mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-21 03:39:54 +00:00
Teknium
d3120aeab0
Paired with commite0c03defd(enabled PLW1514 in pyproject.toml) and commit3dfb35700(added scripts/check-windows-footguns.py). Both commits noted that the corresponding workflow edits were held back because the authoring token lacked the `workflow` OAuth scope. New jobs, both separate from `lint-diff` so the advisory diff comment still posts when enforcement fails: - ruff-blocking: runs `ruff check .` against the explicit select list in pyproject.toml (currently PLW1514, which catches bare open() that defaults to locale encoding — cp1252 on Windows). No --exit-zero, no `|| true`; exit code propagates to the required-check gate. - windows-footguns: runs scripts/check-windows-footguns.py --all (380 files, stdlib-only, <2s). Covers 11 Windows-unsafe primitives — os.kill(pid, 0) bpo-14484 footgun, os.killpg, os.setsid/setpgrp, signal.SIGKILL/SIGHUP/SIGUSR* without getattr fallback, shebang scripts via subprocess, wmic without shutil.which guard, hardcoded ~/Desktop OneDrive trap, bare open() without encoding=, etc. Both jobs pin actions by SHA to match repo convention. tests/test_lint_config.py::test_workflow_has_blocking_ruff_step now finds the blocking step and passes.