Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 64 Pull Requests 2 Actions 1 Packages Projects Releases Wiki Activity
Files
469cd16fe01edbde4070a5ed549a8e2a839f9157
hermes-agent/tests
History
Teknium 469cd16fe0 fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944) 
Salvaged from PRs #5800 (memosr), #5806 (memosr), #5915 (Ruzzgar), #5928 (Awsh1).

Changes:
- Use hmac.compare_digest for API key comparison (timing attack prevention)
- Apply provider env var blocklist to Docker containers (credential leakage)
- Replace tar.extractall() with safe extraction in TerminalBench2 (CVE-2007-4559)
- Add SSRF protection via is_safe_url to ALL platform adapters:
  base.py (cache_image_from_url, cache_audio_from_url),
  discord, slack, telegram, matrix, mattermost, feishu, wecom
  (Signal and WhatsApp protected via base.py helpers)
- Update tests: mock is_safe_url in Mattermost download tests
- Add security tests for tar extraction (traversal, symlinks, safe files)
2026-04-07 17:28:37 -07:00
..
acp
feat(api): structured run events via /v1/runs SSE endpoint
2026-04-05 12:05:13 -07:00
agent
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
cli
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
cron
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
e2e
test(e2e): remove section separator comments
2026-04-01 15:23:52 -07:00
environments/benchmarks
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944)
2026-04-07 17:28:37 -07:00
fakes
fix: streaming tool call parsing, error handling, and fake HA state mutation
2026-03-14 14:27:20 +03:00
gateway
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944)
2026-04-07 17:28:37 -07:00
hermes_cli
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
honcho_plugin
fix(honcho): migration guard for observation mode default change
2026-04-05 12:34:11 -07:00
integration
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
plugins
feat(supermemory): add multi-container, search_mode, identity template, and env var override (#5933)
2026-04-07 14:03:46 -07:00
run_agent
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
skills
fix: protect profile-scoped google workspace oauth tokens
2026-04-03 17:49:18 -07:00
tools
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
__init__.py
A bit of restructuring for simplicity and organization
2025-10-01 23:29:25 +00:00
conftest.py
fix(approval): show full command in dangerous command approval (#1553)
2026-03-17 02:02:33 -07:00
run_interrupt_test.py
fix: thread safety for concurrent subagent delegation (#1672)
2026-03-17 02:53:33 -07:00
test_batch_runner_checkpoint.py
fix: sanitize chat payloads and provider precedence
2026-03-13 23:59:12 -07:00
test_evidence_store.py
feat: add OSS Security Forensics skill (Skills Hub) (#1482)
2026-03-15 21:59:53 -07:00
test_hermes_logging.py
fix: repair 57 failing CI tests across 14 files (#5823)
2026-04-07 09:58:45 -07:00
test_hermes_state.py
fix: merge dotted+hyphenated FTS5 quoting into single pass
2026-04-02 00:49:11 -07:00
test_honcho_client_config.py
feat(memory): pluggable memory provider interface with profile isolation, review fixes, and honcho CLI restoration (#4623)
2026-04-02 15:33:51 -07:00
test_mcp_serve.py
feat: add MCP server mode — hermes mcp serve (#3795)
2026-03-29 15:47:19 -07:00
test_minisweagent_path.py
chore: remove all remaining mini-swe-agent references
2026-03-24 08:19:23 -07:00
test_model_tools_async_bridge.py
fix: use per-thread persistent event loops in worker threads
2026-03-20 15:41:06 -04:00
test_model_tools.py
Add request-scoped plugin lifecycle hooks
2026-04-05 23:31:29 -07:00
test_packaging_metadata.py
chore: prepare Hermes for Homebrew packaging (#4099)
2026-03-30 17:34:43 -07:00
test_project_metadata.py
fix: exclude matrix from [all] extras — python-olm is upstream-broken (#4615)
2026-04-02 09:21:37 -07:00
test_sql_injection.py
fix(security): eliminate SQL string formatting in execute() calls
2026-03-19 15:16:35 +01:00
test_timezone.py
fix: repair 57 failing CI tests across 14 files (#5823)
2026-04-07 09:58:45 -07:00
test_toolset_distributions.py
test: add unit tests for 8 modules (batch 2)
2026-02-26 13:54:20 +03:00
test_toolsets.py
fix: add missing Platform.SIGNAL to toolset mappings, update test + config docs
2026-03-09 23:27:19 -07:00
test_trajectory_compressor_async.py
fix: create AsyncOpenAI lazily in trajectory_compressor to avoid closed event loop (#4013)
2026-03-30 13:16:16 -07:00
test_trajectory_compressor.py
fix: URL-based auth for third-party Anthropic endpoints + CI test fixes (#4148)
2026-03-30 20:36:56 -07:00
test_utils_truthy_values.py
Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway.
2026-03-30 13:28:10 +09:00