+ iD&a0t$Rt^RIHt^RIt^RIt^RIt^RIt^RIt^RI H t ^RI H t H t HtHtHt^RIHt^RIHt]P*!]4tRRR .R ./tR t]P4!4tRsR ]R &RsR]R&RsR]R&RRlt !RR]!4t"RRlt#RRlt$RRlt%R)RRllt&R)RR llt'R!R"lt(R#R$lt)R%R&lt*R)R'R(llt+R#)*aWebsite access policy helpers for URL-capable tools. This module loads a user-managed website blocklist from ~/.hermes/config.yaml and optional shared list files. It is intentionally lightweight so web/browser tools can enforce URL policy without pulling in the heavier CLI config stack. Policy is cached in memory with a short TTL so config changes take effect quickly without re-reading the file on every URL check. ) annotationsN)Path)AnyDictListOptionalTuple)urlparseget_hermes_homeenabledFdomains shared_filesg>@zOptional[Dict[str, Any]]_cached_policy Optional[str]_cached_policy_pathgfloat_cached_policy_timecV^8dQhRR/#)returnr)formats"1/home/ubuntu/hermes-agent/tools/website_policy.py __annotate__r)s--$-c$\4R, #)z config.yamlr rrr_get_default_config_pathr)s  } ,,rc]tRt^-tRtRtR#)WebsitePolicyErrorz/Raised when a website policy file is malformed.rN)__name__ __module__ __qualname____firstlineno____doc____static_attributes__rrrrr-s9rrc V^8dQhRRRR/#)rhoststrrr)rs"rrr1s44#4#4rcpT;'gRP4P4PR4#).)striplowerrstrip)r's&r_normalize_hostr/1s+ JJB    % % ' . .s 33rc V^8dQhRRRR/#)rrulerrrr)rs"rrr5s  # - rc\V\4'gR#VP4P4pV'dVP R4'dR#RV9d,\ V4pVP ;'g VPpVPR^4^,P4PR4pVP R4'd VR,pT;'gR#)N#:///r+zwww.:NN) isinstancer(r,r- startswithr netlocpathsplitr.)r1valueparseds& r_normalize_ruler>5s dC  JJL   E E$$S)) ~% ,, KKQ  " ( ( * 1 1# 6E b  ==Drc V^8dQhRRRR/#)rr:rrz List[str]r)rs"rrrDsTircVPRR7p.pTP 4FZpTP4pT'dTPR4'dK4\T4pT'gKITPT4K\ T# \d\PRT4.u#\\ 3d#p\PRY4.uRp?#Rp?ii;i)uLoad rules from a shared blocklist file. Missing or unreadable files log a warning and return an empty list rather than raising — a bad file path should not disable all web tools. utf-8encodingz.Shared blocklist file not found (skipping): %sz6Failed to read shared blocklist file %s (skipping): %sNr3) read_textFileNotFoundErrorloggerwarningOSErrorUnicodeDecodeError splitlinesr,r8r>append)r:rawexcruleslinestripped normalizeds& r_iter_blocklist_file_rulesrRDs nngn.E ::<8..s33 $X. : LL $ ! L GN ' (OQU[ s)B#C+C:C;CCCc V^8dQhRRRR/#r config_pathOptional[Path]rzDict[str, Any]r)rs"rrr^s##^#~#rcT;'g \4pVP4'g\\4#^RIp\TRR7;_uu_4pTPT4;'g/pRRR4\X\4'g \R4hTPR /4pTf/p\T\4'g \R 4hTPR /4pTf/p\T\4'g \R 4h\\4pTPT4T# \ d(\ PR4\\4u#i;i +'giL;i TPdp\RT RT 24ThRp?i\dp\RT RT 24ThRp?ii;i) Nu3PyYAML not installed — website blocklist disabledrArBzInvalid config YAML at z: zFailed to read config file zconfig root must be a mappingsecurityzsecurity must be a mappingwebsite_blocklistz,security.website_blocklist must be a mapping)rexistsdict_DEFAULT_WEBSITE_BLOCKLISTyaml ImportErrorrFdebugopen safe_load YAMLErrorrrHr7getupdate)rUr^fconfigrMrYrZpolicys& r_load_policy_configri^s;;!9!;K     .//0 ^ + 0 0A^^A&,,"F1 fd # # !@AAzz*b)H h % % !=>> %8"=  ' . . !OPP , -F MM#$ M9 0 JK.//0 1 0 >>Z #:;-r#!OPVYY ^ #>{m2cU!STZ]]^sYD.E6E#1E6./E E # E3 .E63E66F>F F>&F>'F99F>c V^8dQhRRRR/#rTr)rs"rrrsDDD.Drc V'd \V4MRp\P!4pVfQ\;_uu_4\e2\ V8Xd'V\ , \8d\uuRRR4#RRR4T;'g \4p\V4pVPR.4;'g.p\V\4'g \R4hVPR.4;'g.p\V\4'g \R4hVPRR4p\V\4'g \R 4h.p\4pVFKp \!V 4p V 'gKR V 3V9gK#VP#R V R R /4VP%R V 34KM VFp \V \4'dV P'4'gK1\)V 4P+4p V P-4'g \/4V , P14p \3V 4FGp \V 4V 3p W9dKVP#R V R \V 4/4VP%V 4KI K RVR V/pV\48Xd \;_uu_4VsRsVsRRR4V#V# +'giELK;i +'giT#;i)zLoad and return the parsed website blocklist policy. Results are cached for ``_CACHE_TTL_SECONDS`` to avoid re-reading config.yaml on every URL check. Pass an explicit ``config_path`` to bypass the cache (used by tests). __default__Nr z1security.website_blocklist.domains must be a listrz6security.website_blocklist.shared_files must be a listr Tz4security.website_blocklist.enabled must be a booleanrgpatternsourcerN)r(time monotonic _cache_lockrrr_CACHE_TTL_SECONDSrrirdr7listrboolsetr>rKaddr,r expanduser is_absoluter resolverR)rU resolved_pathnowrh raw_domainsraw_shared_filesr rNseenraw_rulerQ shared_filer:keyresults& rload_website_blocklistrs_)4C $M .. C [*'=8..2DD% [[;;!9!;K  -F**Y+11rK k4 ( ( !TUUzz."5;; & - - !YZZjjD)G gt $ $ !WXX"$E!$D$X. :8Z0< LL)Z8D E HHh + ,  ( +s++;3D3D3F3F K ++-!!#%,557D4T:Jt9j)C{ LL)Z3t9E F HHSM ; ('5 1F.00 [#N"/ "%  M6Mm[[b[ Ms/J9&K 9 K K cV^8dQhRR/#)rrNoner)rs"rrrs$rc`\;_uu_4RsRRR4R# +'giR#;i)z?Force the next ``check_website_access`` call to re-read config.N)rqrrrrinvalidate_cachers  s - c$V^8dQhRRRRRR/#)rr'r(rmrrtr)rs"rrrs!;;3;;;rcV'd V'gR#VPR4'd\P!W4#W8H;'gVPRV 24#)Fz*.r+)r8fnmatchendswith)r'rms&&r_match_host_against_rulersI w$t-- ? : :dmmayM::rc V^8dQhRRRR/#)rurlr(rr)rs"rrrs  3 3 rc\V4p\VP;'g VP4pV'dV#RV9dB\RV 24p\VP;'g VP4pV'dV#R#)r4z//r*)r r/hostnamer9)rr=r' schemelesss& r_extract_host_from_urlishrsn c]F 6??;;fmm E F,F-F  F)N),__conditional_annotations__r$ __future__rrloggingos threadingropathlibrtypingrrrrr urllib.parser hermes_constantsr getLoggerr rFr]rrLockrqr__annotations__rrrrrr/r>rRrirrrrr)rs@rrs#  33!,   8 $u rBnn +/(/%)]) U -::4 4#LDN; 22r