Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 42 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
786970925e82a75b248bf7a8eb98484d70a0eebf
hermes-agent/tools
History
Teknium 38d8446011 feat: implement MCP OAuth 2.1 PKCE client support (#5420) 
Implement tools/mcp_oauth.py — the OAuth adapter that mcp_tool.py's
existing auth: oauth hook has been waiting for.

Components:
- HermesTokenStorage: persists tokens + client registration to
  HERMES_HOME/mcp-tokens/<server>.json with 0o600 permissions
- Callback handler factory: per-flow isolated HTTP handlers (safe for
  concurrent OAuth flows across multiple MCP servers)
- OAuthClientProvider integration: wraps the MCP SDK's httpx.Auth
  subclass which handles discovery, DCR, PKCE, token exchange,
  refresh, and step-up auth (403 insufficient_scope) automatically
- Non-interactive detection: warns when gateway/cron environments
  try to OAuth without cached tokens
- Pre-registered client support: injects client_id/secret from config
  for servers that don't support Dynamic Client Registration (e.g. Slack)
- Path traversal protection on server names
- remove_oauth_tokens() for cleanup

Config format:
  mcp_servers:
    sentry:
      url: 'https://mcp.sentry.dev/mcp'
      auth: oauth
      oauth:                          # all optional
        client_id: '...'              # skip DCR
        client_secret: '...'          # confidential client
        scope: 'read write'           # server-provided by default

Also passes oauth config dict through from mcp_tool.py (was passing
only server_name and url before).

E2E verified: full OAuth flow (401 → discovery → DCR → authorize →
token exchange → authenticated request → tokens persisted) against
local test servers. 23 unit tests + 186 MCP suite tests pass.
2026-04-05 22:08:00 -07:00
..
browser_providers
Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway.
2026-03-30 13:28:10 +09:00
environments
feat: execute_code runs on remote terminal backends (#5088)
2026-04-04 12:57:49 -07:00
neutts_samples
refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow
2026-03-17 02:33:12 -07:00
__init__.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
ansi_strip.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
approval.py
security(approval): fix privilege escalation in gateway once-approval logic
2026-04-05 12:31:27 -07:00
browser_camofox_state.py
feat(browser): add persistent Camofox sessions and VNC URL discovery (salvage #4400) (#4419)
2026-04-01 04:18:50 -07:00
browser_camofox.py
security: redact secrets from auxiliary and vision LLM responses
2026-04-01 12:03:56 -07:00
browser_tool.py
feat(browser): add JS evaluation via browser_console expression parameter (#5303)
2026-04-05 12:42:52 -07:00
checkpoint_manager.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
clarify_tool.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
code_execution_tool.py
feat: execute_code runs on remote terminal backends (#5088)
2026-04-04 12:57:49 -07:00
credential_files.py
feat: wire skills.external_dirs into all remaining discovery paths
2026-04-03 21:14:42 -07:00
cronjob_tools.py
feat(cron): add script field for pre-run data collection (#5082)
2026-04-04 10:43:39 -07:00
debug_helpers.py
delegate_tool.py
fix: link subagent sessions to parent and hide from session list
2026-04-05 12:48:50 -07:00
env_passthrough.py
feat: env var passthrough for skills and user config (#2807)
2026-03-24 08:19:34 -07:00
file_operations.py
fix: remove stale test skips, fix regex backtracking, file search bug, and test flakiness
2026-04-04 10:18:57 -07:00
file_tools.py
perf: fix O(n²) catastrophic backtracking in redact regex + reorder file read guard
2026-04-03 22:40:37 -07:00
fuzzy_match.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
homeassistant_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
image_generation_tool.py
Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway.
2026-03-30 13:28:10 +09:00
interrupt.py
managed_tool_gateway.py
fix(tools): add debug logging for token refresh and tighten domain check
2026-04-02 12:40:03 +11:00
mcp_oauth.py
feat: implement MCP OAuth 2.1 PKCE client support (#5420)
2026-04-05 22:08:00 -07:00
mcp_tool.py
feat: implement MCP OAuth 2.1 PKCE client support (#5420)
2026-04-05 22:08:00 -07:00
memory_tool.py
fix(memory): profile-scoped memory isolation and clone support (#4845)
2026-04-03 13:10:11 -07:00
mixture_of_agents_tool.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
neutts_synth.py
fix(tts): document NeuTTS provider and align install guidance (#1903)
2026-03-18 02:55:30 -07:00
openrouter_client.py
refactor: route ad-hoc LLM consumers through centralized provider router
2026-03-11 20:02:36 -07:00
osv_check.py
feat: OSV malware check for MCP extension packages (#5305)
2026-04-05 12:46:07 -07:00
patch_parser.py
fix: handle addition-only hunks in V4A patch parser (#3325)
2026-03-26 19:38:04 -07:00
process_registry.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
registry.py
feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812)
2026-03-29 15:52:54 -07:00
rl_training_tool.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
send_message_tool.py
fix(matrix): E2EE cron delivery via live adapter + HTML formatting + origin fallback
2026-04-05 11:07:47 -07:00
session_search_tool.py
fix: session_search fallback preview on summarization failure (salvage #3413) (#3478)
2026-03-27 21:27:51 -07:00
skill_manager_tool.py
feat: wire skills.external_dirs into all remaining discovery paths
2026-04-03 21:14:42 -07:00
skills_guard.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
skills_hub.py
feat(skills): size limits for agent writes + fuzzy matching for patch (#4414)
2026-04-01 04:19:19 -07:00
skills_sync.py
refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
2026-03-25 15:54:28 -07:00
skills_tool.py
feat: wire skills.external_dirs into all remaining discovery paths
2026-04-03 21:14:42 -07:00
terminal_tool.py
feat: add exit code context for common CLI tools in terminal results (#5144)
2026-04-04 16:57:24 -07:00
tirith_security.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
todo_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
tool_backend_helpers.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
transcription_tools.py
refactor: simplify and harden PR fixes after review
2026-04-03 00:50:17 -07:00
tts_tool.py
feat: add MiniMax TTS provider support (speech-2.8)
2026-04-03 22:42:14 -07:00
url_safety.py
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
2026-03-23 15:40:42 -07:00
vision_tools.py
fix: background task media delivery + vision download timeout (#3919)
2026-03-30 02:59:39 -07:00
voice_mode.py
fix: allow voice mode in WSL when PulseAudio bridge is configured
2026-03-31 12:13:33 -07:00
web_tools.py
fix: web_extract fast-fail on scrape timeout + summarizer resilience
2026-04-05 11:16:45 -07:00
website_policy.py
refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
2026-03-25 15:54:28 -07:00