Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 64 Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity
Files
52b3a3ca3aec41e2bf53ead7a48867f63b4073bb
hermes-agent/tests/gateway
History
Teknium 469cd16fe0 fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944) 
Salvaged from PRs #5800 (memosr), #5806 (memosr), #5915 (Ruzzgar), #5928 (Awsh1).

Changes:
- Use hmac.compare_digest for API key comparison (timing attack prevention)
- Apply provider env var blocklist to Docker containers (credential leakage)
- Replace tar.extractall() with safe extraction in TerminalBench2 (CVE-2007-4559)
- Add SSRF protection via is_safe_url to ALL platform adapters:
  base.py (cache_image_from_url, cache_audio_from_url),
  discord, slack, telegram, matrix, mattermost, feishu, wecom
  (Signal and WhatsApp protected via base.py helpers)
- Update tests: mock is_safe_url in Mattermost download tests
- Add security tests for tar extraction (traversal, symlinks, safe files)
2026-04-07 17:28:37 -07:00
..
__init__.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_agent_cache.py
fix(gateway): fingerprint full auth token in agent cache signature (#3247)
2026-03-26 13:19:43 -07:00
test_allowlist_startup_check.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
test_api_server_jobs.py
fix(gateway): wrap cron helpers with staticmethod to prevent self-binding
2026-04-05 12:31:10 -07:00
test_api_server_toolset.py
refactor: remove browser_close tool — auto-cleanup handles it (#5792)
2026-04-07 03:28:44 -07:00
test_api_server.py
fix: lazy-init SessionDB on adapter instance instead of per-request
2026-04-01 11:41:32 -07:00
test_approve_deny_commands.py
fix: remove stale test skips, fix regex backtracking, file search bug, and test flakiness
2026-04-04 10:18:57 -07:00
test_async_memory_flush.py
fix(gateway): persist memory flush state to prevent redundant re-flushes on restart (#4481)
2026-04-01 12:05:02 -07:00
test_background_command.py
fix(gateway): track background task references in GatewayRunner (#3254)
2026-03-26 14:33:48 -07:00
test_background_process_notifications.py
fix(gateway): persist watcher metadata in checkpoint for crash recovery (#1706)
2026-03-17 03:52:15 -07:00
test_base_topic_sessions.py
feat(discord): add message processing reactions (salvage #1980) (#3871)
2026-03-29 21:55:23 -07:00
test_channel_directory.py
Ensure atomic writes for gateway channel directory cache to prevent truncation
2026-04-06 13:20:01 -07:00
test_command_bypass_active_session.py
fix(gateway): /stop and /new bypass Level 1 active-session guard (#5765)
2026-04-07 00:53:45 -07:00
test_config_cwd_bridge.py
refactor(cli): implement approval locking mechanism to serialize concurrent requests
2026-03-13 23:59:18 -07:00
test_config.py
feat: shared thread sessions by default — multi-user thread support (#5391)
2026-04-05 19:46:58 -07:00
test_delivery.py
fix: salvage gateway dedup and executor cleanup from PR #993
2026-03-14 11:03:20 -07:00
test_dingtalk.py
feat(gateway): add DingTalk platform adapter (#1685)
2026-03-17 03:04:58 -07:00
test_discord_bot_filter.py
feat(discord): add DISCORD_ALLOW_BOTS config for bot message filtering (inspired by openclaw)
2026-03-09 02:20:57 -07:00
test_discord_connect.py
fix: add missing ButtonStyle.grey to discord mock for test compatibility
2026-04-05 12:42:47 -07:00
test_discord_document_handling.py
feat: add .zip document support and auto-mount cache dirs into remote backends (#4846)
2026-04-03 13:16:26 -07:00
test_discord_free_response.py
fix(discord): register /approve and /deny slash commands, wire up button-based approval UI (#4800)
2026-04-03 10:24:07 -07:00
test_discord_imports.py
fix: defer discord adapter annotations
2026-03-14 09:32:05 -07:00
test_discord_media_metadata.py
feat(discord): add /thread command, auto_thread config, and media metadata fix (#1178)
2026-03-13 08:52:54 -07:00
test_discord_opus.py
fix: add macOS Homebrew Opus fallback and fix shutdown dict iteration
2026-03-14 14:27:21 +03:00
test_discord_reactions.py
feat: add discord.reactions config option to disable message reactions (#4199)
2026-03-31 01:24:48 -07:00
test_discord_send.py
fix(discord): register /approve and /deny slash commands, wire up button-based approval UI (#4800)
2026-04-03 10:24:07 -07:00
test_discord_slash_commands.py
fix(discord): properly route slash event handling in threads
2026-03-22 04:25:19 -07:00
test_discord_system_messages.py
fix(discord): ignore system messages in on_message handler (#2618)
2026-03-23 06:50:09 -07:00
test_discord_thread_persistence.py
fix(discord): persist thread participation across gateway restarts
2026-03-17 02:26:34 -07:00
test_dm_topics.py
test+docs: add group_topics tests and documentation
2026-04-03 18:20:50 -07:00
test_document_cache.py
feat: add .zip document support and auto-mount cache dirs into remote backends (#4846)
2026-04-03 13:16:26 -07:00
test_email.py
fix(email): close SMTP and IMAP connections on failure (#3804)
2026-03-29 15:38:32 -07:00
test_extract_local_files.py
feat: auto-detect local file paths in gateway responses for native media delivery (#1640)
2026-03-17 01:47:34 -07:00
test_feishu.py
feat(gateway): add per-group access control for Feishu
2026-04-06 16:54:16 -07:00
test_flush_memory_stale_guard.py
fix(memory): profile-scoped memory isolation and clone support (#4845)
2026-04-03 13:10:11 -07:00
test_gateway_shutdown.py
fix(gateway): track background task references in GatewayRunner (#3254)
2026-03-26 14:33:48 -07:00
test_homeassistant.py
fix: Home Assistant event filtering now closed by default (#1169)
2026-03-13 07:40:38 -07:00
test_hooks.py
fix(tests): resolve 10 CI failures across hooks, tiktoken, plugins (#3848)
2026-03-29 20:05:59 -07:00
test_interrupt_key_match.py
test(gateway): cover photo burst interrupt regressions
2026-03-15 03:50:45 -07:00
test_matrix_mention.py
fix(gateway): match Discord mention-stripping behavior in Matrix adapter
2026-04-04 13:09:27 -07:00
test_matrix_voice.py
fix: repair 57 failing CI tests across 14 files (#5823)
2026-04-07 09:58:45 -07:00
test_matrix.py
fix: repair 57 failing CI tests across 14 files (#5823)
2026-04-07 09:58:45 -07:00
test_mattermost.py
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944)
2026-04-07 17:28:37 -07:00
test_media_download_retry.py
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944)
2026-04-07 17:28:37 -07:00
test_media_extraction.py
fix(gateway): prevent TTS voice messages from accumulating across turns
2026-02-28 03:38:27 -05:00
test_mirror.py
fix(gateway): isolate telegram forum topic sessions
2026-03-11 09:15:34 +01:00
test_pairing.py
test: strengthen assertions across 7 test files (batch 1)
2026-03-05 18:39:37 -08:00
test_pii_redaction.py
fix(privacy): skip PII redaction on Discord/Slack (mentions need real IDs)
2026-03-16 05:58:34 -07:00
test_plan_command.py
fix: save /plan output in workspace (#1381)
2026-03-14 21:28:51 -07:00
test_platform_base.py
fix(gateway): sanitize media URLs in base platform logs
2026-04-06 16:50:05 -07:00
test_platform_reconnect.py
fix: repair 57 failing CI tests across 14 files (#5823)
2026-04-07 09:58:45 -07:00
test_queue_consumption.py
fix(gateway): process /queue'd messages after agent completion (#2469)
2026-03-22 04:56:13 -07:00
test_reasoning_command.py
fix: MCP toolset resolution for runtime and config (#3252)
2026-03-26 13:39:41 -07:00
test_resume_command.py
fix: silent memory flush failure on /new and /resume commands
2026-04-06 16:49:42 -07:00
test_retry_replacement.py
test: lock retry replacement semantics
2026-03-14 21:19:22 -07:00
test_retry_response.py
test(gateway): add regression test for /retry response fix
2026-03-10 23:34:52 -07:00
test_run_progress_topics.py
fix(gateway): respect tool_preview_length in all/new progress modes (#5937)
2026-04-07 14:10:56 -07:00
test_runner_fatal_adapter.py
fix(gateway): exit with failure when all platforms fail with retryable errors (#3592)
2026-03-28 14:25:12 -07:00
test_runner_startup_failures.py
fix(gateway): restart on retryable startup failures (#1517)
2026-03-16 05:26:31 -07:00
test_send_image_file.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_send_retry.py
fix(telegram): prevent duplicate message delivery on send timeout (#5153)
2026-04-04 19:05:34 -07:00
test_session_dm_thread_seeding.py
fix(gateway): seed DM thread sessions with parent transcript to preserve context
2026-04-02 01:33:53 -07:00
test_session_env.py
fix: preserve thread context for cronjob deliver=origin
2026-03-15 06:57:00 -07:00
test_session_hygiene.py
fix(gateway): remove user-facing compression warnings (#4139)
2026-03-30 19:17:07 -07:00
test_session_info.py
feat(gateway): surface session config on /new, /reset, and auto-reset (#3321)
2026-03-26 19:27:58 -07:00
test_session_model_reset.py
fix: clear session-scoped model overrides during session reset
2026-04-06 13:20:01 -07:00
test_session_race_guard.py
fix: repair 57 failing CI tests across 14 files (#5823)
2026-04-07 09:58:45 -07:00
test_session_reset_notify.py
feat(gateway): notify users when session auto-resets (#2519)
2026-03-22 09:33:39 -07:00
test_session.py
feat: shared thread sessions by default — multi-user thread support (#5391)
2026-04-05 19:46:58 -07:00
test_signal.py
fix(signal): implement send_image_file, send_voice, and send_video for MEDIA: tag delivery
2026-04-06 11:41:34 -07:00
test_slack_approval_buttons.py
feat(slack): thread engagement — auto-respond in bot-started and mentioned threads (#5897)
2026-04-07 11:12:08 -07:00
test_slack.py
feat(gateway): Enable Slack thread replies without explicit @mentions
2026-04-06 21:27:16 -07:00
test_sms.py
feat: add SMS (Twilio) platform adapter
2026-03-17 03:14:53 -07:00
test_sse_agent_cancel.py
fix(api-server): cancel orphaned agent + true interrupt on SSE disconnect (salvage #3399) (#3427)
2026-03-27 11:33:19 -07:00
test_ssl_certs.py
fix(gateway): SSL certificate auto-detection for NixOS and non-standard systems
2026-03-15 23:04:34 -07:00
test_status_command.py
fix(gateway): show full session id and title in /status
2026-04-07 17:27:09 -07:00
test_status.py
fix(gateway): detect script-style gateway processes for --replace
2026-03-18 03:12:59 -07:00
test_step_callback_compat.py
fix(gateway): normalize step_callback prev_tools for backward compat
2026-04-02 20:54:27 -07:00
test_sticker_cache.py
test: add unit tests for 8 untested modules (batch 3) (#191)
2026-03-01 05:28:12 -08:00
test_stream_consumer.py
fix: stream consumer creates new message after tool boundaries (#5739)
2026-04-06 23:00:14 -07:00
test_stt_config.py
fix: restore local STT fallback for gateway voice notes
2026-03-15 21:51:40 -07:00
test_telegram_approval_buttons.py
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
test_telegram_caption_merge.py
fix(telegram): replace substring caption check with exact line-by-line match
2026-04-07 14:08:59 -07:00
test_telegram_conflict.py
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
test_telegram_documents.py
feat: add .zip document support and auto-mount cache dirs into remote backends (#4846)
2026-04-03 13:16:26 -07:00
test_telegram_format.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_telegram_group_gating.py
feat(telegram): add group mention gating and regex triggers (#3870)
2026-03-29 21:53:59 -07:00
test_telegram_network_reconnect.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_telegram_network.py
fix(telegram): honor proxy env vars in fallback transport (salvage #3411) (#3591)
2026-03-28 14:23:27 -07:00
test_telegram_photo_interrupts.py
test(gateway): cover photo burst interrupt regressions
2026-03-15 03:50:45 -07:00
test_telegram_reply_mode.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_telegram_text_batching.py
fix(telegram): aggregate split text messages before dispatching (#1674)
2026-03-17 02:49:57 -07:00
test_telegram_thread_fallback.py
Prevent Telegram polling handoffs and flood-control send failures
2026-04-05 11:59:28 -07:00
test_title_command.py
fix(test): add missing _voice_mode attr to GatewayRunner test stubs
2026-03-14 14:27:20 +03:00
test_transcript_offset.py
fix(gateway): use filtered history length for transcript message extraction
2026-03-04 21:34:40 +03:00
test_unauthorized_dm_behavior.py
feat: support * wildcard in platform allowlists and improve WhatsApp docs
2026-03-31 10:42:03 -07:00
test_unknown_command.py
fix(gateway): surface unknown /commands instead of leaking them to the LLM
2026-04-05 11:59:28 -07:00
test_update_command.py
feat(gateway): live-stream /update output + interactive prompt buttons (#5180)
2026-04-05 00:28:58 -07:00
test_update_streaming.py
feat(gateway): live-stream /update output + interactive prompt buttons (#5180)
2026-04-05 00:28:58 -07:00
test_verbose_command.py
feat: config-gated /verbose command for messaging gateway (#3262)
2026-03-26 14:41:04 -07:00
test_voice_command.py
fix(discord): register /approve and /deny slash commands, wire up button-based approval UI (#4800)
2026-04-03 10:24:07 -07:00
test_webhook_adapter.py
fix(gateway/webhook): don't pop delivery_info on send
2026-04-07 17:27:09 -07:00
test_webhook_dynamic_routes.py
feat(webhook): hermes webhook CLI + skill for event-driven subscriptions (#3578)
2026-03-28 14:33:35 -07:00
test_webhook_integration.py
fix(gateway/webhook): don't pop delivery_info on send
2026-04-07 17:27:09 -07:00
test_wecom.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
test_whatsapp_connect.py
fix(whatsapp): reuse persistent aiohttp session across requests (#3818)
2026-03-29 16:25:20 -07:00
test_whatsapp_group_gating.py
fix(whatsapp): add free_response_chats, mention stripping, and interactive message unwrapping
2026-04-03 01:16:39 -07:00
test_whatsapp_reply_prefix.py
feat: OpenAI-compatible API server + WhatsApp configurable reply prefix (#1756)
2026-03-17 10:44:37 -07:00
test_ws_auth_retry.py
fix(gateway): stop Matrix/Mattermost reconnect on permanent auth failures
2026-04-05 11:07:47 -07:00