hermes-bsd/tests
Ben 1928aa0443 fix(managed-scope): honor managed scope in config→env bridges too
Manual verification surfaced a second bypass class beyond the standalone
config loaders: several code paths bridge config.yaml values into os.environ
(HERMES_TIMEZONE, HERMES_REDACT_SECRETS, HERMES_MAX_ITERATIONS, TERMINAL_*,
network.force_ipv4, ...) by reading the raw user YAML, so the env the whole
process reads carried the USER's value even when an administrator pinned it —
e.g. a managed timezone was overridden because gateway/run.py wrote the user's
timezone into HERMES_TIMEZONE, and _resolve_timezone_name() checks the env var
first.

Wired the shared apply_managed_overlay() into every config→env bridge:

- gateway/run.py module-level startup bridge (timezone, redact_secrets,
  max_turns, terminal, display, gateway.strict, ...)
- gateway/run.py _reload_runtime_env_preserving_config_authority (the per-turn
  re-bridge that keeps config authoritative over reloaded .env — must keep
  MANAGED authoritative on every turn, not just startup)
- hermes_cli/main.py early security.redact_secrets / network.force_ipv4 bridge
  (runs before load_config is usable, at import time)
- hermes_cli/send_cmd.py top-level scalar config→env bridge

Verified end-to-end against a writable managed dir (12/12 checks incl. timezone,
logging, model, skin, gateway settings, write-guard) and in a clean process the
gateway per-turn bridge writes HERMES_TIMEZONE=<managed>. Adds an
order-independent regression test for the bridge overlay.
2026-06-19 07:46:33 -07:00
..
acp feat(gateway): inject stable human-readable message timestamps 2026-06-16 15:49:59 -07:00
acp_adapter
agent feat(gateway): multiplex phase 2 — fail-closed profile credential isolation (Workstream A) 2026-06-19 07:34:15 -07:00
cli feat(billing): /billing terminal billing — interactive TUI + CLI client (#45449) 2026-06-19 01:53:32 +05:30
cron fix: complete cron jobs lock salvage 2026-06-15 06:29:00 -07:00
docker Harden hosted Docker install tree against self-modification (#47490) 2026-06-18 09:09:21 +10:00
e2e fix(gateway): include replied-to media attachments (#46107) 2026-06-14 04:51:50 -07:00
fakes
fixtures/plugins/example-dashboard/dashboard
gateway fix(kanban): cross-platform dispatcher lock + explicit release 2026-06-19 07:35:33 -07:00
hermes_cli fix(managed-scope): honor managed scope in config→env bridges too 2026-06-19 07:46:33 -07:00
hermes_state test: narrow db._conn before raw SQL so ty stops flagging None-union access 2026-06-18 16:04:58 -05:00
honcho_plugin
integration
openviking_plugin fix(openviking): guard empty tool_id in batch skip set; reuse env_var_enabled 2026-06-19 13:53:39 +05:30
plugins fix(hindsight): lazy-install cloud client dependency 2026-06-19 07:36:28 -07:00
providers fix(models): pass model.base_url to fetch_models in /model picker 2026-06-16 13:09:40 -07:00
run_agent fix(agent): aggregate anthropic aux calls via stream 2026-06-19 17:32:13 +05:30
scripts
skills
stress
tools feat(tts): add xAI TTS speed and optimize_streaming_latency config knobs 2026-06-19 07:26:56 -07:00
tui_gateway fix(model): persist /model switch by default across sessions 2026-06-19 07:07:06 -07:00
website
__init__.py
conftest.py feat(managed-scope): add managed_scope module (resolver, loaders, key helpers) 2026-06-19 07:46:33 -07:00
run_interrupt_test.py
test_account_usage.py
test_assistant_ui_tap_compat.py test(deps): guard @assistant-ui cluster on one tap version 2026-06-15 11:55:02 -04:00
test_atomic_replace_symlinks.py fix(utils): copy fallback for atomic replace across devices (#43852) 2026-06-13 14:50:05 -07:00
test_base_url_hostname.py
test_batch_runner_checkpoint.py
test_bitwarden_secrets.py
test_cli_file_drop.py
test_cli_manual_compress.py
test_cli_skin_integration.py
test_ctx_halving_fix.py
test_dashboard_sidecar_close_on_disconnect.py fix(dashboard): scope chat sidebar model card to selected profile (#46665) 2026-06-15 12:50:19 -04:00
test_desktop_electron_pin.py fix(desktop): resolve electronDist dynamically + self-heal blocked installs (supersedes #48081/#48082) (#48091) 2026-06-17 18:48:35 -05:00
test_desktop_mac_entitlements.py
test_dispatch_session_id.py fix(dispatch): forward session_id into registry.dispatch (#28479) 2026-06-14 00:27:59 -04:00
test_docker_home_override_scripts.py
test_docker_stage2_browser_discovery.py
test_docker_webui_install_surface.py fix(docker): support WebUI installs from read-only sources (#48541) 2026-06-19 10:52:16 +10:00
test_dockerfile_tini_compat_shim.py
test_empty_model_fallback.py
test_empty_session_hygiene.py
test_env_loader_secret_sources.py
test_evidence_store.py
test_gateway_streaming_nested_config.py
test_get_tool_definitions_cache_isolation.py
test_hermes_bootstrap.py
test_hermes_constants.py fix(cli): detect containerd/CRI cgroup-v2 containers in is_container() (#47131) 2026-06-17 12:11:31 +10:00
test_hermes_home_profile_warning.py
test_hermes_logging.py fix(logging): alias RotatingFileHandler to concurrent-log-handler (salvage #44921) (#46794) 2026-06-17 15:39:04 -05:00
test_hermes_state.py test(sessions): cover title reclaim across a compression lineage 2026-06-19 17:36:18 +05:30
test_hermes_state_compression_locks.py
test_hermes_state_wal_fallback.py
test_honcho_client_concurrency.py
test_honcho_client_config.py
test_honcho_session_context.py
test_honcho_startup_fail_open.py
test_install_no_initial_commit.py
test_install_ps1_native_stderr_eap.py fix(install): fail fast when uv venv genuinely fails under relaxed EAP 2026-06-18 22:11:35 +05:30
test_install_ps1_uv_powershell_host.py test(install): lock uv installer to a resolved PowerShell host 2026-06-18 16:26:34 +07:00
test_install_sh_browser_install.py
test_install_sh_install_method_stamp.py fix(update): scope install-method stamp to the code tree, not $HERMES_HOME (#48188) 2026-06-18 14:14:41 +10:00
test_install_sh_node_global_prefix.py fix(install): repair existing managed-Node global prefix on re-run 2026-06-14 17:34:11 +07:00
test_install_sh_pythonpath_sanitization.py
test_install_sh_root_fhs_uv_python_path.py
test_install_sh_setup_wizard_tty_probe.py
test_install_sh_symlink_stomp.py
test_install_sh_termux_network_prereqs.py
test_install_unmerged_index.py test(installer): regression for unmerged-index update failure 2026-06-13 05:19:44 -07:00
test_ipv4_preference.py
test_lazy_session_regressions.py
test_lint_config.py
test_live_system_guard_self_test.py
test_mcp_serve.py
test_mini_swe_runner.py
test_minimax_model_validation.py
test_minimax_oauth.py
test_minisweagent_path.py
test_model_forces_max_completion_tokens.py
test_model_picker_scroll.py
test_model_tools.py
test_model_tools_async_bridge.py
test_ollama_num_ctx.py
test_output_cap_parsing.py
test_package_json_lazy_deps.py
test_packaging_metadata.py feat(mcp-catalog): add official Unreal Engine 5.8 MCP server 2026-06-18 09:16:40 -07:00
test_plugin_skills.py
test_plugin_utils.py
test_process_loop_event_loop_warning.py
test_project_metadata.py
test_retry_utils.py
test_run_tests_parallel.py fix(ci): remove pytest-timeout, use per-file timeout only 2026-06-12 13:42:42 -04:00
test_sanitize_tool_error.py
test_slash_worker_watchdog.py
test_sql_injection.py
test_state_db_malformed_repair.py
test_subprocess_home_isolation.py fix: make profile subprocess HOME policy explicit 2026-06-14 03:20:21 -07:00
test_termux_all_extra_compat.py
test_timezone.py
test_toolset_distributions.py
test_toolsets.py
test_trajectory_compressor.py
test_trajectory_compressor_async.py
test_transform_llm_output_hook.py
test_transform_tool_result_hook.py
test_tui_gateway_server.py test: narrow db._conn before raw SQL so ty stops flagging None-union access 2026-06-18 16:04:58 -05:00
test_tui_gateway_ws.py feat(desktop): composer status stack, live subagent windows, editable prompts (#44630) 2026-06-12 08:30:06 -05:00
test_tui_mcp_late_refresh.py fix(tui): refresh tool snapshot when MCP discovery lands after agent build (#48403) 2026-06-18 05:41:23 -07:00
test_utils_truthy_values.py
test_web_server.py refactor(desktop): use port 0 for ephemeral port discovery instead of PortPool reservation 2026-06-12 14:02:19 -04:00
test_wheel_locales_e2e.py
test_yuanbao_integration.py
test_yuanbao_markdown.py
test_yuanbao_pipeline.py feat(Yuanbao): support wechat forward msg (#43508) 2026-06-12 02:06:47 -07:00
test_yuanbao_proto.py
test_yuanbao_shutdown.py