745859babb
* feat: env var passthrough for skills and user config Skills that declare required_environment_variables now have those vars passed through to sandboxed execution environments (execute_code and terminal). Previously, execute_code stripped all vars containing KEY, TOKEN, SECRET, etc. and the terminal blocklist removed Hermes infrastructure vars — both blocked skill-declared env vars. Two passthrough sources: 1. Skill-scoped (automatic): when a skill is loaded via skill_view and declares required_environment_variables, vars that are present in the environment are registered in a session-scoped passthrough set. 2. Config-based (manual): terminal.env_passthrough in config.yaml lets users explicitly allowlist vars for non-skill use cases. Changes: - New module: tools/env_passthrough.py — shared passthrough registry - hermes_cli/config.py: add terminal.env_passthrough to DEFAULT_CONFIG - tools/skills_tool.py: register available skill env vars on load - tools/code_execution_tool.py: check passthrough before filtering - tools/environments/local.py: check passthrough in _sanitize_subprocess_env and _make_run_env - 19 new tests covering all layers * docs: add environment variable passthrough documentation Document the env var passthrough feature across four docs pages: - security.md: new 'Environment Variable Passthrough' section with full explanation, comparison table, and security considerations - code-execution.md: update security section, add passthrough subsection, fix comparison table - creating-skills.md: add tip about automatic sandbox passthrough - skills.md: add note about passthrough after secure setup docs Live-tested: launched interactive CLI, loaded a skill with required_environment_variables, verified TEST_SKILL_SECRET_KEY was accessible inside execute_code sandbox (value: passthrough-test-value-42).
106 lines
3.5 KiB
Python
106 lines
3.5 KiB
Python
"""Test that skill_view registers required env vars in the passthrough registry."""
|
|
|
|
import json
|
|
import os
|
|
from pathlib import Path
|
|
from unittest.mock import patch
|
|
|
|
import pytest
|
|
|
|
from tools.env_passthrough import clear_env_passthrough, is_env_passthrough, reset_config_cache
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _clean_passthrough():
|
|
clear_env_passthrough()
|
|
reset_config_cache()
|
|
yield
|
|
clear_env_passthrough()
|
|
reset_config_cache()
|
|
|
|
|
|
def _create_skill(tmp_path, name, frontmatter_extra=""):
|
|
"""Create a minimal skill directory with SKILL.md."""
|
|
skill_dir = tmp_path / name
|
|
skill_dir.mkdir(parents=True, exist_ok=True)
|
|
(skill_dir / "SKILL.md").write_text(
|
|
f"---\n"
|
|
f"name: {name}\n"
|
|
f"description: Test skill\n"
|
|
f"{frontmatter_extra}"
|
|
f"---\n\n"
|
|
f"# {name}\n\n"
|
|
f"Test content.\n"
|
|
)
|
|
return skill_dir
|
|
|
|
|
|
class TestSkillViewRegistersPassthrough:
|
|
def test_available_env_vars_registered(self, tmp_path, monkeypatch):
|
|
"""When a skill declares required_environment_variables and the var IS set,
|
|
it should be registered in the passthrough."""
|
|
_create_skill(
|
|
tmp_path,
|
|
"test-skill",
|
|
frontmatter_extra=(
|
|
"required_environment_variables:\n"
|
|
" - name: TENOR_API_KEY\n"
|
|
" prompt: Enter your Tenor API key\n"
|
|
),
|
|
)
|
|
monkeypatch.setattr(
|
|
"tools.skills_tool.SKILLS_DIR", tmp_path
|
|
)
|
|
# Set the env var so it's "available"
|
|
monkeypatch.setenv("TENOR_API_KEY", "test-value-123")
|
|
|
|
# Patch the secret capture callback to not prompt
|
|
with patch("tools.skills_tool._secret_capture_callback", None):
|
|
from tools.skills_tool import skill_view
|
|
|
|
result = json.loads(skill_view(name="test-skill"))
|
|
|
|
assert result["success"] is True
|
|
assert is_env_passthrough("TENOR_API_KEY")
|
|
|
|
def test_missing_env_vars_not_registered(self, tmp_path, monkeypatch):
|
|
"""When a skill declares required_environment_variables but the var is NOT set,
|
|
it should NOT be registered in the passthrough."""
|
|
_create_skill(
|
|
tmp_path,
|
|
"test-skill",
|
|
frontmatter_extra=(
|
|
"required_environment_variables:\n"
|
|
" - name: NONEXISTENT_SKILL_KEY_XYZ\n"
|
|
" prompt: Enter your key\n"
|
|
),
|
|
)
|
|
monkeypatch.setattr(
|
|
"tools.skills_tool.SKILLS_DIR", tmp_path
|
|
)
|
|
monkeypatch.delenv("NONEXISTENT_SKILL_KEY_XYZ", raising=False)
|
|
|
|
with patch("tools.skills_tool._secret_capture_callback", None):
|
|
from tools.skills_tool import skill_view
|
|
|
|
result = json.loads(skill_view(name="test-skill"))
|
|
|
|
assert result["success"] is True
|
|
assert not is_env_passthrough("NONEXISTENT_SKILL_KEY_XYZ")
|
|
|
|
def test_no_env_vars_skill_no_registration(self, tmp_path, monkeypatch):
|
|
"""Skills without required_environment_variables shouldn't register anything."""
|
|
_create_skill(tmp_path, "simple-skill")
|
|
monkeypatch.setattr(
|
|
"tools.skills_tool.SKILLS_DIR", tmp_path
|
|
)
|
|
|
|
with patch("tools.skills_tool._secret_capture_callback", None):
|
|
from tools.skills_tool import skill_view
|
|
|
|
result = json.loads(skill_view(name="simple-skill"))
|
|
|
|
assert result["success"] is True
|
|
from tools.env_passthrough import get_all_passthrough
|
|
assert len(get_all_passthrough()) == 0
|