fix(gateway): route /background through active-session bypass#6935
Closed
Tranquil-Flow wants to merge 6 commits into
Closed
fix(gateway): route /background through active-session bypass#6935Tranquil-Flow wants to merge 6 commits into
Tranquil-Flow wants to merge 6 commits into
Conversation
cli.py saves pasted screenshots to ~/.hermes/images/ but _CACHE_DIRS
in credential_files.py only listed cache/images (the processed image
cache). The images/ directory had no mount entry, so vision_analyze
and any tool referencing a clipboard image path silently failed inside
the hermes-aegis Docker container.
Add ("images", "images") to _CACHE_DIRS. docker.py already iterates
get_cache_directory_mounts() so no changes are needed there.
Fixes NousResearch#6004
After the initial call and one retry both return empty content,
vision_tools.py was returning {"success": true, "analysis": "There was
a problem..."}. Callers that branch on success would treat this as a
valid analysis.
Return {"success": false, "error": "..."} instead, consistent with
how all other failure paths in the same function behave.
…g_tool
Both tools passed the full os.environ (including all provider API keys
and tokens) to child processes via {**os.environ}. A crashing subprocess
or one that logs its environment would expose every secret in the session.
The existing _sanitize_subprocess_env() helper in tools/environments/local.py
(with its 130+ var blocklist) was already used by LocalEnvironment and
process_registry but not by these two tools. This fix extends it to:
- tools/browser_tool.py browser_env = {**os.environ}
- tools/rl_training_tool.py env={**os.environ, 'TINKER_API_KEY': ...}
The sanitizer blocklist targets terminal subprocesses (e.g. codex CLI) so
it strips credentials these tools legitimately need. Re-allow the minimum
required set via the _HERMES_FORCE_ prefix:
- browser_tool: BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID,
BROWSER_USE_API_KEY, FIRECRAWL_API_KEY,
FIRECRAWL_API_URL, FIRECRAWL_BROWSER_TTL
- rl_training: TINKER_API_KEY, WANDB_API_KEY
Provider keys (OPENAI_API_KEY, ANTHROPIC_TOKEN, GOOGLE_API_KEY, etc.) are
now blocked as intended.
Related: NousResearch#3628 (broader env-scoping feature)
Adds plugins/memory/mnemoria/ with MnemoriaMemoryProvider — a MemoryProvider adapter backed by the mnemoria PyPI package (mnemoria>=0.1.0). - plugin.yaml declares pip_dependencies so hermes memory setup auto-installs - provider.py imports from mnemoria.* (not the old unified_memory module) - pyproject.toml gains [mnemoria] optional extra Enable with: pip install 'hermes-agent[mnemoria]' Then set memory.provider: mnemoria in ~/.hermes/config.yaml
When /background was sent during an active run, it was not in the platform adapter's bypass list and fell through to the interrupt path instead of spawning a parallel background task. Add "background" to the active-session command bypass in the platform adapter, and add an early return in the gateway runner's running-agent guard to route /background to _handle_background_command() before it reaches the default interrupt logic. Fixes NousResearch#6827
Adds a regression test verifying that /background bypasses the active-session guard in the platform adapter, matching the existing test pattern for /stop, /new, /approve, /deny, and /status.
Contributor
|
Merged via PR #7123. The /background bypass fix (3 files) was cherry-picked onto current main with your authorship preserved. The unrelated changes (Mnemoria plugin, browser/vision/RL fixes) were not included — please submit those as separate PRs if you'd like them reviewed. Thanks! |
Contributor
Author
|
Ah yeah apologies @teknium1 have been having some issues lately when running multiple agents at the same time, sometimes commits from another agent get caught up in another agent and seems like my final review run didn't catch this - will be sure to be diligent about pruning out unrelated stuff in future. Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #6827
When
/background <prompt>is sent during an active run, it interrupts the active conversation instead of spawning a parallel background task. This is a two-layer missing guard:gateway/platforms/base.py:1297— the active-session bypass list (approve,deny,status,stop,new,reset) does not includebackground, so the command falls through to the interrupt path at line 1331gateway/run.py:1920-2039— the running-agent guard also has no special handling for/background, so it hitsrunning_agent.interrupt(event.text)at line 2034Changes
"background"to the bypass list ingateway/platforms/base.py_handle_background_command()ingateway/run.pybefore the default interrupt logictests/gateway/test_command_bypass_active_session.pyfollowing the existing test pattern for other bypass commandsTest plan
/backgroundbypass test)/background <prompt>while a Telegram session is active — should return "Background task started" without interrupting the main session/backgroundstill works normally when no session is activePlatform
Tested on macOS (Darwin 24.6.0), Python 3.14.2