mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hermes-agent/tools
History
Teknium 745859babb
feat: env var passthrough for skills and user config (#2807) 
* feat: env var passthrough for skills and user config

Skills that declare required_environment_variables now have those vars
passed through to sandboxed execution environments (execute_code and
terminal).  Previously, execute_code stripped all vars containing KEY,
TOKEN, SECRET, etc. and the terminal blocklist removed Hermes
infrastructure vars — both blocked skill-declared env vars.

Two passthrough sources:

1. Skill-scoped (automatic): when a skill is loaded via skill_view and
   declares required_environment_variables, vars that are present in
   the environment are registered in a session-scoped passthrough set.

2. Config-based (manual): terminal.env_passthrough in config.yaml lets
   users explicitly allowlist vars for non-skill use cases.

Changes:
- New module: tools/env_passthrough.py — shared passthrough registry
- hermes_cli/config.py: add terminal.env_passthrough to DEFAULT_CONFIG
- tools/skills_tool.py: register available skill env vars on load
- tools/code_execution_tool.py: check passthrough before filtering
- tools/environments/local.py: check passthrough in _sanitize_subprocess_env
  and _make_run_env
- 19 new tests covering all layers

* docs: add environment variable passthrough documentation

Document the env var passthrough feature across four docs pages:

- security.md: new 'Environment Variable Passthrough' section with
  full explanation, comparison table, and security considerations
- code-execution.md: update security section, add passthrough subsection,
  fix comparison table
- creating-skills.md: add tip about automatic sandbox passthrough
- skills.md: add note about passthrough after secure setup docs

Live-tested: launched interactive CLI, loaded a skill with
required_environment_variables, verified TEST_SKILL_SECRET_KEY was
accessible inside execute_code sandbox (value: passthrough-test-value-42).
2026-03-24 08:19:34 -07:00
..
browser_providers feat(browser): multi-provider cloud browser support + Browser Use integration 2026-03-17 00:16:34 -07:00
environments feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
neutts_samples refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow 2026-03-17 02:33:12 -07:00
__init__.py chore: remove all remaining mini-swe-agent references 2026-03-24 08:19:23 -07:00
ansi_strip.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
approval.py fix(approval): honor bare YAML approvals.mode: off (#2620) 2026-03-23 06:56:09 -07:00
browser_tool.py fix: make browser command timeout configurable via config.yaml (#2801) 2026-03-24 07:21:50 -07:00
checkpoint_manager.py feat: major /rollback improvements — enabled by default, diff preview, file-level restore, conversation undo, terminal checkpoints 2026-03-16 04:43:37 -07:00
clarify_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
code_execution_tool.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
cronjob_tools.py fix: normalize repeat<=0 to None to prevent cron jobs deleting after first run (#2612) 2026-03-23 06:35:43 -07:00
debug_helpers.py refactor: consolidate debug logging across tools with shared DebugSession class 2026-02-21 03:53:24 -08:00
delegate_tool.py fix: 6 bugs in model metadata, reasoning detection, and delegate tool 2026-03-20 08:52:37 -07:00
env_passthrough.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
file_operations.py fix(security): prevent shell injection in _expand_path via ~user path suffix (#2047) 2026-03-23 16:00:34 -07:00
file_tools.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
fuzzy_match.py fix(tools): browser handler safety + fuzzy_match docstring accuracy 2026-03-17 04:32:39 -07:00
homeassistant_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
honcho_tools.py fix(honcho): isolate session routing for multi-user gateway (#1500) 2026-03-16 00:23:47 -07:00
image_generation_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
interrupt.py feat: enhance interrupt handling and container resource configuration 2026-02-23 02:11:33 -08:00
mcp_oauth.py fix(mcp-oauth): port mismatch, path traversal, and shared handler state (salvage #2521) (#2552) 2026-03-22 15:02:26 -07:00
mcp_tool.py feat(cli): MCP server management CLI + OAuth 2.1 PKCE auth 2026-03-22 04:52:52 -07:00
memory_tool.py fix(memory): file-lock read-modify-write to prevent concurrent data loss 2026-03-17 04:19:11 -07:00
mixture_of_agents_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
neutts_synth.py fix(tts): document NeuTTS provider and align install guidance (#1903) 2026-03-18 02:55:30 -07:00
openrouter_client.py refactor: route ad-hoc LLM consumers through centralized provider router 2026-03-11 20:02:36 -07:00
patch_parser.py fix(patch): use regex to detect line-number prefix to avoid corrupting pipe chars 2026-03-14 03:47:13 -07:00
process_registry.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
registry.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
rl_training_tool.py fix: replace production print() calls with logger in rl_training_tool (salvage #1981) (#2462) 2026-03-22 04:35:23 -07:00
send_message_tool.py fix: add missing platforms to cron/send_message delivery maps and tool schema 2026-03-20 08:52:21 -07:00
session_search_tool.py fix(session_search): exclude current session lineage 2026-03-20 21:07:48 -07:00
skill_manager_tool.py fix(skills_guard): agent-created dangerous skills ask instead of block 2026-03-22 03:56:02 -07:00
skills_guard.py fix(skills_guard): agent-created dangerous skills ask instead of block 2026-03-22 03:56:02 -07:00
skills_hub.py fix: skills hub inspect/resolve — 4 bugs 2026-03-22 04:03:28 -07:00
skills_sync.py fix: make skills manifest writes atomic 2026-03-08 23:53:57 -07:00
skills_tool.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
terminal_tool.py chore: remove all remaining mini-swe-agent references 2026-03-24 08:19:23 -07:00
tirith_security.py fix: send_animation metadata, MarkdownV2 inline code splitting, tirith cosign-free install (#1626) 2026-03-16 23:39:41 -07:00
todo_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
transcription_tools.py fix(stt): respect explicit provider config instead of env-var fallback (#1775) 2026-03-17 10:30:58 -07:00
tts_tool.py feat(tools): add base_url support to OpenAI TTS provider 2026-03-19 23:55:13 +08:00
url_safety.py fix(security): add SSRF protection to vision_tools and web_tools (hardened) 2026-03-23 15:40:42 -07:00
vision_tools.py fix(tools): handle 402 insufficient credits error in vision tool (#2802) 2026-03-24 07:23:07 -07:00
voice_mode.py fix: improve error message when PortAudio system library is missing 2026-03-22 04:38:17 -07:00
web_tools.py fix(security): add SSRF protection to vision_tools and web_tools (hardened) 2026-03-23 15:40:42 -07:00
website_policy.py fix: harden website blocklist — default off, TTL cache, fail-open, guarded imports 2026-03-17 03:11:26 -07:00