hermes-agent

Files

Teknium eed891f1bb security: supply chain hardening — CI pinning, dep pinning, and code fixes (#9801 )

CI/CD Hardening:
- Pin all 12 GitHub Actions to full commit SHAs (was mutable @vN tags)
- Add explicit permissions: {contents: read} to 4 workflows
- Pin CI pip installs to exact versions (pyyaml==6.0.2, httpx==0.28.1)
- Extend supply-chain-audit.yml to scan workflow, Dockerfile, dependency
  manifest, and Actions version changes

Dependency Pinning:
- Pin git-based Python deps to commit SHAs (atroposlib, tinker, yc-bench)
- Pin WhatsApp Baileys from mutable branch to commit SHA

Tool Registry:
- Reject tool name shadowing from different tool families (plugins/MCP
  cannot overwrite built-in tools). MCP-to-MCP overwrites still allowed.

MCP Security:
- Add tool description content scanning for prompt injection patterns
- Log detailed change diff on dynamic tool refresh at WARNING level

Skill Manager:
- Fix dangerous verdict bug: agent-created skills with dangerous
  findings were silently allowed (ask->None->allow). Now blocked.

2026-04-14 14:23:37 -07:00

whatsapp-bridge

security: supply chain hardening — CI pinning, dep pinning, and code fixes (#9801 )

2026-04-14 14:23:37 -07:00

build_skills_index.py

feat(skills): centralized skills index — eliminate GitHub API calls for search/install

2026-04-12 16:39:04 -07:00

contributor_audit.py

feat(ci): add contributor attribution check on PRs (#9376 )

2026-04-13 21:13:08 -07:00

discord-voice-doctor.py

feat(tools): add Voxtral TTS provider (Mistral AI)