Commit Graph

1740 Commits

Author SHA1 Message Date
Rod Boev e77ca8dbac fix(#2698): keep the pinned home across isolated fallbacks 2026-06-20 00:48:20 +00:00
Rod Boev c7375c60c4 fix(#2698): clamp isolated profile lookups to the pinned home 2026-06-20 00:48:20 +00:00
Rod Boev 41f2015a32 fix(#2698): close isolated profile escape hatches 2026-06-20 00:48:20 +00:00
Rod Boev f086158c10 fix(#2698): keep isolated deployments on their own state and profile roots 2026-06-20 00:48:19 +00:00
Rod Boev c00bfab9f5 fix(#2698): keep isolated default-named profiles pinned 2026-06-20 00:48:19 +00:00
Rod Boev 498a5e73e3 fix(#2698): pin isolated runtime home to configured profile 2026-06-20 00:48:19 +00:00
Rod Boev 8da03dbbad Use HERMES_HOME path directly for isolated profile home resolution 2026-06-20 00:48:19 +00:00
Rod Boev 0291af5f85 Derive isolated profile name from HERMES_HOME path, not process-level default 2026-06-20 00:48:19 +00:00
Rod Boev a2ca2ff0c2 fix(profiles): snapshot HERMES_HOME at import time for isolation detection (#2698) 2026-06-20 00:48:19 +00:00
Rod Boev 35eced6f35 fix(profiles): broaden except clause and sanitize error in isolated mode (#2698) 2026-06-20 00:48:19 +00:00
Rod Boev 36dbe1a415 fix(profiles): return 403 for isolated-mode guards, fix fallback identity (#2698) 2026-06-20 00:48:19 +00:00
Rod Boev 963f7c3864 fix(profiles): honor isolated HERMES_HOME profile mode (#2698) 2026-06-20 00:48:19 +00:00
nesquena-hermes 9ade727e63 stage #4494: expose built-in personalities in WebUI config (#4465) + v0.51.525 CHANGELOG 2026-06-19 22:26:30 +00:00
nesquena-hermes 580a157ab1 stage #4447: opt-in chunked SSE for buffering proxies (#4447) + v0.51.524 CHANGELOG 2026-06-19 22:09:17 +00:00
nesquena-hermes 0fe707b2bf fix(wiki): reject hardlinked page files in allowlist + read revalidation (#4375 Codex gate)
Gate-found (Codex CORE, repro'd): a hardlink at a clean *.md page name can
carry an arbitrary inode (incl. one outside the wiki) through the O_NOFOLLOW +
inode-identity read check — O_NOFOLLOW does not block hardlinks. Reject any
page file with st_nlink > 1 in BOTH the allowlist walk and the read-path
revalidation. Pre-existing on master (the inode recapture predates this PR's
cache); closing it here while on the read path. +1 toothed regression test
(prime cache -> hardlink listed page to outside secret -> assert 404, no leak).

Co-authored-by: rodboev <rodboev@users.noreply.github.com>
2026-06-19 21:11:11 +00:00
Rod Boev 0c4894efe9 fix(wiki): lstat log fallback before reading headings (#4375) 2026-06-19 21:11:11 +00:00
Rod Boev 9242f1facb fix(wiki): bind status metadata to verified file identities (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev 82fd7d0166 fix(wiki): exclude unverified status-file metadata (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev 8e4d390366 fix(wiki): reject post-snapshot metadata races (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev 9a75a85d59 fix(wiki): keep status and browse metadata on verified identities (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev 0542d91824 fix(wiki): recheck status reads against allowlisted identity (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev db0bcaae8f fix(wiki): drop stale cached paths that no longer point to files (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev f93d1332df fix(wiki): align browse and status with page-path rules (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev b93cd10b40 fix(wiki): reject non-listed Windows path aliases (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev 10c8ae4e46 fix(wiki): reuse the checked page allowlist across wiki reads (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev 22bfed43ac fix(wiki): bind cached reads to the requested allowlisted page (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev 1dd0b5bbcf fix(wiki): keep cached reads inside their original section (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev e44fd2a6ac fix(wiki): reassert cached read-path containment (#4375) 2026-06-19 21:11:10 +00:00
Rod Boev 3f6369ae5c Address cross-provider review findings for browse-path resolve and test anchor 2026-06-19 21:11:10 +00:00
Rod Boev 46c3e495fc perf(wiki): cache resolved page allowlist and document hardlink trust boundary (#4375) 2026-06-19 21:11:09 +00:00
nesquena-hermes 0c8e6ebf27 stage #4488: scope live model provider keys (#4488) [CHANGELOG pending post-4506] 2026-06-19 20:43:31 +00:00
nesquena-hermes 87aefad22f stage #4489: scope imported sessions to active profile (#4489) + v0.51.521 CHANGELOG 2026-06-19 20:25:43 +00:00
nesquena-hermes 93c72adc8a stage #4486: untracked-file update collision recovery (#4310) [CHANGELOG pending post-4502] 2026-06-19 20:09:30 +00:00
nesquena-hermes 54089a0696 fix(streams): only reap stale ACTIVE_RUNS entries when worker is gone from STREAMS (#4492 Codex gate)
Gate-found: reaping on started_at age alone could pop a genuinely-live worker
that's mid-teardown past the 180s ceiling (active_stream_id cleared during final
writeback, STREAMS entry still present) — ACTIVE_RUNS is worker-lifecycle truth
for health/background-wakeup/agent-cache consumers. Add a 'not in STREAMS'
guard (snapshot taken sequentially before ACTIVE_RUNS_LOCK, no nesting) and pop
by the real dict key. +1 regression test (toothed). Keeps the anti-permanent-409
age behavior intact.

Co-authored-by: ai-ag2026 <ai-ag2026@users.noreply.github.com>
2026-06-19 19:53:04 +00:00
nesquena-hermes e74bae1d35 stage #4492: reconcile stale active-run registry (#4492) [CHANGELOG pending post-4501] 2026-06-19 19:53:04 +00:00
nesquena-hermes 4b7a17bf33 stage #4487: read-only memory write 403 (#4480) + v0.51.518 CHANGELOG 2026-06-19 19:22:43 +00:00
Frank Song fce927d5ac Fix pre-session toolsets staging 2026-06-19 18:35:04 +00:00
Rod Boev c6392902cd fix(gateway): correct approval URL and thread session history into runs API (#4479) 2026-06-19 13:16:39 -04:00
nesquena-hermes 83a479d7a5 fix(#4365): wrap /api/provider/quota in profile_env_for_active_request
Codex gate caught that the new load_pool() path runs under the process-default
profile (sibling endpoints /api/providers + /api/models/live already wrap).
Without it a multi-profile client sees+seeds the default profile's pool
(#4247/#4067 profile-isolation class).
2026-06-19 05:27:42 +00:00
nesquena-hermes 3dd2e9ddfe release: v0.51.512 — interrupted-turn user prompt no longer replays (#4393, #4283)
Maintainer fix on top: pass-4 recovered-user keep now uses actual kept
neighbours (was forward-scan-only → adjacent-user 400). + 3 regression tests.
Codex SAFE + Opus 'ship it' + suite 9575.

Co-authored-by: kaishi00 <kaishi00@users.noreply.github.com>

Closes #4393
Closes #4283
2026-06-19 05:23:51 +00:00
nesquena-hermes c845e14087 fix(#4283/#4393): pass-4 recovered-user keep decision uses actual kept neighbours
Codex+Opus gate caught that the forward-scan-only keep produced [user, _recovered
user, assistant] -> adjacent users -> strict-provider 400 once the anchoring
assistant's prev kept neighbour was a user. Keep a recovered user ONLY when it
separates two assistants (prev_kept==assistant AND next==assistant); mirror in
_api_safe_message_positions. + 3 regression tests.
2026-06-19 05:19:52 +00:00
nesquena-hermes 46f234f4fa release: v0.51.509 — notice when connected gateway can't do approvals (#4456, #4300)
Includes a showToast arg-order fix (4000ms,'warning') caught at gate.

Co-authored-by: rodboev <rodboev@users.noreply.github.com>

Closes #4456
2026-06-19 03:14:08 +00:00
nesquena-hermes fa92baa63d release: v0.51.506 — harden destructive workspace Git paths vs repo-local execution (#3879, #3777)
6-round RCE-class security hardening, converged. Codex SAFE (live exploit probes) + Opus SAFE (flag-off-reachability enumeration) + full suite 9508 on the byte-identical gated head. Nathan signed off.

Co-authored-by: Rod Boev <rod.boev@gmail.com>

Closes #3879
Closes #3777
2026-06-19 02:14:13 +00:00
nesquena-hermes b28ef26d15 harden: clear pending_user_source on the compression-snapshot load branch too (Opus symmetry nit) 2026-06-19 01:05:01 +00:00
nesquena-hermes 7827297011 Merge commit 'refs/pull/4439/head' of github.com:nesquena/hermes-webui into release/stage-4439b 2026-06-19 00:55:13 +00:00
nesquena-hermes af5fc4ff5e docs: note title-only UPDATE fallback gap in fingerprint comment (Opus/Codex follow-up) 2026-06-18 22:58:30 +00:00
nesquena-hermes d5ccaf0c27 fix(perf): fingerprint reads read-only + index-only MAX(rowid), no table scan / no lock stall (Codex gate)
Codex CORE findings on the fingerprint: (1) default busy timeout could stall
/api/sessions ~10s on a locked state.db; (2) COUNT(*) forced a full messages
table SCAN (~16-22ms/refresh on 200k rows). Fix: open file:...?mode=ro with
timeout=0.05 + PRAGMA busy_timeout=50 (returns fast, falls back to stat stamp on
lock), and use index-only MAX(rowid) per table (no COUNT, no scan). Verified:
EXPLAIN shows SEARCH not SCAN, 0.36ms on 200k msgs, 0.16ms while EXCLUSIVE-locked.
Fingerprint shape is now (sessions_max_rowid, messages_max_rowid); regression
tests updated.
2026-06-18 22:53:58 +00:00
nesquena-hermes f8d5ad2b1e fix(sessions): commit-reliable state.db content fingerprint in cache keys (real flake root cause)
Codex root-cause consult confirmed: the CLI-session cache (_CLI_SESSIONS_CACHE,
5s TTL) and session-list cache were keyed on (st_mtime_ns, st_size) of state.db
+ WAL sidecars. Under WAL-mode writes those stamps collide (same mtime-ns bucket
+ WAL frame size after checkpoint), serving a stale cache -> freshly-committed
gateway/CLI session intermittently absent from /api/sessions (the recurring
test_gateway_sync flake AND a real up-to-5s sidebar delay for gateway writes).

PRAGMA data_version is NOT usable here (fresh per-request connection always
reports its own initial value, never advances — verified). Fix = a cheap
content fingerprint (COUNT/MAX(rowid) over sessions+messages) read on a fresh
connection, which DOES advance on every commit and is immune to mtime
granularity. Wired into _sqlite_file_stat_cache_key (models) + the routes-layer
source stamp. + 3 regression tests + corrected the earlier false root-cause
comments.
2026-06-18 22:48:07 +00:00
Rod Boev b09796375f Keep process-wakeup tags through cancel and recovery paths 2026-06-18 18:33:29 -04:00
nesquena-hermes 1cc90e2955 fix: also invalidate session-list cache on show_previous_messaging_sessions toggle (Codex gate)
Codex completeness finding: show_previous_messaging_sessions is a third
visibility setting in the /api/sessions cache key (bypasses messaging dedupe)
with the same stale-cache bug. Added it to the invalidation tuple.
2026-06-18 22:25:32 +00:00