andy/hermes-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
64bccc186f6a9c19cb34cecc3fe55fc6020c022d
hermes-agent/tests
T
History
Teknium 42104218e0 fix(file-safety): also write-deny <root>/control-files in profile mode 
PR #14157 added control-plane write-deny against the ACTIVE HERMES_HOME,
which is fine in non-profile mode but leaves a gap once a profile is
active: HERMES_HOME points at <root>/profiles/<name>, so the global
<root>/auth.json + <root>/config.yaml + <root>/webhook_subscriptions.json
+ <root>/mcp-tokens/ remain writable. Same shape as the .env gap PR
#15981 closed via _hermes_root_path().

Apply the same widening pattern here. The control-file/mcp-tokens check
now iterates BOTH _hermes_home_path() and _hermes_root_path() (dedupes
when they coincide in non-profile mode). Also tightens the mcp-tokens
check from "startswith dir + os.sep" to "==dir OR startswith dir + os.sep"
so writing the directory entry itself is blocked, not just files inside.

Regression tests cover both protections in a real profile-mode layout
(<tmp>/hermes/profiles/coder as HERMES_HOME, <tmp>/hermes as root).
2026-05-22 04:32:14 -07:00
..
acp
fix(acp): use tempfile.gettempdir() in workspace auto-approve
2026-05-19 03:05:10 -07:00
acp_adapter
feat(azure-foundry): add Microsoft Entra ID auth
2026-05-18 10:14:38 -07:00
agent
fix(agent): recover from providers rejecting list-type tool content (#27344) (#30259)
2026-05-21 23:40:16 -07:00
cli
refactor(session-log): drop branch/compress re-point of session_log_file
2026-05-20 11:44:10 -07:00
cron
refactor(session-log): delete _save_session_log and all callers
2026-05-20 11:44:10 -07:00
e2e
test(e2e): fix Discord mock exception surface
2026-05-14 19:08:38 -07:00
fakes
gateway
fix(pairing): handle legacy plaintext pending entries during upgrade
2026-05-22 04:11:49 -07:00
hermes_cli
refactor(image_gen): port FAL backend to plugins/image_gen/fal
2026-05-22 04:10:45 -07:00
hermes_state
feat(session_search): single-shape tool with discovery, scroll, browse — no LLM (#27590)
2026-05-17 23:28:45 -07:00
honcho_plugin
chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355)
2026-05-17 02:29:41 -07:00
integration
openviking_plugin
plugins
refactor(image_gen): port FAL backend to plugins/image_gen/fal
2026-05-22 04:10:45 -07:00
providers
fix(custom): pass custom provider extra body
2026-05-21 07:48:53 -07:00
run_agent
fix(agent): recover from providers rejecting list-type tool content (#27344) (#30259)
2026-05-21 23:40:16 -07:00
scripts
feat(acp-registry): switch to uvx distribution, drop npm launcher
2026-05-14 22:27:09 -07:00
skills
fix(skills): add timeout to Google OAuth urlopen calls
2026-05-19 00:11:44 -07:00
stress
docs: align kanban readiness docs and smoke tests
2026-05-18 21:07:03 -07:00
tools
fix(file-safety): also write-deny <root>/control-files in profile mode
2026-05-22 04:32:14 -07:00
tui_gateway
chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355)
2026-05-17 02:29:41 -07:00
website
__init__.py
conftest.py
test: use subprocesses for each test file (#29016)
2026-05-21 16:40:04 +05:30
run_interrupt_test.py
test_account_usage.py
test_atomic_replace_symlinks.py
test_base_url_hostname.py
test_batch_runner_checkpoint.py
test_bitwarden_secrets.py
feat(secrets): Bitwarden Secrets Manager integration with lazy bws install (#30035)
2026-05-21 14:10:34 -07:00
test_cli_file_drop.py
test_cli_manual_compress.py
fix(tests): catch up six stale tests after compression/aux/kanban changes (#28465)
2026-05-18 21:43:59 -07:00
test_cli_skin_integration.py
test_ctx_halving_fix.py
test_empty_model_fallback.py
test_env_loader_secret_sources.py
feat(secrets): label detected credentials with their source (Bitwarden) (#30364)
2026-05-22 03:32:58 -07:00
test_evidence_store.py
test_gateway_streaming_nested_config.py
fix(gateway): load streaming config from nested gateway.streaming key
2026-05-14 14:51:07 -07:00
test_get_tool_definitions_cache_isolation.py
test_hermes_bootstrap.py
test_hermes_constants.py
fix(security): guard os.chmod(parent) against / and top-level dirs
2026-05-20 22:56:55 -07:00
test_hermes_home_profile_warning.py
test_hermes_logging.py
fix(tests): catch up 25 stale tests after recent merges (#28626)
2026-05-19 01:28:32 -07:00
test_hermes_state_wal_fallback.py
test_hermes_state.py
feat(state.db): persist platform_message_id; restore yuanbao exact-id recall
2026-05-20 13:00:57 -07:00
test_honcho_client_config.py
test_install_sh_browser_install.py
fix(install): support non-sudo service-user installs on apt distros (#25814)
2026-05-14 09:05:31 -07:00
test_install_sh_pythonpath_sanitization.py
test_install_sh_setup_wizard_tty_probe.py
test_install_sh_symlink_stomp.py
fix(install): preserve pip entry point when re-running on symlinked install
2026-05-14 07:08:45 -07:00
test_install_sh_termux_network_prereqs.py
test_ipv4_preference.py
test_lazy_session_regressions.py
test_lint_config.py
test_live_system_guard_self_test.py
chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355)
2026-05-17 02:29:41 -07:00
test_mcp_serve.py
test_mini_swe_runner.py
test_minimax_model_validation.py
test_minimax_oauth.py
fix(minimax-oauth): quarantine dead tokens on terminal refresh failure
2026-05-18 10:34:03 -07:00
test_minisweagent_path.py
test_model_picker_scroll.py
test_model_tools_async_bridge.py
test_model_tools.py
chore: remove Atropos RL environments and tinker-atropos integration (#26106)
2026-05-15 10:36:38 +05:30
test_ollama_num_ctx.py
test_package_json_lazy_deps.py
fix(update): make Camofox lazy-installed instead of eager (#27055)
2026-05-16 12:15:45 -07:00
test_packaging_metadata.py
test_plugin_skills.py
test_process_loop_event_loop_warning.py
test_project_metadata.py
fix(packaging): ship dashboard plugin assets in wheel
2026-05-18 20:35:00 -07:00
test_retry_utils.py
test_run_tests_parallel.py
test: use subprocesses for each test file (#29016)
2026-05-21 16:40:04 +05:30
test_sanitize_tool_error.py
security: sanitize tool error strings before injecting into model context (#26823)
2026-05-16 00:57:39 -07:00
test_sql_injection.py
test_subprocess_home_isolation.py
fix: avoid process-wide cron profile home mutation
2026-05-18 17:39:50 +00:00
test_termux_all_extra_compat.py
test_timezone.py
chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355)
2026-05-17 02:29:41 -07:00
test_toolset_distributions.py
test_toolsets.py
test(toolsets): lock web search into default platform coverage
2026-05-14 08:03:33 -07:00
test_trajectory_compressor_async.py
test_trajectory_compressor.py
test_transform_llm_output_hook.py
test_transform_tool_result_hook.py
test_tui_gateway_server.py
fix(tui): surface verbose tool details (#30225)
2026-05-22 00:16:52 -05:00
test_utils_truthy_values.py
test_yuanbao_integration.py
test_yuanbao_markdown.py
test_yuanbao_pipeline.py
test_yuanbao_proto.py