Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 62 Pull Requests 2 Actions 1 Packages Projects Releases Wiki Activity
Files
aa389924ad1bb0076b203b41fc15dc423abdee5c
hermes-agent/tests
History
Teknium 5e67fc8c40 fix(vision): reject non-image files and enforce website policy (salvage #1940) (#3845) 
Three safety gaps in vision_analyze_tool:

1. Local files accepted without checking if they're actually images —
   a renamed text file would get base64-encoded and sent to the model.
   Now validates magic bytes (PNG, JPEG, GIF, BMP, WebP, SVG).

2. No website policy enforcement on image URLs — blocked domains could
   be fetched via the vision tool. Now checks before download.

3. No redirect check — if an allowed URL redirected to a blocked domain,
   the download would proceed. Now re-checks the final URL.

Fixed one test that needed _validate_image_url mocked to bypass DNS
resolution on the fake blocked.test domain (is_safe_url does DNS
checks that were added after the original PR).

Co-authored-by: GutSlabs <GutSlabs@users.noreply.github.com>
2026-03-29 20:55:04 -07:00
..
acp
fix(acp): complete session management surface for editor clients (salvage #3501) (#3675)
2026-03-28 23:45:53 -07:00
agent
fix(tests): align skill/setup and platform mocks with current behavior (#3721)
2026-03-29 07:51:43 -07:00
cron
feat(cron): add cron.wrap_response config to disable delivery wrapping (#3807)
2026-03-29 16:31:01 -07:00
fakes
gateway
fix(tests): resolve 10 CI failures across hooks, tiktoken, plugins (#3848)
2026-03-29 20:05:59 -07:00
hermes_cli
fix(tests): resolve 10 CI failures across hooks, tiktoken, plugins (#3848)
2026-03-29 20:05:59 -07:00
honcho_integration
feat(honcho): instance-local config via HERMES_HOME, default session strategy to per-directory
2026-03-21 09:34:00 -07:00
integration
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
skills
feat(skills): add memento-flashcards optional skill (#3827)
2026-03-29 16:52:52 -07:00
tools
fix(vision): reject non-image files and enforce website policy (salvage #1940) (#3845)
2026-03-29 20:55:04 -07:00
__init__.py
conftest.py
fix(approval): show full command in dangerous command approval (#1553)
2026-03-17 02:02:33 -07:00
run_interrupt_test.py
fix: thread safety for concurrent subagent delegation (#1672)
2026-03-17 02:53:33 -07:00
test_413_compression.py
test_860_dedup.py
test_1630_context_overflow_loop.py
fix: prevent infinite 400 loop on context overflow + block prompt injection via cache files (#1630, #1558)
2026-03-17 01:50:59 -07:00
test_agent_guardrails.py
feat: pre-call sanitization and post-call tool guardrails (#1732)
2026-03-17 04:24:27 -07:00
test_agent_loop_tool_calling.py
test_agent_loop_vllm.py
test: restore vllm integration coverage and add dict-args regression
2026-03-15 08:02:29 -07:00
test_agent_loop.py
test_anthropic_adapter.py
fix(anthropic): use model-native output limits instead of hardcoded 16K (#3426)
2026-03-27 13:02:52 -07:00
test_anthropic_error_handling.py
fix(ci): pin acp <0.9 and update retry-exhaust test (#3320)
2026-03-26 19:21:34 -07:00
test_anthropic_oauth_flow.py
test_anthropic_provider_persistence.py
test_api_key_providers.py
feat: curate HF model picker with OpenRouter analogues (#3440)
2026-03-27 13:54:46 -07:00
test_async_httpx_del_neuter.py
fix: eliminate 'Event loop is closed' / 'Press ENTER to continue' during idle (#3398)
2026-03-27 09:45:25 -07:00
test_atomic_json_write.py
test: cover atomic temp cleanup on interrupts
2026-03-14 22:31:51 -07:00
test_atomic_yaml_write.py
test: cover atomic temp cleanup on interrupts
2026-03-14 22:31:51 -07:00
test_auth_codex_provider.py
test_auth_nous_provider.py
test_auxiliary_config_bridge.py
feat(compression): add summary_base_url + move compression config to YAML-only
2026-03-17 04:46:15 -07:00
test_batch_runner_checkpoint.py
test_cli_approval_ui.py
test_cli_background_tui_refresh.py
fix(cli): refresh TUI before background task output to prevent status bar overlap (#3048)
2026-03-25 15:00:33 -07:00
test_cli_extension_hooks.py
refactor(cli): add protected TUI extension hooks for wrapper CLIs
2026-03-21 09:42:07 -07:00
test_cli_init.py
feat(cli): configurable busy input mode + fix /queue always working (#3298)
2026-03-26 17:58:40 -07:00
test_cli_interrupt_subagent.py
fix: thread safety for concurrent subagent delegation (#1672)
2026-03-17 02:53:33 -07:00
test_cli_loading_indicator.py
test_cli_mcp_config_watch.py
fix: auto-reload MCP tools when mcp_servers config changes without restart (#1474)
2026-03-15 19:03:34 -07:00
test_cli_new_session.py
fix: complete session reset — missing compressor counters + test
2026-03-20 04:35:17 -07:00
test_cli_plan_command.py
test_cli_prefix_matching.py
feat: add /tools disable/enable/list slash commands with session reset (#1652)
2026-03-17 02:05:26 -07:00
test_cli_preloaded_skills.py
fix: move activated skills line below welcome text
2026-03-23 06:20:19 -07:00
test_cli_provider_resolution.py
feat: overhaul context length detection with models.dev and provider-aware resolution (#2158)
2026-03-20 06:04:33 -07:00
test_cli_retry.py
test_cli_secret_capture.py
test_cli_skin_integration.py
test_cli_status_bar.py
fix(tui): status bar duplicates and degrades during long sessions (#3291)
2026-03-26 17:33:11 -07:00
test_cli_tools_command.py
feat: add /tools disable/enable/list slash commands with session reset (#1652)
2026-03-17 02:05:26 -07:00
test_codex_execution_paths.py
test_codex_models.py
fix: add gpt-5.4-mini to Codex fallback catalog (#3855)
2026-03-29 20:10:00 -07:00
test_compression_boundary.py
fix(agent): prevent silent tool result loss during context compression (#1993)
2026-03-18 15:22:51 -07:00
test_compressor_fallback_update.py
feat(providers): add ordered fallback provider chain (salvage #1761) (#3813)
2026-03-29 16:04:53 -07:00
test_config_env_expansion.py
feat(config): support ${ENV_VAR} substitution in config.yaml (#2684)
2026-03-23 16:02:06 -07:00
test_context_pressure.py
fix: cap context pressure percentage at 100% in display (#3480)
2026-03-27 21:42:09 -07:00
test_context_references.py
fix(context): restrict @ references to safe workspace paths (#2601)
2026-03-23 06:40:05 -07:00
test_context_token_tracking.py
fix(tests): resolve all consistently failing tests
2026-03-22 05:58:26 -07:00
test_crossloop_client_cache.py
fix(agent): prevent AsyncOpenAI/httpx cross-loop deadlock in gateway mode (#2701)
2026-03-25 17:31:56 -07:00
test_dict_tool_call_args.py
test: restore vllm integration coverage and add dict-args regression
2026-03-15 08:02:29 -07:00
test_display.py
test_evidence_store.py
feat: add OSS Security Forensics skill (Skills Hub) (#1482)
2026-03-15 21:59:53 -07:00
test_exit_cleanup_interrupt.py
fix: catch KeyboardInterrupt in exit cleanup handlers (#3257)
2026-03-26 14:34:31 -07:00
test_external_credential_detection.py
test_fallback_model.py
feat: upgrade MiniMax default to M2.7 + add new OpenRouter models
2026-03-18 02:42:58 -07:00
test_file_permissions.py
test_flush_memories_codex.py
test_hermes_state.py
feat(sessions): add --source flag for third-party session isolation (#3255)
2026-03-26 14:35:31 -07:00
test_honcho_client_config.py
test_insights.py
feat: add route-aware pricing estimates (#1695)
2026-03-17 03:44:44 -07:00
test_interactive_interrupt.py
fix: thread safety for concurrent subagent delegation (#1672)
2026-03-17 02:53:33 -07:00
test_interrupt_propagation.py
fix: thread safety for concurrent subagent delegation (#1672)
2026-03-17 02:53:33 -07:00
test_managed_server_tool_support.py
test_mcp_serve.py
feat: add MCP server mode — hermes mcp serve (#3795)
2026-03-29 15:47:19 -07:00
test_minisweagent_path.py
chore: remove all remaining mini-swe-agent references
2026-03-24 08:19:23 -07:00
test_model_metadata_local_ctx.py
fix: prefer loaded instance context size over max for LM Studio
2026-03-19 21:24:53 +01:00
test_model_provider_persistence.py
feat: integrate GitHub Copilot providers across Hermes
2026-03-17 23:40:22 -07:00
test_model_tools_async_bridge.py
fix: use per-thread persistent event loops in worker threads
2026-03-20 15:41:06 -04:00
test_model_tools.py
test_openai_client_lifecycle.py
fix: audit fixes — 5 bugs found and resolved
2026-03-16 06:35:46 -07:00
test_percentage_clamp.py
fix: cap percentage displays at 100% in stats, gateway, and memory tool (#3599)
2026-03-28 14:55:18 -07:00
test_personality_none.py
test_plugins_cmd.py
fix(tests): resolve 10 CI failures across hooks, tiktoken, plugins (#3848)
2026-03-29 20:05:59 -07:00
test_plugins.py
feat: activate plugin lifecycle hooks (pre/post_llm_call, session start/end) (#3542)
2026-03-28 11:14:54 -07:00
test_provider_fallback.py
feat(providers): add ordered fallback provider chain (salvage #1761) (#3813)
2026-03-29 16:04:53 -07:00
test_provider_parity.py
fix: align Nous Portal model slugs with OpenRouter naming (#3253)
2026-03-26 13:49:43 -07:00
test_quick_commands.py
fix: thread safety for concurrent subagent delegation (#1672)
2026-03-17 02:53:33 -07:00
test_real_interrupt_subagent.py
fix: thread safety for concurrent subagent delegation (#1672)
2026-03-17 02:53:33 -07:00
test_reasoning_command.py
fix: prevent reasoning box from rendering 3x during tool-calling loops (#3405)
2026-03-27 09:57:50 -07:00
test_redirect_stdout_issue.py
test_resume_display.py
test_run_agent_codex_responses.py
fix(codex): handle reasoning-only responses and replay path (#2070)
2026-03-19 10:34:44 -07:00
test_run_agent.py
feat(providers): add ordered fallback provider chain (salvage #1761) (#3813)
2026-03-29 16:04:53 -07:00
test_runtime_provider_resolution.py
fix(provider): remove MiniMax /v1→/anthropic auto-correction to allow user override (#3553)
2026-03-28 11:36:59 -07:00
test_session_reset_fix.py
fix(session): clear compressor summary and turn counter on /clear and /new (#3102)
2026-03-25 18:22:21 -07:00
test_setup_model_selection.py
test_sql_injection.py
fix(security): eliminate SQL string formatting in execute() calls
2026-03-19 15:16:35 +01:00
test_streaming.py
fix(test): update streaming test to match PR #3566 behavior change (#3574)
2026-03-28 13:41:23 -07:00
test_surrogate_sanitization.py
fix: sanitize surrogate characters from clipboard paste to prevent UnicodeEncodeError (#3624)
2026-03-28 16:53:14 -07:00
test_timezone.py
fix: skip stale cron jobs on gateway restart instead of firing immediately
2026-03-16 23:48:14 -07:00
test_tool_call_parsers.py
fix(mistral-parser): handle nested JSON in fallback extraction
2026-03-21 09:41:17 -07:00
test_toolset_distributions.py
test_toolsets.py
test_trajectory_compressor.py
test_worktree_security.py
test_worktree.py