common/hermes
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
59088228f69fe852edc8ac613641745c0bc23b51
hermes/tests
History
Erhnysr 59088228f6 fix(security): prevent API key leakage to non-authoritative custom endpoints 
Custom endpoint provider was forwarding OPENAI_API_KEY and OLLAMA_API_KEY
to arbitrary hosts. Keys should only be sent to their authoritative domains
(openai.com, ollama.com) or when explicitly configured via pool/env.

- Gate OPENAI_API_KEY to openai.com hosts only
- Gate OLLAMA_API_KEY to ollama.com hosts only
- Return 'no-key-required' for unrecognized custom endpoints
- Update tests to reflect secure-by-default behavior

Closes #28660
2026-05-20 22:12:09 -07:00
..
acp
fix(acp): use tempfile.gettempdir() in workspace auto-approve
2026-05-19 03:05:10 -07:00
acp_adapter
feat(azure-foundry): add Microsoft Entra ID auth
2026-05-18 10:14:38 -07:00
agent
fix(chat_completions): strip tool_name from messages for strict providers
2026-05-20 02:44:08 -07:00
cli
refactor(session-log): drop branch/compress re-point of session_log_file
2026-05-20 11:44:10 -07:00
cron
refactor(session-log): delete _save_session_log and all callers
2026-05-20 11:44:10 -07:00
e2e
test(e2e): fix Discord mock exception surface
2026-05-14 19:08:38 -07:00
fakes
gateway
feat(state.db): persist platform_message_id; restore yuanbao exact-id recall
2026-05-20 13:00:57 -07:00
hermes_cli
fix(security): prevent API key leakage to non-authoritative custom endpoints
2026-05-20 22:12:09 -07:00
hermes_state
feat(session_search): single-shape tool with discovery, scroll, browse — no LLM (#27590)
2026-05-17 23:28:45 -07:00
honcho_plugin
chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355)
2026-05-17 02:29:41 -07:00
integration
openviking_plugin
fix(openviking): pre-check fs/stat to route file URIs before hitting directory-only endpoints
2026-04-30 02:35:29 -07:00
plugins
fix(kanban-dashboard): restore implementations dropped during salvages (#28481)
2026-05-18 21:54:56 -07:00
providers
feat(nvidia): add NIM billing origin header
2026-05-15 14:06:51 -07:00
run_agent
fix(gateway): harden kanban and provider cleanup races
2026-05-20 14:31:22 -07:00
scripts
feat(acp-registry): switch to uvx distribution, drop npm launcher
2026-05-14 22:27:09 -07:00
skills
fix(skills): add timeout to Google OAuth urlopen calls
2026-05-19 00:11:44 -07:00
stress
docs: align kanban readiness docs and smoke tests
2026-05-18 21:07:03 -07:00
tools
fix(skills-hub): deduplicate search results by identifier, not name
2026-05-20 15:04:01 -07:00
tui_gateway
chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355)
2026-05-17 02:29:41 -07:00
website
docs(skills): explain restoring bundled skills
2026-05-05 13:46:20 -07:00
__init__.py
conftest.py
fix(cron): route Telegram cron deliveries to a dedicated topic via TELEGRAM_CRON_THREAD_ID
2026-05-18 22:36:11 -07:00
run_interrupt_test.py
test_account_usage.py
test_atomic_replace_symlinks.py
refactor: consolidate symlink-safe atomic replace into shared helper
2026-04-28 04:58:22 -07:00
test_base_url_hostname.py
test_batch_runner_checkpoint.py
test_cli_file_drop.py
test_cli_manual_compress.py
fix(tests): catch up six stale tests after compression/aux/kanban changes (#28465)
2026-05-18 21:43:59 -07:00
test_cli_skin_integration.py
fix(ci): stabilize main test suite regressions (#17660)
2026-04-29 23:18:55 -07:00
test_ctx_halving_fix.py
fix(cache): kill long-lived prefix layout — system prompt is now byte-static within a session (#24778)
2026-05-12 20:46:04 -07:00
test_empty_model_fallback.py
test_evidence_store.py
test_gateway_streaming_nested_config.py
fix(gateway): load streaming config from nested gateway.streaming key
2026-05-14 14:51:07 -07:00
test_get_tool_definitions_cache_isolation.py
fix(tools): isolate get_tool_definitions quiet_mode cache + dedup LCM injection (#17335)
2026-04-30 04:32:06 -07:00
test_hermes_bootstrap.py
fix(entry-points): guard hermes_bootstrap import so partial updates don't brick hermes (#22091)
2026-05-08 14:43:13 -07:00
test_hermes_constants.py
test(hermes_constants): cover parse_reasoning_effort()
2026-05-07 09:59:07 -07:00
test_hermes_home_profile_warning.py
fix(constants): warn once when get_hermes_home() falls back under an active profile (#18746)
2026-05-02 01:49:55 -07:00
test_hermes_logging.py
fix(tests): catch up 25 stale tests after recent merges (#28626)
2026-05-19 01:28:32 -07:00
test_hermes_state_wal_fallback.py
fix(sqlite): fall back to journal_mode=DELETE on NFS/SMB/FUSE (#22043)
2026-05-09 02:09:35 -07:00
test_hermes_state.py
feat(state.db): persist platform_message_id; restore yuanbao exact-id recall
2026-05-20 13:00:57 -07:00
test_honcho_client_config.py
test_install_sh_browser_install.py
fix(install): support non-sudo service-user installs on apt distros (#25814)
2026-05-14 09:05:31 -07:00
test_install_sh_pythonpath_sanitization.py
fix: harden install.sh against inherited Python env leakage
2026-05-06 04:02:02 -07:00
test_install_sh_setup_wizard_tty_probe.py
fix(install): widen /dev/tty open-probe to sibling gates (#16746)
2026-04-28 06:45:55 -07:00
test_install_sh_symlink_stomp.py
fix(install): preserve pip entry point when re-running on symlinked install
2026-05-14 07:08:45 -07:00
test_install_sh_termux_network_prereqs.py
fix: strengthen termux install network prerequisites
2026-05-07 13:04:08 -07:00
test_ipv4_preference.py
test_lazy_session_regressions.py
fix: resolve lazy session creation regressions (#18370 fallout) (#20363)
2026-05-06 01:11:49 +05:30
test_lint_config.py
lint: enable PLW1514 as a blocking ruff rule
2026-05-08 14:27:40 -07:00
test_live_system_guard_self_test.py
chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355)
2026-05-17 02:29:41 -07:00
test_mcp_serve.py
fix(mcp): unwrap platforms key in channels_list
2026-05-07 13:41:16 -07:00
test_mini_swe_runner.py
test_minimax_model_validation.py
test_minimax_oauth.py
fix(minimax-oauth): quarantine dead tokens on terminal refresh failure
2026-05-18 10:34:03 -07:00
test_minisweagent_path.py
test_model_picker_scroll.py
test_model_tools_async_bridge.py
fix(model_tools): cancel coroutine on timeout so worker thread exits + log full traceback
2026-04-29 05:00:40 -07:00
test_model_tools.py
chore: remove Atropos RL environments and tinker-atropos integration (#26106)
2026-05-15 10:36:38 +05:30
test_ollama_num_ctx.py
test_package_json_lazy_deps.py
fix(update): make Camofox lazy-installed instead of eager (#27055)
2026-05-16 12:15:45 -07:00
test_packaging_metadata.py
test_plugin_skills.py
fix(skills): support category-qualified local skill names
2026-05-05 10:15:31 -07:00
test_process_loop_event_loop_warning.py
fix(cli): replace get_event_loop() with get_running_loop() to silence RuntimeWarning in process_loop thread (#19285)
2026-05-07 06:35:54 -07:00
test_project_metadata.py
fix(packaging): ship dashboard plugin assets in wheel
2026-05-18 20:35:00 -07:00
test_retry_utils.py
test_sanitize_tool_error.py
security: sanitize tool error strings before injecting into model context (#26823)
2026-05-16 00:57:39 -07:00
test_sql_injection.py
test_subprocess_home_isolation.py
fix: avoid process-wide cron profile home mutation
2026-05-18 17:39:50 +00:00
test_termux_all_extra_compat.py
fix: add termux-all install profile and safe fallbacks
2026-05-07 13:04:08 -07:00
test_timezone.py
chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355)
2026-05-17 02:29:41 -07:00
test_toolset_distributions.py
test_toolsets.py
test(toolsets): lock web search into default platform coverage
2026-05-14 08:03:33 -07:00
test_trajectory_compressor_async.py
test_trajectory_compressor.py
test_transform_llm_output_hook.py
test+docs: cover transform_llm_output hook + release author map
2026-05-07 05:46:05 -07:00
test_transform_tool_result_hook.py
test_tui_gateway_server.py
feat: auto-launch Chromium-family browser for CDP
2026-05-19 22:34:05 -07:00
test_utils_truthy_values.py
test_yuanbao_integration.py
test_yuanbao_markdown.py
test_yuanbao_pipeline.py
test_yuanbao_proto.py