gooneyryan/hermes-webui
1
0
Fork 0
mirror of https://github.com/nesquena/hermes-webui.git synced 2026-06-07 01:12:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0a2dabc730659938710a2ef57e2736fa3dec9b90
hermes-webui/api
T
History
nesquena-hermes 0a2dabc730 stage-batch36: tighten #3064 MEDIA: token gate to non-user-role messages 
Per Opus advisor on stage-batch36: skip role='user' messages in
_session_media_token_allows_image_path so a user-injected MEDIA: token
cannot mint an allow-list entry for the user's own request. Preserves
the original use case (assistant/tool emitted artifacts outside the
active workspace) while making the implicit threat model explicit.

Defense-in-depth — the single-user WebUI scope means same-origin user
input already had the same effective access, but multi-user / shared
WebUI deployments would benefit from the restriction.
2026-05-28 18:20:25 +00:00
..
__init__.py
Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish
2026-03-31 07:02:47 +00:00
agent_health.py
fix(agent_health): detect profile-scoped gateway.pid for correct status
2026-05-25 10:35:37 +00:00
agent_sessions.py
fix: keep webui mirrored sessions out of cli filter
2026-05-28 00:51:12 +02:00
auth.py
Stage-batch14: add HERMES_WEBUI_PASSKEY feature flag for #2859 passkey support
2026-05-25 00:16:12 +00:00
background.py
feat(commands): /background, /btw slash commands + undo button + reasoning chip
2026-04-24 01:24:51 +00:00
clarify.py
chore: address review notes — dedup comment and 409-path clarification
2026-05-20 19:57:20 +00:00
commands.py
fix(security): drop unsafe-eval + add jsdelivr to CSP, sanitize plugin error
2026-05-11 17:53:02 +00:00
compression_anchor.py
fix(compression): ignore tool output for compaction cards
2026-05-25 11:27:15 +08:00
config.py
fix: route openai-codex through models.dev so GPT-5.5 exposes xhigh
2026-05-27 21:38:06 -06:00
dashboard_probe.py
fix: preserve IPv6 dashboard link brackets
2026-05-19 21:35:10 -04:00
extensions.py
Opus pre-release follow-ups for PR #1445
2026-05-02 03:49:40 +00:00
gateway_chat.py
Merge PR #3077
2026-05-28 17:47:56 +00:00
gateway_watcher.py
release: v0.50.241 (#1293)
2026-04-29 19:54:07 -07:00
goals.py
fix(i18n): localize /goal runtime status strings
2026-05-10 15:21:24 +08:00
helpers.py
fix: vendor math and yaml assets for CSP
2026-05-26 23:49:02 +02:00
kanban_bridge.py
perf(http): enable HTTP/1.1 keep-alive
2026-05-24 18:26:56 +00:00
metering.py
fix: show TPS in assistant message headers
2026-05-04 21:26:43 +00:00
models.py
Merge PR #3059
2026-05-28 17:47:34 +00:00
oauth.py
fix(oauth): serialize Anthropic env fallback reads
2026-05-07 02:47:19 +00:00
onboarding.py
Classify onboarding DNS probe failures consistently
2026-05-15 08:51:30 +08:00
passkeys.py
feat: support passkey-only auth
2026-05-25 00:14:38 +00:00
profiles.py
fix(profiles): write API key to .env instead of config.yaml on profile creation
2026-05-28 15:45:17 +08:00
providers.py
feat: sort configured/custom providers to top in model picker and settings
2026-05-22 16:13:46 +00:00
request_diagnostics.py
fix: add request wedge diagnostics
2026-05-08 15:37:08 +00:00
rollback.py
v0.50.255: Opus follow-ups (4 fixes) + CHANGELOG
2026-05-01 17:19:53 +00:00
routes.py
stage-batch36: tighten #3064 MEDIA: token gate to non-user-role messages
2026-05-28 18:20:25 +00:00
run_journal.py
fix(chat): classify interrupted response causes
2026-05-25 02:06:42 +02:00
runtime_adapter.py
Stage 398: PR #2696 — feat(runtime): add runner-local adapter selection (RuntimeAdapter slice 4c, feature-flagged)
2026-05-21 17:43:54 +00:00
session_discoverability.py
Merge PR #3048
2026-05-28 17:47:33 +00:00
session_events.py
sync session list from server events
2026-05-20 08:18:56 -06:00
session_lifecycle.py
fix: align WebUI memory commits with CLI boundaries
2026-05-17 05:04:57 -06:00
session_ops.py
fix(session): preserve sidecar truncation boundary
2026-05-25 21:21:15 +08:00
session_recovery.py
fix(session): rebuild missing startup index
2026-05-20 23:43:30 +08:00
skill_usage.py
fix: remove webui-side writer to avoid conflict with agent
2026-05-27 20:57:32 +08:00
startup.py
fix: P0 hotfixes — API regression, code block parser, chmod override
2026-05-01 12:10:48 +00:00
state_sync.py
Stage 406: PR #2827 — fix(state-sync): pass profile explicitly so background-thread DB writes hit the right state.db (#2762) by @Koraji95-coder
2026-05-24 18:57:40 +00:00
streaming.py
Merge PR #3059
2026-05-28 17:47:34 +00:00
system_health.py
feat: add VPS resource health panel
2026-05-05 17:30:56 +00:00
terminal.py
fix(terminal): harden supervisor lifecycle and eliminate timeout race conditions
2026-05-25 20:45:17 +05:00
turn_journal.py
fix: lock turn journal appends
2026-05-15 16:39:45 -07:00
updates.py
fix: reattach SSE on session-switch return + close leaked stream connections (#2925)
2026-05-28 02:48:17 +00:00
upload.py
fix: report stored upload filenames
2026-05-28 08:33:50 -04:00
usage.py
fix: display canonical cache hit percentage
2026-05-19 02:27:12 -06:00
workspace_git.py
fix(workspace): tighten git subprocess trust boundary
2026-05-20 11:02:45 +00:00
workspace.py
feat(workspace): add backend Git operations
2026-05-20 04:51:41 +00:00
worktrees.py
Harden worktree removal safeguards
2026-05-13 09:49:15 +08:00