gooneyryan/hermes-webui
1
0
Fork 0
mirror of https://github.com/nesquena/hermes-webui.git synced 2026-05-30 13:40:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f2f7224b8d89729267b6ff42632242264b4cc958
hermes-webui/api
T
History
bergeouss f2f7224b8d fix: add zip-bomb protection and partial extraction cleanup 
- Add cumulative extraction size limit (_MAX_EXTRACTED_BYTES = 200 MB)
  that tracks uncompressed file sizes during extraction to guard against
  zip/tar bombs (small compressed archives that expand to huge sizes).
- On any extraction failure (disk full, corrupted member, size limit),
  clean up the partially-extracted destination directory to avoid
  leaving orphaned folders in the workspace.
2026-04-29 04:31:59 +00:00
..
__init__.py
Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish
2026-03-31 07:02:47 +00:00
agent_sessions.py
fix: batch triage — 12 contributor PRs (v0.50.227) (#1168)
2026-04-27 13:34:59 -07:00
auth.py
fix(auth): persist sessions across restarts via STATE_DIR/.sessions.json (#962)
2026-04-24 11:21:41 -07:00
background.py
feat(commands): /background, /btw slash commands + undo button + reasoning chip
2026-04-24 01:24:51 +00:00
clarify.py
feat: harden clarify dialog flow and refresh recovery
2026-04-15 13:10:50 +08:00
commands.py
feat: slash command parity + skill autocomplete — v0.50.91 (PR #711)
2026-04-19 05:37:44 +00:00
config.py
fix: address review feedback — restore V3 as legacy, fix zai base_url
2026-04-29 04:31:16 +00:00
gateway_watcher.py
v0.50.207: batch of 10 PRs — TPS stat, SSE guard, session polish, cron UX, folder create, model errors, session speed, title gen (#1031)
2026-04-25 13:07:35 -07:00
helpers.py
v0.50.223: model picker, idle retry, drag-drop, CSP, clipboard copy (#1127)
2026-04-26 15:29:02 -07:00
metering.py
v0.50.207: batch of 10 PRs — TPS stat, SSE guard, session polish, cron UX, folder create, model errors, session speed, title gen (#1031)
2026-04-25 13:07:35 -07:00
models.py
fix: retry stale repair after lock contention
2026-04-29 04:31:37 +00:00
onboarding.py
fix: address review feedback — restore V3 as legacy, fix zai base_url
2026-04-29 04:31:16 +00:00
profiles.py
fix: batch v0.50.234-235 — XSS hardening, workspace validation, profile switch fixes (#1206)
2026-04-27 21:39:30 -07:00
providers.py
feat: show model names in provider cards + scan custom_providers
2026-04-29 04:31:15 +00:00
routes.py
feat: upload and extract zip/tar archives into workspace (#525)
2026-04-29 04:31:59 +00:00
session_ops.py
fix: batch triage — 12 contributor PRs (v0.50.227) (#1168)
2026-04-27 13:34:59 -07:00
startup.py
fix(security): gate auto-install behind HERMES_WEBUI_AUTO_INSTALL=1 — v0.50.156
2026-04-22 20:49:28 +00:00
state_sync.py
security: bandit fixes B310/B324/B110 + QuietHTTPServer (#354)
2026-04-13 11:11:56 -07:00
streaming.py
fix: harden session sidecar repair
2026-04-29 04:31:36 +00:00
updates.py
fix: update banner — conflict recovery path + server self-restart after update (#816)
2026-04-21 17:10:41 -07:00
upload.py
fix: add zip-bomb protection and partial extraction cleanup
2026-04-29 04:31:59 +00:00
workspace.py
fix: batch v0.50.234-235 — XSS hardening, workspace validation, profile switch fixes (#1206)
2026-04-27 21:39:30 -07:00