Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 64 Pull Requests 2 Actions 1 Packages Projects Releases Wiki Activity
Files
52b3a3ca3aec41e2bf53ead7a48867f63b4073bb
hermes-agent/tools
History
Teknium 469cd16fe0 fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944) 
Salvaged from PRs #5800 (memosr), #5806 (memosr), #5915 (Ruzzgar), #5928 (Awsh1).

Changes:
- Use hmac.compare_digest for API key comparison (timing attack prevention)
- Apply provider env var blocklist to Docker containers (credential leakage)
- Replace tar.extractall() with safe extraction in TerminalBench2 (CVE-2007-4559)
- Add SSRF protection via is_safe_url to ALL platform adapters:
  base.py (cache_image_from_url, cache_audio_from_url),
  discord, slack, telegram, matrix, mattermost, feishu, wecom
  (Signal and WhatsApp protected via base.py helpers)
- Update tests: mock is_safe_url in Mattermost download tests
- Add security tests for tar extraction (traversal, symlinks, safe files)
2026-04-07 17:28:37 -07:00
..
browser_providers
feat: switch managed browser provider from Browserbase to Browser Use (#5750)
2026-04-07 08:40:22 -04:00
environments
fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944)
2026-04-07 17:28:37 -07:00
neutts_samples
refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow
2026-03-17 02:33:12 -07:00
__init__.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
ansi_strip.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
approval.py
fix(approval): load permanent command allowlist on startup (#5076)
2026-04-07 01:00:02 -07:00
browser_camofox_state.py
feat(browser): add persistent Camofox sessions and VNC URL discovery (salvage #4400) (#4419)
2026-04-01 04:18:50 -07:00
browser_camofox.py
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
browser_tool.py
refactor: migrate 10 config.yaml inline loaders to read_raw_config()
2026-04-07 17:28:23 -07:00
checkpoint_manager.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
clarify_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
code_execution_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
credential_files.py
refactor: migrate 10 config.yaml inline loaders to read_raw_config()
2026-04-07 17:28:23 -07:00
cronjob_tools.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
debug_helpers.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00
delegate_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
env_passthrough.py
refactor: migrate 10 config.yaml inline loaders to read_raw_config()
2026-04-07 17:28:23 -07:00
file_operations.py
refactor: remove 24 confirmed dead functions — 432 lines of unused code
2026-04-07 11:41:26 -07:00
file_tools.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
fuzzy_match.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
homeassistant_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
image_generation_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
interrupt.py
feat: enhance interrupt handling and container resource configuration
2026-02-23 02:11:33 -08:00
managed_tool_gateway.py
fix(tools): add debug logging for token refresh and tighten domain check
2026-04-02 12:40:03 +11:00
mcp_oauth.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00
mcp_tool.py
refactor(tests): re-architect tests + fix CI failures (#5946)
2026-04-07 17:19:07 -07:00
memory_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
mixture_of_agents_tool.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
neutts_synth.py
fix(tts): document NeuTTS provider and align install guidance (#1903)
2026-03-18 02:55:30 -07:00
openrouter_client.py
refactor: route ad-hoc LLM consumers through centralized provider router
2026-03-11 20:02:36 -07:00
osv_check.py
feat: OSV malware check for MCP extension packages (#5305)
2026-04-05 12:46:07 -07:00
patch_parser.py
fix: handle addition-only hunks in V4A patch parser (#3325)
2026-03-26 19:38:04 -07:00
process_registry.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
registry.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
rl_training_tool.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00
send_message_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
session_search_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
skill_manager_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
skills_guard.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
skills_hub.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00
skills_sync.py
refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
2026-03-25 15:54:28 -07:00
skills_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
terminal_tool.py
refactor: remove 24 confirmed dead functions — 432 lines of unused code
2026-04-07 11:41:26 -07:00
tirith_security.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
todo_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
tool_backend_helpers.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
transcription_tools.py
refactor: migrate 10 config.yaml inline loaders to read_raw_config()
2026-04-07 17:28:23 -07:00
tts_tool.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
url_safety.py
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
2026-03-23 15:40:42 -07:00
vision_tools.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
voice_mode.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00
web_tools.py
refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites
2026-04-07 13:36:38 -07:00
website_policy.py
refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
2026-04-07 10:25:31 -07:00