clawdie/hermes-bsd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
hermes-bsd/agent
History
RaumfahrerSpiffy 7a1eed8268 fix(anthropic): redact replayed tool inputs and broaden thinking-replay 400 recovery 
Two additive hardening changes on the interleaved-thinking replay path
introduced by this PR's anthropic_content_blocks channel. Both are scoped
to that channel's blast radius; neither changes correct behavior.

1. Replay-time tool-input re-sourcing (credential safety).
   The ordered-block channel captures each tool_use `input` from the RAW
   API response in normalize_response, which is NOT credential-redacted.
   The parallel tool_calls[].function.arguments IS redacted at storage
   time (build_assistant_message, #19798). The verbatim-replay fast path
   in _convert_assistant_message replayed the raw block input, so a secret
   a model inlined into a tool call (e.g. an Authorization header value
   passed inside a terminal command) would ride back onto the wire even
   though it is redacted everywhere else in history. Re-source tool_use
   input from the redacted tool_calls map by
   sanitized id; interleave order (the reason this channel exists) is
   unaffected. Adapted from #36071, which re-sources tool inputs the same
   way on its replay path.

2. Broaden the thinking-replay 400 classifier (defense-in-depth).
   error_classifier only matched "signature" + "thinking", so the
   frozen-block variant — "thinking ... blocks in the latest assistant
   message cannot be modified. These blocks must remain as they were in
   the original response." — carried no "signature" token and fell through
   to a non-retryable abort. The anthropic_content_blocks channel prevents
   the reorder that triggers this 400 at the source, but if any future
   mutator reintroduces it, the turn now self-heals via the existing
   strip-reasoning-and-retry recovery instead of crash-looping. A negative
   case ensures an unrelated "cannot be modified" 400 (no "thinking") is
   not swept in. Mirrors the classifier broadening in #36087 and #36071.

Tests
- tests/agent/test_anthropic_thinking_block_order.py: a replay test
  asserting an inlined secret is redacted on the wire while interleave
  order is preserved.
- tests/agent/test_error_classifier.py: three cases — frozen-block 400
  native and via OpenRouter route to thinking_signature/retryable; an
  unrelated "cannot be modified" 400 does not.
Both grafts verified RED (tests fail with the change reverted) then GREEN.
Full adapter, transport, classifier and output-field-leak suites pass.

Co-authored-by: AlexanderBFoley <92330381+AlexanderBFoley@users.noreply.github.com>
2026-06-10 20:45:16 -07:00
..
lsp fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
secret_sources fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
transports fix(anthropic): strip output-only SDK fields from replayed content blocks 2026-06-10 20:45:16 -07:00
__init__.py
account_usage.py feat(credits): usage-aware credits — in-session notices, /usage view, dev readout (#40011) 2026-06-06 13:18:18 +05:30
agent_init.py feat(desktop): resizable VS Code-themed terminal pane + palette polish (#42521) 2026-06-09 23:15:20 -05:00
agent_runtime_helpers.py feat(desktop): resizable VS Code-themed terminal pane + palette polish (#42521) 2026-06-09 23:15:20 -05:00
anthropic_adapter.py fix(anthropic): redact replayed tool inputs and broaden thinking-replay 400 recovery 2026-06-10 20:45:16 -07:00
async_utils.py
auxiliary_client.py fix(params): send max_completion_tokens for newer OpenAI families on custom endpoints 2026-06-09 23:22:10 -07:00
azure_identity_adapter.py
background_review.py fix(compression): disable compression on background-review fork to prevent cross-turn stale-parent fork (#41708) 2026-06-07 22:06:48 -07:00
bedrock_adapter.py chore: remove dead code — 28 unused functions/classes across 16 files 2026-05-29 04:22:27 -07:00
browser_provider.py
browser_registry.py style: restore PEP8 blank-line separation after dead-code removal 2026-05-29 04:22:27 -07:00
chat_completion_helpers.py fix(anthropic): preserve interleaved thinking/tool_use block order on replay 2026-06-10 20:45:16 -07:00
codex_responses_adapter.py feat(prompt): universal task-completion guidance + local Python toolchain probe (#34340) 2026-05-28 22:26:09 -07:00
codex_runtime.py fix(codex): record app-server token usage in session accounting 2026-06-09 02:46:04 -07:00
context_compressor.py fix(compression): clear _previous_summary on session end (defense-in-depth) 2026-06-07 22:09:45 -07:00
context_engine.py fix(compression): avoid repeat preflight compaction from rough estimates 2026-05-29 19:05:03 -07:00
context_references.py fix(agent): make a binary @file: reference actionable instead of a dead end 2026-06-09 19:16:46 -05:00
conversation_compression.py test(gateway): add compression session_id rotation integration tests (#34089) 2026-06-07 22:39:51 -07:00
conversation_loop.py fix(agent): strip api_messages in thinking-signature recovery so the retry actually omits thinking blocks 2026-06-10 12:39:44 -07:00
copilot_acp_client.py
credential_persistence.py
credential_pool.py fix(auth): add Codex OAuth accounts as distinct pool entries 2026-06-08 11:57:03 -07:00
credential_sources.py
credits_tracker.py Suppress "Credit access paused" notice on free models (#43669) 2026-06-10 23:55:06 +05:30
curator.py fix(curator): use shared atomic state writer 2026-06-10 03:04:54 -07:00
curator_backup.py feat(curator): prune built-in skills after inactivity + track usage for all skills (#36701) 2026-06-01 02:07:32 -07:00
display.py feat(web): Parallel-backed web search & extract — free Search MCP when keyless, v1 REST when keyed 2026-06-10 19:54:38 -07:00
error_classifier.py fix(agent): route 'thinking blocks cannot be modified' 400 to recovery 2026-06-10 12:39:44 -07:00
file_safety.py fix(file-safety): extend sandbox-mirror guard to cover inner-container path (#32049) (#32407) 2026-06-02 14:03:37 +10:00
gemini_cloudcode_adapter.py
gemini_native_adapter.py fix(gemini): default native maxOutputTokens + strip OpenAI extra_body on Gemini endpoints (#39730) 2026-06-05 03:53:59 -07:00
gemini_schema.py
google_code_assist.py chore: prune unused imports and duplicate import redefinitions 2026-05-28 22:26:25 -07:00
google_oauth.py fix(auth): don't launch a text-mode browser inside the terminal for OAuth (#34479) 2026-05-29 01:23:06 -07:00
i18n.py fix(packaging): ship locales/ i18n catalogs in wheel, sdist, and Nix (#38383) 2026-06-03 12:00:27 -07:00
image_gen_provider.py
image_gen_registry.py
image_routing.py fix(vision): honor custom_providers per-model supports_vision (#41036) 2026-06-07 21:50:57 -07:00
insights.py refactor(insights): drop dead pricing/duration wrappers, call usage_pricing directly (#40618) 2026-06-07 18:33:20 -07:00
iteration_budget.py
jiter_preload.py
lmstudio_reasoning.py
manual_compression_feedback.py
markdown_tables.py
memory_manager.py fix(memory): run end-of-turn sync off the turn thread (#41945) 2026-06-08 02:18:59 -07:00
memory_provider.py feat(memory): add rewound kwarg to on_session_switch hook 2026-06-01 01:22:38 -07:00
message_sanitization.py revert: drop cumulative-resend tool-arg heuristic from shared streaming path (#35718) (#35860) 2026-05-31 06:14:32 -07:00
model_metadata.py fix(model_metadata): prefer hardcoded 1M for MiniMax M3 over stale models.dev probe 2026-06-09 23:24:40 -07:00
models_dev.py
moonshot_schema.py Add Hermes desktop app (#20059) 2026-05-31 17:46:56 -05:00
nous_rate_guard.py
onboarding.py feat(onboarding): opt-in structured profile-build path on first contact (#41114) 2026-06-07 08:36:48 -07:00
plugin_llm.py
portal_tags.py
process_bootstrap.py
prompt_builder.py feat(desktop): resizable VS Code-themed terminal pane + palette polish (#42521) 2026-06-09 23:15:20 -05:00
prompt_caching.py
rate_limit_tracker.py
redact.py fix: remove Discord mention redaction from secret scrubber 2026-05-30 20:48:41 -07:00
retry_utils.py
runtime_cwd.py fix(desktop): stabilize project folder sessions (#37586) 2026-06-02 20:23:09 +00:00
shell_hooks.py
skill_bundles.py
skill_commands.py refactor(skills): clean up bundled skill set + add environments: relevance gate (#39028) 2026-06-04 06:11:22 -07:00
skill_preprocessing.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
skill_utils.py refactor(skills): clean up bundled skill set + add environments: relevance gate (#39028) 2026-06-04 06:11:22 -07:00
stream_diag.py feat(agent): buffer retry/fallback status, surface only on terminal failure (#33816) 2026-05-28 04:53:27 -07:00
subdirectory_hints.py
system_prompt.py fix(agent): make mid-turn /steer trusted, not read as injection 2026-06-05 20:59:36 -05:00
think_scrubber.py
title_generator.py
tool_dispatch_helpers.py
tool_executor.py feat(desktop): resizable VS Code-themed terminal pane + palette polish (#42521) 2026-06-09 23:15:20 -05:00
tool_guardrails.py
tool_result_classification.py
trajectory.py
transcription_provider.py
transcription_registry.py
tts_provider.py
tts_registry.py
turn_context.py refactor(agent): extract run_conversation prologue into agent/turn_context.py 2026-06-07 22:17:35 -07:00
turn_finalizer.py refactor(agent): extract run_conversation post-loop tail into finalize_turn (god-file Phase 1) 2026-06-08 09:42:23 -07:00
turn_retry_state.py refactor(agent): consolidate inner-retry-loop recovery flags into TurnRetryState (god-file Phase 1b) 2026-06-07 22:42:05 -07:00
usage_pricing.py fix(model): require confirmation for expensive model selections 2026-06-10 00:24:06 -07:00
video_gen_provider.py
video_gen_registry.py
web_search_provider.py
web_search_registry.py