main

TTekniumfix(security): validate Nous Portal inference_base_url against host allowlist

d33c99bb创建于 14 天前历史提交

文件	最后提交记录	最后更新时间
__init__.py	feat(proxy): add xai upstream adapter for Grok via OAuth	17 天前
base.py	refactor(auth): mostly cleanups and style changes	19 天前
nous_portal.py	fix(security): validate Nous Portal inference_base_url against host allowlist The Nous Portal proxy adapter forwards minted agent_key bearer tokens to whatever base_url resolve_nous_runtime_credentials() returns, which is read directly from the refresh / agent-key-mint response and persisted to ~/.hermes/auth.json. With no validation beyond a trailing-slash strip, a poisoned URL (Portal-side MITM, or local write to auth.json) gets forwarded the legitimate bearer on every subsequent proxy request — exfiltrating the user's inference budget and opening a response-injection channel back into the IDE / chat client. Add _validate_nous_inference_url_from_network() in hermes_cli.auth: an https + host-allowlist check that returns None for anything outside inference-api.nousresearch.com, so callers fall back to the documented default rather than ship the bearer to an attacker. This commit wires the validator into the proxy adapter at nous_portal.py. A follow-up commit wires it into the four refresh / mint sites in auth.py so the poisoned URL never lands in auth.json in the first place. The env-var override path (NOUS_INFERENCE_BASE_URL) bypasses validation by design — that's the documented staging/dev escape hatch and the env source is already trusted (the user set it themselves). Co-authored-by: memosr <mehmet.sr35@gmail.com>	14 天前
xai.py	feat(proxy): add xai upstream adapter for Grok via OAuth	17 天前