Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
143b74ec00b41a7b7e949b9cb4f2b303b27e5fa6
hermes-agent/tools
History
Teknium cca0996a28 fix(browser): skip SSRF check for local backends (Camofox, headless Chromium) (#4292) 
The SSRF protection added in #3041 blocks all private/internal addresses
unconditionally in browser_navigate(). This prevents legitimate local use
cases (localhost apps, LAN devices) when using Camofox or the built-in
headless Chromium without a cloud provider.

The check is only meaningful for cloud backends (Browserbase, BrowserUse)
where the agent could reach internal resources on a remote machine. Local
backends give the user full terminal and network access already — the
SSRF check adds zero security value.

Add _is_local_backend() helper that returns True when Camofox is active
or no cloud provider is configured. Both the pre-navigation and
post-redirect SSRF checks now skip when running locally. The
browser.allow_private_urls config option remains available as an
explicit opt-out for cloud mode.
2026-03-31 10:40:13 -07:00
..
browser_providers
feat(browser): multi-provider cloud browser support + Browser Use integration
2026-03-17 00:16:34 -07:00
environments
feat: mount skills directory into all remote backends with live sync (#3890)
2026-03-30 02:45:41 -07:00
neutts_samples
refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow
2026-03-17 02:33:12 -07:00
__init__.py
chore: remove all remaining mini-swe-agent references
2026-03-24 08:19:23 -07:00
ansi_strip.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
approval.py
feat(approvals): make dangerous command approval timeout configurable (#3886)
2026-03-30 00:02:02 -07:00
browser_camofox.py
feat(browser): add Camofox local anti-detection browser backend (#4008)
2026-03-30 13:18:42 -07:00
browser_tool.py
fix(browser): skip SSRF check for local backends (Camofox, headless Chromium) (#4292)
2026-03-31 10:40:13 -07:00
checkpoint_manager.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
clarify_tool.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
code_execution_tool.py
feat: env var passthrough for skills and user config (#2807)
2026-03-24 08:19:34 -07:00
credential_files.py
feat: mount skills directory into all remote backends with live sync (#3890)
2026-03-30 02:45:41 -07:00
cronjob_tools.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
debug_helpers.py
delegate_tool.py
fix: report subagent status as completed when summary exists (#3829)
2026-03-29 18:21:36 -07:00
env_passthrough.py
feat: env var passthrough for skills and user config (#2807)
2026-03-24 08:19:34 -07:00
file_operations.py
fix(paths): respect HERMES_HOME for protected .env write-deny path (#3840)
2026-03-29 18:02:11 -07:00
file_tools.py
security: harden dangerous command detection and add file tool path guards (#3872)
2026-03-29 22:33:47 -07:00
fuzzy_match.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
homeassistant_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
honcho_tools.py
fix(banner): show honcho tools as available when configured (#3810)
2026-03-29 15:55:05 -07:00
image_generation_tool.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
interrupt.py
mcp_oauth.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
mcp_tool.py
feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812)
2026-03-29 15:52:54 -07:00
memory_tool.py
fix: cap percentage displays at 100% in stats, gateway, and memory tool (#3599)
2026-03-28 14:55:18 -07:00
mixture_of_agents_tool.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
neutts_synth.py
fix(tts): document NeuTTS provider and align install guidance (#1903)
2026-03-18 02:55:30 -07:00
openrouter_client.py
refactor: route ad-hoc LLM consumers through centralized provider router
2026-03-11 20:02:36 -07:00
patch_parser.py
fix: handle addition-only hunks in V4A patch parser (#3325)
2026-03-26 19:38:04 -07:00
process_registry.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
registry.py
feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812)
2026-03-29 15:52:54 -07:00
rl_training_tool.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
send_message_tool.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
session_search_tool.py
fix: session_search fallback preview on summarization failure (salvage #3413) (#3478)
2026-03-27 21:27:51 -07:00
skill_manager_tool.py
fix(skills): block category path traversal in skill manager (#3844)
2026-03-29 20:08:22 -07:00
skills_guard.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
skills_hub.py
chore: prepare Hermes for Homebrew packaging (#4099)
2026-03-30 17:34:43 -07:00
skills_sync.py
refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
2026-03-25 15:54:28 -07:00
skills_tool.py
feat(skills): support external skill directories via config (#3678)
2026-03-29 00:33:30 -07:00
terminal_tool.py
fix: make display_hermes_home imports lazy to prevent ImportError during hermes update (#3776)
2026-03-29 15:15:17 -07:00
tirith_security.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
todo_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
transcription_tools.py
add .aac audio file format support to transcription tool (#3865)
2026-03-29 21:27:03 -07:00
tts_tool.py
fix: make display_hermes_home imports lazy to prevent ImportError during hermes update (#3776)
2026-03-29 15:15:17 -07:00
url_safety.py
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
2026-03-23 15:40:42 -07:00
vision_tools.py
fix: background task media delivery + vision download timeout (#3919)
2026-03-30 02:59:39 -07:00
voice_mode.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
web_tools.py
refactor: simplify web backend priority detection (#4036)
2026-03-30 13:37:25 -07:00
website_policy.py
refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
2026-03-25 15:54:28 -07:00