Files
hermes-agent/agent
Austin Pickett 290acdb59c fix(auth): address PR review comments for Google Workspace OAuth
- Secure token file permissions (0o600) in dashboard callback handler
- Validate refresh_token presence after code exchange
- HTML-escape all dynamic values in callback pages (XSS prevention)
- Raise error when only placeholder credentials are available
- Fix docstring to match actual behavior (no standalone fallback)
- Validate OAuth state parameter in headless mode
- Reduce client_id log exposure to 8 chars
- Use configurable port for dashboard redirect URI (app.state.bound_port)
- Read HERMES_DASHBOARD_PORT env var instead of hardcoding 9119
2026-05-08 13:35:41 -04:00
..
2026-05-05 17:29:12 -07:00