hermes-agent/website/docs/user-guide
Teknium ad978ed962
feat(egress): iron-proxy credential-injection firewall for sandboxes
Rebuilds the iron-proxy egress feature cleanly onto current main. The
original feat/iron-proxy branch had diverged from main with an
unmergeable history (no usable merge-base after main history motion),
so the feature's content diff was re-applied onto a fresh main cut and
the three config/docs conflicts (commands.py status/egress, config.py
proxy vs computer_use, slash-commands.md) resolved keeping main's
content plus the egress additions.

Optional, off-by-default TLS-intercepting egress proxy for remote
terminal sandboxes. Sandboxes hold opaque proxy tokens; iron-proxy
swaps them for real provider API keys at the network boundary.

Includes the full review-cycle hardening:
- P0/P1/P2 rounds (GodsBoy, stephenschoettler, arshkumarsingh,
  annguyenNous, maxpetrusenko, sxuff findings)
- v0.39 schema realignment + Docker bridge-bind/listener-role fixes
- Docker UX/enforcement hardening

Salvaged security fixes folded in with credit:
- Three P0 gaps (version-probe env scrub, Bitwarden ImportError
  fail-closed, container-reuse egress-boundary) + Docker v29.5.3
  empty-label edge — kuangmi-bit (#48073)
- P1/P2 (fail-closed replace.require:true, NODE_OPTIONS CA-flag
  conflict, GPG checksum verify, threat-model wording) — Bartok9 (#48076)

Co-authored-by: kuangmi-bit <kuangmi@deeparchi.com>
Co-authored-by: Bartok9 <danielrpike9@gmail.com>
2026-06-26 01:11:38 -07:00
..
egress feat(egress): iron-proxy credential-injection firewall for sandboxes 2026-06-26 01:11:38 -07:00
features feat(kanban): typed block reasons + unblock-loop breaker (#52848) 2026-06-25 21:46:58 -07:00
messaging fix(telegram): gate rich draft previews separately 2026-06-24 18:11:14 -07:00
secrets feat(secrets/bitwarden): EU Cloud + self-hosted server URL support (#31378) 2026-05-24 02:19:57 -07:00
skills feat(moa): expose MoA presets as selectable virtual models (#46081) 2026-06-25 13:52:06 -07:00
_category_.json feat: add documentation website (Docusaurus) 2026-03-05 05:24:55 -08:00
checkpoints-and-rollback.md feat(checkpoints): v2 single-store rewrite with real pruning + disk guardrails (#20709) 2026-05-06 05:44:35 -07:00
cli.md docs: deep audit — registry drift, stale claims, 2-week PR coverage, dashboard screenshot (#40952) 2026-06-07 01:39:06 -07:00
configuration.md Make email pairing opt-in 2026-06-21 22:43:57 -07:00
configuring-models.md fix(cli): warn when in-session model switch will preflight-compress 2026-06-21 16:29:31 +05:30
desktop.md docs: sync documentation with current implementation 2026-06-20 23:23:47 -07:00
docker.md fix(docker): replace dashboard --insecure with basic-auth provider 2026-06-21 19:05:27 -07:00
git-worktrees.md docs: deep audit — registry drift, stale claims, 2-week PR coverage, dashboard screenshot (#40952) 2026-06-07 01:39:06 -07:00
managed-scope.md docs: add managed scope admin guide + cross-link from configuration 2026-06-19 07:46:33 -07:00
multi-profile-gateways.md docs(gateway): document multiplexing opt-in + contract changes 2026-06-19 07:34:15 -07:00
profile-distributions.md Expand .gitignore example 2026-06-20 20:42:49 -07:00
profiles.md fix: make profile subprocess HOME policy explicit 2026-06-14 03:20:21 -07:00
security.md Make email pairing opt-in 2026-06-21 22:43:57 -07:00
sessions.md docs(sessions): clarify sessions.json is the gateway routing index, not the session list (#51726) 2026-06-23 23:56:36 -07:00
tui.md docs(tui): correct HERMES_TUI_GATEWAY_URL — dashboard-internal, not remote-attach (#42162) 2026-06-08 09:37:03 -07:00
windows-native.md docs(windows): correct native data dir to %LOCALAPPDATA%\hermes (#42856) 2026-06-09 14:11:20 -05:00
windows-wsl-quickstart.md fix(docs): update all install instructions everywhere 2026-06-04 21:07:45 -04:00