clawdie/hermes-bsd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
hermes-bsd/scripts
History
Philip D'Souza 92dfd70d6a
fix(photon): production hardening for the gRPC-native iMessage channel (#42732) 
* fix(photon): override transitive CVEs in the sidecar deps

`npm audit` flagged 7 high-severity transitive CVEs (protobufjs code injection
GHSA-66ff-xgx4-vchm + outdated @opentelemetry OTLP exporters) pulled in via
spectrum-ts -> @photon-ai/otel. npm's suggested fix downgrades spectrum-ts to a
version that targets the decommissioned spectrum host, so instead pin patched
versions via `overrides` (protobufjs 8.6.1, @opentelemetry/* 0.218.0) without
touching spectrum-ts. `npm audit` -> 0; spectrum-ts + provider still import.

* fix(photon): harden the sidecar bridge + bound the dedup cache

- constant-time sidecar control-token comparison (was `!==`, timing-attackable).
- cap the control-channel request body (2 MiB) so a compromised local peer can't
  OOM the sidecar.
- wrap the inbound gRPC stream consumer in a re-subscribe loop with capped
  exponential backoff + jitter — if the async iterator throws/ends it would
  otherwise stop inbound forever (the adapter dedupes any replay).
- add an unhandledRejection handler so a stray rejection logs instead of killing
  the process.
- dedup cache (adapter) was a true bounded LRU only for expired entries; a burst
  of unique ids within the window grew it without limit. Evict oldest at the cap.

* chore: add AUTHOR_MAP entry for PhilipAD

---------

Co-authored-by: PhilipAD <philipadsouza@gmail.com>
2026-06-09 11:12:58 -04:00
..
lib fix(installer): symlink bundled node/npm into command bin dir for FHS root installs 2026-06-04 02:31:49 -07:00
tests
whatsapp-bridge Add Hermes desktop app (#20059) 2026-05-31 17:46:56 -05:00
analyze_livetest.py test(tool-search): add live A/B harness, drop checked-in transcripts 2026-05-29 02:04:12 -07:00
benchmark_browser_eval.py
build_model_catalog.py
build_skills_index.py fix(skills-hub): stop shipping a degenerate index when GitHub taps collapse (#42347) 2026-06-08 15:21:28 -07:00
check-windows-footguns.py
check_subprocess_stdin.py fix: keep interactive OAuth setup-token inheriting stdin 2026-06-08 22:46:57 -07:00
contributor_audit.py chore: release v0.16.0 (2026.6.5) (#40206) 2026-06-05 17:55:43 -07:00
discord-voice-doctor.py
docker_config_migrate.py fix(docker): run config migrations during container boot (salvage #35508) (#36627) 2026-06-04 11:11:27 +10:00
hermes-gateway
install.cmd fix(docs): update all install instructions everywhere 2026-06-04 21:07:45 -04:00
install.ps1 fix(update): scope git fetch to target branch 2026-06-08 15:24:31 -04:00
install.sh fix(update): scope git fetch to target branch 2026-06-08 15:24:31 -04:00
install_psutil_android.py
keystroke_diagnostic.py
kill_modal.sh
lint_diff.py
LIVETEST_README.md test(tool-search): add live A/B harness, drop checked-in transcripts 2026-05-29 02:04:12 -07:00
profile-tui.py
release.py fix(photon): production hardening for the gRPC-native iMessage channel (#42732) 2026-06-09 11:12:58 -04:00
run_tests.sh
run_tests_parallel.py fix(tests): retry per-file pytest subprocess once on exit-4 when the file exists 2026-06-08 13:38:30 -07:00
sample_and_compress.py
setup_open_webui.sh
tool_search_livetest.py test(tool-search): redact secrets from harness transcripts + console 2026-05-29 02:04:12 -07:00