hermes-agent

History

Teknium d09ab8ff13 fix(mcp-oauth): preserve server_url path for protected-resource validation (#16031 ) Stop pre-stripping the path from the configured MCP server URL before constructing OAuthClientProvider. The MCP SDK strips the path itself via OAuthContext.get_authorization_base_url() for authorization-server discovery, but uses the full server_url through resource_url_from_server_url() + check_resource_allowed() to validate against the server's RFC 9728 Protected Resource Metadata. For servers whose PRM advertises a path-scoped resource (e.g. Notion's https://mcp.notion.com/mcp), our _parse_base_url() collapsed the URL to the origin, so check_resource_allowed() saw requested='/' vs configured='/mcp/' and refused the token. Fixes OAuth against Notion MCP (and any other path-scoped resource). Closes #16015.		2026-04-26 05:43:54 -07:00
..
browser_providers
environments	fix(env): safely quote ~/ subpaths in wrapped cd commands	2026-04-24 15:25:12 -07:00
neutts_samples
__init__.py
ansi_strip.py
approval.py	feat(approval): hardline blocklist for unrecoverable commands (#15878 )	2026-04-25 22:07:12 -07:00
binary_extensions.py
browser_camofox_state.py
browser_camofox.py	refactor: remove remaining redundant local imports (comprehensive sweep)	2026-04-21 00:50:58 -07:00
browser_cdp_tool.py	fix: sanitize tool schemas for llama.cpp backends; restore MCP in TUI (#15032 )	2026-04-24 02:44:46 -07:00
browser_dialog_tool.py	feat(browser): CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540 )	2026-04-23 22:23:37 -07:00
browser_supervisor.py	feat(browser): CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540 )	2026-04-23 22:23:37 -07:00
browser_tool.py	feat(browser): CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540 )	2026-04-23 22:23:37 -07:00
budget_config.py
checkpoint_manager.py	refactor: remove redundant local imports already available at module level	2026-04-21 00:50:58 -07:00
clarify_tool.py
code_execution_tool.py	fix(tools): restrict RPC socket permissions to owner-only	2026-04-22 17:27:18 -07:00
credential_files.py
cronjob_tools.py	fix(cron): wire context_from through the update action	2026-04-25 04:49:28 -07:00
debug_helpers.py
delegate_tool.py	fix(delegate): resolve subagent approval prompts without deadlocking parent TUI (#15491 )	2026-04-24 22:37:22 -07:00
discord_tool.py	feat(discord): split discord_server into discord + discord_admin tools	2026-04-25 04:50:14 -07:00
env_passthrough.py	fix(env_passthrough): reject Hermes provider credentials from skill passthrough (#13523 )	2026-04-21 06:14:25 -07:00
feishu_doc_tool.py
feishu_drive_tool.py
file_operations.py	feat(skills): add design-md skill for Google's DESIGN.md spec (#14876 )	2026-04-23 21:51:19 -07:00
file_state.py	feat(delegate): cross-agent file state coordination for concurrent subagents (#13718 )	2026-04-21 16:41:26 -07:00
file_tools.py	fix(file_tools): resolve bookkeeping paths against live terminal cwd	2026-04-23 15:11:52 -07:00
fuzzy_match.py	fix(patch): gate 'did you mean?' to no-match + extend to v4a/skill_manage	2026-04-21 02:03:46 -07:00
homeassistant_tool.py
image_generation_tool.py	fix(image-gen): force-refresh plugin providers in long-lived sessions	2026-04-23 03:01:18 -07:00
interrupt.py
managed_tool_gateway.py
mcp_oauth_manager.py	fix(mcp-oauth): preserve server_url path for protected-resource validation (#16031 )	2026-04-26 05:43:54 -07:00
mcp_oauth.py	fix(mcp-oauth): preserve server_url path for protected-resource validation (#16031 )	2026-04-26 05:43:54 -07:00
mcp_tool.py	fix(mcp): auto-reconnect + retry once when the transport session expires (#13383 )	2026-04-24 05:28:45 -07:00
memory_tool.py
mixture_of_agents_tool.py	Fix (mixture_of_agents): replace deprecated Gemini model and forward max_tokens to OpenRouter (#6621 )	2026-04-23 15:14:11 -07:00
neutts_synth.py
openrouter_client.py
osv_check.py
patch_parser.py	fix(patch): gate 'did you mean?' to no-match + extend to v4a/skill_manage	2026-04-21 02:03:46 -07:00
path_security.py
process_registry.py	fix(terminal): three-layer defense against watch_patterns notification spam (#15642 )	2026-04-25 06:41:58 -07:00
registry.py
rl_training_tool.py
schema_sanitizer.py	fix: sanitize tool schemas for llama.cpp backends; restore MCP in TUI (#15032 )	2026-04-24 02:44:46 -07:00
send_message_tool.py	refactor: remove remaining redundant local imports (comprehensive sweep)	2026-04-21 00:50:58 -07:00
session_search_tool.py
skill_manager_tool.py	feat(skills-guard): gate agent-created scanner on config.skills.guard_agent_created (default off)	2026-04-23 06:20:47 -07:00
skills_guard.py	feat(skills-guard): gate agent-created scanner on config.skills.guard_agent_created (default off)	2026-04-23 06:20:47 -07:00
skills_hub.py	feat(skills): add MiniMax-AI/cli as default skill tap	2026-04-23 02:35:13 -07:00
skills_sync.py	feat(skills_sync): surface collision with reset-hint	2026-04-23 05:09:08 -07:00
skills_tool.py	fix(skills): drop raw_content to avoid doubling skill payload	2026-04-24 15:15:07 -07:00
terminal_tool.py	fix(terminal): three-layer defense against watch_patterns notification spam (#15642 )	2026-04-25 06:41:58 -07:00
tirith_security.py	fix: guard against None tirith path in security scanner	2026-04-23 03:08:53 -07:00
todo_tool.py
tool_backend_helpers.py	fix(fal): extend whitespace-only FAL_KEY handling to all call sites	2026-04-21 02:04:21 -07:00
tool_output_limits.py	feat(skills): add design-md skill for Google's DESIGN.md spec (#14876 )	2026-04-23 21:51:19 -07:00
tool_result_storage.py
transcription_tools.py	fix(transcription): fall back to CPU when CUDA runtime libs are missing	2026-04-24 02:50:14 -07:00
tts_tool.py	fix(tts): use per-provider input-character caps instead of global 4000 (#13743 )	2026-04-21 17:49:39 -07:00
url_safety.py	feat(security): add global toggle to allow private/internal URL resolution	2026-04-22 14:38:59 -07:00
vision_tools.py
voice_mode.py
web_tools.py	feat(web): support TAVILY_BASE_URL env var for custom proxy endpoints	2026-04-22 17:36:33 -07:00
website_policy.py
xai_http.py