From 142afc24f7e41f60a3c660b5f3c9f0d10b51e48e Mon Sep 17 00:00:00 2001 From: BarnacleBoy Date: Sat, 30 May 2026 19:28:31 +0000 Subject: [PATCH] fix(gateway): block config.yaml media delivery and fix triggering tip Two related fixes for a bug where /new could cause config.yaml to be sent as a Discord attachment: 1. Add config.yaml to the _media_delivery_denied_paths denylist in gateway/platforms/base.py. This prevents any accidental delivery of config.yaml as a native file attachment, matching the existing protection for .env, auth.json, and credentials/. 2. Reword the tip that triggered this: the tip 'hermes chat --ignore-user-config skips ~/.hermes/config.yaml' contained a bare home-relative path to config.yaml. When randomly selected during /new, the extract_local_files() method in _process_message_background would match ~/.hermes/config.yaml as a local file path, find it exists, and dispatch it as a native Discord document attachment. --- gateway/platforms/base.py | 6 ++++-- hermes_cli/tips.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/gateway/platforms/base.py b/gateway/platforms/base.py index 91e360e7f..041b028c2 100644 --- a/gateway/platforms/base.py +++ b/gateway/platforms/base.py @@ -946,11 +946,13 @@ def _media_delivery_denied_paths() -> List[Path]: home = Path(os.path.expanduser("~")) for sub in _MEDIA_DELIVERY_DENIED_HOME_SUBPATHS: denied.append(home / sub) - # The Hermes home itself contains credentials (auth.json, .env) — only the - # cache subdirectories under it are explicitly allowlisted above. + # The Hermes home itself contains credentials (auth.json, .env) and + # configuration (config.yaml) — only the cache subdirectories under it + # are explicitly allowlisted above. denied.append(_HERMES_HOME / ".env") denied.append(_HERMES_HOME / "auth.json") denied.append(_HERMES_HOME / "credentials") + denied.append(_HERMES_HOME / "config.yaml") return denied diff --git a/hermes_cli/tips.py b/hermes_cli/tips.py index feebe4310..5c6fa9105 100644 --- a/hermes_cli/tips.py +++ b/hermes_cli/tips.py @@ -430,7 +430,7 @@ TIPS = [ 'hermes -z "" is the purest one-shot: final answer on stdout, nothing else — ideal for piping in scripts.', 'hermes chat --pass-session-id injects the session ID into the system prompt so the agent can self-reference it.', 'hermes chat --image path/to/pic.png attaches a local image to a single -q query without a separate upload step.', - 'hermes chat --ignore-user-config skips ~/.hermes/config.yaml — reproducible bug reports and CI runs.', + 'hermes chat --ignore-user-config skips user config entirely — reproducible bug reports and CI runs.', "hermes chat --source tool tags programmatic chats so they don't clutter hermes sessions list.", 'hermes dump --show-keys includes redacted API key fingerprints for deeper support debugging.', 'hermes sessions rename "new title" renames any past session; hermes sessions delete removes one.',