molecule-ai/hermes-agent
38
0
Fork 0
Code Issues 5 Pull Requests 7 Actions Packages Projects Releases Wiki Activity
712aa44325
hermes-agent/tests/tools
History
0xbyt4 712aa44325 security: block secret exfiltration via browser URLs and auxiliary LLM calls 
Three exfiltration vectors closed:

1. Browser URL exfil — agent could embed secrets in URL params and
   navigate to attacker-controlled server. Now scans URLs for known
   API key patterns before navigating (browser_navigate, web_extract).

2. Browser snapshot leak — page displaying env vars or API keys would
   send secrets to auxiliary LLM via _extract_relevant_content before
   run_agent.py's redaction layer sees the result. Now redacts snapshot
   text before the auxiliary call.

3. Camofox annotation leak — accessibility tree text sent to vision
   LLM could contain secrets visible on screen. Now redacts annotation
   context before the vision call.

10 new tests covering URL blocking, snapshot redaction, and annotation
redaction for both browser and camofox backends.
2026-04-01 12:03:56 -07:00
..
__init__.py
test_ansi_strip.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
test_approval.py fix(security): catch sensitive path writes in approval checks (#3859) 2026-03-29 20:57:57 -07:00
test_browser_camofox_persistence.py feat(browser): add persistent Camofox sessions and VNC URL discovery (salvage #4400) (#4419) 2026-04-01 04:18:50 -07:00
test_browser_camofox_state.py fix: restore _config_version to 11 (reverted by stale-branch merge in #4419) (#4440) 2026-04-01 04:34:04 -07:00
test_browser_camofox.py fix: URL-based auth for third-party Anthropic endpoints + CI test fixes (#4148) 2026-03-30 20:36:56 -07:00
test_browser_cdp_override.py fix: normalize live Chrome CDP endpoints for browser tools 2026-03-19 10:17:03 -07:00
test_browser_cleanup.py
test_browser_console.py fix: add browser_console to browser toolset and core tools list (#1084) 2026-03-17 02:02:57 -07:00
test_browser_content_none_guard.py fix(browser): guard LLM response content against None in snapshot and vision (#3642) 2026-03-28 17:25:04 -07:00
test_browser_homebrew_paths.py fix: add macOS Homebrew paths to browser and terminal PATH resolution 2026-03-23 22:45:55 -07:00
test_browser_secret_exfil.py security: block secret exfiltration via browser URLs and auxiliary LLM calls 2026-04-01 12:03:56 -07:00
test_browser_ssrf_local.py fix(browser): skip SSRF check for local backends (Camofox, headless Chromium) (#4292) 2026-03-31 10:40:13 -07:00
test_checkpoint_manager.py
test_clarify_tool.py
test_clipboard.py
test_code_execution.py refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804) 2026-03-24 07:30:25 -07:00
test_command_guards.py fix: make tirith block verdicts approvable instead of hard-blocking (#3428) 2026-03-27 13:22:01 -07:00
test_config_null_guard.py fix: guard config.get() against YAML null values to prevent AttributeError (#3377) 2026-03-27 04:03:00 -07:00
test_credential_files.py fix: apply same path traversal checks to config-based credential files 2026-03-31 12:16:37 -07:00
test_cron_prompt_injection.py
test_cronjob_tools.py
test_daytona_environment.py feat: mount skills directory into all remote backends with live sync (#3890) 2026-03-30 02:45:41 -07:00
test_debug_helpers.py
test_delegate_toolset_scope.py fix(security): restrict subagent toolsets to parent's enabled set (#3269) 2026-03-26 14:50:26 -07:00
test_delegate.py feat(auth): same-provider credential pools with rotation, custom endpoint support, and interactive CLI (#2647) 2026-03-31 03:10:01 -07:00
test_docker_environment.py refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804) 2026-03-24 07:30:25 -07:00
test_docker_find.py
test_env_passthrough.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
test_file_operations.py
test_file_read_guards.py feat(file_tools): harden read_file with size guard, dedup, and device blocking (#4315) 2026-03-31 12:53:19 -07:00
test_file_staleness.py fix(file_tools): refresh staleness timestamp after writes (#4390) 2026-04-01 00:50:08 -07:00
test_file_tools_live.py
test_file_tools.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
test_file_write_safety.py fix(security): harden terminal safety and sandbox file writes (#1653) 2026-03-17 02:22:12 -07:00
test_force_dangerous_override.py
test_fuzzy_match.py
test_hidden_dir_filter.py
test_homeassistant_tool.py
test_honcho_tools.py fix(banner): show honcho tools as available when configured (#3810) 2026-03-29 15:55:05 -07:00
test_interrupt.py
test_llm_content_none_guard.py fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449) 2026-03-27 15:28:19 -07:00
test_local_env_blocklist.py fix: add macOS Homebrew paths to browser and terminal PATH resolution 2026-03-23 22:45:55 -07:00
test_local_persistent.py fix(terminal): avoid merging heredoc EOF with fence wrapper (#3598) 2026-03-28 14:43:41 -07:00
test_mcp_dynamic_discovery.py feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812) 2026-03-29 15:52:54 -07:00
test_mcp_oauth.py fix(mcp-oauth): port mismatch, path traversal, and shared handler state (salvage #2521) (#2552) 2026-03-22 15:02:26 -07:00
test_mcp_probe.py feat: interactive MCP tool configuration in hermes tools (#1694) 2026-03-17 03:48:44 -07:00
test_mcp_tool_issue_948.py
test_mcp_tool.py fix: add MCP tool name collision protection (#3077) 2026-03-25 16:52:04 -07:00
test_memory_tool.py
test_mixture_of_agents_tool.py
test_modal_sandbox_fixes.py refactor: replace swe-rex with native Modal SDK for Modal backend (#3538) 2026-03-28 11:21:44 -07:00
test_parse_env_var.py fix(docker): add explicit env allowlist for container credentials (#1436) 2026-03-17 02:34:35 -07:00
test_patch_parser.py fix: handle addition-only hunks in V4A patch parser (#3325) 2026-03-26 19:38:04 -07:00
test_process_registry.py fix(gateway): persist watcher metadata in checkpoint for crash recovery (#1706) 2026-03-17 03:52:15 -07:00
test_read_loop_detection.py fix: remove post-compression file-read history injection (#2226) 2026-03-20 14:54:25 -07:00
test_registry.py perf(ttft): salvage easy-win startup optimizations from #3346 (#3395) 2026-03-27 07:49:44 -07:00
test_rl_training_tool.py
test_search_hidden_dirs.py fix: exclude hidden directories from find/grep search backends (#1558) 2026-03-17 02:02:57 -07:00
test_send_message_missing_platforms.py fix(tools): implement send_message routing for Matrix, Mattermost, HomeAssistant, DingTalk (#3796) 2026-03-29 15:17:46 -07:00
test_send_message_tool.py test: replace real-looking WhatsApp jid in regression test 2026-03-17 15:38:37 +00:00
test_session_search.py feat(sessions): add --source flag for third-party session isolation (#3255) 2026-03-26 14:35:31 -07:00
test_singularity_preflight.py
test_skill_env_passthrough.py fix(skills): stop marking persisted env vars missing on remote backends (#3650) 2026-03-28 17:52:32 -07:00
test_skill_improvements.py feat(skills): size limits for agent writes + fuzzy matching for patch (#4414) 2026-04-01 04:19:19 -07:00
test_skill_manager_tool.py feat(skills): size limits for agent writes + fuzzy matching for patch (#4414) 2026-04-01 04:19:19 -07:00
test_skill_size_limits.py feat(skills): size limits for agent writes + fuzzy matching for patch (#4414) 2026-04-01 04:19:19 -07:00
test_skill_view_path_check.py
test_skill_view_traversal.py
test_skills_guard.py fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251) 2026-03-26 13:40:21 -07:00
test_skills_hub_clawhub.py
test_skills_hub.py fix(skills): validate hub bundle paths before install (#3986) 2026-03-30 08:37:19 -07:00
test_skills_sync.py feat: nix flake — uv2nix build, NixOS module, persistent container mode (#20) 2026-03-26 01:08:02 +05:30
test_skills_tool.py fix(skills): stop marking persisted env vars missing on remote backends (#3650) 2026-03-28 17:52:32 -07:00
test_ssh_environment.py
test_symlink_prefix_confusion.py
test_terminal_disk_usage.py fix(terminal): log disk warning check failures at debug level (salvage #2372) (#2394) 2026-03-21 17:10:17 -07:00
test_terminal_requirements.py refactor: replace swe-rex with native Modal SDK for Modal backend (#3538) 2026-03-28 11:21:44 -07:00
test_terminal_timeout_output.py fix(terminal): preserve partial output when command times out (#3868) 2026-03-29 21:51:44 -07:00
test_terminal_tool_requirements.py refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804) 2026-03-24 07:30:25 -07:00
test_tirith_security.py
test_todo_tool.py
test_transcription_tools.py fix(acp): complete session management surface for editor clients (salvage #3501) (#3675) 2026-03-28 23:45:53 -07:00
test_transcription.py feat(auth): same-provider credential pools with rotation, custom endpoint support, and interactive CLI (#2647) 2026-03-31 03:10:01 -07:00
test_url_safety.py fix(security): add SSRF protection to vision_tools and web_tools (hardened) 2026-03-23 15:40:42 -07:00
test_vision_tools.py fix(vision): reject non-image files and enforce website policy (salvage #1940) (#3845) 2026-03-29 20:55:04 -07:00
test_voice_cli_integration.py
test_voice_mode.py fix: allow voice mode in WSL when PulseAudio bridge is configured 2026-03-31 12:13:33 -07:00
test_web_tools_config.py feat(web): add Tavily as web search/extract/crawl backend (#1731) 2026-03-17 04:28:03 -07:00
test_web_tools_tavily.py feat(web): add Tavily as web search/extract/crawl backend (#1731) 2026-03-17 04:28:03 -07:00
test_website_policy.py fix: resolve 7 failing CI tests (#3936) 2026-03-30 08:10:14 -07:00
test_windows_compat.py
test_write_deny.py
test_yolo_mode.py fix(security): harden terminal safety and sandbox file writes (#1653) 2026-03-17 02:22:12 -07:00