mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hermes-agent/agent
History
Teknium d587d62eba
feat: replace kimi-k2.5 with kimi-k2.6 on OpenRouter and Nous Portal (#13148) 
* feat(security): URL query param + userinfo + form body redaction

Port from nearai/ironclaw#2529.

Hermes already has broad value-shape coverage in agent/redact.py
(30+ vendor prefixes, JWTs, DB connstrs, etc.) but missed three
key-name-based patterns that catch opaque tokens without recognizable
prefixes:

1. URL query params - OAuth callback codes (?code=...),
   access_token, refresh_token, signature, etc. These are opaque and
   won't match any prefix regex. Now redacted by parameter NAME.

2. URL userinfo (https://user:pass@host) - for non-DB schemes. DB
   schemes were already handled by _DB_CONNSTR_RE.

3. Form-urlencoded body (k=v pairs joined by ampersands) -
   conservative, only triggers on clean pure-form inputs with no
   other text.

Sensitive key allowlist matches ironclaw's (exact case-insensitive,
NOT substring - so token_count and session_id pass through).

Tests: +20 new test cases across 3 test classes. All 75 redact tests
pass; gateway/test_pii_redaction and tools/test_browser_secret_exfil
also green.

Known pre-existing limitation: _ENV_ASSIGN_RE greedy match swallows
whole all-caps ENV-style names + trailing text when followed by
another assignment. Left untouched here (out of scope); URL query
redaction handles the lowercase case.

* feat: replace kimi-k2.5 with kimi-k2.6 on OpenRouter and Nous Portal

Update model catalogs for OpenRouter (fallback snapshot), Nous Portal,
and NVIDIA NIM to reference moonshotai/kimi-k2.6.  Add kimi-k2.6 to
the fixed-temperature frozenset in auxiliary_client.py so the 0.6
contract is enforced on aggregator routings.

Native Moonshot provider lists (kimi-coding, kimi-coding-cn, moonshot,
opencode-zen, opencode-go) are unchanged — those use Moonshot's own
model IDs which are unaffected.
2026-04-20 11:49:54 -07:00
..
__init__.py Refactor Terminal and AIAgent cleanup 2026-02-21 22:31:43 -08:00
anthropic_adapter.py feat(providers): extend request_timeout_seconds to all client paths 2026-04-19 11:23:00 -07:00
auxiliary_client.py feat: replace kimi-k2.5 with kimi-k2.6 on OpenRouter and Nous Portal (#13148) 2026-04-20 11:49:54 -07:00
bedrock_adapter.py feat: native AWS Bedrock provider via Converse API 2026-04-15 16:17:17 -07:00
context_compressor.py feat(compression): summaries now respect the conversation's language 2026-04-19 11:05:14 -07:00
context_engine.py refactor: remove dead code — 1,784 lines across 77 files (#9180) 2026-04-13 16:32:04 -07:00
context_references.py fix(agent): fall back when rg is blocked for @folder references 2026-04-20 01:56:41 -07:00
copilot_acp_client.py fix: handle httpx.Timeout object in CopilotACPClient (#11058) 2026-04-16 12:05:11 -07:00
credential_pool.py fix(codex): Hermes owns its own Codex auth; stop touching ~/.codex/auth.json (#12360) 2026-04-18 19:19:46 -07:00
display.py fix(display): render <missing old_text> in memory previews instead of empty quotes (#12852) 2026-04-19 22:45:47 -07:00
error_classifier.py fix(error_classifier): handle dict-typed message fields without crashing 2026-04-20 02:40:20 -07:00
gemini_cloudcode_adapter.py fix(gemini): assign unique stream indices to parallel tool calls 2026-04-20 02:10:53 -07:00
gemini_native_adapter.py fix(gemini): sanitize tool schemas for Google providers 2026-04-20 00:26:18 -07:00
gemini_schema.py fix(gemini): sanitize tool schemas for Google providers 2026-04-20 00:26:18 -07:00
google_code_assist.py fix(gemini-cli): surface MODEL_CAPACITY_EXHAUSTED cleanly + drop retired gemma-4-26b (#11833) 2026-04-17 15:34:12 -07:00
google_oauth.py feat(gemini): add Google Gemini CLI OAuth provider via Cloud Code Assist (free + paid tiers) (#11270) 2026-04-16 16:49:00 -07:00
insights.py Merge branch 'main' into feat/dashboard-skill-analytics 2026-04-20 05:25:49 -07:00
manual_compression_feedback.py fix(gateway): make manual compression feedback truthful 2026-04-10 21:16:53 -07:00
memory_manager.py feat(honcho): context injection overhaul, 5-tool surface, cost safety, session isolation (#10619) 2026-04-15 19:12:19 -07:00
memory_provider.py refactor(memory): drop on_session_reset — commit-only is enough 2026-04-15 11:28:45 -07:00
model_metadata.py fix: remove codex spark model support 2026-04-20 04:51:44 -07:00
models_dev.py fix(gemini): hide stale and low-TPM Google models 2026-04-18 12:52:01 -07:00
nous_rate_guard.py fix: Nous Portal rate limit guard — prevent retry amplification (#10568) 2026-04-15 16:31:48 -07:00
prompt_builder.py docs(memory): steer agents to save declarative facts, not instructions (#12665) 2026-04-19 12:00:53 -07:00
prompt_caching.py fix(prompt-caching): skip top-level cache_control on role:tool for OpenRouter 2026-03-21 16:54:43 -07:00
rate_limit_tracker.py refactor: remove dead code — 1,784 lines across 77 files (#9180) 2026-04-13 16:32:04 -07:00
redact.py feat: replace kimi-k2.5 with kimi-k2.6 on OpenRouter and Nous Portal (#13148) 2026-04-20 11:49:54 -07:00
retry_utils.py feat(agent): add jittered retry backoff 2026-04-08 00:41:36 -07:00
skill_commands.py fix: use absolute skill_dir for external skills (#10313) (#10587) 2026-04-15 17:22:55 -07:00
skill_utils.py feat(plugins): namespaced skill registration for plugin skill bundles 2026-04-14 10:42:58 -07:00
subdirectory_hints.py fix(agent): catch PermissionError in subdirectory hint discovery 2026-04-09 03:10:30 -07:00
title_generator.py fix: title_generator no longer logs as 'compression' task 2026-04-12 04:17:18 -07:00
trajectory.py Refactor Terminal and AIAgent cleanup 2026-02-21 22:31:43 -08:00
usage_pricing.py feat: native AWS Bedrock provider via Converse API 2026-04-15 16:17:17 -07:00