Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 41 Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity
Files
c1606aed69f3685a6cc5d866f2d2c80fadcedbef
hermes-agent/tests/tools
History
Teknium cca0996a28 fix(browser): skip SSRF check for local backends (Camofox, headless Chromium) (#4292) 
The SSRF protection added in #3041 blocks all private/internal addresses
unconditionally in browser_navigate(). This prevents legitimate local use
cases (localhost apps, LAN devices) when using Camofox or the built-in
headless Chromium without a cloud provider.

The check is only meaningful for cloud backends (Browserbase, BrowserUse)
where the agent could reach internal resources on a remote machine. Local
backends give the user full terminal and network access already — the
SSRF check adds zero security value.

Add _is_local_backend() helper that returns True when Camofox is active
or no cloud provider is configured. Both the pre-navigation and
post-redirect SSRF checks now skip when running locally. The
browser.allow_private_urls config option remains available as an
explicit opt-out for cloud mode.
2026-03-31 10:40:13 -07:00
..
__init__.py
test_ansi_strip.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
test_approval.py
fix(security): catch sensitive path writes in approval checks (#3859)
2026-03-29 20:57:57 -07:00
test_browser_camofox.py
fix: URL-based auth for third-party Anthropic endpoints + CI test fixes (#4148)
2026-03-30 20:36:56 -07:00
test_browser_cdp_override.py
fix: normalize live Chrome CDP endpoints for browser tools
2026-03-19 10:17:03 -07:00
test_browser_cleanup.py
test_browser_console.py
test_browser_content_none_guard.py
fix(browser): guard LLM response content against None in snapshot and vision (#3642)
2026-03-28 17:25:04 -07:00
test_browser_homebrew_paths.py
fix: add macOS Homebrew paths to browser and terminal PATH resolution
2026-03-23 22:45:55 -07:00
test_browser_ssrf_local.py
fix(browser): skip SSRF check for local backends (Camofox, headless Chromium) (#4292)
2026-03-31 10:40:13 -07:00
test_checkpoint_manager.py
test_clarify_tool.py
test_clipboard.py
test_code_execution.py
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
test_command_guards.py
fix: make tirith block verdicts approvable instead of hard-blocking (#3428)
2026-03-27 13:22:01 -07:00
test_config_null_guard.py
fix: guard config.get() against YAML null values to prevent AttributeError (#3377)
2026-03-27 04:03:00 -07:00
test_credential_files.py
feat: mount skills directory into all remote backends with live sync (#3890)
2026-03-30 02:45:41 -07:00
test_cron_prompt_injection.py
test_cronjob_tools.py
test_daytona_environment.py
feat: mount skills directory into all remote backends with live sync (#3890)
2026-03-30 02:45:41 -07:00
test_debug_helpers.py
test_delegate_toolset_scope.py
fix(security): restrict subagent toolsets to parent's enabled set (#3269)
2026-03-26 14:50:26 -07:00
test_delegate.py
feat(auth): same-provider credential pools with rotation, custom endpoint support, and interactive CLI (#2647)
2026-03-31 03:10:01 -07:00
test_docker_environment.py
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
test_docker_find.py
test_env_passthrough.py
feat: env var passthrough for skills and user config (#2807)
2026-03-24 08:19:34 -07:00
test_file_operations.py
test_file_tools_live.py
test_file_tools.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
test_file_write_safety.py
test_force_dangerous_override.py
test_fuzzy_match.py
test_hidden_dir_filter.py
test_homeassistant_tool.py
test_honcho_tools.py
fix(banner): show honcho tools as available when configured (#3810)
2026-03-29 15:55:05 -07:00
test_interrupt.py
test_llm_content_none_guard.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
test_local_env_blocklist.py
fix: add macOS Homebrew paths to browser and terminal PATH resolution
2026-03-23 22:45:55 -07:00
test_local_persistent.py
fix(terminal): avoid merging heredoc EOF with fence wrapper (#3598)
2026-03-28 14:43:41 -07:00
test_mcp_dynamic_discovery.py
feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812)
2026-03-29 15:52:54 -07:00
test_mcp_oauth.py
fix(mcp-oauth): port mismatch, path traversal, and shared handler state (salvage #2521) (#2552)
2026-03-22 15:02:26 -07:00
test_mcp_probe.py
test_mcp_tool_issue_948.py
test_mcp_tool.py
fix: add MCP tool name collision protection (#3077)
2026-03-25 16:52:04 -07:00
test_memory_tool.py
test_mixture_of_agents_tool.py
test_modal_sandbox_fixes.py
refactor: replace swe-rex with native Modal SDK for Modal backend (#3538)
2026-03-28 11:21:44 -07:00
test_parse_env_var.py
test_patch_parser.py
fix: handle addition-only hunks in V4A patch parser (#3325)
2026-03-26 19:38:04 -07:00
test_process_registry.py
test_read_loop_detection.py
fix: remove post-compression file-read history injection (#2226)
2026-03-20 14:54:25 -07:00
test_registry.py
perf(ttft): salvage easy-win startup optimizations from #3346 (#3395)
2026-03-27 07:49:44 -07:00
test_rl_training_tool.py
test_search_hidden_dirs.py
test_send_message_missing_platforms.py
fix(tools): implement send_message routing for Matrix, Mattermost, HomeAssistant, DingTalk (#3796)
2026-03-29 15:17:46 -07:00
test_send_message_tool.py
test: replace real-looking WhatsApp jid in regression test
2026-03-17 15:38:37 +00:00
test_session_search.py
feat(sessions): add --source flag for third-party session isolation (#3255)
2026-03-26 14:35:31 -07:00
test_singularity_preflight.py
test_skill_env_passthrough.py
fix(skills): stop marking persisted env vars missing on remote backends (#3650)
2026-03-28 17:52:32 -07:00
test_skill_manager_tool.py
fix(skills): block category path traversal in skill manager (#3844)
2026-03-29 20:08:22 -07:00
test_skill_view_path_check.py
test_skill_view_traversal.py
test_skills_guard.py
fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251)
2026-03-26 13:40:21 -07:00
test_skills_hub_clawhub.py
test_skills_hub.py
fix(skills): validate hub bundle paths before install (#3986)
2026-03-30 08:37:19 -07:00
test_skills_sync.py
feat: nix flake — uv2nix build, NixOS module, persistent container mode (#20)
2026-03-26 01:08:02 +05:30
test_skills_tool.py
fix(skills): stop marking persisted env vars missing on remote backends (#3650)
2026-03-28 17:52:32 -07:00
test_ssh_environment.py
test_symlink_prefix_confusion.py
test_terminal_disk_usage.py
fix(terminal): log disk warning check failures at debug level (salvage #2372) (#2394)
2026-03-21 17:10:17 -07:00
test_terminal_requirements.py
refactor: replace swe-rex with native Modal SDK for Modal backend (#3538)
2026-03-28 11:21:44 -07:00
test_terminal_timeout_output.py
fix(terminal): preserve partial output when command times out (#3868)
2026-03-29 21:51:44 -07:00
test_terminal_tool_requirements.py
refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804)
2026-03-24 07:30:25 -07:00
test_tirith_security.py
test_todo_tool.py
test_transcription_tools.py
fix(acp): complete session management surface for editor clients (salvage #3501) (#3675)
2026-03-28 23:45:53 -07:00
test_transcription.py
feat(auth): same-provider credential pools with rotation, custom endpoint support, and interactive CLI (#2647)
2026-03-31 03:10:01 -07:00
test_url_safety.py
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
2026-03-23 15:40:42 -07:00
test_vision_tools.py
fix(vision): reject non-image files and enforce website policy (salvage #1940) (#3845)
2026-03-29 20:55:04 -07:00
test_voice_cli_integration.py
test_voice_mode.py
test_web_tools_config.py
feat(web): add Tavily as web search/extract/crawl backend (#1731)
2026-03-17 04:28:03 -07:00
test_web_tools_tavily.py
feat(web): add Tavily as web search/extract/crawl backend (#1731)
2026-03-17 04:28:03 -07:00
test_website_policy.py
fix: resolve 7 failing CI tests (#3936)
2026-03-30 08:10:14 -07:00
test_windows_compat.py
test_write_deny.py
test_yolo_mode.py