Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 42 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d3d5b895f65e03d7bde9acdc145c836a35db5ee2
hermes-agent/tests/tools
History
Teknium 38d8446011 feat: implement MCP OAuth 2.1 PKCE client support (#5420) 
Implement tools/mcp_oauth.py — the OAuth adapter that mcp_tool.py's
existing auth: oauth hook has been waiting for.

Components:
- HermesTokenStorage: persists tokens + client registration to
  HERMES_HOME/mcp-tokens/<server>.json with 0o600 permissions
- Callback handler factory: per-flow isolated HTTP handlers (safe for
  concurrent OAuth flows across multiple MCP servers)
- OAuthClientProvider integration: wraps the MCP SDK's httpx.Auth
  subclass which handles discovery, DCR, PKCE, token exchange,
  refresh, and step-up auth (403 insufficient_scope) automatically
- Non-interactive detection: warns when gateway/cron environments
  try to OAuth without cached tokens
- Pre-registered client support: injects client_id/secret from config
  for servers that don't support Dynamic Client Registration (e.g. Slack)
- Path traversal protection on server names
- remove_oauth_tokens() for cleanup

Config format:
  mcp_servers:
    sentry:
      url: 'https://mcp.sentry.dev/mcp'
      auth: oauth
      oauth:                          # all optional
        client_id: '...'              # skip DCR
        client_secret: '...'          # confidential client
        scope: 'read write'           # server-provided by default

Also passes oauth config dict through from mcp_tool.py (was passing
only server_name and url before).

E2E verified: full OAuth flow (401 → discovery → DCR → authorize →
token exchange → authenticated request → tokens persisted) against
local test servers. 23 unit tests + 186 MCP suite tests pass.
2026-04-05 22:08:00 -07:00
..
__init__.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_ansi_strip.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
test_approval.py
fix(gateway): isolate approval session key per turn
2026-04-03 17:50:01 -07:00
test_browser_camofox_persistence.py
feat(browser): add persistent Camofox sessions and VNC URL discovery (salvage #4400) (#4419)
2026-04-01 04:18:50 -07:00
test_browser_camofox_state.py
fix: restore _config_version to 11 (reverted by stale-branch merge in #4419) (#4440)
2026-04-01 04:34:04 -07:00
test_browser_camofox.py
fix: URL-based auth for third-party Anthropic endpoints + CI test fixes (#4148)
2026-03-30 20:36:56 -07:00
test_browser_cdp_override.py
fix: normalize live Chrome CDP endpoints for browser tools
2026-03-19 10:17:03 -07:00
test_browser_cleanup.py
Fix browser cleanup consistency and screenshot recovery
2026-03-14 11:28:26 -07:00
test_browser_console.py
fix: add browser_console to browser toolset and core tools list (#1084)
2026-03-17 02:02:57 -07:00
test_browser_content_none_guard.py
fix(browser): guard LLM response content against None in snapshot and vision (#3642)
2026-03-28 17:25:04 -07:00
test_browser_homebrew_paths.py
fix: add macOS Homebrew paths to browser and terminal PATH resolution
2026-03-23 22:45:55 -07:00
test_browser_secret_exfil.py
fix: rewrite test mock secrets and add redaction fixture
2026-04-01 12:03:56 -07:00
test_browser_ssrf_local.py
fix(browser): skip SSRF check for local backends (Camofox, headless Chromium) (#4292)
2026-03-31 10:40:13 -07:00
test_checkpoint_manager.py
fix: reduce file tool log noise
2026-03-13 22:14:00 -07:00
test_clarify_tool.py
test(tools): add unit tests for clarify_tool.py
2026-02-27 03:29:26 -05:00
test_clipboard.py
fix(cli): respect HERMES_HOME in all remaining hardcoded ~/.hermes paths
2026-03-13 21:32:53 -07:00
test_code_execution.py
fix: remove stale test skips, fix regex backtracking, file search bug, and test flakiness
2026-04-04 10:18:57 -07:00
test_command_guards.py
fix: make tirith block verdicts approvable instead of hard-blocking (#3428)
2026-03-27 13:22:01 -07:00
test_config_null_guard.py
fix: guard config.get() against YAML null values to prevent AttributeError (#3377)
2026-03-27 04:03:00 -07:00
test_credential_files.py
feat: wire skills.external_dirs into all remaining discovery paths
2026-04-03 21:14:42 -07:00
test_cron_prompt_injection.py
fix: cron prompt injection scanner bypass for multi-word variants
2026-02-26 13:55:54 +03:00
test_cronjob_tools.py
fix(tools): remove unnecessary crontab requirement from cronjob tool (#1638)
2026-03-17 01:40:02 -07:00
test_daytona_environment.py
feat: mount skills directory into all remote backends with live sync (#3890)
2026-03-30 02:45:41 -07:00
test_debug_helpers.py
fix(tests): isolate HERMES_HOME in tests and adjust log directory for debug session
2026-03-02 04:34:21 -08:00
test_delegate_toolset_scope.py
fix(security): restrict subagent toolsets to parent's enabled set (#3269)
2026-03-26 14:50:26 -07:00
test_delegate.py
fix: keep ACP stdout protocol-clean
2026-04-05 12:05:13 -07:00
test_docker_environment.py
feat: add docker_env config for explicit container environment variables (#4738)
2026-04-03 23:30:12 -07:00
test_docker_find.py
fix: Docker backend fails when docker is not in PATH (macOS gateway)
2026-03-10 20:45:13 -07:00
test_env_passthrough.py
feat: env var passthrough for skills and user config (#2807)
2026-03-24 08:19:34 -07:00
test_file_operations.py
fix: search_files now reports error for non-existent paths instead of silent empty results
2026-03-08 16:47:20 -07:00
test_file_read_guards.py
feat(file_tools): harden read_file with size guard, dedup, and device blocking (#4315)
2026-03-31 12:53:19 -07:00
test_file_staleness.py
fix(file_tools): refresh staleness timestamp after writes (#4390)
2026-04-01 00:50:08 -07:00
test_file_tools_live.py
fix: remove stale test skips, fix regex backtracking, file search bug, and test flakiness
2026-04-04 10:18:57 -07:00
test_file_tools.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
test_file_write_safety.py
fix(security): harden terminal safety and sandbox file writes (#1653)
2026-03-17 02:22:12 -07:00
test_force_dangerous_override.py
fix(skills): honor policy table for dangerous verdicts
2026-03-14 11:27:02 -07:00
test_fuzzy_match.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_hidden_dir_filter.py
fix: use Path.parts for hidden directory filter in skill listing
2026-03-04 18:34:16 +03:00
test_homeassistant_tool.py
fix: add service domain blocklist and entity_id validation to HA tools
2026-03-01 11:53:50 +03:00
test_interrupt.py
feat: concurrent tool execution with ThreadPoolExecutor
2026-03-13 02:51:51 -07:00
test_llm_content_none_guard.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
test_local_env_blocklist.py
fix: add macOS Homebrew paths to browser and terminal PATH resolution
2026-03-23 22:45:55 -07:00
test_local_persistent.py
fix(terminal): avoid merging heredoc EOF with fence wrapper (#3598)
2026-03-28 14:43:41 -07:00
test_managed_browserbase_and_modal.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
test_managed_media_gateways.py
Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway.
2026-03-30 13:28:10 +09:00
test_managed_modal_environment.py
fix(tests): fix 11 real test failures + major cascade poisoner (#4570)
2026-04-02 08:43:06 -07:00
test_managed_tool_gateway.py
Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway.
2026-03-30 13:28:10 +09:00
test_mcp_dynamic_discovery.py
feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812)
2026-03-29 15:52:54 -07:00
test_mcp_oauth.py
feat: implement MCP OAuth 2.1 PKCE client support (#5420)
2026-04-05 22:08:00 -07:00
test_mcp_probe.py
fix: remove stale test skips, fix regex backtracking, file search bug, and test flakiness
2026-04-04 10:18:57 -07:00
test_mcp_stability.py
fix(mcp): stability fix pack — reload timeout, shutdown cleanup, event loop handler, OAuth non-blocking (#4757)
2026-04-03 02:29:20 -07:00
test_mcp_tool_issue_948.py
fix: remove stale test skips, fix regex backtracking, file search bug, and test flakiness
2026-04-04 10:18:57 -07:00
test_mcp_tool.py
fix(gateway): normalize step_callback prev_tools for backward compat
2026-04-02 20:54:27 -07:00
test_memory_tool.py
fix(memory): profile-scoped memory isolation and clone support (#4845)
2026-04-03 13:10:11 -07:00
test_mixture_of_agents_tool.py
refactor: tighten MoA traceback logging scope (#1307)
2026-03-14 07:53:56 -07:00
test_modal_sandbox_fixes.py
refactor: replace swe-rex with native Modal SDK for Modal backend (#3538)
2026-03-28 11:21:44 -07:00
test_modal_snapshot_isolation.py
Fixes and refactors enabled by recent updates to main.
2026-03-31 09:29:59 +09:00
test_osv_check.py
feat: OSV malware check for MCP extension packages (#5305)
2026-04-05 12:46:07 -07:00
test_parse_env_var.py
fix(docker): add explicit env allowlist for container credentials (#1436)
2026-03-17 02:34:35 -07:00
test_patch_parser.py
fix: handle addition-only hunks in V4A patch parser (#3325)
2026-03-26 19:38:04 -07:00
test_process_registry.py
fix(gateway): persist watcher metadata in checkpoint for crash recovery (#1706)
2026-03-17 03:52:15 -07:00
test_read_loop_detection.py
fix: remove post-compression file-read history injection (#2226)
2026-03-20 14:54:25 -07:00
test_registry.py
perf(ttft): salvage easy-win startup optimizations from #3346 (#3395)
2026-03-27 07:49:44 -07:00
test_rl_training_tool.py
fix: call _stop_training_run on early-return failure paths
2026-03-10 17:09:51 -07:00
test_search_hidden_dirs.py
fix: exclude hidden directories from find/grep search backends (#1558)
2026-03-17 02:02:57 -07:00
test_send_message_missing_platforms.py
fix(tools): implement send_message routing for Matrix, Mattermost, HomeAssistant, DingTalk (#3796)
2026-03-29 15:17:46 -07:00
test_send_message_tool.py
fix: resolve listed messaging targets consistently
2026-04-05 11:59:28 -07:00
test_session_search.py
feat(sessions): add --source flag for third-party session isolation (#3255)
2026-03-26 14:35:31 -07:00
test_singularity_preflight.py
fix(tests): use case-insensitive regex in singularity preflight tests
2026-03-16 19:01:39 +03:00
test_skill_env_passthrough.py
fix(skills): stop marking persisted env vars missing on remote backends (#3650)
2026-03-28 17:52:32 -07:00
test_skill_improvements.py
feat(skills): size limits for agent writes + fuzzy matching for patch (#4414)
2026-04-01 04:19:19 -07:00
test_skill_manager_tool.py
feat(skills): size limits for agent writes + fuzzy matching for patch (#4414)
2026-04-01 04:19:19 -07:00
test_skill_size_limits.py
feat(skills): size limits for agent writes + fuzzy matching for patch (#4414)
2026-04-01 04:19:19 -07:00
test_skill_view_path_check.py
refactor: use Path.is_relative_to() for skill_view boundary check
2026-03-04 05:30:43 -08:00
test_skill_view_traversal.py
fix(security): block path traversal in skill_view file_path (fixes #220)
2026-03-02 02:00:09 -08:00
test_skills_guard.py
fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251)
2026-03-26 13:40:21 -07:00
test_skills_hub_clawhub.py
fix: improve clawhub skill search matching
2026-03-14 23:15:04 -07:00
test_skills_hub.py
fix(skills): validate hub bundle paths before install (#3986)
2026-03-30 08:37:19 -07:00
test_skills_sync.py
feat: nix flake — uv2nix build, NixOS module, persistent container mode (#20)
2026-03-26 01:08:02 +05:30
test_skills_tool.py
fix(skills): stop marking persisted env vars missing on remote backends (#3650)
2026-03-28 17:52:32 -07:00
test_ssh_environment.py
merge: resolve conflicts with origin/main (SSH preflight check)
2026-03-15 21:13:40 -07:00
test_symlink_prefix_confusion.py
fix: use is_relative_to() for symlink boundary check in skills_guard
2026-03-04 17:23:23 +03:00
test_terminal_disk_usage.py
fix(terminal): log disk warning check failures at debug level (salvage #2372) (#2394)
2026-03-21 17:10:17 -07:00
test_terminal_exit_semantics.py
feat: add exit code context for common CLI tools in terminal results (#5144)
2026-04-04 16:57:24 -07:00
test_terminal_requirements.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
test_terminal_timeout_output.py
fix(terminal): preserve partial output when command times out (#3868)
2026-03-29 21:51:44 -07:00
test_terminal_tool_requirements.py
Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway.
2026-03-30 13:28:10 +09:00
test_tirith_security.py
fix: send_animation metadata, MarkdownV2 inline code splitting, tirith cosign-free install (#1626)
2026-03-16 23:39:41 -07:00
test_todo_tool.py
fix: update test_non_empty_has_markers to match todo filtering behavior
2026-03-08 23:07:38 +03:00
test_transcription_tools.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
test_transcription.py
feat(auth): same-provider credential pools with rotation, custom endpoint support, and interactive CLI (#2647)
2026-03-31 03:10:01 -07:00
test_url_safety.py
fix(security): add SSRF protection to vision_tools and web_tools (hardened)
2026-03-23 15:40:42 -07:00
test_vision_tools.py
fix(vision): reject non-image files and enforce website policy (salvage #1940) (#3845)
2026-03-29 20:55:04 -07:00
test_voice_cli_integration.py
fix: voice pipeline hardening — 7 bug fixes with tests
2026-03-14 14:27:21 +03:00
test_voice_mode.py
fix: allow voice mode in WSL when PulseAudio bridge is configured
2026-03-31 12:13:33 -07:00
test_web_tools_config.py
Merge branch 'main' into rewbs/tool-use-charge-to-subscription
2026-03-31 08:48:54 +09:00
test_web_tools_tavily.py
feat(web): add Tavily as web search/extract/crawl backend (#1731)
2026-03-17 04:28:03 -07:00
test_website_policy.py
fix: resolve 7 failing CI tests (#3936)
2026-03-30 08:10:14 -07:00
test_windows_compat.py
fix: guard POSIX-only process functions for Windows compatibility
2026-03-01 01:54:27 +03:00
test_write_deny.py
fix: resolve symlink bypass in write deny list on macOS
2026-02-26 13:30:55 +03:00
test_yolo_mode.py
fix(security): harden terminal safety and sandbox file writes (#1653)
2026-03-17 02:22:12 -07:00