gooneyryan/hermes-webui
1
0
Fork 0
mirror of https://github.com/nesquena/hermes-webui.git synced 2026-05-25 11:10:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dfe765b60fcee5dc3e2de90021a8cd0a8f8e70a
hermes-webui/api
T
History
Hermes Agent 7c2b2785e7 stage-348: apply Opus SHOULD-FIX-pre-merge — add '://' to _SENSITIVE_LOWER_MARKERS 
Opus advisor flagged that PR #2171's credential prefilter only listed
specific DB scheme prefixes and form keys, letting OAuth callback URLs,
URL userinfo, signed-URL query params bypass the hard agent redactor.

Adding the generic '://' marker restores the WebUI-as-hard-safety-boundary
contract. Plain URLs without sensitive substrings still pass through
unchanged because the redactor itself only mutates sensitive substrings.

Regression-pinned with 5 new parametric cases in test_security_redaction.py
plus 1 negative-case companion. Verified test FAILS without the fix and
PASSES with it.
2026-05-13 16:54:36 +00:00
..
__init__.py
Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish
2026-03-31 07:02:47 +00:00
agent_health.py
fix(agent-health): treat stale running gateway as unknown
2026-05-11 23:13:09 +00:00
agent_sessions.py
fix: align fork lineage projection paths
2026-05-11 17:15:22 +08:00
auth.py
fix(stage-326): preserve SESSION_TTL constant + reconcile #1957 tests
2026-05-09 18:33:28 +00:00
background.py
feat(commands): /background, /btw slash commands + undo button + reasoning chip
2026-04-24 01:24:51 +00:00
clarify.py
feat(clarify): SSE long-connection for real-time clarify notifications (#1355)
2026-04-30 21:32:51 +00:00
commands.py
fix(security): drop unsafe-eval + add jsdelivr to CSP, sanitize plugin error
2026-05-11 17:53:02 +00:00
compression_anchor.py
docs: clarify compression anchor helpers
2026-05-12 01:43:16 -07:00
config.py
Merge pull request #2179 into stage-347
2026-05-13 07:33:45 +00:00
dashboard_probe.py
feat: link official Hermes dashboard
2026-05-05 01:23:55 +00:00
extensions.py
Opus pre-release follow-ups for PR #1445
2026-05-02 03:49:40 +00:00
gateway_watcher.py
release: v0.50.241 (#1293)
2026-04-29 19:54:07 -07:00
goals.py
fix(i18n): localize /goal runtime status strings
2026-05-10 15:21:24 +08:00
helpers.py
stage-348: apply Opus SHOULD-FIX-pre-merge — add '://' to _SENSITIVE_LOWER_MARKERS
2026-05-13 16:54:36 +00:00
kanban_bridge.py
stage-315 absorb: document handle_kanban_* three-valued return contract
2026-05-07 18:52:01 +00:00
metering.py
fix: show TPS in assistant message headers
2026-05-04 21:26:43 +00:00
models.py
Add worktree-backed session creation
2026-05-11 12:12:40 +08:00
oauth.py
fix(oauth): serialize Anthropic env fallback reads
2026-05-07 02:47:19 +00:00
onboarding.py
Fix Xiaomi API key env detection
2026-05-11 07:33:52 +08:00
profiles.py
docs: clarify compression anchor helpers
2026-05-12 01:43:16 -07:00
providers.py
fix(providers): load Codex quota from credential pool
2026-05-11 21:46:24 -06:00
request_diagnostics.py
fix: add request wedge diagnostics
2026-05-08 15:37:08 +00:00
rollback.py
v0.50.255: Opus follow-ups (4 fixes) + CHANGELOG
2026-05-01 17:19:53 +00:00
routes.py
Merge pull request #2171 into stage-348
2026-05-13 16:34:43 +00:00
session_ops.py
Show profile home in /status command (refs #463) (#1380)
2026-05-01 04:46:37 +00:00
session_recovery.py
fix: audit turn journal terminal collisions
2026-05-12 05:20:06 -07:00
startup.py
fix: P0 hotfixes — API regression, code block parser, chmod override
2026-05-01 12:10:48 +00:00
state_sync.py
security: bandit fixes B310/B324/B110 + QuietHTTPServer (#354)
2026-04-13 11:11:56 -07:00
streaming.py
fix: refresh context ring after compression
2026-05-13 14:02:28 +02:00
system_health.py
feat: add VPS resource health panel
2026-05-05 17:30:56 +00:00
terminal.py
absorb: address Opus review findings (security + correctness)
2026-04-29 05:06:34 +00:00
turn_journal.py
fix: audit turn journal terminal collisions
2026-05-12 05:20:06 -07:00
updates.py
fix: normalize update banner repository URLs
2026-05-05 08:29:00 -07:00
upload.py
Merge remote-tracking branch 'refs/remotes/pr/1229' into stage/batch-v0.50.238
2026-04-29 15:17:57 +00:00
workspace.py
refactor: reduce stale workspace recovery fix
2026-05-12 06:28:35 -06:00
worktrees.py
Harden worktree removal safeguards
2026-05-13 09:49:15 +08:00