Teknium e946f49ab5 fix(models): add gemini-3.5-flash to Gemini OAuth + API-key pickers (#37046) ... * fix(file_tools): block agent writes to ~/.hermes/config.yaml to prevent silent approval bypass * fix(approval): pair terminal-side gate for ~/.hermes/config.yaml writes Subway2023's #14639 blocks write_file/patch to ~/.hermes/config.yaml, but the terminal side was only partially paired: echo>/tee/cp/mv to config.yaml already tripped the project-config pattern, while `sed -i` and direct edits slipped through with auto-approve. An unpaired write_file deny is theater per SECURITY.md — the agent could flip approvals.mode=off via `sed -i` and the mtime-keyed config cache reloads it mid-session. config.yaml IS the security policy (approvals.mode/yolo/permanent allowlist live there), so it warrants real pairing, not a half-door. Add a _HERMES_CONFIG_PATH fragment mirroring _HERMES_ENV_PATH, fold it into _SENSITIVE_WRITE_TARGET (covers tee/>/>>/cp/mv), and add sed -i coverage for both config.yaml and .env. Pins 9 regression tests including no-regression guards (reads pass, /tmp writes pass). Co-authored-by: sbw2025 <subw3@mail2.sysu.edu.cn> * chore(release): map Subway2023 for PR #14639 salvage * fix(models): add gemini-3.5-flash to Gemini OAuth + API-key pickers #34581 swapped gemini-3-flash-preview -> gemini-3.5-flash in the OpenRouter and Nous lists but missed the curated Gemini catalogs, so the Google OAuth (google-gemini-cli) picker still offered the retired gemini-3-flash-preview slug and gemini-3.5-flash was unselectable. Per Google's docs gemini-3-flash-preview was renamed to gemini-3.5-flash and is served via Cloud Code Assist, so this completes the rename for: - google-gemini-cli (OAuth/Code Assist) picker - gemini (API-key) picker - gemini provider default_aux_model copilot keeps gemini-3-flash-preview (separate backend, own slug). --------- Co-authored-by: sbw2025 <subw3@mail2.sysu.edu.cn>		2026-06-01 16:31:13 -07:00
..
browser	fix(managed-gateway): keep tool availability scans off the Nous token-refresh path	2026-05-30 07:58:08 -07:00
context_engine	feat(context-engine): host contract for external context engines	2026-05-28 01:45:30 -07:00
dashboard_auth/nous	feat(dashboard-auth): config.yaml as canonical surface for dashboard.oauth	2026-05-27 02:12:27 -07:00
disk-cleanup	fix(cron): exclude jobs.json registry from disk-cleanup pattern	2026-05-29 13:22:54 -07:00
example-dashboard/dashboard	fix(dashboard): UI polish — modals, layout, consistency, test fixes	2026-05-12 13:59:22 -04:00
google_meet	chore: prune unused imports and duplicate import redefinitions	2026-05-28 22:26:25 -07:00
hermes-achievements	fix(achievements): use canonical X-Hermes-Session-Token header	2026-05-10 19:41:45 -07:00
image_gen	feat(image_gen): add Krea provider plugin (Krea 2 Medium + Large) (#33236)	2026-05-27 11:01:47 -07:00
kanban	feat(kanban): goal_mode cards run workers in a /goal loop (#35710)	2026-05-31 01:16:33 -07:00
memory	fix(honcho): harden self-hosted setup paths	2026-05-29 22:29:48 -07:00
model-providers	fix(models): add gemini-3.5-flash to Gemini OAuth + API-key pickers (#37046)	2026-06-01 16:31:13 -07:00
observability/langfuse	Add Hermes desktop app (#20059)	2026-05-31 17:46:56 -05:00
platforms	fix(discord): bridge explicit allow_from configuration to env var mapping	2026-05-30 05:23:55 -07:00
security-guidance	plugins: add security-guidance — pattern-matched warnings on dangerous code writes (#33131)	2026-05-27 02:07:21 -07:00
spotify	chore: prune unused imports and duplicate import redefinitions	2026-05-28 22:26:25 -07:00
teams_pipeline	chore: prune unused imports and duplicate import redefinitions	2026-05-28 22:26:25 -07:00
video_gen	fix(video_gen): parse duration suffix in success_response	2026-05-29 22:26:24 +05:30
web	fix(managed-gateway): keep tool availability scans off the Nous token-refresh path	2026-05-30 07:58:08 -07:00
__init__.py	feat(memory): pluggable memory provider interface with profile isolation, review fixes, and honcho CLI restoration (#4623)	2026-04-02 15:33:51 -07:00