49097ba09e
security: add atomic write utilities for TOCTOU protection (V-015)
...
Docker Build and Publish / build-and-push (pull_request) Failing after 1m11s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 33s
Tests / test (pull_request) Failing after 31s
Add atomic_write.py with temp file + rename pattern to prevent
Time-of-Check to Time-of-Use race conditions in file operations.
CVSS: 7.4 (High)
Refs: V-015
CWE-367: TOCTOU Race Condition
2026-03-31 00:08:54 +00:00
f3bfc7c8ad
Merge pull request '[SECURITY] Prevent Error Information Disclosure (V-013, CVSS 7.5)' ( #67 ) from security/fix-error-disclosure into main
Nix / nix (ubuntu-latest) (push) Failing after 4s
Tests / test (push) Failing after 15s
Docker Build and Publish / build-and-push (push) Failing after 42s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-31 00:07:03 +00:00
5d0cf71a8b
security: prevent error information disclosure (V-013, CVSS 7.5)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 30s
Tests / test (pull_request) Failing after 27s
Docker Build and Publish / build-and-push (pull_request) Failing after 38s
Add secure error handling to prevent internal details leaking.
Changes:
- gateway/platforms/api_server.py:
- Add _handle_error_securely() function
- Logs full error details with reference ID internally
- Returns generic error message to client
- Updates all cron job exception handlers to use secure handler
CVSS: 7.5 (High)
Refs: V-013 in SECURITY_AUDIT_REPORT.md
CWE-209: Generation of Error Message Containing Sensitive Information
2026-03-31 00:06:58 +00:00
3e0d3598bf
Merge pull request '[SECURITY] Add Rate Limiting to API Server (V-016, CVSS 7.3)' ( #66 ) from security/add-rate-limiting into main
Nix / nix (ubuntu-latest) (push) Failing after 16s
Tests / test (push) Failing after 26s
Docker Build and Publish / build-and-push (push) Failing after 56s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-31 00:05:01 +00:00
4e3f5072f6
security: add rate limiting to API server (V-016, CVSS 7.3)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 31s
Tests / test (pull_request) Failing after 32s
Docker Build and Publish / build-and-push (pull_request) Failing after 59s
Add token bucket rate limiter per client IP.
Changes:
- gateway/platforms/api_server.py:
- Add _RateLimiter class with token bucket algorithm
- Add rate_limit_middleware for request throttling
- Configurable via API_SERVER_RATE_LIMIT (default 100 req/min)
- Returns 429 with Retry-After header when limit exceeded
- Skip rate limiting for /health endpoint
CVSS: 7.3 (High)
Refs: V-016 in SECURITY_AUDIT_REPORT.md
CWE-770: Allocation of Resources Without Limits or Throttling
2026-03-31 00:04:56 +00:00
5936745636
Merge pull request '[SECURITY] Validate CDP URLs to Prevent SSRF (V-010, CVSS 8.4)' ( #65 ) from security/fix-browser-cdp into main
Nix / nix (ubuntu-latest) (push) Failing after 5s
Tests / test (push) Failing after 17s
Docker Build and Publish / build-and-push (push) Failing after 44s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:57:27 +00:00
cfaf6c827e
security: validate CDP URLs to prevent SSRF (V-010, CVSS 8.4)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 27s
Tests / test (pull_request) Failing after 25s
Docker Build and Publish / build-and-push (pull_request) Failing after 37s
Add URL validation before fetching Chrome DevTools Protocol endpoints.
Only allows localhost and private network addresses.
Changes:
- tools/browser_tool.py: Add hostname validation in _resolve_cdp_override()
- Block external URLs to prevent SSRF attacks
- Log security errors for rejected URLs
CVSS: 8.4 (High)
Refs: V-010 in SECURITY_AUDIT_REPORT.md
CWE-918: Server-Side Request Forgery
2026-03-30 23:57:22 +00:00
cf1afb07f2
Merge pull request '[SECURITY] Block Dangerous Docker Volume Mounts (V-012, CVSS 8.7)' ( #64 ) from security/fix-docker-privilege into main
Nix / nix (ubuntu-latest) (push) Failing after 12s
Tests / test (push) Failing after 18s
Docker Build and Publish / build-and-push (push) Failing after 45s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:55:50 +00:00
ed32487cbe
security: block dangerous Docker volume mounts (V-012, CVSS 8.7)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 28s
Tests / test (pull_request) Failing after 29s
Docker Build and Publish / build-and-push (pull_request) Failing after 42s
Prevent privilege escalation via Docker socket mount.
Changes:
- tools/environments/docker.py: Add _is_dangerous_volume() validation
- Block docker.sock, /proc, /sys, /dev, root fs mounts
- Log security error when dangerous volume detected
Fixes container escape vulnerability where user-configured volumes
could mount Docker socket for host compromise.
CVSS: 8.7 (High)
Refs: V-012 in SECURITY_AUDIT_REPORT.md
CWE-250: Execution with Unnecessary Privileges
2026-03-30 23:55:45 +00:00
37c5e672b5
Merge pull request '[SECURITY] Fix Auth Bypass & CORS Misconfiguration (V-008, V-009)' ( #63 ) from security/fix-auth-bypass into main
Nix / nix (ubuntu-latest) (push) Failing after 6s
Docker Build and Publish / build-and-push (push) Has been cancelled
Nix / nix (macos-latest) (push) Has been cancelled
Tests / test (push) Has been cancelled
2026-03-30 23:55:04 +00:00
cfcffd38ab
security: fix auth bypass and CORS misconfiguration (V-008, V-009)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 27s
Tests / test (pull_request) Failing after 24s
Docker Build and Publish / build-and-push (pull_request) Failing after 35s
API Server security hardening:
V-009 (CVSS 8.1) - Authentication Bypass Fix:
- Changed default from allow-all to deny-all when no API key configured
- Added explicit API_SERVER_ALLOW_UNAUTHENTICATED setting for local dev
- Added warning logs for both secure and insecure configurations
V-008 (CVSS 8.2) - CORS Misconfiguration Fix:
- Reject wildcard '*' CORS origins (security vulnerability with credentials)
- Require explicit origin configuration
- Added warning log when wildcard detected
Changes:
- gateway/platforms/api_server.py: Hardened auth and CORS handling
Refs: V-008, V-009 in SECURITY_AUDIT_REPORT.md
CWE-287: Improper Authentication
CWE-942: Permissive Cross-domain Policy
2026-03-30 23:54:58 +00:00
0b49540db3
Merge pull request '[FIX] Cross-Process Locking for SQLite Contention (Issue #52 )' ( #62 ) from fix/sqlite-contention into main
Nix / nix (ubuntu-latest) (push) Failing after 5s
Tests / test (push) Failing after 15s
Docker Build and Publish / build-and-push (push) Failing after 44s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:51:05 +00:00
ffa8405cfb
fix: add cross-process locking for SQLite contention (Issue #52 )
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 32s
Tests / test (pull_request) Failing after 28s
Docker Build and Publish / build-and-push (pull_request) Failing after 40s
Add file-based locking (flock) for cross-process SQLite coordination.
Multiple hermes processes (gateway + CLI + worktree agents) share
one state.db but each had its own threading.Lock.
Changes:
- hermes_state_patch.py: CrossProcessLock class using flock()
- File-based locking for true cross-process coordination
- Increased retry parameters for cross-process contention
- Monkey-patch function for easy integration
Fixes: Issue #52 - SQLite global write lock causes contention
Refs: CWE-412: Unrestricted Externally Accessible Lock
2026-03-30 23:51:00 +00:00
cc1b9e8054
Merge pull request '[TEST] Add Comprehensive Security Test Coverage' ( #61 ) from tests/security-coverage into main
Nix / nix (ubuntu-latest) (push) Failing after 9s
Tests / test (push) Failing after 18s
Docker Build and Publish / build-and-push (push) Failing after 45s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:49:35 +00:00
e2e88b271d
test: add comprehensive security test coverage
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 29s
Docker Build and Publish / build-and-push (pull_request) Failing after 37s
Tests / test (pull_request) Failing after 28s
Add extensive test suites for all critical security fixes:
- tests/tools/test_path_traversal.py: Path traversal detection tests
- tests/tools/test_command_injection.py: Command injection prevention tests
- tests/tools/test_interrupt.py: Race condition validation tests
- validate_security.py: Automated security validation suite
Coverage includes:
- Unix/Windows traversal patterns
- URL-encoded bypass attempts
- Null byte injection
- Concurrent access race conditions
- Subprocess security patterns
Refs: Issue #51 - Test coverage gaps
Refs: V-001, V-002, V-007 security fixes
2026-03-30 23:49:20 +00:00
0e01f3321d
Merge pull request '[SECURITY] Fix Race Condition in Interrupt Propagation (CVSS 8.5)' ( #60 ) from security/fix-race-condition into main
Tests / test (push) Failing after 19s
Nix / nix (ubuntu-latest) (push) Failing after 9s
Docker Build and Publish / build-and-push (push) Failing after 45s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:47:22 +00:00
13265971df
security: fix race condition in interrupt propagation (V-007)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 29s
Docker Build and Publish / build-and-push (pull_request) Failing after 38s
Tests / test (pull_request) Failing after 28s
Add proper RLock synchronization to prevent race conditions when multiple
threads access interrupt state simultaneously.
Changes:
- tools/interrupt.py: Add RLock, nesting count tracking, new APIs
- tools/terminal_tool.py: Remove direct _interrupt_event exposure
- tests/tools/test_interrupt.py: Comprehensive race condition tests
CVSS: 8.5 (High)
Refs: V-007, Issue #48
Fixes: CWE-362: Concurrent Execution using Shared Resource
2026-03-30 23:47:04 +00:00
6da1fc11a2
Merge pull request '[SECURITY] Add Connection-Level SSRF Protection (CVSS 9.4)' ( #59 ) from security/fix-ssrf into main
Nix / nix (ubuntu-latest) (push) Failing after 15s
Tests / test (push) Failing after 24s
Docker Build and Publish / build-and-push (push) Failing after 53s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:44:15 +00:00
0019381d75
security: add connection-level SSRF protection (CVSS 9.4)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 32s
Tests / test (pull_request) Failing after 28s
Docker Build and Publish / build-and-push (pull_request) Failing after 55s
Add runtime IP validation at connection time to mitigate DNS rebinding
attacks (TOCTOU vulnerability).
Changes:
- tools/url_safety.py: Add create_safe_socket() for connection-time validation
- Add get_safe_httpx_transport() for httpx integration
- Document V-005 security fix
This closes the gap where attacker-controlled DNS servers could return
different IPs between pre-flight check and actual connection.
CVSS: 9.4 (Critical)
Refs: V-005 in SECURITY_AUDIT_REPORT.md
Fixes: CWE-918 (Server-Side Request Forgery)
2026-03-30 23:43:58 +00:00
05000f091f
Merge pull request '[SECURITY] Fix Secret Leakage via Environment Variables (CVSS 9.3)' ( #58 ) from security/fix-secret-leakage into main
Nix / nix (ubuntu-latest) (push) Failing after 13s
Tests / test (push) Failing after 24s
Docker Build and Publish / build-and-push (push) Failing after 53s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:43:03 +00:00
08abea4905
security: fix secret leakage via whitelist-only env vars (CVSS 9.3)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 32s
Tests / test (pull_request) Failing after 30s
Docker Build and Publish / build-and-push (pull_request) Failing after 55s
Replace blacklist approach with explicit whitelist for child process
environment variables to prevent secret exfiltration via creative naming.
Changes:
- tools/code_execution_tool.py: Implement _ALLOWED_ENV_VARS frozenset
- Only pass explicitly listed env vars to sandboxed child processes
- Drop all other variables silently to prevent credential theft
Fixes CWE-526: Exposure of Sensitive Information to an Unauthorized Actor
CVSS: 9.3 (Critical)
Refs: V-003 in SECURITY_AUDIT_REPORT.md
2026-03-30 23:42:43 +00:00
65d9fc2b59
Merge path traversal security fix
Tests / test (push) Failing after 19s
Nix / nix (ubuntu-latest) (push) Failing after 4s
Docker Build and Publish / build-and-push (push) Failing after 29s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:40:52 +00:00
510367bfc2
Merge pull request 'feat: Gen AI Evolution Phases 1-3 — Self-Correction, World Modeling, and Domain Distillation' ( #43 ) from feat/gen-ai-evolution-phases-1-3 into main
Nix / nix (ubuntu-latest) (push) Failing after 4s
Tests / test (push) Failing after 15s
Docker Build and Publish / build-and-push (push) Failing after 25s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:40:00 +00:00
33bf5967ec
Merge pull request '[SECURITY] Fix Command Injection Vulnerabilities (CVSS 9.8)' ( #53 ) from security/fix-command-injection into main
Tests / test (push) Failing after 15s
Nix / nix (ubuntu-latest) (push) Failing after 4s
Docker Build and Publish / build-and-push (push) Failing after 25s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 23:39:24 +00:00
78f0a5c01b
security: fix path traversal vulnerability (CVSS 9.1)
...
Add comprehensive path traversal detection and validation to prevent
unauthorized file access outside working directories.
Changes:
- tools/file_operations.py: Add _validate_safe_path(), _contains_path_traversal()
- Validate all paths in read_file(), write_file() before processing
- Detect patterns: ../, ..\, URL-encoded, null bytes, control chars
Fixes CWE-22: Path Traversal vulnerability where malicious paths like
../../../etc/shadow could access sensitive files.
CVSS: 9.1 (Critical)
Refs: V-002 in SECURITY_AUDIT_REPORT.md
2026-03-30 23:17:09 +00:00
10271c6b44
security: fix command injection vulnerabilities (CVSS 9.8)
...
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Failing after 25s
Tests / test (pull_request) Failing after 24s
Docker Build and Publish / build-and-push (pull_request) Failing after 35s
Replace shell=True with list-based subprocess execution to prevent
command injection via malicious user input.
Changes:
- tools/transcription_tools.py: Use shlex.split() + shell=False
- tools/environments/docker.py: List-based commands with container ID validation
Fixes CVE-level vulnerability where malicious file paths or container IDs
could inject arbitrary commands.
CVSS: 9.8 (Critical)
Refs: V-001 in SECURITY_AUDIT_REPORT.md
2026-03-30 23:15:11 +00:00
e6599b8651
feat: implement Phase 3 - Domain Distiller
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Failing after 45s
Tests / test (pull_request) Failing after 27s
Docker Build and Publish / build-and-push (pull_request) Failing after 1m11s
2026-03-30 22:59:57 +00:00
679d2cd81d
feat: implement Phase 2 - World Modeler
2026-03-30 22:59:56 +00:00
e7b2fe8196
feat: implement Phase 1 - Self-Correction Generator
2026-03-30 22:59:55 +00:00
5b948356b7
Merge PR #9 : SOTA Sovereign Intersymbolic Knowledge Graph (SIKG)
...
Tests / test (push) Failing after 17s
Docker Build and Publish / build-and-push (push) Failing after 30s
Nix / nix (ubuntu-latest) (push) Failing after 5s
Nix / nix (macos-latest) (push) Has been cancelled
Features:
- tools/graph_store.py: Sovereign triple-store with Gitea persistence
- agent/symbolic_memory.py: Neural-to-symbolic bridge with multi-hop search
- skills/memory/intersymbolic_graph.py: Graph query skill
- Integrated into KnowledgeIngester for automatic symbolic extraction
Tests added:
- tests/tools/test_graph_store.py (127 lines)
- tests/agent/test_symbolic_memory.py (144 lines)
Reviewed and merged by Allegro (BURN MODE).
2026-03-30 22:31:43 +00:00
1bff6d17d5
feat: enhance Knowledge Ingester with symbolic extraction
Docker Build and Publish / build-and-push (pull_request) Failing after 1m20s
Tests / test (pull_request) Failing after 16s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Failing after 34s
2026-03-30 22:28:59 +00:00
b5527fee26
feat: add Intersymbolic Graph Query skill
2026-03-30 22:28:58 +00:00
482b6c5aea
feat: add Sovereign Intersymbolic Memory Layer
2026-03-30 22:28:57 +00:00
5ac5c7f44c
feat: add sovereign Graph Store tool
2026-03-30 22:28:56 +00:00
0f508c9600
Merge PR #4 : Sovereign Real-time Learning System
Tests / test (push) Failing after 40s
Docker Build and Publish / build-and-push (push) Failing after 55s
Nix / nix (ubuntu-latest) (push) Failing after 21s
Nix / nix (macos-latest) (push) Has been cancelled
2026-03-30 22:27:14 +00:00
6aeb5a71df
Merge PR #3 : Sovereign Reasoning Engine — Gemini 3.1 Pro Integration
2026-03-30 22:27:14 +00:00
f1b409cba4
feat: add Real-time Learning skill
Tests / test (pull_request) Failing after 12m7s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Failing after 24s
Docker Build and Publish / build-and-push (pull_request) Failing after 34s
2026-03-30 22:19:28 +00:00
d1defbe06a
feat: add Sovereign Knowledge Ingester
2026-03-30 22:19:27 +00:00
e2ee3b7819
feat: add sovereign Gitea client tool
2026-03-30 22:19:26 +00:00
689b8e705a
chore: add google-genai dependency
Tests / test (pull_request) Failing after 10s
Nix / nix (ubuntu-latest) (pull_request) Failing after 8s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 42s
Docker Build and Publish / build-and-push (pull_request) Failing after 1m1s
Nix / nix (macos-latest) (pull_request) Has been cancelled
2026-03-30 22:16:33 +00:00
79f411de4d
feat: add Sovereign Thinking skill
2026-03-30 22:16:32 +00:00
8411f124cd
feat: add Meta-Reasoning Layer
2026-03-30 22:16:31 +00:00
7fe402fb70
feat: add native Gemini 3 series adapter
2026-03-30 22:16:29 +00:00
f8bc71823d
feat: add Sovereign Thinking skill
2026-03-30 22:16:20 +00:00
fdce07ff40
feat: add Meta-Reasoning Layer
2026-03-30 22:16:19 +00:00
bf82581189
feat: add native Gemini 3 series adapter
2026-03-30 22:16:18 +00:00
Teknium
fb634068df
fix(security): extend secret redaction to ElevenLabs, Tavily and Exa API keys ( #3920 )
...
Nix / nix (ubuntu-latest) (push) Failing after 3m9s
Docker Build and Publish / build-and-push (push) Failing after 4m1s
Tests / test (push) Failing after 29m41s
Nix / nix (macos-latest) (push) Has been cancelled
ElevenLabs (sk_), Tavily (tvly-), and Exa (exa_) keys were not covered
by _PREFIX_PATTERNS, leaking in plain text via printenv or log output.
Salvaged from PR #3790 by @memosr. Tests rewritten with correct
assertions (original tests had vacuously true checks).
Co-authored-by: memosr <memosr@users.noreply.github.com >
2026-03-30 08:13:01 -07:00
Teknium
74181fe726
fix: add TTY guard to interactive CLI commands to prevent CPU spin ( #3933 )
...
When interactive TUI commands are invoked non-interactively (e.g. via
the agent's terminal() tool through a subprocess pipe), curses loops
spin at 100% CPU and input() calls hang indefinitely.
Defense in depth — two layers:
1. Source-level guard in curses_checklist() (curses_ui.py + checklist.py):
Returns cancel_returns immediately when stdin is not a TTY. This
catches ALL callers automatically, including future code.
2. Command-level guards with clear error messages:
- hermes tools (interactive checklist, not list/disable/enable)
- hermes setup (interactive wizard)
- hermes model (provider/model picker)
- hermes whatsapp (pairing setup)
- hermes skills config (skill toggle)
- hermes mcp configure (tool selection)
- hermes uninstall (confirmation prompt)
Non-interactive subcommands (hermes tools list, hermes tools enable,
hermes mcp add/remove/list/test, hermes skills search/install/browse)
remain unaffected.
2026-03-30 08:10:23 -07:00
Teknium
1e896b0251
fix: resolve 7 failing CI tests ( #3936 )
...
1. matrix voice: _on_room_message_media unconditionally overwrote
media_urls with the image cache path (always None for non-images),
wiping the locally-cached voice path. Now only overrides when
cached_path is truthy.
2. cli_tools_command: /tools disable no longer prompts for confirmation
(input() removed in earlier commit to fix TUI hang), but tests still
expected the old Y/N prompt flow. Updated tests to match current
behavior (direct apply + session reset).
3. slack app_mention: connect() was refactored for multi-workspace
(creates AsyncWebClient per token), but test only mocked the old
self._app.client path. Added AsyncWebClient and acquire_scoped_lock
mocks.
4. website_policy: module-level _cached_policy from earlier tests caused
fast-path return of None. Added invalidate_cache() before assertion.
5. codex 401 refresh: already passing on current main (fixed by
intervening commit).
2026-03-30 08:10:14 -07:00
0xbyt4
0b0c1b326c
fix: openclaw migration overwrites model config dict with string ( #3924 )
...
migrate_model_config() was writing `config["model"] = model_str` which
replaces the entire model dict (default, provider, base_url) with a
bare string. This causes 'str' object has no attribute 'get' errors
throughout Hermes when any code does model_cfg.get("default").
Now preserves the existing model dict and only updates the "default"
key, keeping provider/base_url intact.
2026-03-30 03:02:28 -07:00
