Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 248 Pull Requests 14 Actions 1 Packages Projects Releases Wiki Activity
Files
4e3f5072f6b0e51af11b5d55a57784242542c654
hermes-agent/gateway/platforms
History
Allegro 4e3f5072f6
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 31s
Details
Tests / test (pull_request) Failing after 32s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 59s
Details
security: add rate limiting to API server (V-016, CVSS 7.3) 
Add token bucket rate limiter per client IP.

Changes:
- gateway/platforms/api_server.py:
  - Add _RateLimiter class with token bucket algorithm
  - Add rate_limit_middleware for request throttling
  - Configurable via API_SERVER_RATE_LIMIT (default 100 req/min)
  - Returns 429 with Retry-After header when limit exceeded
  - Skip rate limiting for /health endpoint

CVSS: 7.3 (High)
Refs: V-016 in SECURITY_AUDIT_REPORT.md
CWE-770: Allocation of Resources Without Limits or Throttling
2026-03-31 00:04:56 +00:00
..
__init__.py
Enhance CLI with multi-platform messaging integration and configuration management
2026-02-02 19:01:51 -08:00
ADDING_A_PLATFORM.md
docs: finish cron terminology cleanup
2026-03-14 19:20:58 -07:00
api_server.py
security: add rate limiting to API server (V-016, CVSS 7.3)
2026-03-31 00:04:56 +00:00
base.py
feat(discord): add message processing reactions (salvage #1980) (#3871)
2026-03-29 21:55:23 -07:00
dingtalk.py
fix(dingtalk): requirements check passes with only one credential set
2026-03-17 03:50:45 -07:00
discord.py
feat(discord): add message processing reactions (salvage #1980) (#3871)
2026-03-29 21:55:23 -07:00
email.py
fix(email): close SMTP and IMAP connections on failure (#3804)
2026-03-29 15:38:32 -07:00
feishu.py
feat(gateway): add Feishu/Lark platform support (#3817)
2026-03-29 18:17:42 -07:00
homeassistant.py
fix(gateway): add request timeouts to HA, Email, Mattermost, SMS adapters (#3258)
2026-03-26 14:36:07 -07:00
matrix.py
fix: resolve 7 failing CI tests (#3936)
2026-03-30 08:10:14 -07:00
mattermost.py
feat(mattermost): configurable mention behavior — respond without @mention (#3664)
2026-03-28 22:17:43 -07:00
signal.py
feat: add profiles — run multiple isolated Hermes instances (#3681)
2026-03-29 10:41:20 -07:00
slack.py
feat(slack): multi-workspace support via OAuth token file (#3903)
2026-03-30 01:51:48 -07:00
sms.py
fix: store asyncio task references to prevent GC mid-execution (#3267)
2026-03-26 14:36:24 -07:00
telegram_network.py
fix(telegram): honor proxy env vars in fallback transport (salvage #3411) (#3591)
2026-03-28 14:23:27 -07:00
telegram.py
feat(telegram): add webhook mode as alternative to polling (#3880)
2026-03-29 22:36:07 -07:00
webhook.py
feat: add profiles — run multiple isolated Hermes instances (#3681)
2026-03-29 10:41:20 -07:00
wecom.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
whatsapp.py
fix(whatsapp): reuse persistent aiohttp session across requests (#3818)
2026-03-29 16:25:20 -07:00