common/hermes
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
fcd9011f8d02d30d5f80db1749cbeb8f2d1b3fc3
hermes/agent
History
JunghwanNA fcd9011f8d fix(security): separate OAuth PKCE state from code_verifier 
The PKCE flow reused the code_verifier as the OAuth state parameter.
Per RFC 6749 §10.12 and RFC 7636, these serve different purposes:
state is an anti-CSRF token visible in the authorization URL; the
code_verifier must remain secret for the token exchange.

Generate an independent secrets.token_urlsafe(32) for state and
validate it on callback to provide actual CSRF protection.

Closes #10693
2026-05-16 02:38:02 -07:00
..
lsp
fix(async): close unscheduled coroutines in all threadsafe bridges (#26584)
2026-05-15 14:00:01 -07:00
transports
fix(deepseek): wire thinking-mode via DeepSeekProfile, not legacy fallback
2026-05-15 17:03:26 -07:00
__init__.py
Refactor Terminal and AIAgent cleanup
2026-02-21 22:31:43 -08:00
account_usage.py
chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)
2026-05-11 11:13:25 -07:00
anthropic_adapter.py
fix(security): separate OAuth PKCE state from code_verifier
2026-05-16 02:38:02 -07:00
async_utils.py
fix(async): close unscheduled coroutines in all threadsafe bridges (#26584)
2026-05-15 14:00:01 -07:00
auxiliary_client.py
fix(auxiliary): resolve xai oauth compression from pool
2026-05-15 19:53:37 -07:00
bedrock_adapter.py
fix(bedrock): preserve reasoningContent across converse normalization
2026-05-07 05:17:16 -07:00
codex_responses_adapter.py
fix(xai-oauth): recover from prelude SSE errors, gate reasoning replay, surface entitlement 403s (#26644)
2026-05-15 16:35:12 -07:00
context_compressor.py
fix(ci): stabilize shared test state after 21012
2026-05-14 14:28:14 -07:00
context_engine.py
fix(compression): keep default protect_first_n at 3 + align ABC
2026-05-13 22:25:16 -07:00
context_references.py
fix(agent): fall back when rg is blocked for @folder references
2026-04-20 01:56:41 -07:00
copilot_acp_client.py
fix(copilot-acp): tighten deprecation detection + sharpen GitHub Models 413 hint
2026-05-16 02:24:48 -07:00
credential_pool.py
feat(xai-oauth): add xAI Grok OAuth (SuperGrok Subscription) provider
2026-05-15 12:11:32 -07:00
credential_sources.py
feat(xai-oauth): add xAI Grok OAuth (SuperGrok Subscription) provider
2026-05-15 12:11:32 -07:00
curator_backup.py
fix(curator): authoritative absorbed_into on delete + restore cron skill links on rollback (#18671) (#18731)
2026-05-02 01:29:57 -07:00
curator.py
feat(curator): hint at hermes curator pin in the rename block (#23212)
2026-05-10 06:44:53 -07:00
display.py
chore: remove Atropos RL environments and tinker-atropos integration (#26106)
2026-05-15 10:36:38 +05:30
error_classifier.py
chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)
2026-05-11 11:13:25 -07:00
file_safety.py
fix(security): apply file safety to copilot acp fs
2026-04-21 01:31:58 -07:00
gemini_cloudcode_adapter.py
fix(agent/gemini-cloudcode): seed delta defaults for reasoning-only stream chunks
2026-05-14 08:03:56 -07:00
gemini_native_adapter.py
fix(auxiliary): evict async wrappers on poisoned client (follow-up to #23482)
2026-05-11 11:13:20 -07:00
gemini_schema.py
chore: remove unused imports and dead locals (ruff F401, F841) (#17010)
2026-04-28 06:46:45 -07:00
google_code_assist.py
chore: remove unused imports and dead locals (ruff F401, F841) (#17010)
2026-04-28 06:46:45 -07:00
google_oauth.py
fix(google_oauth): close TOCTOU window when saving credentials
2026-05-04 03:16:19 -07:00
i18n.py
feat(i18n): localize all gateway commands + web dashboard, add 8 new locales (16 total) (#22914)
2026-05-10 07:14:14 -07:00
image_gen_provider.py
feat(plugins): pluggable image_gen backends + OpenAI provider (#13799)
2026-04-21 21:30:10 -07:00
image_gen_registry.py
fix(plugins): filter resolution by is_available() in web + image_gen registries
2026-05-13 22:31:28 -07:00
image_routing.py
chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)
2026-05-11 11:13:25 -07:00
insights.py
Merge branch 'main' into feat/dashboard-skill-analytics
2026-04-20 05:25:49 -07:00
lmstudio_reasoning.py
feat(agent): add lmstudio integration
2026-04-28 12:27:36 -07:00
manual_compression_feedback.py
fix(compression): include system prompt + tool schemas in token estimates (#18265)
2026-04-30 23:03:54 -07:00
markdown_tables.py
fix(cli): vertical fallback for markdown tables wider than terminal (#23948)
2026-05-11 16:49:13 -07:00
memory_manager.py
chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)
2026-05-11 11:13:25 -07:00
memory_provider.py
docs(agent): remove stale BuiltinMemoryProvider references from memory module docstrings
2026-05-05 13:33:49 -07:00
model_metadata.py
fix(copilot-acp): tighten deprecation detection + sharpen GitHub Models 413 hint
2026-05-16 02:24:48 -07:00
models_dev.py
feat: add NovitaAI as LLM provider
2026-05-13 23:51:15 -07:00
moonshot_schema.py
chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)
2026-05-11 11:13:25 -07:00
nous_rate_guard.py
codebase: add encoding='utf-8' to all bare open() calls (PLW1514)
2026-05-08 14:27:40 -07:00
onboarding.py
docs(onboarding): lead OpenClaw residue banner with migrate, warn that cleanup breaks OpenClaw (#17507)
2026-04-29 08:08:36 -07:00
plugin_llm.py
feat(plugins): run any LLM call from inside a plugin via ctx.llm (#23194)
2026-05-10 07:09:28 -07:00
portal_tags.py
feat(nous): unified client=hermes-client-v<version> tag on every Portal request (#24779)
2026-05-12 20:49:20 -07:00
prompt_builder.py
fix(prompt_builder): inject tool-use enforcement for GLM models
2026-05-12 18:46:28 -07:00
prompt_caching.py
fix(cache): kill long-lived prefix layout — system prompt is now byte-static within a session (#24778)
2026-05-12 20:46:04 -07:00
rate_limit_tracker.py
refactor: remove dead code — 1,784 lines across 77 files (#9180)
2026-04-13 16:32:04 -07:00
redact.py
chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)
2026-05-11 11:13:25 -07:00
retry_utils.py
feat(agent): add jittered retry backoff
2026-04-08 00:41:36 -07:00
shell_hooks.py
chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)
2026-05-11 11:13:25 -07:00
skill_commands.py
chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)
2026-05-11 11:13:25 -07:00
skill_preprocessing.py
fix(skills): apply inline shell in skill_view
2026-04-24 15:15:07 -07:00
skill_utils.py
perf(cli): cut ~19s from 'hermes' cold start (skills cache + lazy Feishu + no Nous HTTP) (#22138)
2026-05-08 16:39:32 -07:00
subdirectory_hints.py
fix(agent): catch PermissionError in subdirectory hint discovery
2026-04-09 03:10:30 -07:00
think_scrubber.py
fix(agent): stateful streaming scrubber for reasoning-block leaks (#17924) (#20184)
2026-05-05 04:33:38 -07:00
title_generator.py
fix: improve telegram topic mode setup
2026-05-04 12:07:17 -07:00
tool_guardrails.py
fix: classify landed file mutations with diagnostics
2026-05-13 06:46:23 -07:00
tool_result_classification.py
fix: classify landed file mutations with diagnostics
2026-05-13 06:46:23 -07:00
trajectory.py
Refactor Terminal and AIAgent cleanup
2026-02-21 22:31:43 -08:00
usage_pricing.py
fix(pricing): add deepseek-v4-pro to official docs pricing table
2026-05-12 16:32:57 -07:00
video_gen_provider.py
feat(video_gen): unified video_generate tool with pluggable provider backends (#25126)
2026-05-13 16:39:41 -07:00
video_gen_registry.py
feat(video_gen): unified video_generate tool with pluggable provider backends (#25126)
2026-05-13 16:39:41 -07:00
web_search_provider.py
fix(web): align _LEGACY_PREFERENCE with legacy 7-provider order + doc cleanup
2026-05-13 22:31:28 -07:00
web_search_registry.py
fix(web): align _LEGACY_PREFERENCE with legacy 7-provider order + doc cleanup
2026-05-13 22:31:28 -07:00