KrustyPlanet/hermes-agent
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
hermes-agent/scripts
History
teknium1 72f94f4a7c test(security): regression guard for OAuth PKCE state/verifier separation 
Two unit tests for run_hermes_oauth_login_pure():

1. test_authorization_url_state_is_not_pkce_verifier — asserts state in the
   auth URL is independent from the PKCE code_verifier sent in the token
   exchange, and that the verifier never appears in the URL.

2. test_callback_state_mismatch_aborts — asserts the flow returns None
   (no token exchange) when the callback state does not match the value
   we generated.

Negative control verified: reintroducing the b17e5c10 vulnerable pattern
(state = verifier, no callback validation) makes both tests fail.

Also adds AUTHOR_MAP entry for shaun0927 (contributor of the fix).
2026-05-16 02:38:02 -07:00
..
lib feat: lazy bootstrap node 2026-04-16 10:47:37 -05:00
whatsapp-bridge fix(whatsapp): fail fast when Baileys sendMessage hangs 2026-05-15 01:30:48 -07:00
benchmark_browser_eval.py perf(browser): route browser_console eval through supervisor's persistent CDP WS (180x faster) (#23226) 2026-05-10 07:37:55 -07:00
build_model_catalog.py codebase: add encoding='utf-8' to all bare open() calls (PLW1514) 2026-05-08 14:27:40 -07:00
build_skills_index.py chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937) 2026-05-11 11:13:25 -07:00
check-windows-footguns.py feat(cross-platform): psutil for PID/process management + Windows footgun checker 2026-05-08 14:27:40 -07:00
contributor_audit.py codebase: add encoding='utf-8' to all bare open() calls (PLW1514) 2026-05-08 14:27:40 -07:00
discord-voice-doctor.py codebase: add encoding='utf-8' to all bare open() calls (PLW1514) 2026-05-08 14:27:40 -07:00
hermes-gateway fix: prevent systemd restart storm on gateway connection failure 2026-03-21 09:26:39 -07:00
install.cmd feat: Windows native support via Git Bash 2026-03-02 22:03:29 -08:00
install.ps1 fix(install.ps1): restore EAP=Continue around uv python install, skip Store stub (#26586) 2026-05-15 14:07:56 -07:00
install.sh feat(install): add --ensure and --postinstall modes for targeted dep bootstrap 2026-05-15 14:45:43 -07:00
install_psutil_android.py fix(install): also patch psutil on Termux fresh-install path 2026-05-09 17:53:15 -07:00
keystroke_diagnostic.py docs: add Windows-Specific Quirks section to hermes-agent skill + keystroke diagnostic 2026-05-08 14:27:40 -07:00
kill_modal.sh refactor: replace swe-rex with native Modal SDK for Modal backend (#3538) 2026-03-28 11:21:44 -07:00
lint_diff.py feat(ci): add typecheck (warnings only in CI) 2026-05-06 10:58:12 -04:00
profile-tui.py Merge remote-tracking branch 'origin/main' into fix/bundle-size 2026-05-11 16:01:04 -04:00
release.py test(security): regression guard for OAuth PKCE state/verifier separation 2026-05-16 02:38:02 -07:00
run_tests.sh test(conftest): plug every gateway-kill leak path (#23486) 2026-05-10 18:55:28 -07:00
sample_and_compress.py refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821) 2026-04-07 10:25:31 -07:00
setup_open_webui.sh docs: add Open WebUI bootstrap script 2026-05-05 14:12:09 -07:00