clawdie/hermes-bsd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
hermes-bsd/tests/tools
History
Teknium e4e04c2005
fix: make tirith block verdicts approvable instead of hard-blocking (#3428) 
Previously, tirith exit code 1 (block) immediately rejected the command
with no approval prompt — users saw 'BLOCKED: Command blocked by
security scan' and the agent moved on.  This prevented gateway/CLI users
from approving pipe-to-shell installs like 'curl ... | sh' even when
they understood the risk.

Changes:
- Tirith 'block' and 'warn' now both go through the approval flow.
  Users see the full tirith findings (severity, title, description,
  safer alternatives) and can choose to approve or deny.
- New _format_tirith_description() builds rich descriptions from tirith
  findings JSON so the approval prompt is informative.
- CLI startup now warns when tirith is enabled but not available, so
  users know command scanning is degraded to pattern matching only.

The default approval choice is still deny, so the security posture is
unchanged for unattended/timeout scenarios.

Reported via Discord by pistrie — 'curl -fsSL https://mandex.dev/install.sh | sh'
was hard-blocked with no way to approve.
2026-03-27 13:22:01 -07:00
..
__init__.py
test_ansi_strip.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
test_approval.py fix(security): normalize input before dangerous command detection (#3260) 2026-03-26 14:33:18 -07:00
test_browser_cdp_override.py fix: normalize live Chrome CDP endpoints for browser tools 2026-03-19 10:17:03 -07:00
test_browser_cleanup.py
test_browser_console.py
test_browser_homebrew_paths.py fix: add macOS Homebrew paths to browser and terminal PATH resolution 2026-03-23 22:45:55 -07:00
test_checkpoint_manager.py
test_clarify_tool.py
test_clipboard.py
test_code_execution.py refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804) 2026-03-24 07:30:25 -07:00
test_command_guards.py fix: make tirith block verdicts approvable instead of hard-blocking (#3428) 2026-03-27 13:22:01 -07:00
test_config_null_guard.py fix: guard config.get() against YAML null values to prevent AttributeError (#3377) 2026-03-27 04:03:00 -07:00
test_cron_prompt_injection.py
test_cronjob_tools.py
test_daytona_environment.py fix(daytona): migrate sandbox lookup from find_one to get/list 2026-03-19 17:54:46 +01:00
test_debug_helpers.py
test_delegate.py fix(delegate): move _saved_tool_names assignment to correct scope 2026-03-19 09:26:05 -07:00
test_delegate_toolset_scope.py fix(security): restrict subagent toolsets to parent's enabled set (#3269) 2026-03-26 14:50:26 -07:00
test_docker_environment.py refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804) 2026-03-24 07:30:25 -07:00
test_docker_find.py
test_env_passthrough.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
test_file_operations.py
test_file_tools.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
test_file_tools_live.py
test_file_write_safety.py
test_force_dangerous_override.py
test_fuzzy_match.py
test_hidden_dir_filter.py
test_homeassistant_tool.py
test_honcho_tools.py
test_interrupt.py
test_local_env_blocklist.py fix: add macOS Homebrew paths to browser and terminal PATH resolution 2026-03-23 22:45:55 -07:00
test_local_persistent.py
test_mcp_oauth.py fix(mcp-oauth): port mismatch, path traversal, and shared handler state (salvage #2521) (#2552) 2026-03-22 15:02:26 -07:00
test_mcp_probe.py
test_mcp_tool.py fix: add MCP tool name collision protection (#3077) 2026-03-25 16:52:04 -07:00
test_mcp_tool_issue_948.py
test_memory_tool.py
test_mixture_of_agents_tool.py
test_modal_sandbox_fixes.py refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804) 2026-03-24 07:30:25 -07:00
test_parse_env_var.py
test_patch_parser.py fix: handle addition-only hunks in V4A patch parser (#3325) 2026-03-26 19:38:04 -07:00
test_process_registry.py
test_read_loop_detection.py fix: remove post-compression file-read history injection (#2226) 2026-03-20 14:54:25 -07:00
test_registry.py perf(ttft): salvage easy-win startup optimizations from #3346 (#3395) 2026-03-27 07:49:44 -07:00
test_rl_training_tool.py
test_search_hidden_dirs.py
test_send_message_tool.py
test_session_search.py feat(sessions): add --source flag for third-party session isolation (#3255) 2026-03-26 14:35:31 -07:00
test_singularity_preflight.py
test_skill_env_passthrough.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
test_skill_manager_tool.py
test_skill_view_path_check.py
test_skill_view_traversal.py
test_skills_guard.py fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251) 2026-03-26 13:40:21 -07:00
test_skills_hub.py fix(skills): preserve trust for skills-sh identifiers + reduce resolution churn (#3251) 2026-03-26 13:40:21 -07:00
test_skills_hub_clawhub.py
test_skills_sync.py feat: nix flake — uv2nix build, NixOS module, persistent container mode (#20) 2026-03-26 01:08:02 +05:30
test_skills_tool.py perf(ttft): cache skills prompt with shared skill_utils module (salvage #3366) (#3421) 2026-03-27 10:54:02 -07:00
test_ssh_environment.py
test_symlink_prefix_confusion.py
test_terminal_disk_usage.py fix(terminal): log disk warning check failures at debug level (salvage #2372) (#2394) 2026-03-21 17:10:17 -07:00
test_terminal_requirements.py refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804) 2026-03-24 07:30:25 -07:00
test_terminal_tool_requirements.py refactor: remove mini-swe-agent dependency — inline Docker/Modal backends (#2804) 2026-03-24 07:30:25 -07:00
test_tirith_security.py
test_todo_tool.py
test_transcription.py
test_transcription_tools.py
test_url_safety.py fix(security): add SSRF protection to vision_tools and web_tools (hardened) 2026-03-23 15:40:42 -07:00
test_vision_tools.py fix(security): add SSRF protection to vision_tools and web_tools (hardened) 2026-03-23 15:40:42 -07:00
test_voice_cli_integration.py
test_voice_mode.py
test_web_tools_config.py
test_web_tools_tavily.py
test_website_policy.py fix(security): add SSRF protection to browser_navigate (#3058) 2026-03-25 15:16:57 -07:00
test_windows_compat.py
test_write_deny.py
test_yolo_mode.py