Simon Taggart a75a45414c fix(tools): fall back to .hermes/.env when forwarded secret is empty (#35583) ... The docker_forward_env build loop only consulted the ~/.hermes/.env disk fallback when a key was unset (value is None), not when it was present but empty (""). A transient empty value in os.environ was therefore forwarded into the sandbox container as `-e KEY=`, clobbering the correct value on disk. Sandboxed workloads then read a zero-length secret and failed auth (observed as intermittent Linear API 401s) with no gateway restart and no .env rewrite. Treat empty-string like unset (`if not value:` on the fallback) and never forward a blank secret (`if value:` on the guard). Fixes #35580		2026-06-01 12:20:00 +10:00
..
__init__.py	remove Vercel AI Gateway and Vercel Sandbox (#33067)	2026-05-27 00:43:32 -07:00
base.py	fix(tools): don't compound-rewrite spawn_via_env background wrappers	2026-06-01 00:05:10 +05:30
daytona.py	fix(daytona): migrate legacy-sandbox lookup to cursor-based list() (#24587)	2026-05-12 16:31:46 -07:00
docker.py	fix(tools): fall back to .hermes/.env when forwarded secret is empty (#35583)	2026-06-01 12:20:00 +10:00
file_sync.py	fix: guard yaml.safe_load, flock unlock, TOCTOU races, and atomic writes	2026-05-19 00:12:41 -07:00
local.py	fix(security): narrow Bedrock subprocess strip to inference bearer token only	2026-05-29 01:48:08 -07:00
managed_modal.py	feat(environments): unified spawn-per-call execution layer	2026-04-08 17:23:15 -07:00
modal.py	fix(async): close unscheduled coroutines in all threadsafe bridges (#26584)	2026-05-15 14:00:01 -07:00
modal_utils.py	fix(tools): don't compound-rewrite spawn_via_env background wrappers	2026-06-01 00:05:10 +05:30
singularity.py	feat(environments): unified spawn-per-call execution layer	2026-04-08 17:23:15 -07:00
ssh.py	fix(ssh): keep bulk sync extraction scoped to .hermes	2026-05-21 19:17:51 -07:00