KiDDdZddlZddlZddlZddlZddlZddlZddlZddlZej dkZ ddl m Z ddl mZddlmZdZdZd efd ZeZdd edzd edzd efd Zd efdZeZdZded efdZdZded efdZded efdZGddee Z dS)zHLocal execution environment with interrupt support and non-blocking I/O.NWindows)BaseEnvironment)PersistentShellMixin)is_interrupted__HERMES_FENCE_a9f7b3___HERMES_FORCE_returnc`t} ddlm}|D]=}||j|jr||j>n#t$rYnwxYw ddl m }| D]d\}}| d}|dvr||4|dkr*| dr||en#t$rYnwxYw|hdt|S) a\Derive the blocklist from provider, tool, and gateway config. Automatically picks up api_key_env_vars and base_url_env_var from every registered provider, plus tool/messaging env vars from the optional config registry, so new Hermes-managed secrets are blocked in subprocesses without having to maintain multiple static lists. r)PROVIDER_REGISTRY)OPTIONAL_ENV_VARScategory>tool messagingsettingpassword>;GH_TOKENHASS_URL LLM_MODEL HASS_TOKEN XAI_API_KEY GROQ_API_KEY EMAIL_ADDRESS GITHUB_APP_ID OPENAI_ORG_ID WHATSAPP_MODECOHERE_API_KEYEMAIL_PASSWORDGOOGLE_API_KEYMODAL_TOKEN_IDOPENAI_API_KEYSIGNAL_ACCOUNTANTHROPIC_TOKENDAYTONA_API_KEYEMAIL_IMAP_HOSTEMAIL_SMTP_HOSTMISTRAL_API_KEYOPENAI_API_BASEOPENAI_BASE_URLSIGNAL_HTTP_URLDEEPSEEK_API_KEYHELICONE_API_KEYPARALLEL_API_KEYTOGETHER_API_KEYWHATSAPP_ENABLEDFIRECRAWL_API_KEYFIRECRAWL_API_URLFIREWORKS_API_KEYANTHROPIC_BASE_URLEMAIL_HOME_ADDRESSMODAL_TOKEN_SECRETOPENROUTER_API_KEYPERPLEXITY_API_KEYSLACK_HOME_CHANNELDISCORD_AUTO_THREADOPENAI_ORGANIZATIONSIGNAL_HOME_CHANNELSLACK_ALLOWED_USERSDISCORD_HOME_CHANNELSIGNAL_ALLOWED_USERSGATEWAY_ALLOWED_USERSSIGNAL_IGNORE_STORIESTELEGRAM_HOME_CHANNELWHATSAPP_ALLOWED_USERSCLAUDE_CODE_OAUTH_TOKENDISCORD_REQUIRE_MENTIONEMAIL_HOME_ADDRESS_NAMESLACK_HOME_CHANNEL_NAMESIGNAL_HOME_CHANNEL_NAMEDISCORD_HOME_CHANNEL_NAMEGITHUB_APP_INSTALLATION_IDSIGNAL_GROUP_ALLOWED_USERSTELEGRAM_HOME_CHANNEL_NAMEGITHUB_APP_PRIVATE_KEY_PATHDISCORD_FREE_RESPONSE_CHANNELS)sethermes_cli.authr valuesupdateapi_key_env_varsbase_url_env_varadd ImportErrorhermes_cli.configr itemsget frozenset)blockedr pconfigr namemetadatar s 5/home/ubuntu/hermes-agent/tools/environments/local.py_build_provider_env_blocklistr^ sG 555555(//11 6 6G NN73 4 4 4' 6 G4555 6        777777/5577 " "ND(||J//H000 D!!!!Y&&8<< +C+C& D!!!  "       NN@@@@@@B W  s%AA)) A65A6:A?C:: DDbase_env extra_envc ddlm}n#t$rd}YnwxYwi}|piD]9\}}|t r |t vs ||r|||<:|piD]Z\}}|t r"|tt d}|||<A|t vs ||r|||<[|S)a?Filter Hermes-managed secrets from a subprocess environment. `_HERMES_FORCE_` entries in ``extra_env`` opt a blocked variable back in intentionally for callers that truly need it. Vars registered via :mod:`tools.env_passthrough` (skill-declared or user-configured) also bypass the blocklist. ris_env_passthroughcdSNF_s r]z*_sanitize_subprocess_env..EN)tools.env_passthroughrc ExceptionrV startswith!_HERMES_PROVIDER_ENV_FORCE_PREFIX_HERMES_PROVIDER_ENV_BLOCKLISTlen)r_r`_is_passthrough sanitizedkeyvaluereal_keys r]_sanitize_subprocess_envrws2*OOOOOOO ***)/*!#I~2,,..## U >>; < <   4 4 48L8L 4"IcN B--//## U >>; < < #3@AABBCH"'Ih   6 6 6//#:N:N 6"IcN   c ts{tjdpftjdrdndpCtjdrdndp tjdpdStjd}|r!tj|r|Stjd}|r|Stjtjdd d d d tjtjd dd d d tjtjdddd d d fD]'}|r#tj|r|cS(td)uFind bash for command execution. The fence wrapper uses bash syntax (semicolons, $?, printf), so we must use bash — not the user's $SHELL which could be fish/zsh/etc. On Windows: uses Git Bash (bundled with Git for Windows). bashz /usr/bin/bashNz /bin/bashSHELLz/bin/shHERMES_GIT_BASH_PATH ProgramFileszC:\Program FilesGitbinzbash.exezProgramFiles(x86)zC:\Program Files (x86) LOCALAPPDATAProgramszGit Bash not found. Hermes Agent requires Git for Windows on Windows. Install it from: https://git-scm.com/download/win Or set HERMES_GIT_BASH_PATH to your bash.exe location.) _IS_WINDOWSshutilwhichospathisfileenvironrWjoin RuntimeError)customfound candidates r] _find_bashrs  L  #%7>>/#B#BL !w~~k::D  z~~g&&   Z^^2 3 3F "'..((  L E    RZ^^N4GHH%QVXbcc  RZ^^$79RSSUZ\acmnn  RZ^^NB77UES]^^   22      A  rk) z'bash: cannot set terminal process groupz"bash: no job control in this shellzno job control in this shellz!cannot set terminal process groupz)tcsetattr: Inappropriate ioctl for devicezRestored session:zSaving session...z Last login:zcommand not found:z Oh My Zshz compinit:outputc*dtdtfd}|d}|r9||dr(|d|r||d(t |dz }|dkr=||r|||r$|dz}|dkr|||||$|dkrdS|d|dz}d|}|dr|r|ds|dz }|S) zStrip shell startup/exit warnings that leak when using -i without a TTY. Removes lines matching known noise patterns from both the beginning and end of the output. Lines in the middle are left untouched. liner cDtfdtDS)Nc3 K|]}|vV dSNrf).0noisers r] z8_clean_shell_noise.._is_noise..s'FFU5D=FFFFFFrk)any_SHELL_NOISE_SUBSTRINGS)rs`r] _is_noisez%_clean_shell_noise.._is_noises'FFFF.EFFFFFFrk rrN)strboolsplitpoprqrendswith)rrlinesendcleanedresults r]_clean_shell_noisers]GGGGGG LL  E IIeAh'' !  IIeAh'' e**q.C ((E#J())E#J*?*?( q ((E#J())E#J*?*?( QwwrIcAgIG YYw  Ft0E0E$ Mrkza/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binenvc ddlm}n#t$rd}YnwxYwttj|z}i}|D]Z\}}|tr"|ttd}|||<A|tvs ||r|||<[| dd}d| dvr|r |dtnt|d<|S) zDBuild a run environment with a sane PATH and provider-var stripping.rrbcdSrerfrgs r]riz_make_run_env..rjrkNPATHrz/usr/bin:)rlrcrmdictrrrVrnrorqrprWr _SANE_PATH)rrrmergedrun_envkvrv existing_paths r] _make_run_envrs+*OOOOOOO ***)/*"*s" # #FG 1 <<9 : : >??@@AH !GH   4 4 48J8J 4GAJKK++M,,S1111=JZ]99Z999PZ Nrxrawc|t}|dkrt|S|ttz}|t}||krt||dS|||S)azExtract real command output from between fence markers. The execute() method wraps each command with printf(FENCE) markers. This function finds the first and last fence and returns only the content between them, which is the actual command output free of any shell init/exit noise. Falls back to pattern-based _clean_shell_noise if fences are missing. N)find _OUTPUT_FENCErrqrfind)rfirststartlasts r]_extract_fenced_outputr%s| HH] # #E {{!#&&& C && &E 99] # #D u}}!#eff+... uTz?rkc eZdZdZ ddededed effd Ze d efd Z d e j fd Z ded eefdZdZdZdddddedededzdedzd ef dZxZS)LocalEnvironmentaRun commands directly on the host machine. Features: - Popen + polling for interrupt support (user can cancel mid-command) - Background stdout drain thread to prevent pipe buffer deadlocks - stdin_data support for piping content (bypasses ARG_MAX limits) - sudo -S transform via SUDO_PASSWORD env var - Uses interactive login shell so full user env is available - Optional persistent shell mode (cwd/env vars survive across calls) r<NFcwdtimeoutr persistentct|ptj||||_|jr|dSdS)N)rrr)super__init__rgetcwdr_init_persistent_shell)selfrrrr __class__s r]rzLocalEnvironment.__init__Is` S/BIKKcJJJ$ ? *  ' ' ) ) ) ) ) * *rkr cd|jS)Nz/tmp/hermes-local-) _session_idrs r] _temp_prefixzLocalEnvironment._temp_prefixPs6D$4666rkc t}t|j}tj|dgtjtjtjd|trdn tj S)Nz-lT)stdinstdoutstderrtextr preexec_fn) rrr subprocessPopenPIPEDEVNULLrrsetsid)r user_shellrs r]_spawn_shell_processz%LocalEnvironment._spawn_shell_processTs`\\ ))  /?%*9tt     rkpathscg}|D]}tj|rOt|5}||dddn #1swxYwYp|d|S)Nr)rrexistsopenappendread)rrresultsrfs r]_read_temp_filesz!LocalEnvironment._read_temp_filesas # #Dw~~d## #$ZZ-1NN16688,,,---------------r""""s(A))A- 0A- c|jdS tjddt|jgdddS#tjt f$rYdSwxYw)Npkillz-PT)capture_outputr) _shell_pidrrunrTimeoutExpiredFileNotFoundErrorrs r]_kill_shell_childrenz%LocalEnvironment._kill_shell_childrenks} ? " F  N$DO 4 45#Q      )+<=    DD s,9AActj|jdD]5}tj|rtj|6dS)Nz-*)globrrrrremove)rrs r]_cleanup_temp_filesz$LocalEnvironment._cleanup_temp_filesvsUd/33344  Aw~~a    !   rk)r stdin_datacommandrc |p|jptj}|p|j}||\}}||||zn||n|t } dt d|dt d} t|j} tj | d| gd|| ddtj tj  tj n tj trdn tj .fd } t!j| d gfd } t!j| d }|t'j|z}t-r trntjj}tj|t6j d n4#tj$r"tj|t6jYnwxYwn+#t@tBf$r"YnwxYw|#dd#dzddSt'j|kr trn6tjtjjt6jn+#t@tBf$r"YnwxYw|#dd#}d|d}|r||zn|$ddSt'j%d|#dtMd#}|j'dS)Nzprintf 'z' z __hermes_rc=$? printf 'z' exit $__hermes_rc z-licTzutf-8replace) rrrencodingerrorsrrrrc jjdS#ttf$rYdSwxYwr)rwritecloseBrokenPipeErrorOSError)effective_stdinprocsr] _write_stdinz7LocalEnvironment._execute_oneshot.._write_stdins_J$$_555J$$&&&&&'1DDs38A  A )targetdaemonc jD]}|n#t$rYnwxYw jdS#t$rYdSwxYw# jw#t$rYwwxYwxYwr)rr ValueErrorrrm)r_output_chunksrs r] _drain_stdoutz8LocalEnvironment._execute_oneshot.._drain_stdouts  K00D"))$////0    K%%''''' DDK%%'''' DsV#A 0A 0A A AA B "A<;B < B B B  B g?)rru2 [Command interrupted — user sent a new message])r returncodez [Command timed out after zs]|g?r)(rrrr_prepare_commandrrrrrrrSTDOUTrrr threadingThreadrtime monotonicpollr terminategetpgidpidkillpgsignalSIGTERMwaitrSIGKILLProcessLookupErrorPermissionErrorkillrlstripsleeprr )rrrrrwork_direffective_timeout exec_command sudo_stdinr fenced_cmdrrrreaderdeadlinepgidpartial timeout_msgrrrrs @@@r]_execute_oneshotz!LocalEnvironment._execute_oneshot{s+1$(1bikk#3t|#'#8#8#A#A j  !j&<(:5OO  #(OO(O\\  #} # # # #% # # #  ))  ,?$%4%@*//jFX*9tt       &        L > > > D D F F F$&      !tDDD >##&77iikk!   "<((((!z$(33 $777< IIcI2222)8<<<IdFN;;;;;<*O<   IIKKKKK  A &&& ggn558mm"%~(** "H(((( "*TX"6"6GGG*O<   IIKKKKK  A &&&''.11QXg 33KDVDVDXDX"% JsOOOEiikk!H  A '(?(?@@ @@@sJAH'G21H'2.H# H'"H##H''%IIAK..%LL)rrNF)r)__name__ __module__ __qualname____doc__rintrrrpropertyrrrrlistrrrr) __classcell__)rs@r]rr=ss  FJ$)**C*s*d*!******7c777X7  j&6     stCy    kA/326kAkAkAkA#kA"%*kA%(4ZkA;?kAkAkAkAkAkAkAkArkrr)!r-rrplatformrrrr rsystemrtools.environments.baser#tools.environments.persistent_shellrtools.interruptrrrorXr^rprrwrr _find_shellrrrrrrrfrkr]r8sNN   ho9, 333333DDDDDD******* %5!`y````F"?!>!@!@td{td{VZ>(C((((X "ssHC t*0iAiAiAiAiA+_iAiAiAiAiArk