hermes-agent/plugins/image_gen
kshitijk4poor c1826e2690 fix(image-gen): route local-input credential guard through one shared chokepoint + cover xai (#57698)
Follow-up to the per-provider guards. Three improvements from review:

1. Extract agent.file_safety.raise_if_read_blocked() as a single shared
   chokepoint and route the OpenAI, OpenRouter, and (newly) xAI image
   providers through it, replacing the 3x-duplicated inline try/except.
   Fixes the whole bug class: xai/_xai_image_field read a model-supplied
   local path via open() with no guard — the same vulnerability the PR
   fixed for OpenAI/OpenRouter, in a sibling provider it missed.
2. Strengthen the regression tests from pass-on-any-ValueError to true
   security invariants: spy open()/read_bytes() and assert the blocked
   credential is NEVER read; add negative controls (legit local image
   still loads; remote/data: URIs pass through unguarded) so a
   block-everything regression can't pass.
3. Guard is best-effort by design (defense-in-depth, not a security
   boundary) — documented on the shared helper.

- agent/file_safety.py: raise_if_read_blocked()
- plugins/image_gen/{openai,openrouter,xai}: route through helper
- tests: no-read spies + negative controls across all three providers
2026-07-03 18:47:53 +05:30
..
fal feat(image-gen): add image-to-image / editing to image_generate (#48705) 2026-06-18 22:13:07 -07:00
krea fix shape 2026-06-25 12:38:33 -07:00
openai fix(image-gen): route local-input credential guard through one shared chokepoint + cover xai (#57698) 2026-07-03 18:47:53 +05:30
openai-codex refactor(image-gen): reuse shared image sniffer + raster allowlist in codex backend 2026-07-02 17:12:24 +05:30
openrouter fix(image-gen): route local-input credential guard through one shared chokepoint + cover xai (#57698) 2026-07-03 18:47:53 +05:30
xai fix(image-gen): route local-input credential guard through one shared chokepoint + cover xai (#57698) 2026-07-03 18:47:53 +05:30