hermes-agent

Timmy_Foundation/hermes-agent

Fork 0

Commit Graph

Author	SHA1	Message	Date
0xbyt4	33cfe1515d	fix: sanitize FTS5 queries and close mirror DB connections Two bugs fixed: 1. search_messages() crashes with OperationalError when user queries contain FTS5 special characters (+, ", (, {, dangling AND/OR, etc). Added _sanitize_fts5_query() to strip dangerous operators and a fallback try-except for edge cases. 2. _append_to_sqlite() in mirror.py creates a new SessionDB per call but never closes it, leaking SQLite connections. Added finally block to ensure db.close() is always called.	2026-03-07 04:24:45 +03:00
0xbyt4	3b745633e4	test: add unit tests for 8 untested modules (batch 3) (#191 ) * test: add unit tests for 8 untested modules (batch 3) New test files (143 tests total): - tools/debug_helpers.py: DebugSession enable/disable, log, save, session info - tools/skills_guard.py: scan_file, scan_skill, trust levels, install policy, structural checks - tools/skills_sync.py: manifest read/write, skill discovery, sync logic - gateway/sticker_cache.py: cache CRUD, sticker injection text builders - gateway/channel_directory.py: channel resolution, display formatting, session building - gateway/hooks.py: hook discovery, sync/async emit, wildcard matching - gateway/mirror.py: session lookup, JSONL append, mirror_to_session - honcho_integration/client.py: config from env/file, session name resolution, linked workspaces Also documents a gap in skills_guard: multi-word prompt injection variants like "ignore all prior instructions" bypass the regex scanner. * test: strengthen sticker injection tests with exact format assertions Replace loose "contains" checks with exact output matching for build_sticker_injection and build_animated_sticker_injection. Add edge cases: set_name without emoji, empty description, empty emoji. * test: remove skills_guard gap-documenting test to avoid conflict with fix PR	2026-03-01 05:28:12 -08:00

Author

SHA1

Message

Date

0xbyt4

33cfe1515d

fix: sanitize FTS5 queries and close mirror DB connections

Two bugs fixed:

1. search_messages() crashes with OperationalError when user queries
   contain FTS5 special characters (+, ", (, {, dangling AND/OR, etc).
   Added _sanitize_fts5_query() to strip dangerous operators and a
   fallback try-except for edge cases.

2. _append_to_sqlite() in mirror.py creates a new SessionDB per call
   but never closes it, leaking SQLite connections. Added finally block
   to ensure db.close() is always called.

2026-03-07 04:24:45 +03:00

0xbyt4

3b745633e4

test: add unit tests for 8 untested modules (batch 3) (#191 )

* test: add unit tests for 8 untested modules (batch 3)

New test files (143 tests total):
- tools/debug_helpers.py: DebugSession enable/disable, log, save, session info
- tools/skills_guard.py: scan_file, scan_skill, trust levels, install policy, structural checks
- tools/skills_sync.py: manifest read/write, skill discovery, sync logic
- gateway/sticker_cache.py: cache CRUD, sticker injection text builders
- gateway/channel_directory.py: channel resolution, display formatting, session building
- gateway/hooks.py: hook discovery, sync/async emit, wildcard matching
- gateway/mirror.py: session lookup, JSONL append, mirror_to_session
- honcho_integration/client.py: config from env/file, session name resolution, linked workspaces

Also documents a gap in skills_guard: multi-word prompt injection
variants like "ignore all prior instructions" bypass the regex scanner.

* test: strengthen sticker injection tests with exact format assertions

Replace loose "contains" checks with exact output matching for
build_sticker_injection and build_animated_sticker_injection.
Add edge cases: set_name without emoji, empty description, empty emoji.

* test: remove skills_guard gap-documenting test to avoid conflict with fix PR

2026-03-01 05:28:12 -08:00

2 Commits