Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 61 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
security/add-rate-limiting
hermes-agent/gateway
History
Allegro 4e3f5072f6
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 31s
Details
Tests / test (pull_request) Failing after 32s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 59s
Details
security: add rate limiting to API server (V-016, CVSS 7.3) 
Add token bucket rate limiter per client IP.

Changes:
- gateway/platforms/api_server.py:
  - Add _RateLimiter class with token bucket algorithm
  - Add rate_limit_middleware for request throttling
  - Configurable via API_SERVER_RATE_LIMIT (default 100 req/min)
  - Returns 429 with Retry-After header when limit exceeded
  - Skip rate limiting for /health endpoint

CVSS: 7.3 (High)
Refs: V-016 in SECURITY_AUDIT_REPORT.md
CWE-770: Allocation of Resources Without Limits or Throttling
2026-03-31 00:04:56 +00:00
..
builtin_hooks
feat: built-in boot-md hook — run BOOT.md on gateway startup (#3733)
2026-03-29 10:19:54 -07:00
platforms
security: add rate limiting to API server (V-016, CVSS 7.3)
2026-03-31 00:04:56 +00:00
__init__.py
Enhance CLI with multi-platform messaging integration and configuration management
2026-02-02 19:01:51 -08:00
channel_directory.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
config.py
feat(telegram): add group mention gating and regex triggers (#3870)
2026-03-29 21:53:59 -07:00
delivery.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
hooks.py
feat: built-in boot-md hook — run BOOT.md on gateway startup (#3733)
2026-03-29 10:19:54 -07:00
mirror.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
pairing.py
refactor: consolidate ~/.hermes directory layout with backward compat (#3610)
2026-03-28 15:22:19 -07:00
run.py
fix: background task media delivery + vision download timeout (#3919)
2026-03-30 02:59:39 -07:00
session.py
fix: gateway token double-counting — use absolute set instead of increment (#3317)
2026-03-26 19:13:07 -07:00
status.py
refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
2026-03-25 15:54:28 -07:00
sticker_cache.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
stream_consumer.py
fix: handle message length overflow in streaming mode (#1783)
2026-03-17 11:00:52 -07:00