Skip to content

fix: add SSH backend to terminal requirements check#59

Merged
teknium1 merged 1 commit into
NousResearch:mainfrom
deankerr:fix/ssh-terminal-check
Feb 27, 2026
Merged

fix: add SSH backend to terminal requirements check#59
teknium1 merged 1 commit into
NousResearch:mainfrom
deankerr:fix/ssh-terminal-check

Conversation

@deankerr

@deankerr deankerr commented Feb 26, 2026

Copy link
Copy Markdown
Contributor

Summary

  • check_terminal_requirements() had no elif env_type == "ssh" branch
  • When TERMINAL_ENV=ssh, the check fell through to return False, silently disabling both terminal and file tools
  • Adds the missing SSH case — verifies ssh_host and ssh_user are configured

Context

The terminal and file tools both depend on check_terminal_requirements() to determine availability. Every other backend (local, docker, singularity, modal) had a check — SSH was the only one missing.

With this bug, users who configured TERMINAL_ENV=ssh got a working hermes session but with no terminal or file tools available — only execute_code (which runs locally, defeating the purpose of SSH isolation).

Test plan

  • check_terminal_requirements() returns False when SSH host/user not set
  • check_terminal_requirements() returns True when SSH host/user configured
  • End-to-end: hermes chat -q with SSH backend runs commands on remote host
  • End-to-end: read_file works over SSH backend
  • Other backends unaffected (local still works)

🤖 Generated with Claude Code

@deankerr @claude
fix: add SSH backend to terminal requirements check
fed9f06 
The SSH backend was missing from check_terminal_requirements(), causing
it to fall through to `return False`. This silently disabled both the
terminal and file tools when TERMINAL_ENV=ssh was configured.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@deankerr deankerr marked this pull request as ready for review February 26, 2026 09:59
@teknium1

teknium1 commented Feb 27, 2026

Copy link
Copy Markdown
Contributor

LGTM!

@teknium1 teknium1 merged commit 21cf339 into NousResearch:main Feb 27, 2026
@deankerr deankerr deleted the fix/ssh-terminal-check branch February 27, 2026 05:27
sudo-yf pushed a commit to sudo-yf/hermes-agent that referenced this pull request Apr 5, 2026
@nesquena-hermes @nesquena
fix: CLI session bridge reads active profile's state.db not server la…
b2c2f32 
…unch profile (NousResearch#59)

get_cli_sessions() and get_cli_session_messages() were using HERMES_HOME
(the profile the server was launched under) to find state.db. This meant
a server launched under the webui profile would read webui's state.db
(full of cron runs) instead of the user's actual CLI sessions.

Fix: use get_active_hermes_home() which tracks whichever profile the user
has selected in the UI. This means:
  - default profile active -> reads ~/.hermes/state.db (interactive CLI)
  - camanji profile active -> reads ~/.hermes/profiles/camanji/state.db

Falls back to HERMES_HOME env var if profiles module unavailable.

Co-authored-by: Nathan Esquenazi <nesquena@gmail.com>
@rehanchrl

rehanchrl commented Apr 10, 2026

Copy link
Copy Markdown

Prompt Guard Incident

Severity: LOW
Action: Logged
Reason: Suspicious prompt-injection markers detected
Requested intent: message_send

Note: This is a low-priority security note. No immediate action required.

@rehanchrl

rehanchrl commented Apr 10, 2026

Copy link
Copy Markdown

bruh

angelburgosrosado pushed a commit to angelburgosrosado/hermes-agent that referenced this pull request Apr 27, 2026
@teknium1
Merge pull request NousResearch#59 from deankerr/fix/ssh-terminal-check
923572f 
fix: add SSH backend to terminal requirements check
olympus-terminal pushed a commit to olympus-terminal/hermes-agent that referenced this pull request May 16, 2026
@teknium1
Merge pull request NousResearch#59 from deankerr/fix/ssh-terminal-check
09a262f 
fix: add SSH backend to terminal requirements check
@serious-callers-only-bot serious-callers-only-bot mentioned this pull request May 18, 2026
Open
3 tasks
@OmarB97 OmarB97 mentioned this pull request Jun 1, 2026
Open
shanewas added a commit to shanewas/hermes-agent that referenced this pull request Jun 2, 2026
@shanewas
feat(security): P1 NousResearch#33/NousResearch#59 — Dockerfile harde…
06f6757 
…ning + profile dir perms (0o700/0o600)

- Dockerfile: OCI security labels, HEALTHCHECK, non-root safe
- docker-compose: no-new-privileges, healthcheck mirroring
- entrypoint.sh: chmod 700 on cron/sessions/memories/home/logs/plans
- gateway/session.py: enforce 0o700 sessions dir, 0o600 sessions.json
- hermes_cli/profiles.py: _ensure_profile_permissions() helper wired into create_profile

Resolves security audit findings P1 NousResearch#33 (image hardening) and P1 NousResearch#59 (profile isolation)
Egavasyug pushed a commit to Egavasyug/hermes-agent that referenced this pull request Jun 10, 2026
@teknium1
Merge pull request NousResearch#59 from deankerr/fix/ssh-terminal-check
1f9982a 
fix: add SSH backend to terminal requirements check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deankerr @teknium1 @rehanchrl