openclaw/hermes-agent
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity
Files
186bf25cb11077b8c158dbfc1f768e48bc28b0db
hermes-agent/website
History
m0n3r0 f378f00bfb fix(feishu): validate verification token before reflecting url_verification challenge 
When FEISHU_VERIFICATION_TOKEN is configured, an unauthenticated remote
could previously prove endpoint control by sending a url_verification
payload with any attacker-controlled challenge string — the handler
reflected the challenge BEFORE running the token check.

Move the verification_token check ahead of the url_verification echo so
the challenge response is gated on a valid token. Add a regression test
covering the wrong-token case. Also fix the stale
test_connect_webhook_mode_starts_local_server fixture to set
FEISHU_VERIFICATION_TOKEN (post #30746 webhook mode requires a secret).

Salvaged from PR #29663 by @m0n3r0 — kept the url_verification reorder
and its regression test; dropped the host-conditional weakening of the
#30746 secret guard (we want webhook secrets required regardless of
bind host, not only on 0.0.0.0/::).

Docs updated to call out the gating.

Co-authored-by: teknium1 <127238744+teknium1@users.noreply.github.com>
2026-05-24 04:51:19 -07:00
..
docs
fix(feishu): validate verification token before reflecting url_verification challenge
2026-05-24 04:51:19 -07:00
i18n
feat(kanban): warn users that scratch workspaces are deleted on completion (#30949)
2026-05-23 11:27:00 -07:00
scripts
fix(docs): unique sidebar keys for duplicate skill categories (#26726)
2026-05-15 20:29:20 -07:00
src
docs(user-stories): add 116 stories from the Hermes Discord archive (#23436)
2026-05-10 15:21:40 -07:00
static
rebuild model catalog
2026-05-11 09:54:31 -07:00
.gitignore
docs: publish llms.txt and llms-full.txt for agent-friendly ingestion (#18276)
2026-04-30 23:17:14 -07:00
docusaurus.config.ts
docs: add Korean Kanban documentation
2026-05-18 21:42:13 -07:00
package-lock.json
chore(deps): bump mermaid from 11.13.0 to 11.15.0 in /website (#24011)
2026-05-19 09:19:06 -04:00
package.json
feat(profile): shareable profile distributions via git (#20831)
2026-05-08 10:04:32 -07:00
README.md
docs: replace ASCII diagrams with Mermaid/lists, add linting note
2026-03-21 17:58:30 -07:00
sidebars.ts
docs: dedicated Nous Portal integration page and setup guide (#31296)
2026-05-23 21:07:58 -07:00
tsconfig.json
feat: add documentation website (Docusaurus)
2026-03-05 05:24:55 -08:00

README.md

Website

This website is built using Docusaurus, a modern static website generator.

Installation

yarn

Local Development

yarn start

This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.

Build

yarn build

This command generates static content into the build directory and can be served using any static contents hosting service.

Deployment

Using SSH:

USE_SSH=true yarn deploy

Not using SSH:

GIT_USER=<Your GitHub username> yarn deploy

If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the gh-pages branch.

Diagram Linting

CI runs ascii-guard to lint docs for ASCII box diagrams. Use Mermaid (````mermaid`) or plain lists/tables instead of ASCII boxes to avoid CI failures.