feat(feishu): intelligent reply on document comments with 3-tier access control#11898
Merged
Conversation
…s control - Full comment handler: parse drive.notice.comment_add_v1 events, build timeline, run agent, deliver reply with chunking support. - 5 tools: feishu_doc_read, feishu_drive_list_comments, feishu_drive_list_comment_replies, feishu_drive_reply_comment, feishu_drive_add_comment. - 3-tier access control rules (exact doc > wildcard "*" > top-level > defaults) with per-field fallback. Config via ~/.hermes/feishu_comment_rules.json, mtime-cached hot-reload. - Self-reply filter using generalized self_open_id (supports future user-identity subscriptions). Receiver check: only process events where the bot is the @mentioned target. - Smart timeline selection, long text chunking, semantic text extraction, session sharing per document, wiki link resolution. Change-Id: I31e82fd6355173dbcc400b8934b6d9799e3137b9
…; AUTHOR_MAP Follow-up polish on top of the cherry-picked #11023 commit. - feishu_comment_rules.py: replace import-time "~/.hermes" expanduser fallback with get_hermes_home() from hermes_constants (canonical, profile-safe). - tools/feishu_doc_tool.py, tools/feishu_drive_tool.py: drop the asyncio.get_event_loop().run_until_complete(asyncio.to_thread(...)) dance. Tool handlers run synchronously in a worker thread with no running loop, so the RuntimeError branch was always the one that executed. Calls client.request directly now. Unused asyncio import removed. - tests/gateway/test_feishu.py: add register_p2_customized_event to the mock EventDispatcher builder so the existing adapter test matches the new handler registration for drive.notice.comment_add_v1. - scripts/release.py: map liujinkun@bytedance.com -> liujinkun2025 for contributor attribution on release notes.
10 tasks
teknium1
added a commit
that referenced
this pull request
Apr 18, 2026
Fills documentation gaps that accumulated as features merged ahead of their docs updates. All additions are verified against code and the originating PRs. Providers: - Ollama Cloud (#10782) — new provider section, env vars, quickstart/fallback rows - xAI Grok Responses API + TTS (#10783) — provider note, TTS table + config - Google Gemini CLI OAuth (#11270) — quickstart/fallback/cli-commands entries - NVIDIA NIM (#11774) — NVIDIA_API_KEY / NVIDIA_BASE_URL in env-vars reference - HERMES_INFERENCE_PROVIDER enum updated Messaging: - DISCORD_ALLOWED_ROLES (#11608) — env-vars, discord.md access control section - DingTalk QR device-flow (#11574) — wizard path in Option A + openClaw disclosure - Feishu document comment intelligent reply (#11898) — full section + 3-tier access control + CLI Skills / commands: - concept-diagrams skill (#11363) — optional-skills-catalog entry - /gquota (#11270) — slash-commands reference Build: docusaurus build passes, ascii-guard lint 0 errors.
teknium1
added a commit
that referenced
this pull request
Apr 18, 2026
Fills documentation gaps that accumulated as features merged ahead of their docs updates. All additions are verified against code and the originating PRs. Providers: - Ollama Cloud (#10782) — new provider section, env vars, quickstart/fallback rows - xAI Grok Responses API + TTS (#10783) — provider note, TTS table + config - Google Gemini CLI OAuth (#11270) — quickstart/fallback/cli-commands entries - NVIDIA NIM (#11774) — NVIDIA_API_KEY / NVIDIA_BASE_URL in env-vars reference - HERMES_INFERENCE_PROVIDER enum updated Messaging: - DISCORD_ALLOWED_ROLES (#11608) — env-vars, discord.md access control section - DingTalk QR device-flow (#11574) — wizard path in Option A + openClaw disclosure - Feishu document comment intelligent reply (#11898) — full section + 3-tier access control + CLI Skills / commands: - concept-diagrams skill (#11363) — optional-skills-catalog entry - /gquota (#11270) — slash-commands reference Build: docusaurus build passes, ascii-guard lint 0 errors.
Contributor
|
Hey @teknium1 — thanks again for merging. Coming back with fresh Happy to open the revert PR myself if that's simpler. |
3 tasks
liujinkun2025
added a commit
to liujinkun2025/hermes-agent
that referenced
this pull request
Apr 18, 2026
3 tasks
liujinkun2025
added a commit
to liujinkun2025/hermes-agent
that referenced
this pull request
Apr 22, 2026
…ed logs Reworks the feishu document-comment integration (introduced in NousResearch#11898) to align with hermes's core session architecture and to close several session bloat, tool scoping, and log leakage concerns flagged in review. Session management - Replace the in-memory _session_cache dict (1h hard TTL, pure memory) with hermes's generic SessionStore pipeline (SessionSource + SessionDB). Sessions now persist through gateway restart and auto-reset on daily / idle policy, matching IM. - Local comments key on comment_id (per-thread isolation). - Whole-doc comments collapse onto a __whole_doc__ sentinel thread_id so all whole-document comments on the same doc share one document-level session. - Persist only the user's actual comment text + optional quote anchor, not the rendered prompt (~50x smaller per user row). Tool scoping - Delete tools/feishu_doc_tool.py and tools/feishu_drive_tool.py. These are feishu-specific document / comment operations, not cross-cutting agent capabilities -- yet they lived in the global tool registry alongside core tools like memory, session_search, and send_message. The global registry should host tools any agent on any platform legitimately uses; feishu-scoped surfaces belong inside the feishu handler, not next to memory / session_search. - Document content now flows through a two-pass <NEED_DOC_READ> sentinel protocol owned by the comment handler: the agent lists tokens it needs, business code fetches them against a whitelist (source doc + comment-referenced docs, docx only), and the agent responds on the second turn. - Drop the thread-local client injection; the lark client is built from config at call time. Log hardening - Strip user comment text, quote text, agent response text, and full prompts from all log statements. ~/.hermes/logs/agent.log now stores only identifiers, lengths, and status codes -- closes the multi- operator leak risk where operators sharing a hermes instance could read each other's document content through log files. Adapter wiring - handle_drive_comment_event now takes the FeishuAdapter instance instead of the bare client so it can reach the gateway-injected SessionStore. The change stays fully off the IM message path. Tests cover session source construction, sentinel parsing, whitelist enforcement, doc-content truncation, history persistence, compact user- turn rendering, and error-path degradation. Full tests/gateway/ regression passes; live smoke verified local + whole-doc + multi-doc sentinel fetch and cross-restart history replay. Change-Id: Icc69e499f5db982973ccd9cc0b7b691f0e68ee74
2 tasks
ulasbilgen
pushed a commit
to ulasbilgen/hermes-adhd-agent
that referenced
this pull request
May 1, 2026
) Fills documentation gaps that accumulated as features merged ahead of their docs updates. All additions are verified against code and the originating PRs. Providers: - Ollama Cloud (NousResearch#10782) — new provider section, env vars, quickstart/fallback rows - xAI Grok Responses API + TTS (NousResearch#10783) — provider note, TTS table + config - Google Gemini CLI OAuth (NousResearch#11270) — quickstart/fallback/cli-commands entries - NVIDIA NIM (NousResearch#11774) — NVIDIA_API_KEY / NVIDIA_BASE_URL in env-vars reference - HERMES_INFERENCE_PROVIDER enum updated Messaging: - DISCORD_ALLOWED_ROLES (NousResearch#11608) — env-vars, discord.md access control section - DingTalk QR device-flow (NousResearch#11574) — wizard path in Option A + openClaw disclosure - Feishu document comment intelligent reply (NousResearch#11898) — full section + 3-tier access control + CLI Skills / commands: - concept-diagrams skill (NousResearch#11363) — optional-skills-catalog entry - /gquota (NousResearch#11270) — slash-commands reference Build: docusaurus build passes, ascii-guard lint 0 errors.
aj-nt
pushed a commit
to aj-nt/hermes-agent
that referenced
this pull request
May 1, 2026
) Fills documentation gaps that accumulated as features merged ahead of their docs updates. All additions are verified against code and the originating PRs. Providers: - Ollama Cloud (NousResearch#10782) — new provider section, env vars, quickstart/fallback rows - xAI Grok Responses API + TTS (NousResearch#10783) — provider note, TTS table + config - Google Gemini CLI OAuth (NousResearch#11270) — quickstart/fallback/cli-commands entries - NVIDIA NIM (NousResearch#11774) — NVIDIA_API_KEY / NVIDIA_BASE_URL in env-vars reference - HERMES_INFERENCE_PROVIDER enum updated Messaging: - DISCORD_ALLOWED_ROLES (NousResearch#11608) — env-vars, discord.md access control section - DingTalk QR device-flow (NousResearch#11574) — wizard path in Option A + openClaw disclosure - Feishu document comment intelligent reply (NousResearch#11898) — full section + 3-tier access control + CLI Skills / commands: - concept-diagrams skill (NousResearch#11363) — optional-skills-catalog entry - /gquota (NousResearch#11270) — slash-commands reference Build: docusaurus build passes, ascii-guard lint 0 errors.
02356abc
pushed a commit
to 02356abc/hermes-agent
that referenced
this pull request
May 14, 2026
) Fills documentation gaps that accumulated as features merged ahead of their docs updates. All additions are verified against code and the originating PRs. Providers: - Ollama Cloud (NousResearch#10782) — new provider section, env vars, quickstart/fallback rows - xAI Grok Responses API + TTS (NousResearch#10783) — provider note, TTS table + config - Google Gemini CLI OAuth (NousResearch#11270) — quickstart/fallback/cli-commands entries - NVIDIA NIM (NousResearch#11774) — NVIDIA_API_KEY / NVIDIA_BASE_URL in env-vars reference - HERMES_INFERENCE_PROVIDER enum updated Messaging: - DISCORD_ALLOWED_ROLES (NousResearch#11608) — env-vars, discord.md access control section - DingTalk QR device-flow (NousResearch#11574) — wizard path in Option A + openClaw disclosure - Feishu document comment intelligent reply (NousResearch#11898) — full section + 3-tier access control + CLI Skills / commands: - concept-diagrams skill (NousResearch#11363) — optional-skills-catalog entry - /gquota (NousResearch#11270) — slash-commands reference Build: docusaurus build passes, ascii-guard lint 0 errors.
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
) Fills documentation gaps that accumulated as features merged ahead of their docs updates. All additions are verified against code and the originating PRs. Providers: - Ollama Cloud (NousResearch#10782) — new provider section, env vars, quickstart/fallback rows - xAI Grok Responses API + TTS (NousResearch#10783) — provider note, TTS table + config - Google Gemini CLI OAuth (NousResearch#11270) — quickstart/fallback/cli-commands entries - NVIDIA NIM (NousResearch#11774) — NVIDIA_API_KEY / NVIDIA_BASE_URL in env-vars reference - HERMES_INFERENCE_PROVIDER enum updated Messaging: - DISCORD_ALLOWED_ROLES (NousResearch#11608) — env-vars, discord.md access control section - DingTalk QR device-flow (NousResearch#11574) — wizard path in Option A + openClaw disclosure - Feishu document comment intelligent reply (NousResearch#11898) — full section + 3-tier access control + CLI Skills / commands: - concept-diagrams skill (NousResearch#11363) — optional-skills-catalog entry - /gquota (NousResearch#11270) — slash-commands reference Build: docusaurus build passes, ascii-guard lint 0 errors.
Egavasyug
pushed a commit
to Egavasyug/hermes-agent
that referenced
this pull request
Jun 10, 2026
) Fills documentation gaps that accumulated as features merged ahead of their docs updates. All additions are verified against code and the originating PRs. Providers: - Ollama Cloud (NousResearch#10782) — new provider section, env vars, quickstart/fallback rows - xAI Grok Responses API + TTS (NousResearch#10783) — provider note, TTS table + config - Google Gemini CLI OAuth (NousResearch#11270) — quickstart/fallback/cli-commands entries - NVIDIA NIM (NousResearch#11774) — NVIDIA_API_KEY / NVIDIA_BASE_URL in env-vars reference - HERMES_INFERENCE_PROVIDER enum updated Messaging: - DISCORD_ALLOWED_ROLES (NousResearch#11608) — env-vars, discord.md access control section - DingTalk QR device-flow (NousResearch#11574) — wizard path in Option A + openClaw disclosure - Feishu document comment intelligent reply (NousResearch#11898) — full section + 3-tier access control + CLI Skills / commands: - concept-diagrams skill (NousResearch#11363) — optional-skills-catalog entry - /gquota (NousResearch#11270) — slash-commands reference Build: docusaurus build passes, ascii-guard lint 0 errors.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Salvage of #11023 onto current main, preserving @liujinkun2025's authorship on the feature commit.
Summary
Adds an event handler for Feishu/Lark drive comment notifications so users can @-mention the bot on document comments (local or whole-doc) and get LLM replies inline, with a 3-tier allowlist/pairing access control system.
Changes
gateway/platforms/feishu_comment.py, 1383 LOC): parsesdrive.notice.comment_add_v1events, filters self-replies/non-bot-targeted, fetches doc + comment metadata in parallel, builds local-comment or whole-doc timeline (20/12 msg caps), runs agent withfeishu_doc/feishu_drivetoolsets, chunks replies at 4000 chars, per-doc session cache (1h TTL, 50 msg cap).gateway/platforms/feishu_comment_rules.py, 424 LOC): exact-doc > wildcard > top-level > default resolution with per-field fallback. Policies:allowlist(static) orpairing(static ∪ runtime-approved store). Mtime-cached hot-reload. CLI:python -m gateway.platforms.feishu_comment_rules {status|check|pairing}. Explicit-grant only — no implicit allow-all mode._HERMES_CORE_TOOLSor any platform toolset):feishu_doc_read,feishu_drive_list_comments,feishu_drive_list_comment_replies,feishu_drive_reply_comment,feishu_drive_add_comment.gateway/platforms/feishu.py): +25 lines to register the event handler on both WebSocket and Webhook transports.tests/gateway/test_feishu_comment{,_rules}.pyandtests/tools/test_feishu_tools.py.Follow-up polish on top of the contributor commit
feishu_comment_rules.py: replaced import-time~/.hermesexpanduser fallback withget_hermes_home()fromhermes_constants(canonical, profile-safe).feishu_doc_tool.py/feishu_drive_tool.py: dropped theasyncio.get_event_loop().run_until_complete(asyncio.to_thread(...))dance — tool handlers run synchronously in a worker thread with no running loop, so theRuntimeErrorbranch was always the one that executed. Now callsclient.requestdirectly. Unusedasyncioimport removed.test_feishu.py: updated the mock EventDispatcher builder to includeregister_p2_customized_eventfor the newdrive.notice.comment_add_v1registration.scripts/release.py: AUTHOR_MAP entryliujinkun@bytedance.com → liujinkun2025.Validation
scripts/run_tests.sh -k feishustatus/check/ `pairing addLive Feishu tenant E2E not performed (no tenant available); the contributor has already verified that path internally per the original PR description.
Credit
Feature implementation by @liujinkun2025 in #11023. Their commit is preserved as the first commit on this salvage branch (
rebasemerge to retain authorship).Closes #11465
Supersedes #11023