gooneyryan/hermes-agent
0
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-21 03:39:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9520a1ccdfd4d735b9450fe8624c44ff7f54d5fd
hermes-agent/tests
T
History
OpenClaw Agent 9520a1ccdf fix(terminal): block sudo -S password guessing when SUDO_PASSWORD is not set 
Fixes #9590: Block explicit sudo -S (stdin password mode) commands
when the SUDO_PASSWORD environment variable is not configured.

The attack vector: the LLM constructs 'echo guessedpass | sudo -S cmd'
to brute-force sudo passwords, iterates based on sudo's error output
('Sorry, try again').  The existing _transform_sudo_command only
injects -S when SUDO_PASSWORD exists; without it, the LLM's explicit
sudo -S must be treated as a guessing attempt.

Changes:
- Add _check_sudo_stdin_guard() in approval.py: detects sudo -S when
  SUDO_PASSWORD is absent, anchored to command-start positions
  (^ ; && || | etc.) to avoid false positives on literal text
- Integrate into check_all_command_guards() above yolo/mode=off so
  the block is unconditional (like the hardline floor)
- Add 6 tests covering: detection, allow-list, SUDO_PASSWORD bypass,
  integration with check_all_command_guards, yolo non-bypass,
  container backend bypass
2026-05-11 06:56:30 -07:00
..
acp
fix(acp): preserve assistant reasoning metadata in session persistence
2026-05-05 10:18:28 -07:00
acp_adapter
fix: make session search initialize session db
2026-05-09 14:36:58 -07:00
agent
fix(auxiliary): cache 402'd providers as unhealthy with TTL to stop per-call retry storms (#23597)
2026-05-10 22:43:14 -07:00
cli
test: stabilize quick-command redaction test against xdist ordering
2026-05-10 22:12:23 -07:00
cron
fix(cron): avoid github skill false positives in scanner
2026-05-09 11:11:45 -07:00
e2e
fix(gateway): move quick-command dispatch before built-in handlers
2026-05-04 01:39:23 -07:00
environments/benchmarks
fakes
gateway
fix(discord): typing indicator task not cleaned up after API error
2026-05-10 22:41:26 -07:00
hermes_cli
fix(kanban): restore HERMES_KANBAN_BOARD after scoped slash override
2026-05-11 06:44:58 -07:00
hermes_state
honcho_plugin
integration
openviking_plugin
fix(openviking): pre-check fs/stat to route file URIs before hitting directory-only endpoints
2026-04-30 02:35:29 -07:00
plugins
test(kanban): remove stale t.summary assertion from search test
2026-05-10 21:44:37 -07:00
providers
feat(openrouter): wire Pareto Code router with min_coding_score knob (#22838)
2026-05-09 14:47:00 -07:00
run_agent
fix(kanban): call kanban_block on iteration-budget exhaustion to prevent protocol violation
2026-05-11 06:44:58 -07:00
skills
Add unit tests for hyperliquid skill functionality
2026-05-10 22:15:04 -07:00
stress
fix(kanban): gate claim + unblock on parent completion
2026-05-09 11:07:37 -07:00
tools
fix(terminal): block sudo -S password guessing when SUDO_PASSWORD is not set
2026-05-11 06:56:30 -07:00
tui_gateway
fix(tui): close slash parity gaps with CLI (#20339)
2026-05-05 15:42:39 -05:00
website
docs(skills): explain restoring bundled skills
2026-05-05 13:46:20 -07:00
__init__.py
conftest.py
test(conftest): plug every gateway-kill leak path (#23486)
2026-05-10 18:55:28 -07:00
run_interrupt_test.py
test_account_usage.py
test_atomic_replace_symlinks.py
test_base_url_hostname.py
test_batch_runner_checkpoint.py
test_cli_file_drop.py
test_cli_manual_compress.py
test_cli_skin_integration.py
fix(ci): stabilize main test suite regressions (#17660)
2026-04-29 23:18:55 -07:00
test_ctx_halving_fix.py
test_empty_model_fallback.py
test_evidence_store.py
test_get_tool_definitions_cache_isolation.py
fix(tools): isolate get_tool_definitions quiet_mode cache + dedup LCM injection (#17335)
2026-04-30 04:32:06 -07:00
test_hermes_bootstrap.py
fix(entry-points): guard hermes_bootstrap import so partial updates don't brick hermes (#22091)
2026-05-08 14:43:13 -07:00
test_hermes_constants.py
test(hermes_constants): cover parse_reasoning_effort()
2026-05-07 09:59:07 -07:00
test_hermes_home_profile_warning.py
fix(constants): warn once when get_hermes_home() falls back under an active profile (#18746)
2026-05-02 01:49:55 -07:00
test_hermes_logging.py
test_hermes_state_wal_fallback.py
fix(sqlite): fall back to journal_mode=DELETE on NFS/SMB/FUSE (#22043)
2026-05-09 02:09:35 -07:00
test_hermes_state.py
fix(session): route OR-combined short CJK tokens to LIKE fallback (#20494)
2026-05-09 17:53:02 -07:00
test_honcho_client_config.py
test_install_sh_pythonpath_sanitization.py
fix: harden install.sh against inherited Python env leakage
2026-05-06 04:02:02 -07:00
test_install_sh_setup_wizard_tty_probe.py
test_install_sh_termux_network_prereqs.py
fix: strengthen termux install network prerequisites
2026-05-07 13:04:08 -07:00
test_ipv4_preference.py
test_lazy_session_regressions.py
fix: resolve lazy session creation regressions (#18370 fallout) (#20363)
2026-05-06 01:11:49 +05:30
test_lint_config.py
lint: enable PLW1514 as a blocking ruff rule
2026-05-08 14:27:40 -07:00
test_live_system_guard_self_test.py
test(conftest): plug every gateway-kill leak path (#23486)
2026-05-10 18:55:28 -07:00
test_mcp_serve.py
fix(mcp): unwrap platforms key in channels_list
2026-05-07 13:41:16 -07:00
test_mini_swe_runner.py
test_minimax_model_validation.py
test_minimax_oauth.py
test_minisweagent_path.py
test_model_picker_scroll.py
test_model_tools_async_bridge.py
test_model_tools.py
test_ollama_num_ctx.py
test_packaging_metadata.py
test_plugin_skills.py
fix(skills): support category-qualified local skill names
2026-05-05 10:15:31 -07:00
test_process_loop_event_loop_warning.py
fix(cli): replace get_event_loop() with get_running_loop() to silence RuntimeWarning in process_loop thread (#19285)
2026-05-07 06:35:54 -07:00
test_project_metadata.py
test_retry_utils.py
test_sql_injection.py
test_subprocess_home_isolation.py
test_termux_all_extra_compat.py
fix: add termux-all install profile and safe fallbacks
2026-05-07 13:04:08 -07:00
test_timezone.py
test_toolset_distributions.py
test_toolsets.py
fix: merge plugin tools into builtin toolsets
2026-05-05 10:14:17 -07:00
test_trajectory_compressor_async.py
test_trajectory_compressor.py
test_transform_llm_output_hook.py
test+docs: cover transform_llm_output hook + release author map
2026-05-07 05:46:05 -07:00
test_transform_tool_result_hook.py
test_tui_gateway_server.py
Merge pull request #20942 from NousResearch/austin/fix/personality
2026-05-07 18:54:29 -04:00
test_utils_truthy_values.py
test_yuanbao_integration.py
test_yuanbao_markdown.py
test_yuanbao_pipeline.py
test_yuanbao_proto.py