mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-18 04:41:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
hermes-agent/tests/tools
History
Teknium 6ba35ec336
Inspired by Claude Code: tighten dangerous-command detection (#26829) 
Port three hardening patches from Claude Code 2.1.113's expanded deny
rules to hermes' detect_dangerous_command() pattern list.

1. macOS /private/{etc,var,tmp,home} system paths
   /etc, /var, /tmp, /home are symlinks to /private/<name> on macOS.
   A write to /private/etc/sudoers works identically to /etc/sudoers
   but bypassed the plain /etc/ pattern check. Extracted a shared
   _SYSTEM_CONFIG_PATH fragment so /etc/ and the /private/ mirror
   stay in sync across redirect / tee / cp / mv / install / sed -i
   patterns.

2. killall -9 / -KILL / -SIGKILL / -s KILL / -r <regex>
   Parallel to the existing pkill -9 pattern. killall -9 against
   non-hermes processes was previously unprotected, and killall -r
   can sweep unrelated processes matching a regex.

3. find -execdir rm
   Same destructive effect as find -exec rm but ran in each match's
   directory. The previous pattern required a literal '-exec ' so
   -execdir slipped through.

Guarded by 32 new test cases in 4 test classes:
  - TestMacOSPrivateSystemPaths  (11 cases)
  - TestKillallKillSignals       (9 cases)
  - TestFindExecdir              (4 cases)
  - TestEtcPatternsUnaffectedByRefactor  (6 regression guards on
    the existing /etc/ coverage after the _SYSTEM_CONFIG_PATH refactor)

Inspiration: https://github.com/anthropics/claude-code/releases
(Claude Code 2.1.113, April 17 2026 - "Enhanced deny rules" and
"Dangerous path protection")
2026-05-16 01:24:25 -07:00
..
__init__.py
test_accretion_caps.py
test_ansi_strip.py
test_approval.py Inspired by Claude Code: tighten dangerous-command detection (#26829) 2026-05-16 01:24:25 -07:00
test_approval_heartbeat.py
test_approval_plugin_hooks.py
test_base_environment.py
test_browser_camofox.py
test_browser_camofox_persistence.py feat(browser): support externally managed Camofox sessions 2026-05-12 15:14:49 -07:00
test_browser_camofox_state.py feat(browser): support externally managed Camofox sessions 2026-05-12 15:14:49 -07:00
test_browser_cdp_override.py
test_browser_cdp_tool.py
test_browser_chromium_check.py fix(install): skip browser download when system chromium exists 2026-05-13 22:07:02 -07:00
test_browser_cleanup.py
test_browser_cloud_fallback.py
test_browser_cloud_provider_cache.py
test_browser_console.py
test_browser_content_none_guard.py
test_browser_eval_supervisor_path.py
test_browser_hardening.py
test_browser_homebrew_paths.py
test_browser_hybrid_routing.py
test_browser_lightpanda.py
test_browser_orphan_reaper.py
test_browser_secret_exfil.py
test_browser_ssrf_local.py
test_browser_supervisor.py
test_browser_supervisor_healthcheck.py
test_budget_config.py
test_checkpoint_manager.py
test_clarify_gateway.py fix(gateway): enable text-intercept for multi-choice clarify fallback (#25567) 2026-05-14 07:59:12 -07:00
test_clarify_tool.py
test_clipboard.py fix(clipboard): reject non-png clipboard images when png normalization fails 2026-05-13 22:54:21 -07:00
test_code_execution.py
test_code_execution_modes.py
test_code_execution_windows_env.py
test_command_guards.py
test_computer_use.py fix(agent): keep image tool results from poisoning text-only sessions 2026-05-14 14:52:15 -07:00
test_config_null_guard.py
test_credential_files.py
test_credential_pool_env_fallback.py
test_cron_approval_mode.py
test_cron_prompt_injection.py
test_cronjob_tools.py fix(env-flags): widen truthy-only session env checks to sibling sites 2026-05-15 12:35:07 -07:00
test_daytona_environment.py fix(daytona): migrate legacy-sandbox lookup to cursor-based list() (#24587) 2026-05-12 16:31:46 -07:00
test_debug_helpers.py
test_delegate.py fix(delegation): honor api_mode + auto-detect anthropic_messages URLs (#26824) 2026-05-16 01:00:27 -07:00
test_delegate_composite_toolsets.py
test_delegate_subagent_timeout_diagnostic.py
test_delegate_toolset_scope.py
test_discord_tool.py
test_docker_environment.py
test_docker_find.py
test_dockerfile_node_modules_perms.py
test_dockerfile_pid1_reaping.py
test_env_passthrough.py
test_feishu_tools.py
test_file_operations.py
test_file_operations_edge_cases.py
test_file_ops_cwd_tracking.py
test_file_read_guards.py
test_file_staleness.py
test_file_state_registry.py
test_file_sync.py
test_file_sync_back.py
test_file_sync_perf.py
test_file_tools.py
test_file_tools_container_config.py
test_file_tools_live.py
test_file_write_safety.py
test_force_dangerous_override.py
test_fuzzy_match.py
test_hardline_blocklist.py
test_heartbeat_stale_thresholds.py
test_hidden_dir_filter.py
test_homeassistant_tool.py
test_image_generation.py
test_image_generation_env.py feat(image-gen): actionable setup message when no FAL backend is reachable (#26222) 2026-05-15 01:33:13 -07:00
test_image_generation_plugin_dispatch.py
test_init_session_cwd_respect.py
test_interrupt.py
test_kanban_tools.py
test_lazy_deps.py fix(update): refresh lazy-installed backends on hermes update (#25766) 2026-05-14 08:03:40 -07:00
test_llm_content_none_guard.py
test_local_background_child_hang.py
test_local_env_blocklist.py
test_local_env_cwd_recovery.py
test_local_env_windows_msys.py fix(windows): stop spamming cwd-missing + tirith-spawn warnings on every terminal call 2026-05-15 16:25:31 -07:00
test_local_interrupt_cleanup.py
test_local_shell_init.py
test_local_tempdir.py
test_managed_browserbase_and_modal.py
test_managed_media_gateways.py
test_managed_modal_environment.py
test_managed_tool_gateway.py
test_mcp_cancelled_error_propagation.py
test_mcp_circuit_breaker.py
test_mcp_dynamic_discovery.py
test_mcp_empty_error_message.py
test_mcp_image_content.py
test_mcp_oauth.py
test_mcp_oauth_bidirectional.py
test_mcp_oauth_cold_load_expiry.py
test_mcp_oauth_integration.py
test_mcp_oauth_manager.py
test_mcp_oauth_metadata.py
test_mcp_probe.py fix(async): close unscheduled coroutines in all threadsafe bridges (#26584) 2026-05-15 14:00:01 -07:00
test_mcp_reconnect_signal.py
test_mcp_sse_transport.py
test_mcp_stability.py
test_mcp_structured_content.py fix(async): close unscheduled coroutines in all threadsafe bridges (#26584) 2026-05-15 14:00:01 -07:00
test_mcp_tool.py feat: add supports_parallel_tool_calls for MCP servers (#26825) 2026-05-16 01:04:28 -07:00
test_mcp_tool_401_handling.py
test_mcp_tool_issue_948.py
test_mcp_tool_session_expired.py
test_mcp_utility_capability_gating.py
test_memory_tool.py
test_memory_tool_import_fallback.py
test_memory_tool_schema.py
test_microsoft_graph_auth.py
test_microsoft_graph_client.py
test_mixture_of_agents_tool.py
test_modal_bulk_upload.py
test_modal_sandbox_fixes.py
test_modal_snapshot_isolation.py
test_notify_on_complete.py
test_osv_check.py
test_parse_env_var.py
test_patch_parser.py
test_process_registry.py fix(tui): autonomous background process completion notifications (#26071) (#26327) 2026-05-15 19:31:00 +05:30
test_read_loop_detection.py
test_registry.py test(ci): stabilize shared optional dependency baselines 2026-05-13 17:32:22 -07:00
test_resolve_path.py
test_schema_sanitizer.py
test_search_hidden_dirs.py
test_send_message_missing_platforms.py
test_send_message_tool.py
test_session_search.py
test_shared_container_task_id.py
test_signal_media.py
test_singularity_preflight.py
test_skill_env_passthrough.py
test_skill_improvements.py
test_skill_manager_tool.py
test_skill_provenance.py
test_skill_size_limits.py
test_skill_usage.py
test_skill_view_path_check.py
test_skill_view_traversal.py
test_skills_guard.py
test_skills_hub.py
test_skills_hub_clawhub.py
test_skills_sync.py
test_skills_tool.py fix(tools): refuse skill_view name collisions instead of guessing 2026-05-13 13:29:28 -07:00
test_slash_confirm.py
test_spotify_client.py
test_ssh_bulk_upload.py
test_ssh_environment.py
test_symlink_prefix_confusion.py
test_sync_back_backends.py
test_terminal_compound_background.py
test_terminal_config_env_sync.py
test_terminal_exit_semantics.py
test_terminal_foreground_timeout_cap.py
test_terminal_none_command_guard.py
test_terminal_output_transform_hook.py
test_terminal_requirements.py
test_terminal_task_cwd.py
test_terminal_timeout_output.py
test_terminal_tool.py
test_terminal_tool_pty_fallback.py
test_terminal_tool_requirements.py
test_threaded_process_handle.py
test_tirith_security.py fix(windows): silence tirith-unavailable banner + skip install/spawn attempts on unsupported platforms (#26718) 2026-05-15 20:29:28 -07:00
test_todo_tool.py
test_tool_backend_helpers.py
test_tool_output_limits.py
test_tool_result_storage.py
test_transcription.py test(ci): stabilize shared optional dependency baselines 2026-05-13 17:32:22 -07:00
test_transcription_dotenv_fallback.py fix(xai-http): preserve ~/.hermes/.env fallback and XAI_STT_BASE_URL precedence 2026-05-15 12:11:32 -07:00
test_transcription_tools.py fix(security): reduce unnecessary shell=True in subprocess calls 2026-05-13 10:31:22 -07:00
test_tts_command_providers.py
test_tts_dotenv_fallback.py fix(xai-http): preserve ~/.hermes/.env fallback and XAI_STT_BASE_URL precedence 2026-05-15 12:11:32 -07:00
test_tts_gemini.py
test_tts_kittentts.py test(ci): stabilize shared optional dependency baselines 2026-05-13 17:32:22 -07:00
test_tts_max_text_length.py
test_tts_mistral.py
test_tts_piper.py
test_tts_speed.py fix(tts): align MiniMax TTS defaults with current API and add GroupId support 2026-05-13 22:04:28 -07:00
test_url_safety.py fix(url-safety): allow only http and https schemes 2026-05-15 01:52:48 -07:00
test_vercel_sandbox_environment.py
test_video_analyze.py
test_video_generation_dispatch.py feat(video_gen): unified video_generate tool with pluggable provider backends (#25126) 2026-05-13 16:39:41 -07:00
test_video_generation_dynamic_schema.py feat(video_gen): unified video_generate tool with pluggable provider backends (#25126) 2026-05-13 16:39:41 -07:00
test_video_generation_tool_surface_matrix.py feat(video_gen): unified video_generate tool with pluggable provider backends (#25126) 2026-05-13 16:39:41 -07:00
test_vision_native_fast_path.py fix(dashboard): UI polish — modals, layout, consistency, test fixes 2026-05-12 13:59:22 -04:00
test_vision_tools.py
test_voice_cli_integration.py
test_voice_mode.py
test_watch_patterns.py
test_web_providers.py fix(web): preserve top-level error envelope on unconfigured systems 2026-05-13 22:31:28 -07:00
test_web_providers_brave_free.py refactor(web): remove legacy in-tree provider modules 2026-05-13 22:31:28 -07:00
test_web_providers_ddgs.py refactor(web): remove legacy in-tree provider modules 2026-05-13 22:31:28 -07:00
test_web_providers_searxng.py refactor(web): remove legacy in-tree provider modules 2026-05-13 22:31:28 -07:00
test_web_tools_config.py refactor(web): dispatch all three tools through web_search_registry 2026-05-13 22:31:28 -07:00
test_web_tools_tavily.py
test_website_policy.py feat(web): firecrawl plugin natively supports crawl; delete legacy inline path 2026-05-13 22:31:28 -07:00
test_windows_compat.py
test_windows_native_support.py feat(security): supply-chain advisory checker + lazy-install framework + tiered install fallback (#24220) 2026-05-12 01:02:25 -07:00
test_write_deny.py
test_x_search_tool.py feat(x_search): gated X (Twitter) search tool with OAuth-or-API-key auth (#26763) 2026-05-16 00:58:27 -07:00
test_yolo_mode.py
test_zombie_process_cleanup.py