mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-09 08:21:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
hermes-agent/tui_gateway
History
ashishpatel26 621bf3a873 fix(security): strip shell escapes in denylist normalizer; fail-closed on missing approval module 
DANGEROUS_PATTERNS and HARDLINE_PATTERNS are matched on the raw command string,
so backslash-escape (r\m) and empty-quote split (r''m) bypass both lists.
_normalize_command_for_detection now strips these before pattern matching.

tui_gateway shell.exec had a bare 'except ImportError: pass' that silently
disabled the entire safety gate if tools.approval wasn't importable. Changed
to fail-closed (return 5001 error). Added detect_hardline_command check.

Fixes #36846, #36847.
2026-06-07 03:57:21 -07:00
..
__init__.py feat: new tui based on ink 2026-04-02 19:07:53 -05:00
entry.py perf(tui): stop slow/dead MCP servers from freezing TUI startup 2026-05-30 02:53:37 -07:00
event_publisher.py chore: address copilot comments 2026-04-24 12:51:04 -04:00
render.py tui: inherit Python-side rendering via gateway bridge 2026-04-05 18:50:41 -05:00
server.py fix(security): strip shell escapes in denylist normalizer; fail-closed on missing approval module 2026-06-07 03:57:21 -07:00
slash_worker.py feat: personality 2026-04-08 00:15:15 -04:00
transport.py fix(tui-gateway): harden stdio transport against half-closed pipes + SIGTERM races (#17118) 2026-04-28 17:54:06 -05:00
ws.py Tighten conversation rhythm, flatten the tool list, and smooth streaming text 2026-06-06 10:45:31 -05:00