hermes-agent

Files

Teknium ba6ffd4ff1 fix(skills-guard): stop flagging benign skill content + honor skill ignore files (#36231 )

The skill security scanner blocked legitimate community skills on three
intrinsic false-positive patterns:

- read_secrets_file matched `cat > file.env <<` heredocs (writing the
  user's own keys into their own local .env), not just `cat file.env`
  reads. Exclude output redirections.
- allowed-tools frontmatter is REQUIRED by the agent-skill spec; every
  compliant skill declares it. Drop from HIGH privilege_escalation to a
  LOW informational finding so it no longer drives the verdict.
- python_os_environ flagged `os.environ.get("CONFIG_VAR")` config reads
  as HIGH exfiltration. Exempt non-secret `.get()` reads; add a dedicated
  CRITICAL python_environ_get_secret pattern so secret-named reads
  (OPENAI_API_KEY etc.) are still caught.

Also: scan_skill() now honors a skill-provided .skillignore / .clawhubignore
(gitignore-style) so dev/docs artifacts shipped in a skill root are excluded
from both structural checks and pattern scanning. SKILL.md is never ignorable.

80 tests pass (64 existing + 16 new).

2026-06-01 01:58:48 -07:00

computer_use

style: restore PEP8 blank-line separation after dead-code removal

2026-05-29 04:22:27 -07:00

environments

fix(docker): support s6 /init images in terminal sandbox (#34628 ) (#34635 )

2026-06-01 13:46:04 +10:00

neutts_samples

refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow

2026-03-17 02:33:12 -07:00

__init__.py

Merge branch 'main' into rewbs/tool-use-charge-to-subscription

2026-03-31 08:48:54 +09:00

ansi_strip.py

fix: strip ANSI at the source — clean terminal output before it reaches the model

2026-03-23 07:43:12 -07:00

approval.py

fix(code-exec): restore approval context in execute_code RPC threads + guard entry

2026-05-29 03:44:49 -07:00

binary_extensions.py

fix(tools): address PR review — remove _extract_raw_output, BudgetConfig everywhere, read_file hardening

2026-04-08 02:24:32 -07:00

browser_camofox_state.py

feat(browser): add persistent Camofox sessions and VNC URL discovery (salvage #4400 ) (#4419 )

2026-04-01 04:18:50 -07:00

browser_camofox.py

fix(browser): rewrite Camofox Docker loopback URLs (#25541 )

2026-05-29 15:43:55 +10:00

browser_cdp_tool.py

chore: prune unused imports and duplicate import redefinitions

2026-05-28 22:26:25 -07:00

browser_dialog_tool.py

feat: auto-launch Chromium-family browser for CDP

2026-05-19 22:34:05 -07:00

browser_supervisor.py

fix(browser): recover from CDP DOM-node serialization crash in browser_console (#35385 )

2026-05-30 07:31:25 -07:00

browser_tool.py

fix(browser): recover from CDP DOM-node serialization crash in browser_console (#35385 )

2026-05-30 07:31:25 -07:00

budget_config.py

chore: remove Atropos RL environments and tinker-atropos integration (#26106 )

2026-05-15 10:36:38 +05:30

checkpoint_manager.py

chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937 )

2026-05-11 11:13:25 -07:00

clarify_gateway.py

feat(gateway): wire clarify tool with inline keyboard buttons on Telegram (#24199 )

2026-05-12 16:33:33 -07:00

clarify_tool.py

refactor: add tool_error/tool_result helpers + read_raw_config, migrate 129 callsites

2026-04-07 13:36:38 -07:00

code_execution_tool.py

fix(code-exec): make dropped HERMES_* env vars diagnosable in sandbox scrub

2026-05-29 03:44:49 -07:00

computer_use_tool.py

feat(computer-use): cua-driver backend, universal any-model schema

2026-05-08 11:07:38 -07:00

credential_files.py

remove Vercel AI Gateway and Vercel Sandbox (#33067 )

2026-05-27 00:43:32 -07:00

cronjob_tools.py

chore: prune unused imports and duplicate import redefinitions

2026-05-28 22:26:25 -07:00

debug_helpers.py

refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821 )

2026-04-07 10:25:31 -07:00

delegate_tool.py

fix(delegation): preserve configured_provider name when runtime returns 'custom'

2026-05-17 11:40:05 -07:00

discord_tool.py

feat: add Discord message deletion action

2026-05-07 05:11:09 -07:00

env_passthrough.py

harden(env_passthrough): apply GHSA-rhgp-j443-p4rf filter to config.yaml path (#27794 )

2026-05-25 03:35:23 -07:00

env_probe.py

feat(prompt): universal task-completion guidance + local Python toolchain probe (#34340 )

2026-05-28 22:26:09 -07:00

fal_common.py

refactor(image_gen): port FAL backend to plugins/image_gen/fal

2026-05-22 04:10:45 -07:00

feishu_doc_tool.py

perf(cli): cut ~19s from 'hermes' cold start (skills cache + lazy Feishu + no Nous HTTP) (#22138 )

2026-05-08 16:39:32 -07:00

feishu_drive_tool.py

perf(cli): cut ~19s from 'hermes' cold start (skills cache + lazy Feishu + no Nous HTTP) (#22138 )

2026-05-08 16:39:32 -07:00

file_operations.py

perf(read_file): make compact gutter the only format; drop HERMES_READ_GUTTER (#35532 )

2026-05-30 14:38:30 -07:00

file_state.py

feat(delegate): cross-agent file state coordination for concurrent subagents (#13718 )

2026-04-21 16:41:26 -07:00

file_tools.py

fix(file-tools): anchor relative-path resolution to absolute base; report resolved path (#35399 )

2026-05-30 07:55:36 -07:00

fuzzy_match.py

fix(patch): widen new_string \t/\r unescape to all match strategies (#33733 )

2026-05-28 03:27:20 -07:00

homeassistant_tool.py

fix: clean up description escaping, add string-data tests

2026-04-13 04:45:07 -07:00

image_generation_tool.py

feat(auth) normalise the way in which we check whether a user has free/paid access to nous portal so we can expose behaviour and error messages accordingly.

2026-05-28 00:19:31 -07:00

interrupt.py

fix(interrupt): propagate to concurrent-tool workers + opt-in debug trace (#11907 )

2026-04-17 20:39:25 -07:00

kanban_tools.py

feat(kanban): goal_mode cards run workers in a /goal loop (#35710 )

2026-05-31 01:16:33 -07:00

lazy_deps.py

security: pin patched Starlette (>=1.0.1) for CVE-2026-48710 BadHost (#35118 )

2026-05-29 23:23:54 -07:00

managed_tool_gateway.py

fix(managed-gateway): keep tool availability scans off the Nous token-refresh path

2026-05-30 07:58:08 -07:00

mcp_oauth_manager.py

fix(mcp-oauth): persist OAuth server metadata across process restarts (#21226 )

2026-05-07 05:35:33 -07:00

mcp_oauth.py

feat(mcp-oauth): accept 'skip' at paste prompt to bypass auth without disabling server (#32069 )

2026-05-25 05:37:30 -07:00

mcp_tool.py

fix(T5): replace time.sleep(0.25) with asyncio.sleep in MCP auth reconnect poll

2026-05-31 00:50:19 -07:00

memory_tool.py

chore: prune unused imports and duplicate import redefinitions

2026-05-28 22:26:25 -07:00

microsoft_graph_auth.py

feat(msgraph): add auth and client foundation

2026-05-08 09:27:26 -07:00

microsoft_graph_client.py

fix(msgraph): stream download_to_file body instead of buffering

2026-05-08 09:27:26 -07:00

mixture_of_agents_tool.py

chore: ruff auto-fix C401, C416, C408, PLR1722 (#23940 )

2026-05-11 11:20:58 -07:00

neutts_synth.py

fix(tts): document NeuTTS provider and align install guidance (#1903 )

2026-03-18 02:55:30 -07:00

openrouter_client.py

refactor: route ad-hoc LLM consumers through centralized provider router

2026-03-11 20:02:36 -07:00

osv_check.py

chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937 )

2026-05-11 11:13:25 -07:00

patch_parser.py

fix(lint): skip per-file shell linter when LSP will handle the file (#29054 )

2026-05-20 01:46:40 -05:00

path_security.py

refactor: extract shared helpers to deduplicate repeated code patterns (#7917 )

2026-04-11 13:59:52 -07:00

process_registry.py

Add Hermes desktop app (#20059 )

2026-05-31 17:46:56 -05:00

registry.py

security: sanitize tool error strings before injecting into model context (#26823 )

2026-05-16 00:57:39 -07:00

schema_sanitizer.py

fix(xai-responses): strip enum values containing '/' from tool schemas

2026-05-18 10:37:35 -07:00

send_message_tool.py

fix(tools): point email home-channel error at EMAIL_HOME_ADDRESS

2026-05-30 02:39:08 -07:00

session_search_tool.py

feat(session_search): single-shape tool with discovery, scroll, browse — no LLM (#27590 )

2026-05-17 23:28:45 -07:00

skill_manager_tool.py

fix(profiles): cross-profile soft guard on file-write tools + system-prompt hint (#31290 )

2026-05-24 00:38:17 -07:00

skill_provenance.py

fix(curator): only mark agent-created for background-review sediment (#19621 )

2026-05-04 02:42:16 -07:00

skill_usage.py

chore: prune unused imports and duplicate import redefinitions

2026-05-28 22:26:25 -07:00

skills_ast_audit.py

refactor(skills): slim AST diagnostic to single entry point

2026-05-23 17:47:26 -07:00

skills_guard.py

fix(skills-guard): stop flagging benign skill content + honor skill ignore files (#36231 )

2026-06-01 01:58:48 -07:00

skills_hub.py

feat(skills): categorize tap skills from skills.sh.json grouping sidecar

2026-05-29 12:24:39 -07:00

skills_sync.py

fix(skills): make _rmtree_writable handle read-only directories, not just files

2026-05-30 02:05:10 -07:00

skills_tool.py

style: restore PEP8 blank-line separation after dead-code removal

2026-05-29 04:22:27 -07:00

slash_confirm.py

fix(async): close unscheduled coroutines in all threadsafe bridges (#26584 )

2026-05-15 14:00:01 -07:00

terminal_tool.py

fix(tools): preserve live session cwd in terminal_tool, and keep ACP update_cwd authoritative

2026-05-31 23:50:40 +05:30

thread_context.py

fix(code-exec): propagate agent-turn context into tool worker threads

2026-05-29 03:44:49 -07:00

threat_patterns.py

feat(security): promptware defense — shared threat patterns + memory load-time scan + tool-result delimiters (#32269 )

2026-05-25 14:52:24 -07:00

tirith_security.py

fix(tirith): reject non-regular tar members during auto-install process

2026-05-28 02:49:26 -07:00

todo_tool.py

chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937 )

2026-05-11 11:13:25 -07:00

tool_backend_helpers.py

feat(tools): surface the free tool pool in entitlement + setup (#36153 )

2026-06-01 06:32:48 +05:30

tool_output_limits.py

fix: tool_output_limits re-reads config on every call (no caching)

2026-05-31 00:50:19 -07:00

tool_result_storage.py

fix(tool-result-storage): persist via stdin to bypass 128 KB exec-arg cap (#22913 )

2026-05-09 18:44:58 -07:00

tool_search.py

fix(tool-search): scope bridge catalog + dispatch to the session's toolsets

2026-05-29 02:04:12 -07:00

transcription_tools.py

Add Hermes desktop app (#20059 )

2026-05-31 17:46:56 -05:00

tts_tool.py

fix(stt,tts): restore mistralai — 2.4.8 is clean, ban lifted (#34841 )

2026-05-29 13:24:12 -07:00

url_safety.py

fix(url_safety): block IPv4-mapped IPv6 addresses to prevent SSRF bypass

2026-05-18 10:51:15 -07:00

video_generation_tool.py

chore: ruff auto-fix PLR6201 resweep — tuple → set in membership tests (#27355 )

2026-05-17 02:29:41 -07:00

vision_tools.py

fix(vision): cap embedded image size before it wedges a session (#35732 )

2026-05-31 00:12:09 -07:00

voice_mode.py

fix(voice): allow /voice over SSH when a sound server is reachable (#35719 )

2026-05-31 00:11:52 -07:00

web_tools.py

fix(managed-gateway): keep tool availability scans off the Nous token-refresh path

2026-05-30 07:58:08 -07:00

website_policy.py

chore(web): remove web_crawl tool + provider crawl plumbing (#33824 )

2026-05-28 04:52:42 -07:00

x_search_tool.py

chore: prune unused imports and duplicate import redefinitions

2026-05-28 22:26:25 -07:00

xai_http.py

feat(web): add xAI Web Search provider plugin

2026-05-19 19:27:34 -07:00

yuanbao_tools.py

Fix unsafe gateway media path delivery

2026-05-23 01:40:35 -07:00