hermes-agent/hermes_cli/proxy · zqf201492/hermes-agent - AtomGit

TTekniumfix(security): validate Nous Portal inference_base_url against host allowlist

文件	最后提交记录	最后更新时间
adapters	fix(security): validate Nous Portal inference_base_url against host allowlist The Nous Portal proxy adapter forwards minted `agent_key` bearer tokens to whatever `base_url` `resolve_nous_runtime_credentials()` returns, which is read directly from the refresh / agent-key-mint response and persisted to `~/.hermes/auth.json`. With no validation beyond a trailing-slash strip, a poisoned URL (Portal-side MITM, or local write to auth.json) gets forwarded the legitimate bearer on every subsequent proxy request — exfiltrating the user's inference budget and opening a response-injection channel back into the IDE / chat client. Add `_validate_nous_inference_url_from_network()` in `hermes_cli.auth`: an https + host-allowlist check that returns None for anything outside `inference-api.nousresearch.com`, so callers fall back to the documented default rather than ship the bearer to an attacker. This commit wires the validator into the proxy adapter at `nous_portal.py`. A follow-up commit wires it into the four refresh / mint sites in `auth.py` so the poisoned URL never lands in auth.json in the first place. The env-var override path (`NOUS_INFERENCE_BASE_URL`) bypasses validation by design — that's the documented staging/dev escape hatch and the env source is already trusted (the user set it themselves). Co-authored-by: memosr <mehmet.sr35@gmail.com>	13 天前
__init__.py	feat(proxy): local OpenAI-compatible proxy for OAuth providers (#25969) Adds 'hermes proxy start' — a local HTTP server that lets external apps (OpenViking, Karakeep, Open WebUI, ...) use a Hermes-managed provider subscription as their LLM endpoint. The proxy attaches the user's real OAuth-resolved credentials to each forwarded request, refreshing them automatically; the client can send any bearer (it gets stripped). Ships with one adapter — Nous Portal. The UpstreamAdapter ABC and registry in hermes_cli/proxy/adapters/ are designed for additional OAuth providers to plug in by name without server changes. Commands: hermes proxy start [--provider nous] [--host 127.0.0.1] [--port 8645] hermes proxy status hermes proxy providers Allowed Portal paths: /v1/chat/completions, /v1/completions, /v1/embeddings, /v1/models. Anything else returns 404 with a clear error pointing at the allowed list. aiohttp is gated like gateway/platforms/api_server.py (try-import, clean runtime error if missing). No new core dependency. Tests: 24 unit tests + 1 separate E2E that spawns the real subprocess and verifies the upstream receives the right bearer with the client's header stripped.	21 天前
cli.py	feat(proxy): add xai upstream adapter for Grok via OAuth	17 天前
server.py	refactor(auth): collapse Nous inference fallback controls	18 天前