PL jDgdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddl m Z mZejdkZejeZdedefdZdedefd Zd Zdefd ZeZdd edzd edzdefdZdefdZeZdZdedefdZ de!e"ee#ffdZ$de"efdZ%dede"edefdZ&Gdde Z'dS)uELocal execution environment — spawn-per-call with session snapshot.N)Path)BaseEnvironment _pipe_stdinWindowscwdreturnctr|s|Stjd|}|s|S|d}|dpddd}|d|pt dS) uTranslate a Git Bash / MSYS-style POSIX path (``/c/Users/x``) to the native Windows form (``C:\Users\x``) so ``os.path.isdir`` and ``subprocess.Popen(..., cwd=...)`` can find it. No-ops on non-Windows hosts or for paths that aren't in MSYS form. Returns the input unchanged when no translation applies. This is idempotent — calling it on an already-Windows path returns it as-is. z^/([a-zA-Z])(/.*)?$/\:\) _IS_WINDOWSrematchgroupupperreplacechr)rmdrivetails n#t$rYnwxYw ddl m }| D]d\}}| d}|dvr||4|dkr*| dr||en#t$rYnwxYw|hdt|S) z=Derive the blocklist from provider, tool, and gateway config.r)PROVIDER_REGISTRY)OPTIONAL_ENV_VARScategory>tool messagingsettingpassword>?GH_TOKENHASS_URL LLM_MODEL HASS_TOKEN XAI_API_KEY GROQ_API_KEY VERCEL_TOKEN EMAIL_ADDRESS GITHUB_APP_ID OPENAI_ORG_ID WHATSAPP_MODECOHERE_API_KEYEMAIL_PASSWORDGOOGLE_API_KEYMODAL_TOKEN_IDOPENAI_API_KEYSIGNAL_ACCOUNTVERCEL_TEAM_IDANTHROPIC_TOKENDAYTONA_API_KEYEMAIL_IMAP_HOSTEMAIL_SMTP_HOSTMISTRAL_API_KEYOPENAI_API_BASEOPENAI_BASE_URLSIGNAL_HTTP_URLDEEPSEEK_API_KEYHELICONE_API_KEYPARALLEL_API_KEYTOGETHER_API_KEYWHATSAPP_ENABLEDFIRECRAWL_API_KEYFIRECRAWL_API_URLFIREWORKS_API_KEYVERCEL_OIDC_TOKENVERCEL_PROJECT_IDANTHROPIC_BASE_URLEMAIL_HOME_ADDRESSMODAL_TOKEN_SECRETOPENROUTER_API_KEYPERPLEXITY_API_KEYSLACK_HOME_CHANNELDISCORD_AUTO_THREADOPENAI_ORGANIZATIONSIGNAL_HOME_CHANNELSLACK_ALLOWED_USERSDISCORD_HOME_CHANNELSIGNAL_ALLOWED_USERSGATEWAY_ALLOWED_USERSSIGNAL_IGNORE_STORIESTELEGRAM_HOME_CHANNELWHATSAPP_ALLOWED_USERSCLAUDE_CODE_OAUTH_TOKENDISCORD_REQUIRE_MENTIONEMAIL_HOME_ADDRESS_NAMESLACK_HOME_CHANNEL_NAMESIGNAL_HOME_CHANNEL_NAMEDISCORD_HOME_CHANNEL_NAMEGITHUB_APP_INSTALLATION_IDSIGNAL_GROUP_ALLOWED_USERSTELEGRAM_HOME_CHANNEL_NAMEGITHUB_APP_PRIVATE_KEY_PATHDISCORD_FREE_RESPONSE_CHANNELS)sethermes_cli.authr*valuesupdateapi_key_env_varsbase_url_env_varadd ImportErrorhermes_cli.configr+itemsget frozenset)blockedr*pconfigr+namemetadatar,s r_build_provider_env_blocklistrNsG 555555(//11 6 6G NN73 4 4 4' 6 G4555 6        777777/5577 " "ND(||J//H000 D!!!!Y&&8<< +C+C& D!!!  "       NN@@@@@@B W  s%AA)) A65A6:A?C:: DDbase_env extra_envc ddlm}n#t$rd}YnwxYwi}|piD]9\}}|t r |t vs ||r|||<:|piD]Z\}}|t r"|tt d}|||<A|t vs ||r|||<[ddlm }|}|r||d<|S)zz*_sanitize_subprocess_env..ErNget_subprocess_homeHOME) tools.env_passthroughr Exceptionry startswith!_HERMES_PROVIDER_ENV_FORCE_PREFIX_HERMES_PROVIDER_ENV_BLOCKLISTlenhermes_constantsr) rr_is_passthrough sanitizedkeyvaluereal_keyr _profile_homes r_sanitize_subprocess_envrsf*OOOOOOO ***)/*!#I~2,,..## U >>; < <   4 4 48L8L 4"IcN B--//## U >>; < < #3@AABBCH"'Ih   6 6 6//#:N:N 6"IcN544444''))M*) & s  c ts{tjdpftjdrdndpCtjdrdndp tjdpdStjd}|r!tj|r|Stjdd }|r!tj|d d nd }|ritj|d d tj|dd d fD]%}tj|r|cS&tjd}|r|Stjtjdddd d tjtjdddd d tj|ddd d fD]'}|r#tj|r|cS(td)z Find bash for command execution.bashz /usr/bin/bashNz /bin/bashSHELLz/bin/shHERMES_GIT_BASH_PATH LOCALAPPDATAr hermesgitbinzbash.exeusr ProgramFileszC:\Program FilesGitzProgramFiles(x86)zC:\Program Files (x86)ProgramszGit Bash not found. Hermes Agent requires Git for Windows on Windows. Install it from: https://git-scm.com/download/win Or set HERMES_GIT_BASH_PATH to your bash.exe location.) rshutilwhichrr isfileenvironrzjoin RuntimeError)custom_local_appdata_hermes_portable_git candidatefounds r _find_bashrsB  L  #%7>>/#B#BL !w~~k::D  z~~g&&   Z^^2 3 3F "'..(( Z^^NB77NLZb27<<%HHH`b! GLL-uj A A GLL-ueZ H H  ! !Iw~~i(( !     ! L E    RZ^^N4GHH%QVXbcc  RZ^^$79RSSUZ\acmnn  ^ZzJJ   22      A  rza/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binenvc ddlm}n#t$rd}YnwxYwttj|z}i}|D]Z\}}|tr"|ttd}|||<A|tvs ||r|||<[| dd}ts/d| dvr|r |dtnt|d<dd lm}|} | r| |d < dd lm} m} m} | D]$\} }| }|| ur|r||| <%n#t$rYnwxYw|S) zDBuild a run environment with a sane PATH and provider-var stripping.rrcdSrrrs rrz_make_run_env..rrNPATHr z/usr/binrrr)get_session_env_UNSET_VAR_MAP)rrrdictrrryrrrrrzrsplit _SANE_PATHrrgateway.session_contextrrr)rrmergedrun_envkvr existing_pathrrrrrvar_namevarrs r _make_run_envr s*OOOOOOO ***)/*"*s" # #FG 1 <<9 : : >??@@AH !GH   4 4 48J8J 4GAJKK++M [:]-@-@-E-EEE=JZ]99Z999PZ 544444''))M(' MMMMMMMMMM%^^-- * *MHcGGIIEF""u"$)! *       Ns  AE EEc< ddlm}|pi}|dpi}|dpg}t|tsg}t |dd}d|D|fS#t $rgdfcYSwxYw)uReturn (shell_init_files, auto_source_bashrc) from config.yaml. Best-effort — returns sensible defaults on any failure so terminal execution never breaks because the config file is unreadable. r) load_configterminalshell_init_filesauto_source_bashrcTc0g|]}|t|Sr)str).0fs r z4_read_terminal_shell_init_config..Ls#+++1+A+++r)rxrrz isinstancelistboolr)rcfg terminal_cfgfiles auto_bashrcs r _read_terminal_shell_init_configr=s 111111kmm!rwwz**0b   !344:%&& E<++,@$GGHH +++++[88 4xsBB BBct\}}g}|r||n |rts|gdg}|D]} tjtj|}n#t$rYLwxYw|r4tj|r| ||S)uhResolve the list of files to source before the login-shell snapshot. Expands ``~`` and ``${VAR}`` references and drops anything that doesn't exist on disk, so a missing ``~/.bashrc`` never breaks the snapshot. The ``auto_source_bashrc`` path runs only when the user hasn't supplied an explicit list — once they have, Hermes trusts them. )z ~/.profilez~/.bash_profilez ~/.bashrc) rextendrrr expandvars expanduserrrappend)explicitr candidatesresolvedrawr s r_resolve_shell_init_filesrQs=>>HkJJ(#### J[J HHHIIIH"" 7%%bg&8&8&=&=>>DD    H   "BGNN4(( " OOD ! ! ! Os`` lines (guarded + silent) to a bash script. Each file is wrapped so a failing rc file doesn't abort the whole bootstrap: ``set +e`` keeps going on errors, ``2>/dev/null`` hides noisy prompts, and ``|| true`` neutralises the exit status. zset +e'z'\''z[ -r 'z ' ] && . 'z' 2>/dev/null || true )rrr)rr prelude_partsr safepreludes r_prepend_shell_initr{s JMSS||C))QdQQdQQQRRRRii &&-G Z rc eZdZdZddededeffd Zd efd Zd d dd dede dededzd e j f dZ dZ defdZdeffd ZdZxZS)LocalEnvironmentzRun commands directly on the host machine. Spawn-per-call: every execute() spawns a fresh bash process. Session snapshot preserves env vars across calls. CWD persists via file-based read after each command. r <Nrtimeoutrc|rtj|}t|ptj|||dS)N)rrr)rr rsuper__init__getcwd init_session)selfrrr __class__s rrzLocalEnvironment.__init__sb  *'$$S))C S/BIKKcJJJ rrctr ddlm}|dz dz }n3#t$r&t t jdz }YnwxYw|ddt| dd Sd D]k}|j |ptj |}|r.|d r|d pd cSltjd r.tjd tjtjzrd St j}|d r|d pd Sd S) uReturn a shell-safe writable temp dir for local execution. Termux does not provide /tmp by default, but exposes a POSIX TMPDIR. Prefer POSIX-style env vars when available, keep using /tmp on regular Unix systems, and only fall back to tempfile.gettempdir() when it also resolves to a POSIX path. Check the environment configured for this backend first so callers can override the temp root explicitly (for example via terminal.env or a custom TMPDIR), then fall back to the host process environment. **Windows:** hardcoded ``/tmp`` is wrong in two ways — native Python can't open the path, and the Windows default temp (``%TEMP%``) often contains spaces (``C:\Users\Some Name\AppData\Local\Temp``) that break unquoted bash interpolations. Use a dedicated cache dir under ``HERMES_HOME`` instead — single-word path, guaranteed to exist, same string resolves in both Git Bash and native Python. r)get_hermes_homecacherhermes_terminalT)parentsexist_okrr )TMPDIRTMPTEMPz/tmp)rrrrrr#r$mkdirrrrrzrrrrstripr r!accessW_OKX_OK)rr cache_direnv_varrs r get_temp_dirzLocalEnvironment.get_temp_dirs&  5  L<<<<<<+O--7*D  L L L !4!6!677:KK  L OOD4O 8 8 8y>>))$44 40 4 4G W--H1H1HI 4Y11#66 4 '',,3333 7==  RYvrw7H%I%I 6'))    $ $ 0##C((/C /vs -AAFx)loginr stdin_datarr r c t}|r t}|rt||}|r|dd|gn|d|g}t|j}t |j} | |jkrPtrt|jn|j} | | kr!t d|j| | |_|j} tj |d|ddtj tj| tj n tjtrdn t jtr tjnd|  } ts0 t!j| j| _n#t,$rYnwxYw|t/| || S) Nz-lz-czaLocalEnvironment cwd %r is missing on disk; falling back to %r so terminal commands keep working.Tutf-8rr) textrencodingerrorsstdoutstderrstdin preexec_fn creationflagsr)rrrrrr'rrrloggerwarning subprocessPopenPIPESTDOUTDEVNULLrsetsidCREATE_NO_WINDOWgetpgidpid _hermes_pgidProcessLookupErrorr) rrr rr r init_filesargsrsafe_cwd normalized _popen_cwdprocs r _run_bashzLocalEnvironment._run_bashs||  I244J I0ZHH 16TdD*--T4._group_alivesY  $"""t%   uu"   tt s 3 33rc~tj|z}tj|kr^ n#t$rYnwxYw|sdStjdtj|k^ n#t$rYnwxYw| S)NTg?)time monotonicpollrsleep)r+rdeadliner/r(s r_wait_for_group_exitz._wait_for_group_exit s~'''1H.""X--IIKKKK D#|D)) 4 4   .""X--      #|D))) )s#A AAB## B0/B0r!Ng?g@g?)r)intrfloatr terminaterrr r"getattrr-signalSIGTERMSIGKILLwaitrTimeoutExpiredOSErrorr.killr)rr(r6r+r/s ` @r _kill_processzLocalEnvironment._kill_processs& s t     *s *U *t * * * * * * *$$       :dh//DD)"4>>D|$| IdFN3333)FF ('c22FIdFN3333)FF$$T3///IIcI*****"17;DD"OW=          sEA*)E*B E B  EB/.E/ B=9E<B==EC/.E/ C=9E<C==E D%%D?;E>D??EFE11 F;F?FFresultc t|jd5}|}dddn #1swxYwYtrt |}|r&t j|r||_ n#ttf$rYnwxYw| |dS)uRead CWD from temp file (local-only, no round-trip needed). Skip the assignment when the path no longer exists as a directory — ``pwd -P`` on a deleted cwd can leave a stale value in the marker file, and propagating it would re-wedge the next ``Popen``. The ``_run_bash`` recovery path will resolve a safe fallback if needed. On Windows, the value written by Git Bash's ``pwd -P`` is in MSYS form (``/c/Users/x``). Translate it to native Windows form before validating with ``os.path.isdir`` and before storing on ``self.cwd``; otherwise the isdir check rejects every valid result and ``_run_bash`` later prints a misleading "cwd is missing" warning on every command. r )rN) open _cwd_filereadstriprrrr r!rr@FileNotFoundError_extract_cwd_from_output)rrCrcwd_paths r _update_cwdzLocalEnvironment._update_cwdXs dnw777 ,16688>>++ , , , , , , , , , , , , , , , ;0:: $BGMM(33 $#*+    D  %%f-----s4B'A  B ABAABB)(B)c|j}t||j|krUtrt |jn|j}|r(t j|r ||_dS||_dSdS)uSame semantics as the base class, but on Windows the value emitted by ``pwd -P`` inside Git Bash is in MSYS form (``/c/Users/x``). Normalize to native Windows form and validate the directory exists before assigning to ``self.cwd`` — otherwise ``_run_bash``'s safe-cwd recovery would warn on every subsequent command. Always defers to the base class for stripping the marker text from ``result["output"]`` so output formatting is identical. N)rrrJrrrr r!)rrCprev_cwdr&rs rrJz)LocalEnvironment._extract_cwd_from_outputts8 ((000 8x  4DBBBBHDDDL.$....8$t$$$$$$0rr)N)(rVloggingrplatformrrr;rr#r1pathlibrtools.environments.baserrsystemr getLoggerrSrrrr'rr{rrrrr _find_shellrrtuplerrrrrrrrrr`siKK   @@@@@@@@ho9,  8 $ $(s(s(((((!3!3!!!!D%5!YyYYYYx"?!>!@!@td{td{VZ>2C2222l C .t.....b%S 4*@('49''''T C S  c    *BBBBBBBBBBr