passthrough subsection,
  fix comparison table
- creating-skills.md: add tip about automatic sandbox passthrough
- skills.md: add note about passthrough after secure setup docs

Live-tested: launched interactive CLI, loaded a skill with
required_environment_variables, verified TEST_SKILL_SECRET_KEY was
accessible inside execute_code sandbox (value: passthrough-test-value-42).
2026-03-24 08:19:34 -07:00
..
__init__.py chore: release v0.4.0 (v2026.3.23) 2026-03-23 22:34:04 -07:00
auth.py fix(auth): preserve 'custom' provider instead of silently remapping to 'openrouter' 2026-03-24 06:41:11 -07:00
banner.py refactor(cli, banner): update gold ANSI color to true-color format (#2246) 2026-03-20 18:17:38 -07:00
callbacks.py refactor(cli): implement approval locking mechanism to serialize concurrent requests 2026-03-13 23:59:18 -07:00
checklist.py fix: skip hanging tests + add global test timeout 2026-03-12 01:23:28 -07:00
claw.py fix(claw): warn when API keys are skipped during OpenClaw migration (#1580) 2026-03-17 02:10:36 -07:00
clipboard.py fix: clean up empty file after failed wl-paste clipboard extraction 2026-03-11 02:56:19 -07:00
codex_models.py fix: add codex forward-compat model listing 2026-03-13 21:34:01 -07:00
colors.py Revert "feat(cli): skin-aware light/dark theme mode with terminal auto-detection" 2026-03-17 10:04:53 -07:00
commands.py feat(cli): Claude Code-style @ context completions 2026-03-22 05:32:04 -07:00
config.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
copilot_auth.py feat: proper Copilot auth with OAuth device code flow and token validation 2026-03-18 03:25:58 -07:00
cron.py docs: clarify gateway service scopes (#1378) 2026-03-14 21:17:41 -07:00
curses_ui.py refactor: extract shared curses checklist, fix skill discovery perf 2026-03-11 03:06:15 -07:00
default_soul.py feat: seed a default global SOUL.md 2026-03-14 08:05:30 -07:00
doctor.py chore: remove all remaining mini-swe-agent references 2026-03-24 08:19:23 -07:00
env_loader.py fix(config): reload .env over stale shell overrides 2026-03-15 06:46:28 -07:00
gateway.py fix(gateway): detect virtualenv path instead of hardcoding venv/ (#2797) 2026-03-24 07:05:57 -07:00
main.py chore: remove all remaining mini-swe-agent references 2026-03-24 08:19:23 -07:00
mcp_config.py feat(cli): MCP server management CLI + OAuth 2.1 PKCE auth 2026-03-22 04:52:52 -07:00
model_switch.py refactor(model): extract shared switch_model() from CLI and gateway handlers 2026-03-24 07:08:07 -07:00
models.py feat(model): /model command overhaul — Phases 2, 3, 5 2026-03-24 06:58:04 -07:00
pairing.py Cleanup time! 2026-02-20 23:23:32 -08:00
plugins.py revert: remove trailing empty assistant message stripping 2026-03-22 04:55:34 -07:00
plugins_cmd.py feat(cli): add hermes plugins install/remove/list command 2026-03-21 09:47:33 -07:00
runtime_provider.py fix(auth): preserve 'custom' provider instead of silently remapping to 'openrouter' 2026-03-24 06:41:11 -07:00
setup.py revert: remove trailing empty assistant message stripping 2026-03-22 04:55:34 -07:00
skills_config.py fix: wire email platform into toolset mappings + add documentation 2026-03-11 06:34:32 -07:00
skills_hub.py fix: skills hub inspect/resolve — 4 bugs 2026-03-22 04:03:28 -07:00
skin_engine.py Revert "feat(cli): skin-aware light/dark theme mode with terminal auto-detection" 2026-03-17 10:04:53 -07:00
status.py feat(web): add Tavily as web search/extract/crawl backend (#1731) 2026-03-17 04:28:03 -07:00
tools_config.py fix: platform default toolsets silently override tool deselection in hermes tools (#2624) 2026-03-23 07:06:51 -07:00
uninstall.py feat(gateway): scope systemd service name to HERMES_HOME 2026-03-16 04:42:46 -07:00