Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 62 Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity
Files
aa389924ad1bb0076b203b41fc15dc423abdee5c
hermes-agent/tests/tools
History
Teknium 5e67fc8c40 fix(vision): reject non-image files and enforce website policy (salvage #1940) (#3845) 
Three safety gaps in vision_analyze_tool:

1. Local files accepted without checking if they're actually images —
   a renamed text file would get base64-encoded and sent to the model.
   Now validates magic bytes (PNG, JPEG, GIF, BMP, WebP, SVG).

2. No website policy enforcement on image URLs — blocked domains could
   be fetched via the vision tool. Now checks before download.

3. No redirect check — if an allowed URL redirected to a blocked domain,
   the download would proceed. Now re-checks the final URL.

Fixed one test that needed _validate_image_url mocked to bypass DNS
resolution on the fake blocked.test domain (is_safe_url does DNS
checks that were added after the original PR).

Co-authored-by: GutSlabs <GutSlabs@users.noreply.github.com>
2026-03-29 20:55:04 -07:00
..
__init__.py
test_ansi_strip.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
test_approval.py
fix: add self-termination guard for pkill/killall targeting hermes/gateway (#3593)
2026-03-28 14:33:48 -07:00
test_browser_cdp_override.py
test_browser_cleanup.py
test_browser_console.py
test_browser_content_none_guard.py
fix(browser): guard LLM response content against None in snapshot and vision (#3642)
2026-03-28 17:25:04 -07:00
test_browser_homebrew_paths.py
fix: add macOS Homebrew paths to browser and terminal PATH resolution
2026-03-23 22:45:55 -07:00
test_checkpoint_manager.py
test_clarify_tool.py
test_clipboard.py
test_code_execution.py
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
test_command_guards.py
fix: make tirith block verdicts approvable instead of hard-blocking (#3428)
2026-03-27 13:22:01 -07:00
test_config_null_guard.py
fix: guard config.get() against YAML null values to prevent AttributeError (#3377)
2026-03-27 04:03:00 -07:00
test_credential_files.py
feat: mount skill credential files + fix env passthrough for remote backends (#3671)
2026-03-28 23:53:40 -07:00
test_cron_prompt_injection.py
test_cronjob_tools.py
test_daytona_environment.py
test_debug_helpers.py
test_delegate_toolset_scope.py
fix(security): restrict subagent toolsets to parent's enabled set (#3269)
2026-03-26 14:50:26 -07:00
test_delegate.py
test_docker_environment.py
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
test_docker_find.py
test_env_passthrough.py
feat: env var passthrough for skills and user config (#2807)
2026-03-24 08:19:34 -07:00
test_file_operations.py
test_file_tools_live.py
test_file_tools.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
test_file_write_safety.py
test_force_dangerous_override.py
test_fuzzy_match.py
test_hidden_dir_filter.py
test_homeassistant_tool.py
test_honcho_tools.py
fix(banner): show honcho tools as available when configured (#3810)
2026-03-29 15:55:05 -07:00
test_interrupt.py
test_llm_content_none_guard.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
test_local_env_blocklist.py
fix: add macOS Homebrew paths to browser and terminal PATH resolution
2026-03-23 22:45:55 -07:00
test_local_persistent.py
fix(terminal): avoid merging heredoc EOF with fence wrapper (#3598)
2026-03-28 14:43:41 -07:00
test_mcp_dynamic_discovery.py
feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812)
2026-03-29 15:52:54 -07:00
test_mcp_oauth.py
fix(mcp-oauth): port mismatch, path traversal, and shared handler state (salvage #2521) (#2552)
2026-03-22 15:02:26 -07:00
test_mcp_probe.py
test_mcp_tool_issue_948.py
test_mcp_tool.py
fix: add MCP tool name collision protection (#3077)
2026-03-25 16:52:04 -07:00
test_memory_tool.py
test_mixture_of_agents_tool.py
test_modal_sandbox_fixes.py
refactor: replace swe-rex with native Modal SDK for Modal backend (#3538)
2026-03-28 11:21:44 -07:00
test_parse_env_var.py
test_patch_parser.py
fix: handle addition-only hunks in V4A patch parser (#3325)
2026-03-26 19:38:04 -07:00
test_process_registry.py
test_read_loop_detection.py
fix: remove post-compression file-read history injection (#2226)
2026-03-20 14:54:25 -07:00
test_registry.py
perf(ttft): salvage easy-win startup optimizations from #3346 (#3395)
2026-03-27 07:49:44 -07:00
test_rl_training_tool.py
test_search_hidden_dirs.py
test_send_message_missing_platforms.py
fix(tools): implement send_message routing for Matrix, Mattermost, HomeAssistant, DingTalk (#3796)
2026-03-29 15:17:46 -07:00
test_send_message_tool.py
test_session_search.py
feat(sessions): add --source flag for third-party session isolation (#3255)
2026-03-26 14:35:31 -07:00
test_singularity_preflight.py
test_skill_env_passthrough.py
fix(skills): stop marking persisted env vars missing on remote backends (#3650)
2026-03-28 17:52:32 -07:00
test_skill_manager_tool.py
fix(skills): block category path traversal in skill manager (#3844)
2026-03-29 20:08:22 -07:00
test_skill_view_path_check.py
test_skill_view_traversal.py
test_skills_guard.py
fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251)
2026-03-26 13:40:21 -07:00
test_skills_hub_clawhub.py
test_skills_hub.py
fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251)
2026-03-26 13:40:21 -07:00
test_skills_sync.py
feat: nix flake — uv2nix build, NixOS module, persistent container mode (#20)
2026-03-26 01:08:02 +05:30
test_skills_tool.py
fix(skills): stop marking persisted env vars missing on remote backends (#3650)
2026-03-28 17:52:32 -07:00
test_ssh_environment.py
test_symlink_prefix_confusion.py
test_terminal_disk_usage.py
fix(terminal): log disk warning check failures at debug level (salvage #2372) (#2394)
2026-03-21 17:10:17 -07:00
test_terminal_requirements.py
refactor: replace swe-rex with native Modal SDK for Modal backend (#3538)
2026-03-28 11:21:44 -07:00
test_terminal_tool_requirements.py
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
test_tirith_security.py
test_todo_tool.py
test_transcription_tools.py
fix(acp): complete session management surface for editor clients (salvage #3501) (#3675)
2026-03-28 23:45:53 -07:00
test_transcription.py
test_url_safety.py
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
2026-03-23 15:40:42 -07:00
test_vision_tools.py
fix(vision): reject non-image files and enforce website policy (salvage #1940) (#3845)
2026-03-29 20:55:04 -07:00
test_voice_cli_integration.py
test_voice_mode.py
test_web_tools_config.py
test_web_tools_tavily.py
test_website_policy.py
fix(security): add SSRF protection to browser_navigate (#3058)
2026-03-25 15:16:57 -07:00
test_windows_compat.py
test_write_deny.py
test_yolo_mode.py