common/hermes
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
60c4bc96fd81b51277663a8283fa5eea2be8ab51
hermes/hermes_cli
History
Yuyang Xu 60c4bc96fd fix(security): restore .env/auth.json/state.db with 0600 perms 
`hermes import` was creating secret files with the process umask
(typically 0644) instead of 0600. zipfile.open() does not honor the
Unix mode bits stored in zip member external_attr; the restore loop
used open(target, "wb") which always falls back to umask.

Threat: silent privilege downgrade after a routine restore on
multi-user systems (shared dev boxes, CI runners, jump hosts) — any
local user could read API keys and OAuth tokens from ~/.hermes/.

Fix mirrors the convention already used at file creation
(hermes_cli/auth.py: stat.S_IRUSR | stat.S_IWUSR for auth.json).
The quick-snapshot restore path (restore_quick_snapshot) is
unaffected — it uses shutil.copy2 which preserves perms via
copystat().

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 04:43:53 -07:00
..
__init__.py
fix(windows): enforce UTF-8 stdout/stderr to prevent UnicodeEncodeError crash
2026-05-03 16:58:25 -07:00
_parser.py
refactor(cli): derive relaunch flag table from argparse introspection
2026-04-29 20:33:29 -07:00
auth_commands.py
feat(cli): add minimax-oauth provider with PKCE browser flow
2026-04-29 09:53:42 -07:00
auth.py
fix(cli): follow 307 redirects in MiniMax OAuth httpx clients
2026-05-03 15:26:33 -07:00
azure_detect.py
chore: remove unused imports and dead locals (ruff F401, F841) (#17010)
2026-04-28 06:46:45 -07:00
backup.py
fix(security): restore .env/auth.json/state.db with 0600 perms
2026-05-04 04:43:53 -07:00
banner.py
fix(banner): show correct update status on nix-built hermes (#17550)
2026-04-30 07:03:00 +05:30
browser_connect.py
fix(browser): address Copilot review on /browser connect
2026-04-28 22:11:10 -07:00
callbacks.py
fix: ESC cancels secret/sudo prompts, clearer skip messaging (#9902)
2026-04-14 16:11:37 -07:00
claw.py
feat(claw-migrate): harden OpenClaw import with plan-first apply, redaction, and pre-migration backup (#16911)
2026-04-28 01:50:23 -07:00
cli_output.py
refactor: remove dead code — 1,784 lines across 77 files (#9180)
2026-04-13 16:32:04 -07:00
clipboard.py
feat: fix img pasting in new ink plus newline after tools
2026-04-11 13:14:32 -05:00
codex_models.py
feat(codex): add gpt-5.5 and wire live model discovery into picker (#14720)
2026-04-23 13:32:43 -07:00
colors.py
feat: respect NO_COLOR env var and TERM=dumb (#4079)
2026-03-30 17:07:21 -07:00
commands.py
feat(cli,gateway): /new accepts optional session name argument
2026-05-04 03:14:50 -07:00
completion.py
fix: preserve profile name completion in dynamic shell completion
2026-04-14 10:45:42 -07:00
config.py
fix(cli): local backend CLI always uses launch directory, stops .env sync of TERMINAL_CWD (#19334)
2026-05-04 11:36:19 +05:30
copilot_auth.py
fix(copilot): exchange raw GitHub token for Copilot API JWT
2026-04-24 05:09:08 -07:00
cron.py
feat(cron): per-job workdir for project-aware cron runs (#15110)
2026-04-24 05:07:01 -07:00
curator.py
fix(curator): authoritative absorbed_into on delete + restore cron skill links on rollback (#18671) (#18731)
2026-05-02 01:29:57 -07:00
curses_ui.py
fix: treat ctrl-c as curses cancel
2026-05-04 01:36:44 -07:00
debug.py
fix(debug): redact log content at upload time in hermes debug share
2026-05-03 11:42:20 -07:00
default_soul.py
fix: reset default SOUL.md to baseline identity text (#3159)
2026-03-26 01:34:27 -07:00
dingtalk_auth.py
chore: remove unused imports and dead locals (ruff F401, F841) (#17010)
2026-04-28 06:46:45 -07:00
doctor.py
fix(doctor): check global agent-browser when local install not found
2026-05-04 03:13:22 -07:00
dump.py
refactor(redact): canonical mask_secret helper; fix status.py DIM drift (#17207)
2026-04-28 21:04:35 -07:00
env_loader.py
refactor: consolidate symlink-safe atomic replace into shared helper
2026-04-28 04:58:22 -07:00
fallback_cmd.py
feat(cli): add 'hermes fallback' command to manage fallback providers (#16052)
2026-04-26 06:19:04 -07:00
gateway.py
fix: refresh systemd unit on gateway boot (not just start/restart) (#19684)
2026-05-04 16:27:51 +05:30
goals.py
feat: /goal — persistent cross-turn goals (Ralph loop) (#18262)
2026-04-30 23:10:20 -07:00
hooks.py
chore: remove unused imports and dead locals (ruff F401, F841) (#17010)
2026-04-28 06:46:45 -07:00
kanban_db.py
feat(kanban): multi-project boards — one install, many kanbans (#19653)
2026-05-04 04:42:38 -07:00
kanban.py
feat(kanban): multi-project boards — one install, many kanbans (#19653)
2026-05-04 04:42:38 -07:00
logs.py
feat: component-separated logging with session context and filtering (#7991)
2026-04-11 17:23:36 -07:00
main.py
fix(cli): check updates against upstream/main for fork users
2026-05-04 04:42:44 -07:00
mcp_config.py
refactor(config): migrate remaining 33 cfg_get call sites (#17311)
2026-04-29 04:03:03 -07:00
memory_setup.py
fix(cli): decode .env as UTF-8 to avoid GBK crash on Windows
2026-05-02 01:40:31 -07:00
model_catalog.py
chore: remove unused imports and dead locals (ruff F401, F841) (#17010)
2026-04-28 06:46:45 -07:00
model_normalize.py
feat(minimax-oauth): full integration with peer OAuth providers
2026-04-29 09:53:42 -07:00
model_switch.py
fix(model-picker): exclude providers with empty credential pool entries
2026-05-04 03:12:12 -07:00
models.py
fix(cli): allow custom:* provider slugs in model validation
2026-05-04 01:39:06 -07:00
nous_subscription.py
fix(cli): coerce use_gateway config flags in tool routing
2026-04-26 19:02:55 -07:00
oneshot.py
fix(tui): honor launch toolsets (#17623)
2026-04-29 16:55:27 -07:00
pairing.py
fix(pairing): handle null user_name in pairing list display
2026-04-23 02:34:11 -07:00
platforms.py
feat: complete plugin platform parity — all 12 integration points
2026-04-29 21:56:51 -07:00
plugins_cmd.py
feat(dashboard): add Plugins page with enable/disable, auth status, install/remove
2026-04-30 20:29:37 -04:00
plugins.py
fix(plugins): bound async plugin command await with 30s timeout
2026-04-30 19:56:18 -07:00
profiles.py
Merge upstream/main and address Copilot review feedback
2026-04-30 06:43:22 -04:00
providers.py
fix: prevent bare 'custom' slug in model.provider (#17478)
2026-04-30 04:32:11 -07:00
pty_bridge.py
fix(pty): default TERM for resize probes
2026-05-04 02:38:54 -07:00
relaunch.py
remove relaunch_chat
2026-04-29 20:33:29 -07:00
runtime_provider.py
fix(fallback): let custom_providers shadow built-in aliases
2026-04-30 20:18:44 -07:00
setup.py
fix(setup): skip AUXILIARY_VISION_MODEL write when input is blank
2026-05-04 02:41:47 -07:00
skills_config.py
refactor(config): migrate remaining 33 cfg_get call sites (#17311)
2026-04-29 04:03:03 -07:00
skills_hub.py
feat(skills): install skills from a direct HTTP(S) URL (#16323)
2026-04-26 20:57:10 -07:00
skin_engine.py
fix(tui): restore macOS copy behavior and theme polish (#17131)
2026-04-28 18:47:14 -05:00
slack_cli.py
fix(paths): route achievements plugin + profile-tui through HERMES_HOME
2026-04-30 23:21:54 -07:00
status.py
fix(status): show NVIDIA NIM api key status
2026-05-04 03:08:50 -07:00
timeouts.py
refactor(timeouts): drop redundant ImportError in except clause
2026-04-26 20:48:20 -07:00
tips.py
feat(tips): add cost-saving tips from April 30 tip-of-the-day (#17841)
2026-04-30 02:30:36 -07:00
tools_config.py
fix(cli): sync use_gateway in _reconfigure_provider for tts, browser, and web
2026-05-04 02:33:55 -07:00
uninstall.py
feat(uninstall): offer to remove named profiles when uninstalling from default
2026-04-18 19:18:13 -07:00
vercel_auth.py
feat: add Vercel Sandbox backend
2026-04-29 07:22:33 -07:00
voice.py
fix(tui): ignore SIGPIPE so stderr back-pressure can't kill the gateway
2026-04-23 16:18:15 -07:00
web_server.py
feat(docker): launch dashboard as side-process via HERMES_DASHBOARD=1
2026-05-04 15:37:27 +10:00
webhook.py
refactor(config): migrate remaining 33 cfg_get call sites (#17311)
2026-04-29 04:03:03 -07:00