Skip to content

Fix terminal interactivity#4

Merged
teknium1 merged 2 commits into
mainfrom
fix-terminal
Nov 2, 2025
Merged

Fix terminal interactivity#4
teknium1 merged 2 commits into
mainfrom
fix-terminal

Conversation

@hjc-puro

@hjc-puro hjc-puro commented Nov 2, 2025

Copy link
Copy Markdown
Contributor

No description provided.

@teknium1 teknium1 merged commit d4544f0 into main Nov 2, 2025
@teknium1 teknium1 mentioned this pull request Mar 5, 2026
Closed
JasonOA888 added a commit to JasonOA888/hermes-agent that referenced this pull request Mar 8, 2026
@JasonOA888
fix(cli): improve /history display with consistent numbering
58b0427 
Fixes NousResearch#633

Problem:
- Sequential numbering gaps (e.g., NousResearch#1, NousResearch#2, NousResearch#5, NousResearch#8) confuse users
- 200 char truncation too aggressive
- Tool messages completely hidden with no indication

Fix:
1. Use separate counter for displayed messages only
2. Skip tool messages but show count at end
3. Skip system messages
4. Increase truncation to 300 chars
5. Display 'N tool messages hidden' summary

Impact:
- Consistent numbering: NousResearch#1, NousResearch#2, NousResearch#3, NousResearch#4
- Users know when tool calls occurred
- More context visible per message
@erosika erosika mentioned this pull request Mar 11, 2026
Merged
13 tasks
@heyalchang heyalchang mentioned this pull request Mar 12, 2026
Merged
6 tasks
This was referenced Mar 14, 2026
Closed
Closed
@SHL0MS SHL0MS mentioned this pull request Mar 31, 2026
Closed
@iRonin iRonin mentioned this pull request Apr 3, 2026
Open
@intertwine intertwine mentioned this pull request Apr 3, 2026
Closed
This was referenced Apr 4, 2026
Closed
Closed
@lucaspirola lucaspirola mentioned this pull request Apr 5, 2026
Closed
4 tasks
sudo-yf pushed a commit to sudo-yf/hermes-agent that referenced this pull request Apr 5, 2026
@nesquena
Merge pull request NousResearch#4 from deboste/fix/model-provider-rou…
b0da4db 
…ting

fix(api): resolve model provider from config to prevent misrouting
waym0reom3ga pushed a commit to waym0reom3ga/autolycus-agent that referenced this pull request Apr 9, 2026
tasks: Add Docker removal task and refine FreeBSD work items
32e8500 
- Task #2: Remove Docker dependency (Critical priority)
  - Hermes runs natively via LocalEnvironment, no containers needed
  - Make Docker backend optional with graceful fallback to local
  - Update setup wizard to skip Docker on FreeBSD

- Renumbered tasks: Setup Documentation → NousResearch#3, Voice Error Handling → NousResearch#4

- Added detailed acceptance criteria for each task
- Programming assistant can now proceed with Docker removal
aaronlab added a commit to aaronlab/hermes-agent that referenced this pull request Apr 9, 2026
@aaronlab @claude
docs: Deep audit iteration NousResearch#2 - async error handling and …
3673e9b 
…agent loop reliability

## Summary
Found 5 critical bugs in async error handling, context compression, and cron scheduling:

**CRITICAL (2):**
1. Role violation after context compression (context_compressor.py:694-728)
   - Tool message validation missing when merging summary
   - Causes API crash and data loss after compression

2. Double-execution race condition in cron scheduler (scheduler.py:843-892)
   - File lock released before job execution completes
   - Allows duplicate jobs to be executed (DoS, duplicate messages)

**HIGH (1):**
3. Unhandled context compression exceptions in main loop (run_agent.py:8204,8262,8338)
   - Silent crash when summarizer fails during API loop
   - No graceful degradation

**MEDIUM (2):**
4. Error swallowing in auxiliary_client (auxiliary_client.py:2074-2106)
   - Original error overwritten on retry failure
   - Lost error context, unreachable fallback logic

5. Session ID change without exception recovery (run_agent.py:6041-6071)
   - Session state corruption on DB failures
   - Broken session lineage

## Details
Full analysis with code snippets, scenarios, and fixes in:
- AUDIT_ITERATION_2.md (400 lines, detailed technical analysis)
- AUDIT_ITERATION_2_SUMMARY.txt (visual summary, testing recommendations)

## Recommended Priority
1. Bug NousResearch#1 (Role Violation) - FIX IMMEDIATELY
2. Bug NousResearch#2 (Double Execution) - FIX IMMEDIATELY
3. Bug NousResearch#3 (Unhandled Exceptions) - FIX SOON
4. Bug NousResearch#4 & NousResearch#5 - FIX AFTER critical bugs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@aaronlab aaronlab mentioned this pull request Apr 9, 2026
Open
5 tasks
h4x3rotab referenced this pull request in Clawdi-AI/hermes-agent Apr 10, 2026
@outsourc-e
Merge pull request #4 from outsourc-e/phase3.1-hotkeys
8e4223d 
feat(ux): Phase 3.1 - navigation hotkeys
h4x3rotab referenced this pull request in Clawdi-AI/hermes-agent Apr 10, 2026
feat: full conversation transcript in mission reports (#4)
b4d825b 
- Add fetchAgentFullTranscript() — fetches up to 200 messages per session
- Enrichment step now pulls all assistant messages, not just the last one
- Reports include full agent output with tool call annotations
- Transcript summary generated from last 3 assistant messages
- MissionAgentSummary type extended with transcript + transcriptSummary
h4x3rotab referenced this pull request in Clawdi-AI/hermes-agent Apr 10, 2026
feat: Agent Hub revamp — features #3-#7 complete
ad34d32 
#3 Cost Analytics Dashboard
- New Analytics tab with summary cards (total tokens, cost, avg/mission, today, week)
- CSS bar charts: cost by agent, cost by model, daily timeline (7d)
- No external chart libraries — pure Tailwind

#4 Export Mission as Markdown
- Download .md file with full mission report (goal, team, transcript, artifacts)
- Copy to clipboard button with visual feedback
- Wired into Mission Detail Overlay

#5 Word-by-word Streaming in Agent Chat
- Replaced polling with SSE EventSource in AgentChatPanel
- Real-time chunk streaming with fallback to polling on error
- Streaming assistant message updates in-place

#6 Remote Agents Panel
- Fetches external sessions from gateway /api/sessions
- Filters out local agent sessions — shows only remote/external
- Auto-polls every 15s, card layout with status, model, tokens, cost
- Open Chat links to ClawSuite chat tab

#7 Real-time Collaboration (Presence)
- BroadcastChannel-based cross-tab presence detection
- Shows colored avatars of other users viewing Agent Hub
- Heartbeat every 5s, stale cleanup at 30s
- Shows which tab each peer is viewing
h4x3rotab referenced this pull request in Clawdi-AI/hermes-agent Apr 10, 2026
@DiamondEyesFox
fix: add /api/memory parent route for workspace-relative memory access (
ea8df21 
NousResearch#23)

The inspector panel already uses relative /api/memory paths (fixed in main),
but the parent GET route was missing — requests fell through to the client
router and returned HTML instead of JSON.

This adds a proper TanStack createFileRoute handler that proxies memory
requests through the workspace server with auth, so the inspector works
correctly over Tailscale, LAN, and remote access.

Rebased from PR #4 onto current main.
Vex-Dravex added a commit to Vex-Dravex/hermes-agent that referenced this pull request Apr 10, 2026
@Vex-Dravex
ralph: story NousResearch#4 — Add session_checkpoints table and captu…
7211fa1 
…re method to SessionDB
@konsisumer konsisumer mentioned this pull request Apr 11, 2026
Closed
3 tasks
Vex-Dravex added a commit to Vex-Dravex/hermes-agent that referenced this pull request Apr 11, 2026
@Vex-Dravex
ralph: story NousResearch#4 — Add session_checkpoints table and captu…
54efc2c 
…re method to SessionDB
gary-the-ai pushed a commit to gary-the-ai/hermes-web-console-gui that referenced this pull request Apr 11, 2026
fix(gui): resolve 7 integration bugs — transcript key, search endpoin…
2f29d35 
…t, stop/undo honesty, json_error crash, codex validation, deep-link race

Bug #1: ChatPage loadSession reads res.items (not res.transcript) to match backend
Bug NousResearch#2: Add GET /api/gui/session-search backed by SessionDB.search_messages (FTS5)
Bug NousResearch#3: Stop button now checks res.supported before claiming run was stopped
Bug NousResearch#4: Undo button now checks res.supported before removing messages locally
Bug NousResearch#5: Fix _json_error positional calls in handle_chat_compress (was crashing 500)
Bug NousResearch#6: Codex provider validation now also guards switching TO openai-codex
Bug NousResearch#7: Deep-link hash check runs before health callback to prevent race condition
@maiixu maiixu mentioned this pull request Apr 12, 2026
Closed
malaiwah pushed a commit to malaiwah/hermes-agent that referenced this pull request Apr 13, 2026
@claude
fix: address peer review findings for remote-filesystem MCP server
b8750cf 
- connection.py: cap header read at 8KB to prevent DoS from malicious handler
- handler.py: use .find() instead of `in` + .index() to eliminate race in patch
- handler.py: add truncated field to execute response when output exceeds 50KB
- server.py: include error data field in formatted error messages
- test: add timeout to test client recv, handle TimeoutExpired in close

Fixes issues NousResearch#1, NousResearch#4, NousResearch#5, NousResearch#6, NousResearch#8, NousResearch#10 from Qwen 3.5 peer review on PR NousResearch#19.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@trevorgordon981 trevorgordon981 mentioned this pull request Apr 13, 2026
Open
5 tasks
This was referenced May 28, 2026
Closed
Closed
@Bartok9 Bartok9 mentioned this pull request May 29, 2026
Merged
@johntika johntika mentioned this pull request May 29, 2026
Open
@anglerfish27 anglerfish27 mentioned this pull request May 30, 2026
Open
@teknium1 teknium1 mentioned this pull request May 31, 2026
Merged
@konsisumer konsisumer mentioned this pull request May 31, 2026
Open
19 tasks
@EduardKov EduardKov mentioned this pull request May 31, 2026
Open
@Macgrady4Ever Macgrady4Ever mentioned this pull request Jun 1, 2026
Open
@benbarclay benbarclay mentioned this pull request Jun 1, 2026
Closed
Open
@shang-vikas shang-vikas mentioned this pull request Jun 2, 2026
Open
14 tasks
This was referenced Jun 2, 2026
Closed
Merged
Closed
@alt-glitch alt-glitch mentioned this pull request Jun 4, 2026
Merged
3 tasks
@iaendi iaendi mentioned this pull request Jun 4, 2026
Open
@scubamount scubamount mentioned this pull request Jun 5, 2026
Closed
@harsh-matchmyflight harsh-matchmyflight mentioned this pull request Jun 5, 2026
Open
@liuhao1024 liuhao1024 mentioned this pull request Jun 5, 2026
Open
@koreaeatsrice

koreaeatsrice commented Jun 6, 2026

Copy link
Copy Markdown

Review — Red Team Adversarial

🔴 CRITICAL: Symlink check is broken — never fires

_check_symlink_target() calls _resolve_path_for_task(filepath, task_id) which internally uses Path(...).resolve(). In Python 3.6+, Path.resolve() follows symlinks, so the returned resolved path is always the target of the symlink, never the symlink itself. This means resolved.is_symlink() returns False for every symlinked path — the guard never triggers.

Proof:

>>> link = Path("/tmp/link.txt")  # symlink to /etc/shadow
>>> link.is_symlink()             # True
>>> link.resolve().is_symlink()   # False ← this is what the code checks

An attacker could write to ~/innocent.txt → /etc/shadow and the check would silently pass.

Fix: Check the original filepath before resolution:

def _check_symlink_target(filepath: str, task_id: str = "default") -> str | None:
    # Check the ORIGINAL path for symlink — before resolve() follows it
    original = Path(filepath).expanduser()
    if not original.is_absolute():
        original = _resolve_base_dir(task_id) / original
    if original.is_symlink():
        target = os.path.realpath(str(original))
        return (
            f"Refusing to write to symlink: {filepath} -> {target}\n"
            "Write directly to the real file instead of through a symlink."
        )
    return None

✅ Good changes

  • compress_tool_output return fix: Correct — without this, the function returns None on compression error, which could cause downstream NoneType errors.
  • Hook error logging: Good improvement — silently swallowing hook errors made debugging impossible.
  • /snap/ and ~/.ssh/, ~/.gnupg/: Correct additions to sensitive path list.
  • Sudo cache TTL: Well-implemented — 15-minute TTL with proper lock usage and eviction.

🟡 Minor

  • _HOME_SENSITIVE_PREFIXES uses os.path.expanduser() at import time — if HOME is unset or unusual, the prefixes could be wrong. Consider evaluating lazily or documenting the assumption.

Verdict: Requesting changes — the symlink check bug defeats its security purpose.

@hellofrommorgan hellofrommorgan mentioned this pull request Jun 7, 2026
Closed
@k176060444-lgtm k176060444-lgtm mentioned this pull request Jun 8, 2026
Open
31 tasks
@mitlithands mitlithands mentioned this pull request Jun 8, 2026
Open
@cristianmgm7 cristianmgm7 mentioned this pull request Jun 10, 2026
Open
@VerbalChainsaw VerbalChainsaw mentioned this pull request Jun 10, 2026
Open
13 tasks
@AutomalyRo AutomalyRo mentioned this pull request Jun 10, 2026
Closed
1 task
@austinpickett austinpickett mentioned this pull request Jun 10, 2026
Merged
This was referenced Jun 11, 2026
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hjc-puro @Jack04Fireball @koreaeatsrice @teknium1