jV`dZddlmZddlZddlZddlmZejeZ dZ d d Z dS) uPropagate agent-turn context into worker threads that dispatch Hermes tools. A bare ``threading.Thread`` / ``ThreadPoolExecutor`` worker starts with an empty ``contextvars.Context`` and no thread-local approval/sudo callbacks. Tool dispatch inside such a thread therefore silently loses: * the approval *session/platform* ContextVars (``tools.approval`` / ``gateway.session_context``) — so gateway sessions fall into ``check_dangerous_command``'s non-interactive auto-approve branch and dangerous commands run without prompting (#33057, #30882); * the thread-local CLI approval/sudo callbacks (``tools.terminal_tool``) — so ``prompt_dangerous_approval`` cannot reach the user (GHSA-qg5c-hvr5-hjgr, #15216). This helper factors out that capture/install/clear lifecycle so the several places that fan tool dispatch onto worker threads (``agent.tool_executor`` and the ``execute_code`` RPC threads) share one audited implementation instead of divergent copies. Usage — call :func:`propagate_context_to_thread` **on the parent thread** (it snapshots the parent's ContextVars and callbacks at call time) and use the returned callable as the worker's target:: t = threading.Thread(target=propagate_context_to_thread(loop_fn), args=(...)) # or executor.submit(propagate_context_to_thread(worker_fn), *args) Approval/sudo callbacks are installed for the worker's lifetime and **always cleared on exit**, so a recycled thread never holds a stale reference to a disposed CLI instance. ) annotationsN)Callablec&ddlm}m}m}m}||||fS)zResolve the terminal_tool callback getters/setters. Imported lazily: ``tools.terminal_tool`` imports ``tools.approval`` at module load, so a top-level import here would risk an import cycle for callers that live in ``tools.approval``. r_get_approval_callback_get_sudo_password_callbackset_approval_callbackset_sudo_password_callback)tools.terminal_toolrrr r rs 9/home/ubuntu/.hermes/hermes-agent/tools/thread_context.py _callback_apir +sV #"  targetrreturnc tjdxd t\}}}}||||f n,#t$rtddYnwxYw fd}|S)uWrap *target* for execution on a worker thread with the *current* thread's ContextVars and approval/sudo callbacks propagated. Call this on the parent thread; pass the returned callable as the thread/executor target. The returned callable forwards its positional and keyword arguments to *target* and returns its result. Fail-closed: if callback installation raises, the callbacks are left unset (``None``). That is the safe outcome — ``prompt_dangerous_approval`` denies dangerous commands when no callback is registered in an interactive context, and the gateway approval queue blocks when its notify callback is absent. Nz0Could not capture parent approval/sudo callbacksTexc_infocFfd}|S)NcM\}}  | |n,#t$rtddYnwxYw iI\}} |d|dS#t$rtddYSwxYwS#I\}} |d|dw#t$rtddYwwxYwwxYw)NzaFailed to install propagated approval/sudo callbacks; dangerous-command approval will fail closedTrz2Failed to clear propagated approval/sudo callbacks) Exceptionloggerdebug) set_approvalset_sudoargskwargsparent_approval_cbparent_sudo_cbsettersrs r _innerz._runner.._innerZs")0& h )5$ %7888%1 000 LLF!%! vt.v..&-4*L($ T*** $ P%)% '7&-4*L($ T*** $ P%)% 'sQ%&A AB%!A88&B! B!%C2.CC2&C.+C2-C..C2)run)rrr ctxrrrrs`` r _runnerz,propagate_context_to_thread.._runnerYsI          8wwvr) contextvars copy_contextr rrr) r get_approvalget_sudorrr#r"rrrs ` @@@@r propagate_context_to_threadr(@s  " $ $C*..GX9F6 h h)\^^!* XXX GRV WWWWWX> Ns+A &A54A5)rrrr) __doc__ __future__rr$loggingtypingr getLogger__name__rr r(rr r0s@#"""""  8 $ $*888888r