clawdie/hermes-bsd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
hermes-bsd/tests/plugins
History
Philip D'Souza 92dfd70d6a
fix(photon): production hardening for the gRPC-native iMessage channel (#42732) 
* fix(photon): override transitive CVEs in the sidecar deps

`npm audit` flagged 7 high-severity transitive CVEs (protobufjs code injection
GHSA-66ff-xgx4-vchm + outdated @opentelemetry OTLP exporters) pulled in via
spectrum-ts -> @photon-ai/otel. npm's suggested fix downgrades spectrum-ts to a
version that targets the decommissioned spectrum host, so instead pin patched
versions via `overrides` (protobufjs 8.6.1, @opentelemetry/* 0.218.0) without
touching spectrum-ts. `npm audit` -> 0; spectrum-ts + provider still import.

* fix(photon): harden the sidecar bridge + bound the dedup cache

- constant-time sidecar control-token comparison (was `!==`, timing-attackable).
- cap the control-channel request body (2 MiB) so a compromised local peer can't
  OOM the sidecar.
- wrap the inbound gRPC stream consumer in a re-subscribe loop with capped
  exponential backoff + jitter — if the async iterator throws/ends it would
  otherwise stop inbound forever (the adapter dedupes any replay).
- add an unhandledRejection handler so a stray rejection logs instead of killing
  the process.
- dedup cache (adapter) was a true bounded LRU only for expired entries; a burst
  of unique ids within the window grew it without limit. Evict oldest at the cap.

* chore: add AUTHOR_MAP entry for PhilipAD

---------

Co-authored-by: PhilipAD <philipadsouza@gmail.com>
2026-06-09 11:12:58 -04:00
..
browser
dashboard_auth feat(dashboard-auth): add generic self-hosted OIDC provider 2026-06-04 03:23:45 -07:00
image_gen fix(image_gen): use gpt-5.5 for Codex image host 2026-06-06 19:31:51 -07:00
memory fix(hindsight): send only new-turn delta on append retains instead of whole session (#40605) 2026-06-07 17:41:10 -07:00
model_providers fix(kimi): send thinking xor reasoning_effort, never both 2026-06-07 01:24:29 -07:00
platforms/photon fix(photon): production hardening for the gRPC-native iMessage channel (#42732) 2026-06-09 11:12:58 -04:00
transcription
tts
video_gen
web
__init__.py
test_achievements_plugin.py
test_disk_cleanup_plugin.py fix(cron): re-validate stale cron-output entries before deletion (#37721) 2026-06-04 07:52:04 -07:00
test_google_meet_audio.py
test_google_meet_node.py
test_google_meet_plugin.py
test_google_meet_realtime.py
test_kanban_attachments.py
test_kanban_dashboard_plugin.py fix(dashboard): sanction plugin WS/upload auth via SDK helpers (gated mode) 2026-06-03 16:59:36 -07:00
test_kanban_worker_runs.py
test_langfuse_plugin.py fix(langfuse): restore usage/cost when post_api_request sends a sanitized response 2026-06-07 00:06:39 +09:00
test_nemo_relay_plugin.py fix(nemo-relay): preserve downstream errors in adaptive execution (#42691) 2026-06-09 02:31:10 -07:00
test_plugin_dashboard_auth_contract.py fix(dashboard): sanction plugin WS/upload auth via SDK helpers (gated mode) 2026-06-03 16:59:36 -07:00
test_retaindb_plugin.py
test_security_guidance_plugin.py
test_teams_pipeline_plugin.py