mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-30 06:41:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
hermes-agent/tests/hermes_cli/test_profile_export_credentials.py
kshitijk4poor 66827f8947 chore: prune unused imports and duplicate import redefinitions 
Remove unused imports (F401) and duplicate/shadowed import
redefinitions (F811) across the codebase using ruff's safe
autofixes. No behavioral changes -- imports only.

- ~1400 safe autofixes applied across 644 files (net -1072 lines)
- __init__.py re-exports preserved (excluded from F401 removal so
  public re-export surfaces stay intact)
- Re-exports that are imported or monkeypatched by tests but look
  unused in their defining module are kept with explicit # noqa:
  F401 (gateway/run.py load_dotenv; run_agent re-exports from
  agent.message_sanitization, agent.context_compressor,
  agent.retry_utils, agent.prompt_builder, agent.process_bootstrap,
  agent.codex_responses_adapter)
- Unsafe F841 (unused-variable) fixes deliberately skipped -- those
  can change behavior when the RHS has side effects
- ruff lints remain disabled in pyproject.toml (only PLW1514 is
  selected); this is a one-time cleanup, not a config change

Verification:
- python -m compileall: clean
- pytest --collect-only: all 27161 tests collect (zero import errors)
- core entry points import clean (run_agent, model_tools, cli,
  toolsets, hermes_state, batch_runner, gateway)
- static scan: every name any test imports directly from an edited
  module still resolves
2026-05-28 22:26:25 -07:00

51 lines
2.3 KiB
Python
Raw Blame History

"""Tests for credential exclusion during profile export.
Profile exports should NEVER include auth.json or .env — these contain
API keys, OAuth tokens, and credential pool data. Users share exported
profiles; leaking credentials in the archive is a security issue.
"""
import tarfile
from hermes_cli.profiles import export_profile, _DEFAULT_EXPORT_EXCLUDE_ROOT
class TestCredentialExclusion:
def test_auth_json_in_default_exclude_set(self):
"""auth.json must be in the default export exclusion set."""
assert "auth.json" in _DEFAULT_EXPORT_EXCLUDE_ROOT
def test_dotenv_in_default_exclude_set(self):
""".env must be in the default export exclusion set."""
assert ".env" in _DEFAULT_EXPORT_EXCLUDE_ROOT
def test_named_profile_export_excludes_auth(self, tmp_path, monkeypatch):
"""Named profile export must not contain auth.json or .env."""
profiles_root = tmp_path / "profiles"
profile_dir = profiles_root / "testprofile"
profile_dir.mkdir(parents=True)
# Create a profile with credentials
(profile_dir / "config.yaml").write_text("model: gpt-4\n")
(profile_dir / "auth.json").write_text('{"tokens": {"access": "sk-secret"}}')
(profile_dir / ".env").write_text("OPENROUTER_API_KEY=sk-secret-key\n")
(profile_dir / "SOUL.md").write_text("I am helpful.\n")
(profile_dir / "memories").mkdir()
(profile_dir / "memories" / "MEMORY.md").write_text("# Memories\n")
monkeypatch.setattr("hermes_cli.profiles._get_profiles_root", lambda: profiles_root)
monkeypatch.setattr("hermes_cli.profiles.get_profile_dir", lambda n: profile_dir)
monkeypatch.setattr("hermes_cli.profiles.validate_profile_name", lambda n: None)
output = tmp_path / "export.tar.gz"
result = export_profile("testprofile", str(output))
# Check archive contents
with tarfile.open(result, "r:gz") as tf:
names = tf.getnames()
assert any("config.yaml" in n for n in names), "config.yaml should be in export"
assert any("SOUL.md" in n for n in names), "SOUL.md should be in export"
assert not any("auth.json" in n for n in names), "auth.json must NOT be in export"
assert not any(".env" in n for n in names), ".env must NOT be in export"
Reference in a new issue View git blame Copy permalink