Skip to content

feat: restore cron profile binding and unattended website hardening#14703

Open
caspiannacht-sudo wants to merge 2 commits into
NousResearch:mainfrom
caspiannacht-sudo:feature/cron-profile-hardening-20260422-full
Open

feat: restore cron profile binding and unattended website hardening#14703
caspiannacht-sudo wants to merge 2 commits into
NousResearch:mainfrom
caspiannacht-sudo:feature/cron-profile-hardening-20260422-full

Conversation

@caspiannacht-sudo

@caspiannacht-sudo caspiannacht-sudo commented Apr 23, 2026

Copy link
Copy Markdown

Summary

  • restore cron profile/home binding so scheduled jobs stay pinned to the intended Hermes profile
  • harden unattended website policy handling to fail closed in strict mode with allowlist-aware behavior
  • add regression tests covering cron profile binding and strict unattended website policy cases

Validation

  • added/updated targeted tests for cron script/profile behavior
  • added website policy strict-mode regression tests

Changed files

  • cron/jobs.py
  • cron/scheduler.py
  • hermes_constants.py
  • tools/cronjob_tools.py
  • tools/website_policy.py
  • tests/cron/test_cron_script.py
  • tests/test_hermes_constants.py
  • tests/tools/test_website_policy_strict.py

@alt-glitch alt-glitch added type/feature New feature or request comp/cron Cron scheduler and job management comp/tools Tool registry, model_tools, toolsets P2 Medium — degraded but workaround exists labels Apr 23, 2026
Caspian Nacht and others added 2 commits April 30, 2026 19:05
@caspiannacht-sudo
feat: restore cron profile binding and unattended website hardening
2287f1d
@caspiannacht-sudo
fix(cron): harden bound-home results and origin-local delivery
b87dbee 
Treat origin-less deliver=origin jobs as local-only, including legacy list-form values. Harden bound-home child-result temp-file setup so filesystem failures return structured cron failure tuples. Align cron tests with run_job dispatcher behavior, isolate tick lock paths in tests, and add regression coverage for bound-home tempfile setup failure.
@alt-glitch alt-glitch mentioned this pull request Apr 30, 2026
Closed
@caspiannacht-sudo caspiannacht-sudo force-pushed the feature/cron-profile-hardening-20260422-full branch from 92b6efa to b87dbee Compare May 1, 2026 16:49
@caspiannacht-sudo

caspiannacht-sudo commented May 1, 2026

Copy link
Copy Markdown
Author

Follow-up note: I force-updated this PR's source branch (feature/cron-profile-hardening-20260422-full) to the clean consolidated head b87dbee470692ad147f94d2fe73ecd3159d78868, so this PR now also includes the follow-up hardening that had briefly been proposed separately in #18120 (origin-local delivery normalization and bound-home child-result hardening). Verification on the consolidated branch passed: venv/bin/python -m pytest tests/cron tests/tools/test_website_policy_strict.py tests/test_hermes_constants.py -q -o 'addopts=' -> 296 passed. PR #18120 has been closed as superseded so review can stay here.

@alt-glitch alt-glitch mentioned this pull request May 5, 2026
Closed
This was referenced May 13, 2026
Closed
Closed
Closed
@alt-glitch alt-glitch mentioned this pull request May 25, 2026
Open
@temalo temalo mentioned this pull request May 25, 2026
Open
1 task
@alt-glitch alt-glitch mentioned this pull request May 25, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp/cron Cron scheduler and job management comp/tools Tool registry, model_tools, toolsets P2 Medium — degraded but workaround exists type/feature New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@caspiannacht-sudo @alt-glitch