clawdie/hermes-bsd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
hermes-bsd/tests/cli
History
0xbyt4 f6736ced81 fix(security): sanitize env and redact output in quick commands + remove write-only _pending_messages 
1. Quick command exec ran in the gateway process's full environment
   without env sanitization or output redaction. A quick command like
   "env" or "printenv" would leak all API keys, OAuth tokens, and
   bot credentials to the messaging user.

   Fix: apply _sanitize_subprocess_env() before exec and
   redact_sensitive_text() on output before returning.

2. GatewayRunner._pending_messages was written on every interrupt
   (lines 1331-1334) but never read or consumed anywhere. The actual
   interrupt delivery uses adapter._pending_messages (a separate dict).
   Removed the write-only accumulation to prevent unbounded growth.
2026-05-10 22:12:23 -07:00
..
__init__.py
test_branch_command.py
test_busy_input_mode_command.py
test_cli_approval_ui.py feat(openrouter): wire Pareto Code router with min_coding_score knob (#22838) 2026-05-09 14:47:00 -07:00
test_cli_background_tui_refresh.py
test_cli_bracketed_paste_sanitizer.py
test_cli_browser_connect.py
test_cli_context_warning.py
test_cli_copy_command.py
test_cli_extension_hooks.py
test_cli_external_editor.py
test_cli_file_drop.py fix(cli): catch OSError in _resolve_attachment_path to prevent ENAMETOOLONG dropping long slash commands 2026-05-06 06:34:48 -07:00
test_cli_force_redraw.py fix(cli): recover classic CLI output after resize 2026-05-06 04:20:54 -07:00
test_cli_goal_interrupt.py feat(goals): /goal checklist + /subgoal user controls (#23456) 2026-05-10 16:56:51 -07:00
test_cli_image_command.py
test_cli_init.py fix(cli): make Ctrl+Enter insert newline on WSL/SSH/Windows Terminal (#22777) 2026-05-09 12:48:14 -07:00
test_cli_interrupt_subagent.py
test_cli_loading_indicator.py
test_cli_markdown_rendering.py
test_cli_mcp_config_watch.py
test_cli_new_session.py feat: confirm prompt for destructive slash commands (#4069) (#22687) 2026-05-09 11:04:46 -07:00
test_cli_prefix_matching.py
test_cli_preloaded_skills.py
test_cli_provider_resolution.py
test_cli_reload_skills.py
test_cli_retry.py
test_cli_save_config_value.py fix(cli): preserve config comments on setting writes 2026-05-09 17:55:12 -07:00
test_cli_secret_capture.py
test_cli_shift_enter_newline.py feat(cli): recognise Shift+Enter as a newline key 2026-05-08 16:26:51 -07:00
test_cli_shutdown_memory_messages.py
test_cli_skin_integration.py
test_cli_status_bar.py refactor: replace 'cmp' text with 🗜️ emoji in status bar 2026-05-07 05:27:45 -07:00
test_cli_status_command.py
test_cli_steer_busy_path.py
test_cli_terminal_response_sanitizer.py
test_cli_tools_command.py
test_cli_user_message_preview.py
test_compress_focus.py
test_cprint_bg_thread.py fix(cli): recover classic CLI output after resize 2026-05-06 04:20:54 -07:00
test_ctrl_enter_newline.py fix(cli): make Ctrl+Enter insert newline on WSL/SSH/Windows Terminal (#22777) 2026-05-09 12:48:14 -07:00
test_cwd_env_respect.py
test_destructive_slash_confirm.py feat: confirm prompt for destructive slash commands (#4069) (#22687) 2026-05-09 11:04:46 -07:00
test_fast_command.py
test_gquota_command.py
test_manual_compress.py
test_personality_none.py
test_prompt_text_input_thread_safety.py fix(cli): drive _prompt_text_input directly when off main thread (#23454) 2026-05-10 16:16:10 -07:00
test_quick_commands.py fix(security): sanitize env and redact output in quick commands + remove write-only _pending_messages 2026-05-10 22:12:23 -07:00
test_reasoning_command.py
test_resume_display.py fix(cli): recover classic CLI output after resize 2026-05-06 04:20:54 -07:00
test_save_conversation_location.py
test_session_boundary_hooks.py
test_stream_delta_think_tag.py
test_surrogate_sanitization.py
test_tool_progress_scrollback.py
test_worktree.py
test_worktree_security.py