mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-09 08:21:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
hermes-agent/tests/agent
History
Brian D. Evans 162c7856ca
fix(file-safety): add sandbox-mirror soft guard for writes to per-task .hermes mirrors (#32213) 
#32049 reports that under terminal.backend: docker, write_file / patch
calls to authoritative profile state (SOUL.md, memories, etc.) land on
the sandbox-local mirror at
``<HERMES_HOME>/profiles/<name>/sandboxes/<backend>/<task>/home/.hermes/...``
— a path the host Hermes process never reads. The tool reports success,
the user sees no behavior change, and on disk two divergent copies of
SOUL.md (or any other profile file) accumulate.

The existing classify_cross_profile_target guard does not catch this:
its parts[2] check sees "sandboxes" and returns None, and the path is
in-profile from the inner-mirror perspective so even a fixed version
would not fire.

Add a parallel sandbox-mirror classifier in agent/file_safety:

  * classify_sandbox_mirror_target() detects the
    ``…/sandboxes/<backend>/<task>/home/.hermes/…`` shape via path parts.
    Detection is path-shape only — backend-agnostic, does not require
    the file to exist, and works regardless of which HERMES_HOME resolves.
  * get_sandbox_mirror_warning() returns a model-facing warning that
    names the mirror root and the inner authoritative path the agent
    likely meant.

Wire both detectors through tools/file_tools._check_cross_profile_path
so the existing write_file and v4a patch call sites pick up the new
guard with no API change. The bypass kwarg (``cross_profile=True``)
remains shared between the two guards — same "I know what I'm doing"
escape valve after explicit user direction.

This is the defense-in-depth piece of the proposal in #32049 ("any
…/sandboxes/<backend>/…/home/…hermes/… path as sandbox-mirror"). It
catches the host-side speculation case where the agent writes a literal
sandbox-mirror path. The inner-container case (where the bind mount
strips the ``sandboxes/`` prefix from the agent's path view) is out of
scope for this surgical change — that requires either a dispatch-layer
host-side check before the container handoff, or the host-side
``profile_state`` / ``soul`` tool the issue also proposes.

Soft guard, NOT a security boundary — matches the existing
classify_cross_profile_target contract.

Co-authored-by: briandevans <252620095+briandevans@users.noreply.github.com>
Co-authored-by: Ben Barclay <ben@nousresearch.com>
2026-06-02 11:29:24 +10:00
..
lsp fix(lsp): detect Windows wrapper binaries in installer probes 2026-05-30 02:08:36 -07:00
transports chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
__init__.py test: add unit tests for 8 modules (batch 2) 2026-02-26 13:54:20 +03:00
test_anthropic_adapter.py fix(anthropic): demote dead thinking signature when orphan-strip mutates the latest turn 2026-05-31 06:14:34 -07:00
test_anthropic_keychain.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_anthropic_mcp_prefix_strip.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_anthropic_oauth_pkce.py fix(auth): don't launch a text-mode browser inside the terminal for OAuth (#34479) 2026-05-29 01:23:06 -07:00
test_arcee_trinity_overrides.py test(arcee): cover Trinity Large Thinking temperature + compression overrides 2026-05-05 17:23:45 -07:00
test_async_utils.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_auxiliary_client.py fix(auxiliary): stop capping output with max_tokens by default (#34530) (#34845) 2026-05-29 17:24:30 -07:00
test_auxiliary_client_anthropic_custom.py fix(anthropic): complete third-party Anthropic-compatible provider support (#12846) 2026-04-19 22:43:09 -07:00
test_auxiliary_client_azure_foundry.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_auxiliary_client_xai_oauth_recovery.py fix(auxiliary): detect xAI OAuth 403 bad-credentials as auth error 2026-05-29 00:28:02 -07:00
test_auxiliary_config_bridge.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_auxiliary_main_first.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_auxiliary_named_custom_providers.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_auxiliary_transport_autodetect.py fix(auxiliary): auto-detect Anthropic Messages transport for all aux clients (#17027) 2026-04-28 06:50:14 -07:00
test_azure_identity_adapter.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_bedrock_1m_context.py feat(azure-foundry): add Microsoft Entra ID auth 2026-05-18 10:14:38 -07:00
test_bedrock_adapter.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_bedrock_integration.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_codex_cloudflare_headers.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_codex_responses_adapter.py feat(prompt): universal task-completion guidance + local Python toolchain probe (#34340) 2026-05-28 22:26:09 -07:00
test_codex_ttfb_watchdog.py fix(codex): relax no-byte TTFB watchdog default from 12s to 120s 2026-05-29 02:02:25 -07:00
test_compress_focus.py fix: resolve CI test failures — add missing functions, fix stale tests (#9483) 2026-04-14 01:43:45 -07:00
test_compression_concurrent_fork.py fix(compression): fail open when lock subsystem is missing (version skew) (#34475) 2026-05-29 01:32:32 -07:00
test_compressor_historical_media.py Port from Kilo-Org/kilocode#9434: strip historical media after compression (#27189) 2026-05-16 17:18:25 -07:00
test_compressor_image_tokens.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_context_compressor.py fix(compression): avoid repeat preflight compaction from rough estimates 2026-05-29 19:05:03 -07:00
test_context_compressor_summary_continuity.py test: cover ci-unblocker production regressions 2026-05-27 22:14:53 -07:00
test_context_engine.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_context_engine_host_contract.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_context_references.py fix(agent): fall back when rg is blocked for @folder references 2026-04-20 01:56:41 -07:00
test_copilot_acp_client.py fix(ci): recover 38 failing tests on main (#17642) 2026-04-29 20:05:32 -07:00
test_copilot_acp_deprecation.py fix(copilot-acp): tighten deprecation detection + sharpen GitHub Models 413 hint 2026-05-16 02:24:48 -07:00
test_credential_pool.py fix(auth): address Nous JWT fallback review 2026-05-29 02:24:48 -07:00
test_credential_pool_routing.py refactor: remove smart_model_routing feature (#12732) 2026-04-19 18:12:55 -07:00
test_crossloop_client_cache.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_curator.py feat(curator): prune built-in skills after inactivity + track usage for all skills (#36701) 2026-06-01 02:07:32 -07:00
test_curator_activity.py fix: use skill activity in curator status 2026-04-30 10:31:47 -07:00
test_curator_backup.py fix(curator): authoritative absorbed_into on delete + restore cron skill links on rollback (#18671) (#18731) 2026-05-02 01:29:57 -07:00
test_curator_classification.py feat(curator): hint at hermes curator pin in the rename block (#23212) 2026-05-10 06:44:53 -07:00
test_curator_reports.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_custom_provider_extra_body.py fix(custom): pass custom provider extra body 2026-05-21 07:48:53 -07:00
test_deepseek_anthropic_thinking.py chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355) 2026-05-17 02:29:41 -07:00
test_direct_provider_url_detection.py fix: restrict provider URL detection to exact hostname matches 2026-04-20 22:14:29 -07:00
test_display.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_display_emoji.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
test_display_todo_progress.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_display_tool_failure.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_error_classifier.py fix(agent): fallback immediately on provider content-policy blocks (#33883) 2026-05-28 07:28:24 -07:00
test_external_skills.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_external_skills_dirs_cache.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_file_safety.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_file_safety_credentials.py fix(security): block read_file on project-local .env files 2026-05-25 03:40:47 -07:00
test_file_safety_cross_profile.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_file_safety_sandbox_mirror.py fix(file-safety): add sandbox-mirror soft guard for writes to per-task .hermes mirrors (#32213) 2026-06-02 11:29:24 +10:00
test_gemini_cloudcode.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_gemini_fast_fallback.py fix: wrap _pool_may_recover_from_rate_limit call through run_agent namespace 2026-05-18 20:04:57 -07:00
test_gemini_free_tier_gate.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_gemini_native_adapter.py fix(gemini): fail fast on missing API key + surface it in hermes dump (#15133) 2026-04-24 05:35:17 -07:00
test_gemini_schema.py fix(gemini): drop integer/number/boolean enums from tool schemas (#15082) 2026-04-24 03:40:00 -07:00
test_i18n.py feat(i18n): localize all gateway commands + web dashboard, add 8 new locales (16 total) (#22914) 2026-05-10 07:14:14 -07:00
test_image_gen_registry.py feat(plugins): pluggable image_gen backends + OpenAI provider (#13799) 2026-04-21 21:30:10 -07:00
test_image_routing.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_insights.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_jiter_preload.py fix(agent): preload jiter native parser 2026-05-28 00:20:11 -07:00
test_kimi_coding_anthropic_thinking.py fix(anthropic): broaden Kimi thinking-suppression to custom endpoints (#17455) 2026-04-29 06:35:42 -07:00
test_last_total_tokens.py fix(compressor): ABC compliance — total_tokens, api_mode, logger consistency 2026-05-23 17:38:19 -07:00
test_local_stream_timeout.py fix(agent): recognize Tailscale CGNAT (100.64.0.0/10) as local for Ollama timeouts 2026-04-22 14:46:10 -07:00
test_markdown_tables.py fix(cli): vertical fallback for markdown tables wider than terminal (#23948) 2026-05-11 16:49:13 -07:00
test_memory_provider.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_memory_session_switch.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_memory_user_id.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_minimax_auxiliary_url.py fix: provider/model resolution — salvage 4 PRs + MiniMax aux URL fix (#5983) 2026-04-07 22:23:28 -07:00
test_minimax_provider.py fix(minimax): drop stale ≤204,800 cache entries for MiniMax-M3 (#36726) 2026-06-01 14:59:07 -07:00
test_model_metadata.py test: remove low-value model-catalog mirror tests 2026-05-29 23:45:05 -07:00
test_model_metadata_local_ctx.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_model_metadata_ssl.py fix(auth): honor SSL CA env vars across httpx + requests callsites 2026-04-24 03:00:33 -07:00
test_models_dev.py test: remove low-value model-catalog mirror tests 2026-05-29 23:45:05 -07:00
test_moonshot_schema.py Add Hermes desktop app (#20059) 2026-05-31 17:46:56 -05:00
test_non_stream_stale_timeout.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_nous_oauth_401_guidance.py feat(errors): actionable guidance for Nous OAuth 401s (#32082) 2026-05-25 06:06:51 -07:00
test_nous_rate_guard.py fix(nous): don't trip cross-session rate breaker on upstream-capacity 429s (#15898) 2026-04-26 04:53:42 -07:00
test_onboarding.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_openrouter_response_cache.py fix(openrouter): use canonical X-Title attribution header 2026-05-05 10:13:34 -07:00
test_plugin_llm.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_portal_tags.py feat(nous): unified client=hermes-client-v<version> tag on every Portal request (#24779) 2026-05-12 20:49:20 -07:00
test_prompt_builder.py test(prompt): place cwd regression tests in TestEnvironmentHints (drop redundant docker case) 2026-06-01 16:55:04 -07:00
test_prompt_caching.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_proxy_and_url_validation.py fix(agent): normalize socks:// env proxies for httpx/anthropic 2026-04-21 05:52:46 -07:00
test_rate_limit_tracker.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_redact.py test(redact): assert Discord mentions pass through unchanged 2026-05-30 20:48:41 -07:00
test_resume_stale_active_task.py fix(compressor): strip stale handoff prefix on resume; reconcile #26290+#32787 (#35344) 2026-05-30 07:29:21 -07:00
test_runtime_cwd.py test(agent): pin whitespace-strip and OSError-propagation in runtime_cwd 2026-06-01 16:55:04 -07:00
test_save_url_image.py fix(image_gen): cache xAI ephemeral URL responses to disk (#26942) (#31759) 2026-05-24 18:10:47 -07:00
test_set_runtime_main_custom_provider.py test(auxiliary): e2e routing assertions for custom-provider aux resolution 2026-05-30 02:38:59 -07:00
test_shell_hooks.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_shell_hooks_consent.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_skill_bundles.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_skill_commands.py test: use subprocesses for each test file (#29016) 2026-05-21 16:40:04 +05:30
test_skill_commands_reload.py refactor(reload-skills): queue note for next turn, drop cache invalidation + agent tool 2026-04-29 21:07:47 -07:00
test_skill_utils.py fix(skills): load Linux-tagged skills on Termux (android sys.platform) 2026-05-21 19:08:38 -07:00
test_streaming_context_scrubber.py 🐛 fix(memory): require newline after context tag 2026-05-18 10:53:08 -07:00
test_subagent_progress.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_subagent_stop_hook.py feat: shell hooks — wire shell scripts as Hermes hook callbacks 2026-04-20 20:53:51 -07:00
test_subdirectory_hints.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_summary_prefix_semantics.py fix(compression): drop conflicting 'resume Active Task' directive in summary prefix 2026-05-30 07:29:21 -07:00
test_system_prompt.py refactor(prompt): route context-file cwd through runtime_cwd resolver 2026-06-01 16:55:04 -07:00
test_system_prompt_restore.py perf(prompt-cache): date-only timestamp + loud gateway-DB roundtrip logging 2026-05-17 23:20:37 -07:00
test_think_scrubber.py fix(agent): stateful streaming scrubber for reasoning-block leaks (#17924) (#20184) 2026-05-05 04:33:38 -07:00
test_title_generator.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
test_tool_dispatch_helpers.py feat(security): promptware defense — shared threat patterns + memory load-time scan + tool-result delimiters (#32269) 2026-05-25 14:52:24 -07:00
test_tool_guardrails.py fix: add recovery hints to loop guard warnings 2026-05-19 00:12:12 -07:00
test_tool_result_classification.py fix: classify landed file mutations with diagnostics 2026-05-13 06:46:23 -07:00
test_transcription_registry.py feat(stt): add register_transcription_provider() plugin hook 2026-05-25 01:41:19 -07:00
test_tts_registry.py feat(tts): add register_tts_provider() plugin hook (closes #30398) 2026-05-24 18:04:54 -07:00
test_unsupported_parameter_retry.py test: remove 50 stale/broken tests to unblock CI (#22098) 2026-05-08 14:55:40 -07:00
test_unsupported_temperature_retry.py fix(auxiliary): stop capping output with max_tokens by default (#34530) (#34845) 2026-05-29 17:24:30 -07:00
test_usage_pricing.py remove Vercel AI Gateway and Vercel Sandbox (#33067) 2026-05-27 00:43:32 -07:00
test_video_gen_registry.py feat(video_gen): unified video_generate tool with pluggable provider backends (#25126) 2026-05-13 16:39:41 -07:00
test_vision_resolved_args.py fix(vision): preserve explicit provider auth with custom base_url 2026-05-04 05:05:43 -07:00
test_vision_routing_31179.py fix(vision): route auxiliary.vision.provider=openai to api.openai.com, skip text-only main (#31452) 2026-05-24 15:01:28 -07:00