gooneyryan/hermes-webui
1
0
Fork 0
mirror of https://github.com/nesquena/hermes-webui.git synced 2026-05-24 02:36:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2800ebdcffb8908a81bf5cd2abe80533f198d880
hermes-webui/api
T
History
nesquena-hermes 2800ebdcff fix(workspace): allow adding external paths not under home directory (#991) 
The workspace add endpoint used resolve_trusted_workspace() which blocks any path
outside the user's home directory, the saved workspace list, or BOOT_DEFAULT_WORKSPACE.
This created a circular dependency: to add /mnt/d/Projects you need it in the saved
list, but to get it in the list you need to add it.

Fix: introduce validate_workspace_to_add() used by /api/workspaces/add, which only
blocks non-existent paths, non-directories, and known system roots. The stricter
resolve_trusted_workspace() is still used for actual file operations within a workspace.

Fixes #953.

Co-authored-by: nesquena-hermes <nesquena-hermes@users.noreply.github.com>
2026-04-24 13:04:36 -07:00
..
__init__.py
Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish
2026-03-31 07:02:47 +00:00
auth.py
fix(auth): persist sessions across restarts via STATE_DIR/.sessions.json (#962)
2026-04-24 11:21:41 -07:00
background.py
feat(commands): /background, /btw slash commands + undo button + reasoning chip
2026-04-24 01:24:51 +00:00
clarify.py
feat: harden clarify dialog flow and refresh recovery
2026-04-15 13:10:50 +08:00
commands.py
feat: slash command parity + skill autocomplete — v0.50.91 (PR #711)
2026-04-19 05:37:44 +00:00
config.py
fix(config): add .venv discovery paths in _discover_python (#949)
2026-04-24 10:45:23 -07:00
gateway_watcher.py
fix(sessions): surface gateway SSE failures and add polling fallback (#828)
2026-04-21 21:18:55 -07:00
helpers.py
fix: harden _accepts_gzip + update stale test assertions post-#959 (#981)
2026-04-24 11:41:17 -07:00
models.py
fix: fast conversation switching with metadata-first load (#959)
2026-04-24 11:35:14 -07:00
onboarding.py
fix: persist onboarding_completed for CLI-configured users on first chat_ready (#922)
2026-04-23 15:46:02 -07:00
profiles.py
fix(profiles): complete profile isolation via cookie + thread-local (#805)
2026-04-21 17:04:11 +00:00
providers.py
fix(ci): eliminate test_set_key flakiness — v0.50.161
2026-04-23 02:09:37 +00:00
routes.py
fix(workspace): allow adding external paths not under home directory (#991)
2026-04-24 13:04:36 -07:00
session_ops.py
fix: harden session persistence and per-session lock handling during streaming (v0.50.175, #910) (#910)
2026-04-23 14:25:43 -07:00
startup.py
fix(security): gate auto-install behind HERMES_WEBUI_AUTO_INSTALL=1 — v0.50.156
2026-04-22 20:49:28 +00:00
state_sync.py
security: bandit fixes B310/B324/B110 + QuietHTTPServer (#354)
2026-04-13 11:11:56 -07:00
streaming.py
fix: fast conversation switching with metadata-first load (#959)
2026-04-24 11:35:14 -07:00
updates.py
fix: update banner — conflict recovery path + server self-restart after update (#816)
2026-04-21 17:10:41 -07:00
upload.py
v0.50.25: mobile scroll, import timestamps, profile security, mic fallback (#404)
2026-04-13 22:11:45 -07:00
workspace.py
fix(workspace): allow adding external paths not under home directory (#991)
2026-04-24 13:04:36 -07:00