mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-29 06:31:32 +00:00
48be2e0e4d
* ci(tests): install ripgrep from prebuilt tarball instead of apt
apt-get update + install of ripgrep takes ~4 min on the GHA Ubuntu
runners (the apt-get update against archive.ubuntu.com is the slow
part; ripgrep itself is small). Switching to the upstream musl
binary tarball cuts the step to a few seconds.
- Pinned to ripgrep 15.1.0 with sha256 verification (same hash as
published in the releases sha256 sidecar file).
- Drops the `rg` binary into /usr/local/bin so it is on PATH for
every subsequent step without GITHUB_PATH manipulation.
- Applied to both the test and e2e jobs in tests.yml.
* fix(cli): compile syntax check to tempdir, not source __pycache__
`_validate_critical_files_syntax` runs `py_compile.compile()` on each
critical bootstrap file after a successful `git pull`. The default
`py_compile` writes the resulting `.pyc` next to the source under
`__pycache__/`, which causes two real problems:
1. Parallel test workers walking the same source tree (e.g. running
the suite under per-file process isolation) can race against each
other on the `__pycache__` write — manifests as flaky 'directory
not empty' errors during teardown.
2. In production, the post-pull syntax check leaves a `.pyc` behind
that the next interpreter run might pick up — fine when the
interpreter version matches, sketchy if it doesn't.
Fix: write the compiled output to a `tempfile.TemporaryDirectory()`
that's discarded on function exit. We only care about the compile-or-not
signal, not the artifact.
* test(runner): per-file process isolation, drop manual state reset + xdist
Replace fragile manual _reset_module_state test fixtures with robust
per-file subprocess isolation. Each test file runs in a fresh
`python -m pytest <file>` subprocess via ThreadPoolExecutor. No xdist,
no custom pytest plugin, no shared worker state.
Key changes:
* scripts/run_tests_parallel.py — new runner: discovers test files,
runs N in parallel via ThreadPoolExecutor, captures stdout per file,
treats exit code 5 (no tests collected) as pass, kills all children
on exit. Change from cpu_count to cpu_count*2. The runner is
I/O-bound (waiting on subprocess.communicate() from pytest children)
The parent process does almost no CPU work, so 2x oversubscription
keeps more pipes full. When a file fails, immediately show the last
30 lines of pytest output (stack traces + FAILED summary) plus a
ready-to-copy repro command:
python -m pytest tests/agent/test_auxiliary_client.py
* scripts/run_tests.sh — delegates to run_tests_parallel.py
* .github/workflows/tests.yml — test step: python
scripts/run_tests_parallel.py
* pyproject.toml — drop pytest-xdist, pytest-split; simplify addopts
* tests/conftest.py — remove ~200 lines of manual state-reset fixtures
* AGENTS.md — update Testing section for per-file design
* test(runner): speed gateway test antipattern scan up
* fix(test): web search provider plugin test missing xai
* fix(tests): make 14 test files pass under per-file subprocess isolation
Tests that relied on cross-file state pollution from xdist workers
fail when run in isolation (per-file subprocess model). Root causes
and fixes:
Tool registry not populated:
- test_video_generation_tool_surface_matrix: add discover_builtin_tools()
- test_web_providers_brave_free/ddgs/searxng/general: autouse fixtures
registering all 8 bundled web providers, reset after each test
- test_website_policy: same provider registration pattern
- test_web_tools_tavily: same pattern across 3 dispatch test classes
- Also add is_safe_url/check_website_access mocks where SSRF check
blocks example.com (DNS resolution fails in isolated envs)
Stale check_fn cache:
- test_kanban_tools: invalidate_check_fn_cache() + _clear_tool_defs_cache()
in both kanban guidance tests (prior test cached False for kanban_show)
- test_discord_tool: cache invalidation in setup/teardown
- test_homeassistant_tool: invalidate_check_fn_cache() before registry queries
Module-level state pollution:
- test_auxiliary_client: autouse fixture clearing _aux_unhealthy_until cache
- test_skill_commands: set_session_vars() instead of patch.dict(os.environ)
(ContextVar takes precedence over os.environ)
- test_dm_topics: overwrite sys.modules + separate telegram.constants mock
+ force-reimport of gateway.platforms.telegram
- test_terminal_tool_requirements: removed duplicate class declaration,
autouse _clear_caches fixture
* change(tests): run_tests.sh explicitly includes env vars
instead of manually dropping some vars, now we just only include some
* fix(tests): 5 more isolation/NixOS fixes
- test_approval_plugin_hooks: isolate HERMES_HOME so real user's
command_allowlist doesn't short-circuit the approval path
- test_google_chat: skipif when Platform.GOOGLE_CHAT not in enum
(feature not merged on this branch)
- test_write_deny: test systemd prefix against tmp_path instead of
/etc/systemd which resolves to /nix/store on NixOS
- test_pty_bridge: use shutil.which('cat') instead of /bin/cat
(doesn't exist on NixOS)
- profiles.py: rmtree onexc handler chmod's parent dirs too, fixing
profile deletion when copytree preserved read-only modes from
nix store
* fix(tests): clear unhealthy cache in autouse fixture for auxiliary_client
* fix(tests): skip send_message when telegram not installed; handle missing worker_id in browser_supervisor
* fix: py3.11 rmtree onexc compat + belt-and-suspenders unhealthy cache clear for expired codex test
* fix: address PR #29016 review feedback
- Remove tracked .pytest-cache/ artifact and add to .gitignore
- Fix stale 'xdist worker' comment in conftest.py
- Deduplicate web provider registration into tests/tools/conftest.py
shared helper (register_all_web_providers), replacing 8 copy-pasted
blocks across 6 test files
- Update PR description: remove stale recovered-test-files claim,
fix worker count to match code (cpu_count*2)
* fix: eliminate race in stale-cache achievements test
The background scan thread could complete and overwrite _SNAPSHOT_CACHE
before evaluate_all() returned the stale data — only 10 fake sessions
made the scan finish instantly. Added scan_delay param to _FakeSessionDB
and set it to 2s in the stale-cache test so the background thread can't
win the race.
129 lines
4.9 KiB
Python
129 lines
4.9 KiB
Python
"""Tests for _is_write_denied() — verifies deny list blocks sensitive paths on all platforms."""
|
|
|
|
import os
|
|
|
|
import pytest
|
|
from pathlib import Path
|
|
from unittest.mock import patch
|
|
|
|
from tools.file_operations import _is_write_denied
|
|
|
|
|
|
class TestWriteDenyExactPaths:
|
|
def test_etc_shadow(self):
|
|
assert _is_write_denied("/etc/shadow") is True
|
|
|
|
def test_etc_passwd(self):
|
|
assert _is_write_denied("/etc/passwd") is True
|
|
|
|
def test_etc_sudoers(self):
|
|
assert _is_write_denied("/etc/sudoers") is True
|
|
|
|
def test_ssh_authorized_keys(self):
|
|
assert _is_write_denied("~/.ssh/authorized_keys") is True
|
|
|
|
def test_ssh_id_rsa(self):
|
|
path = os.path.join(str(Path.home()), ".ssh", "id_rsa")
|
|
assert _is_write_denied(path) is True
|
|
|
|
def test_ssh_id_ed25519(self):
|
|
path = os.path.join(str(Path.home()), ".ssh", "id_ed25519")
|
|
assert _is_write_denied(path) is True
|
|
|
|
def test_netrc(self):
|
|
path = os.path.join(str(Path.home()), ".netrc")
|
|
assert _is_write_denied(path) is True
|
|
|
|
def test_hermes_env(self):
|
|
# ``.env`` under the active HERMES_HOME (profile-aware, not just
|
|
# ``~/.hermes``) must be write-denied. The hermetic test conftest
|
|
# points HERMES_HOME at a tempdir — resolve via get_hermes_home()
|
|
# to match the denylist.
|
|
from hermes_constants import get_hermes_home
|
|
path = str(get_hermes_home() / ".env")
|
|
assert _is_write_denied(path) is True
|
|
|
|
def test_hermes_root_env_when_running_under_profile(self, tmp_path, monkeypatch):
|
|
"""Top-level ``<root>/.env`` stays write-denied even when running under
|
|
a profile (#15981).
|
|
|
|
Before the fix, ``build_write_denied_paths`` only added
|
|
``<active_profile>/.env`` to the deny list, so the global
|
|
``~/.hermes/.env`` (whose credentials are inherited by every profile)
|
|
could be silently overwritten by ``write_file`` while a profile was
|
|
active.
|
|
"""
|
|
root = tmp_path / "hermes_root"
|
|
profile_home = root / "profiles" / "coder"
|
|
profile_home.mkdir(parents=True)
|
|
global_env = root / ".env"
|
|
global_env.write_text("OPENAI_API_KEY=sk-real\n")
|
|
|
|
monkeypatch.setenv("HERMES_HOME", str(profile_home))
|
|
|
|
# Sanity check: HERMES_HOME does point to the profile dir, not the root.
|
|
from hermes_constants import get_hermes_home, get_default_hermes_root
|
|
assert get_hermes_home() == profile_home
|
|
assert get_default_hermes_root() == root
|
|
|
|
assert _is_write_denied(str(global_env)) is True
|
|
|
|
def test_shell_profiles(self):
|
|
home = str(Path.home())
|
|
for name in [".bashrc", ".zshrc", ".profile", ".bash_profile", ".zprofile"]:
|
|
assert _is_write_denied(os.path.join(home, name)) is True, f"{name} should be denied"
|
|
|
|
def test_package_manager_configs(self):
|
|
home = str(Path.home())
|
|
for name in [".npmrc", ".pypirc", ".pgpass"]:
|
|
assert _is_write_denied(os.path.join(home, name)) is True, f"{name} should be denied"
|
|
|
|
|
|
class TestWriteDenyPrefixes:
|
|
def test_ssh_prefix(self):
|
|
path = os.path.join(str(Path.home()), ".ssh", "some_key")
|
|
assert _is_write_denied(path) is True
|
|
|
|
def test_aws_prefix(self):
|
|
path = os.path.join(str(Path.home()), ".aws", "credentials")
|
|
assert _is_write_denied(path) is True
|
|
|
|
def test_gnupg_prefix(self):
|
|
path = os.path.join(str(Path.home()), ".gnupg", "secring.gpg")
|
|
assert _is_write_denied(path) is True
|
|
|
|
def test_kube_prefix(self):
|
|
path = os.path.join(str(Path.home()), ".kube", "config")
|
|
assert _is_write_denied(path) is True
|
|
|
|
def test_sudoers_d_prefix(self):
|
|
assert _is_write_denied("/etc/sudoers.d/custom") is True
|
|
|
|
def test_systemd_prefix(self, tmp_path):
|
|
# On NixOS, /etc/systemd is a symlink into /nix/store, so
|
|
# realpath() resolves it to a store path that doesn't match
|
|
# the /etc/systemd/ prefix. Build a real directory tree so
|
|
# realpath is a no-op and prefix matching works.
|
|
fake_etc = tmp_path / "etc" / "systemd" / "system"
|
|
fake_etc.mkdir(parents=True)
|
|
target = str(fake_etc / "evil.service")
|
|
# Patch the prefix builder to include our tmp_path prefix
|
|
import agent.file_safety as _fs
|
|
_orig = _fs.build_write_denied_prefixes
|
|
_extra_prefix = str(tmp_path / "etc" / "systemd") + os.sep
|
|
def _patched(home):
|
|
return _orig(home) + [_extra_prefix]
|
|
with patch.object(_fs, "build_write_denied_prefixes", _patched):
|
|
assert _is_write_denied(target) is True
|
|
|
|
|
|
class TestWriteAllowed:
|
|
def test_tmp_file(self):
|
|
assert _is_write_denied("/tmp/safe_file.txt") is False
|
|
|
|
def test_project_file(self):
|
|
assert _is_write_denied("/home/user/project/main.py") is False
|
|
|
|
def test_hermes_config_not_env(self):
|
|
path = os.path.join(str(Path.home()), ".hermes", "config.yaml")
|
|
assert _is_write_denied(path) is False
|