whyhkzk 1495f0cc38 fix(file-safety): extend sandbox-mirror guard to cover inner-container path (#32049) (#32407) ... * fix(file-safety): extend sandbox-mirror guard to cover inner-container path (#32049) Brian's shape-based guard (#32213) catches paths that still carry the full sandboxes/<backend>/<task>/home/.hermes/… prefix on the host side. The inner-container case is not covered: when file tools execute inside Docker the bind-mount strips that prefix, so the guard receives plain /root/.hermes/… and passes through. The root:root ownership on the divergent SOUL.md in #32049 confirms this is the primary failure mode. Add a ContextVar (_CONTAINER_HERMES_MIRROR) set by DockerEnvironment when persistent=True. classify_container_mirror_target / get_container_ mirror_warning detect any write whose resolved path falls under that prefix, using the same warning format and cross_profile=True bypass contract as the existing guards. Chain the new guard in _check_cross_profile_path after the two existing detectors. * fix(file-safety): derive Docker mirror guard from task --------- Co-authored-by: Ben <ben@nousresearch.com>		2026-06-02 14:03:37 +10:00
..
lsp	fix(lsp): handle Windows .cmd shims in LSP process spawn	2026-05-30 02:08:36 -07:00
secret_sources	chore: prune unused imports and duplicate import redefinitions	2026-05-28 22:26:25 -07:00
transports	chore: prune unused imports and duplicate import redefinitions	2026-05-28 22:26:25 -07:00
__init__.py	fix(agent): preload jiter native parser	2026-05-28 00:20:11 -07:00
account_usage.py
agent_init.py	chore: prune unused imports and duplicate import redefinitions	2026-05-28 22:26:25 -07:00
agent_runtime_helpers.py	fix(tool-search): scope bridge catalog + dispatch to the session's toolsets	2026-05-29 02:04:12 -07:00
anthropic_adapter.py	fix(anthropic): demote dead thinking signature when orphan-strip mutates the latest turn	2026-05-31 06:14:34 -07:00
async_utils.py
auxiliary_client.py	fix(auxiliary): pass base_url/api_key/api_mode through set_runtime_main for custom providers	2026-05-30 02:38:59 -07:00
azure_identity_adapter.py
background_review.py	test: cover ci-unblocker production regressions	2026-05-27 22:14:53 -07:00
bedrock_adapter.py	chore: remove dead code — 28 unused functions/classes across 16 files	2026-05-29 04:22:27 -07:00
browser_provider.py
browser_registry.py	style: restore PEP8 blank-line separation after dead-code removal	2026-05-29 04:22:27 -07:00
chat_completion_helpers.py	revert: drop cumulative-resend tool-arg heuristic from shared streaming path (#35718) (#35860)	2026-05-31 06:14:32 -07:00
codex_responses_adapter.py	feat(prompt): universal task-completion guidance + local Python toolchain probe (#34340)	2026-05-28 22:26:09 -07:00
codex_runtime.py	chore: prune unused imports and duplicate import redefinitions	2026-05-28 22:26:25 -07:00
context_compressor.py	fix(compressor): strip stale handoff prefix on resume; reconcile #26290+#32787 (#35344)	2026-05-30 07:29:21 -07:00
context_engine.py	fix(compression): avoid repeat preflight compaction from rough estimates	2026-05-29 19:05:03 -07:00
context_references.py
conversation_compression.py	fix: batch of small robustness/correctness fixes from @kyssta-exe	2026-06-01 19:51:03 -07:00
conversation_loop.py	fix(agent): stop reporting broken streams as output-length truncation (#36705)	2026-06-01 03:01:20 -07:00
copilot_acp_client.py
credential_persistence.py	fix: avoid persisting borrowed credential secrets (#31416)	2026-05-25 00:32:08 -07:00
credential_pool.py	refactor(auth): remove vestigial Nous min_key_ttl/inference_auth_mode params	2026-05-29 02:24:48 -07:00
credential_sources.py	docs(auth): replace stale 'hermes login' references with 'hermes auth add'	2026-05-26 15:41:11 -07:00
curator.py	feat(curator): prune built-in skills after inactivity + track usage for all skills (#36701)	2026-06-01 02:07:32 -07:00
curator_backup.py	feat(curator): prune built-in skills after inactivity + track usage for all skills (#36701)	2026-06-01 02:07:32 -07:00
display.py	chore(web): remove web_crawl tool + provider crawl plumbing (#33824)	2026-05-28 04:52:42 -07:00
error_classifier.py	fix(agent): fallback immediately on provider content-policy blocks (#33883)	2026-05-28 07:28:24 -07:00
file_safety.py	fix(file-safety): extend sandbox-mirror guard to cover inner-container path (#32049) (#32407)	2026-06-02 14:03:37 +10:00
gemini_cloudcode_adapter.py
gemini_native_adapter.py
gemini_schema.py
google_code_assist.py	chore: prune unused imports and duplicate import redefinitions	2026-05-28 22:26:25 -07:00
google_oauth.py	fix(auth): don't launch a text-mode browser inside the terminal for OAuth (#34479)	2026-05-29 01:23:06 -07:00
i18n.py
image_gen_provider.py	fix(image_gen): cache xAI ephemeral URL responses to disk (#26942) (#31759)	2026-05-24 18:10:47 -07:00
image_gen_registry.py
image_routing.py	feat(kanban): attach images referenced in task bodies to worker vision (#34210)	2026-05-28 17:50:42 -07:00
insights.py
iteration_budget.py
jiter_preload.py	fix(agent): preload jiter native parser	2026-05-28 00:20:11 -07:00
lmstudio_reasoning.py
manual_compression_feedback.py
markdown_tables.py
memory_manager.py	fix(memory): only forward rewound kwarg when set	2026-06-01 01:22:38 -07:00
memory_provider.py	feat(memory): add rewound kwarg to on_session_switch hook	2026-06-01 01:22:38 -07:00
message_sanitization.py	revert: drop cumulative-resend tool-arg heuristic from shared streaming path (#35718) (#35860)	2026-05-31 06:14:32 -07:00
model_metadata.py	fix(minimax): drop stale ≤204,800 cache entries for MiniMax-M3 (#36726)	2026-06-01 14:59:07 -07:00
models_dev.py	remove Vercel AI Gateway and Vercel Sandbox (#33067)	2026-05-27 00:43:32 -07:00
moonshot_schema.py	Add Hermes desktop app (#20059)	2026-05-31 17:46:56 -05:00
nous_rate_guard.py
onboarding.py
plugin_llm.py
portal_tags.py
process_bootstrap.py
prompt_builder.py	fix(prompt): show configured working directory in system prompt (closes #24882, #24969, #27383, #29265)	2026-06-01 16:55:04 -07:00
prompt_caching.py
rate_limit_tracker.py
redact.py	fix: remove Discord mention redaction from secret scrubber	2026-05-30 20:48:41 -07:00
retry_utils.py
runtime_cwd.py	docs(agent): correct resolve_context_cwd comment (None → caller getcwd fallback, not skip)	2026-06-01 16:55:04 -07:00
shell_hooks.py
skill_bundles.py
skill_commands.py
skill_preprocessing.py
skill_utils.py	fix(skills): load Linux-tagged skills on Termux (android sys.platform)	2026-05-21 19:08:38 -07:00
stream_diag.py	feat(agent): buffer retry/fallback status, surface only on terminal failure (#33816)	2026-05-28 04:53:27 -07:00
subdirectory_hints.py	fix(subdirectory_hints): prevent loading AGENTS.md outside workspace	2026-05-25 23:17:33 -07:00
system_prompt.py	refactor(prompt): route context-file cwd through runtime_cwd resolver	2026-06-01 16:55:04 -07:00
think_scrubber.py
title_generator.py
tool_dispatch_helpers.py	feat(security): promptware defense — shared threat patterns + memory load-time scan + tool-result delimiters (#32269)	2026-05-25 14:52:24 -07:00
tool_executor.py	fix(tools): wrap _run_tool cleanup in finally to prevent interrupt state leak	2026-05-30 07:28:11 -07:00
tool_guardrails.py
tool_result_classification.py
trajectory.py
transcription_provider.py	feat(stt): add register_transcription_provider() plugin hook	2026-05-25 01:41:19 -07:00
transcription_registry.py	feat(stt): add register_transcription_provider() plugin hook	2026-05-25 01:41:19 -07:00
tts_provider.py	feat(tts): add register_tts_provider() plugin hook (closes #30398)	2026-05-24 18:04:54 -07:00
tts_registry.py	feat(tts): add register_tts_provider() plugin hook (closes #30398)	2026-05-24 18:04:54 -07:00
usage_pricing.py	feat: add claude-opus-4.8 and claude-opus-4.8-fast (#34003)	2026-05-28 10:31:59 -07:00
video_gen_provider.py
video_gen_registry.py
web_search_provider.py	chore(web): remove web_crawl tool + provider crawl plumbing (#33824)	2026-05-28 04:52:42 -07:00
web_search_registry.py	chore(web): remove web_crawl tool + provider crawl plumbing (#33824)	2026-05-28 04:52:42 -07:00