Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 38 Pull Requests 2 Actions 18 Packages Projects Releases Wiki Activity
Files
d139f2c6d2b516c1631969414ac4a7490554a109
hermes-agent/tests/gateway
History
Allegro 10271c6b44
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Failing after 25s
Details
Tests / test (pull_request) Failing after 24s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 35s
Details
security: fix command injection vulnerabilities (CVSS 9.8) 
Replace shell=True with list-based subprocess execution to prevent
command injection via malicious user input.

Changes:
- tools/transcription_tools.py: Use shlex.split() + shell=False
- tools/environments/docker.py: List-based commands with container ID validation

Fixes CVE-level vulnerability where malicious file paths or container IDs
could inject arbitrary commands.

CVSS: 9.8 (Critical)
Refs: V-001 in SECURITY_AUDIT_REPORT.md
2026-03-30 23:15:11 +00:00
..
__init__.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_agent_cache.py
fix(gateway): fingerprint full auth token in agent cache signature (#3247)
2026-03-26 13:19:43 -07:00
test_allowlist_startup_check.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
test_api_server_jobs.py
fix(api-server): harden jobs API — input limits, field whitelist, startup check, tests
2026-03-22 04:18:18 -07:00
test_api_server_toolset.py
fix: add explicit hermes-api-server toolset for API server platform (#3304)
2026-03-26 18:02:26 -07:00
test_api_server.py
feat(api-server): add basic security headers (#3576)
2026-03-28 14:00:52 -07:00
test_approve_deny_commands.py
fix(gateway): replace bare text approval with /approve and /deny commands (#2002)
2026-03-18 16:58:20 -07:00
test_async_memory_flush.py
feat(gateway): proactive async memory flush on session expiry
2026-03-07 11:27:50 -08:00
test_background_command.py
fix(gateway): track background task references in GatewayRunner (#3254)
2026-03-26 14:33:48 -07:00
test_background_process_notifications.py
fix(gateway): persist watcher metadata in checkpoint for crash recovery (#1706)
2026-03-17 03:52:15 -07:00
test_base_topic_sessions.py
feat(discord): add message processing reactions (salvage #1980) (#3871)
2026-03-29 21:55:23 -07:00
test_channel_directory.py
fix: finish HERMES_HOME path cleanup
2026-03-13 21:35:07 -07:00
test_config_cwd_bridge.py
refactor(cli): implement approval locking mechanism to serialize concurrent requests
2026-03-13 23:59:18 -07:00
test_config.py
fix(gateway): apply home channel env overrides consistently (#3808)
2026-03-29 15:48:51 -07:00
test_delivery.py
fix: salvage gateway dedup and executor cleanup from PR #993
2026-03-14 11:03:20 -07:00
test_dingtalk.py
feat(gateway): add DingTalk platform adapter (#1685)
2026-03-17 03:04:58 -07:00
test_discord_bot_filter.py
feat(discord): add DISCORD_ALLOW_BOTS config for bot message filtering (inspired by openclaw)
2026-03-09 02:20:57 -07:00
test_discord_document_handling.py
feat(discord): add document caching and text-file injection (#2503)
2026-03-22 07:38:14 -07:00
test_discord_free_response.py
feat(discord): auto-thread on @mention + skip mention in bot threads
2026-03-15 07:59:55 -07:00
test_discord_imports.py
fix: defer discord adapter annotations
2026-03-14 09:32:05 -07:00
test_discord_media_metadata.py
feat(discord): add /thread command, auto_thread config, and media metadata fix (#1178)
2026-03-13 08:52:54 -07:00
test_discord_opus.py
fix: add macOS Homebrew Opus fallback and fix shutdown dict iteration
2026-03-14 14:27:21 +03:00
test_discord_reactions.py
feat(discord): add message processing reactions (salvage #1980) (#3871)
2026-03-29 21:55:23 -07:00
test_discord_send.py
fix: align salvaged Discord send test mock with current slash-command API
2026-03-14 21:44:50 -07:00
test_discord_slash_commands.py
fix(discord): properly route slash event handling in threads
2026-03-22 04:25:19 -07:00
test_discord_system_messages.py
fix(discord): ignore system messages in on_message handler (#2618)
2026-03-23 06:50:09 -07:00
test_discord_thread_persistence.py
fix(discord): persist thread participation across gateway restarts
2026-03-17 02:26:34 -07:00
test_dm_topics.py
fix: replace hardcoded ~/.hermes paths with get_hermes_home() for profile support
2026-03-28 13:51:08 -07:00
test_document_cache.py
fix(security): patch path traversal, size bypass, and prompt injection in document processing
2026-02-27 11:53:46 -05:00
test_email.py
fix(email): close SMTP and IMAP connections on failure (#3804)
2026-03-29 15:38:32 -07:00
test_extract_local_files.py
feat: auto-detect local file paths in gateway responses for native media delivery (#1640)
2026-03-17 01:47:34 -07:00
test_feishu.py
feat(gateway): add Feishu/Lark platform support (#3817)
2026-03-29 18:17:42 -07:00
test_flush_memory_stale_guard.py
fix(gateway): silence background agent terminal output (#3297)
2026-03-26 17:40:31 -07:00
test_gateway_shutdown.py
fix(gateway): track background task references in GatewayRunner (#3254)
2026-03-26 14:33:48 -07:00
test_homeassistant.py
fix: Home Assistant event filtering now closed by default (#1169)
2026-03-13 07:40:38 -07:00
test_honcho_lifecycle.py
fix(honcho): isolate session routing for multi-user gateway (#1500)
2026-03-16 00:23:47 -07:00
test_hooks.py
fix(tests): resolve 10 CI failures across hooks, tiktoken, plugins (#3848)
2026-03-29 20:05:59 -07:00
test_interrupt_key_match.py
test(gateway): cover photo burst interrupt regressions
2026-03-15 03:50:45 -07:00
test_matrix_voice.py
feat(matrix): support native voice messages via MSC3245 (#3877)
2026-03-30 00:02:51 -07:00
test_matrix.py
fix(matrix): harden e2ee access-token handling (#3562)
2026-03-28 12:13:35 -07:00
test_mattermost.py
feat(mattermost): configurable mention behavior — respond without @mention (#3664)
2026-03-28 22:17:43 -07:00
test_media_download_retry.py
fix: add download retry to cache_audio_from_url matching cache_image_from_url (#3401)
2026-03-28 17:28:38 -07:00
test_media_extraction.py
fix(gateway): prevent TTS voice messages from accumulating across turns
2026-02-28 03:38:27 -05:00
test_mirror.py
fix(gateway): isolate telegram forum topic sessions
2026-03-11 09:15:34 +01:00
test_pairing.py
test: strengthen assertions across 7 test files (batch 1)
2026-03-05 18:39:37 -08:00
test_pii_redaction.py
fix(privacy): skip PII redaction on Discord/Slack (mentions need real IDs)
2026-03-16 05:58:34 -07:00
test_plan_command.py
fix: save /plan output in workspace (#1381)
2026-03-14 21:28:51 -07:00
test_platform_base.py
fix: strip @botname from commands so /new@TigerNanoBot resolves correctly (#3581)
2026-03-28 14:01:01 -07:00
test_platform_reconnect.py
fix(gateway): exit with failure when all platforms fail with retryable errors (#3592)
2026-03-28 14:25:12 -07:00
test_queue_consumption.py
fix(gateway): process /queue'd messages after agent completion (#2469)
2026-03-22 04:56:13 -07:00
test_reasoning_command.py
fix: MCP toolset resolution for runtime and config (#3252)
2026-03-26 13:39:41 -07:00
test_resume_command.py
fix(honcho): isolate session routing for multi-user gateway (#1500)
2026-03-16 00:23:47 -07:00
test_retry_replacement.py
test: lock retry replacement semantics
2026-03-14 21:19:22 -07:00
test_retry_response.py
test(gateway): add regression test for /retry response fix
2026-03-10 23:34:52 -07:00
test_run_progress_topics.py
fix(gateway): scope progress thread fallback to Slack only (salvage #3414) (#3488)
2026-03-27 22:37:53 -07:00
test_runner_fatal_adapter.py
fix(gateway): exit with failure when all platforms fail with retryable errors (#3592)
2026-03-28 14:25:12 -07:00
test_runner_startup_failures.py
fix(gateway): restart on retryable startup failures (#1517)
2026-03-16 05:26:31 -07:00
test_send_image_file.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_send_retry.py
fix(gateway): retry transient send failures and notify user on exhaustion (#3288)
2026-03-26 17:37:10 -07:00
test_session_env.py
fix: preserve thread context for cronjob deliver=origin
2026-03-15 06:57:00 -07:00
test_session_hygiene.py
fix(gateway): preserve transcript on /compress and hygiene compression (salvage #3516) (#3556)
2026-03-28 12:23:43 -07:00
test_session_info.py
feat(gateway): surface session config on /new, /reset, and auto-reset (#3321)
2026-03-26 19:27:58 -07:00
test_session_race_guard.py
fix(gateway): track background task references in GatewayRunner (#3254)
2026-03-26 14:33:48 -07:00
test_session_reset_notify.py
feat(gateway): notify users when session auto-resets (#2519)
2026-03-22 09:33:39 -07:00
test_session.py
fix: gateway token double-counting — use absolute set instead of increment (#3317)
2026-03-26 19:13:07 -07:00
test_signal.py
fix: URL-encode Signal phone numbers and correct attachment RPC parameter (#3670)
2026-03-28 23:45:28 -07:00
test_slack.py
fix: resolve 7 failing CI tests (#3936)
2026-03-30 08:10:14 -07:00
test_sms.py
feat: add SMS (Twilio) platform adapter
2026-03-17 03:14:53 -07:00
test_sse_agent_cancel.py
fix(api-server): cancel orphaned agent + true interrupt on SSE disconnect (salvage #3399) (#3427)
2026-03-27 11:33:19 -07:00
test_ssl_certs.py
fix(gateway): SSL certificate auto-detection for NixOS and non-standard systems
2026-03-15 23:04:34 -07:00
test_status_command.py
feat: add route-aware pricing estimates (#1695)
2026-03-17 03:44:44 -07:00
test_status.py
fix(gateway): detect script-style gateway processes for --replace
2026-03-18 03:12:59 -07:00
test_sticker_cache.py
test: add unit tests for 8 untested modules (batch 3) (#191)
2026-03-01 05:28:12 -08:00
test_stream_consumer.py
security: fix command injection vulnerabilities (CVSS 9.8)
2026-03-30 23:15:11 +00:00
test_stt_config.py
fix: restore local STT fallback for gateway voice notes
2026-03-15 21:51:40 -07:00
test_telegram_conflict.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_telegram_documents.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_telegram_format.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_telegram_group_gating.py
feat(telegram): add group mention gating and regex triggers (#3870)
2026-03-29 21:53:59 -07:00
test_telegram_network_reconnect.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_telegram_network.py
fix(telegram): honor proxy env vars in fallback transport (salvage #3411) (#3591)
2026-03-28 14:23:27 -07:00
test_telegram_photo_interrupts.py
test(gateway): cover photo burst interrupt regressions
2026-03-15 03:50:45 -07:00
test_telegram_reply_mode.py
feat(telegram): auto-discover fallback IPs via DoH when api.telegram.org is unreachable (#3376)
2026-03-27 04:03:13 -07:00
test_telegram_text_batching.py
fix(telegram): aggregate split text messages before dispatching (#1674)
2026-03-17 02:49:57 -07:00
test_telegram_thread_fallback.py
fix(telegram): fall back to no thread_id on 'Message thread not found' (#3390)
2026-03-27 06:07:28 -07:00
test_title_command.py
fix(test): add missing _voice_mode attr to GatewayRunner test stubs
2026-03-14 14:27:20 +03:00
test_transcript_offset.py
fix(gateway): use filtered history length for transcript message extraction
2026-03-04 21:34:40 +03:00
test_unauthorized_dm_behavior.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
test_update_command.py
fix(gateway): fall back to sys.executable -m hermes_cli.main when hermes not on PATH
2026-03-14 12:15:51 -07:00
test_verbose_command.py
feat: config-gated /verbose command for messaging gateway (#3262)
2026-03-26 14:41:04 -07:00
test_voice_command.py
fix(voice): enable TTS voice reply when streaming is active (#2322)
2026-03-21 08:08:37 -07:00
test_webhook_adapter.py
feat(gateway): add webhook platform adapter for external event triggers
2026-03-20 06:33:36 -07:00
test_webhook_dynamic_routes.py
feat(webhook): hermes webhook CLI + skill for event-driven subscriptions (#3578)
2026-03-28 14:33:35 -07:00
test_webhook_integration.py
feat(gateway): add webhook platform adapter for external event triggers
2026-03-20 06:33:36 -07:00
test_wecom.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
test_whatsapp_connect.py
fix(whatsapp): reuse persistent aiohttp session across requests (#3818)
2026-03-29 16:25:20 -07:00
test_whatsapp_reply_prefix.py
feat: OpenAI-compatible API server + WhatsApp configurable reply prefix (#1756)
2026-03-17 10:44:37 -07:00