hermes-agent-features/tools
Teknium 624ad582a5
fix: make gateway approval block agent thread like CLI does (#4557)
The gateway's dangerous command approval system was fundamentally broken:
the agent loop continued running after a command was flagged, and the
approval request only reached the user after the agent finished its
entire conversation loop. By then the context was lost.

This change makes the gateway approval mirror the CLI's synchronous
behavior. When a dangerous command is detected:

1. The agent thread blocks on a threading.Event
2. The approval request is sent to the user immediately
3. The user responds with /approve or /deny
4. The event is signaled and the agent resumes with the real result

The agent never sees 'approval_required' as a tool result. It either
gets the command output (approved) or a definitive BLOCKED message
(denied/timed out) — same as CLI mode.

Queue-based design supports multiple concurrent approvals (parallel
subagents via delegate_task, execute_code RPC handlers). Each approval
gets its own _ApprovalEntry with its own threading.Event. /approve
resolves the oldest (FIFO); /approve all resolves all at once.

Changes:
- tools/approval.py: Queue-based per-session blocking gateway approval
  (register/unregister callbacks, resolve with FIFO or all-at-once)
- gateway/run.py: Register approval callback in run_sync(), remove
  post-loop pop_pending hack, /approve and /deny support 'all' flag
- tests: 21 tests including parallel subagent E2E scenarios
2026-04-02 01:47:19 -07:00
..
browser_providers Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway. 2026-03-30 13:28:10 +09:00
environments Fixes and refactors enabled by recent updates to main. 2026-03-31 09:29:59 +09:00
neutts_samples
__init__.py Merge branch 'main' into rewbs/tool-use-charge-to-subscription 2026-03-31 08:48:54 +09:00
ansi_strip.py
approval.py fix: make gateway approval block agent thread like CLI does (#4557) 2026-04-02 01:47:19 -07:00
browser_camofox_state.py feat(browser): add persistent Camofox sessions and VNC URL discovery (salvage #4400) (#4419) 2026-04-01 04:18:50 -07:00
browser_camofox.py security: redact secrets from auxiliary and vision LLM responses 2026-04-01 12:03:56 -07:00
browser_tool.py Merge branch 'main' into rewbs/tool-use-charge-to-subscription 2026-04-02 11:00:35 +11:00
checkpoint_manager.py
clarify_tool.py
code_execution_tool.py Merge branch 'main' into rewbs/tool-use-charge-to-subscription 2026-04-02 11:00:35 +11:00
credential_files.py fix: apply same path traversal checks to config-based credential files 2026-03-31 12:16:37 -07:00
cronjob_tools.py feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847) 2026-03-29 21:29:13 -07:00
debug_helpers.py
delegate_tool.py fix: report subagent status as completed when summary exists (#3829) 2026-03-29 18:21:36 -07:00
env_passthrough.py
file_operations.py fix(security): protect .docker, .azure, and .config/gh from read and write 2026-03-31 12:47:10 -07:00
file_tools.py fix(file_tools): refresh staleness timestamp after writes (#4390) 2026-04-01 00:50:08 -07:00
fuzzy_match.py
homeassistant_tool.py
honcho_tools.py fix(banner): show honcho tools as available when configured (#3810) 2026-03-29 15:55:05 -07:00
image_generation_tool.py Gate tool-gateway behind an env var, so it's not in users' faces until we're ready. Even if users enable it, it'll be blocked server-side for now, until we unlock for non-admin users on tool-gateway. 2026-03-30 13:28:10 +09:00
interrupt.py
managed_tool_gateway.py fix(tools): add debug logging for token refresh and tighten domain check 2026-04-02 12:40:03 +11:00
mcp_oauth.py
mcp_tool.py feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812) 2026-03-29 15:52:54 -07:00
memory_tool.py fix: cap percentage displays at 100% in stats, gateway, and memory tool (#3599) 2026-03-28 14:55:18 -07:00
mixture_of_agents_tool.py
neutts_synth.py
openrouter_client.py
patch_parser.py
process_registry.py
registry.py feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812) 2026-03-29 15:52:54 -07:00
rl_training_tool.py
send_message_tool.py feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847) 2026-03-29 21:29:13 -07:00
session_search_tool.py
skill_manager_tool.py feat(skills): size limits for agent writes + fuzzy matching for patch (#4414) 2026-04-01 04:19:19 -07:00
skills_guard.py
skills_hub.py feat(skills): size limits for agent writes + fuzzy matching for patch (#4414) 2026-04-01 04:19:19 -07:00
skills_sync.py
skills_tool.py Merge branch 'main' into rewbs/tool-use-charge-to-subscription 2026-03-31 08:48:54 +09:00
terminal_tool.py Merge branch 'main' into rewbs/tool-use-charge-to-subscription 2026-03-31 08:48:54 +09:00
tirith_security.py
todo_tool.py
tool_backend_helpers.py Merge branch 'main' into rewbs/tool-use-charge-to-subscription 2026-03-31 08:48:54 +09:00
transcription_tools.py Merge branch 'main' into rewbs/tool-use-charge-to-subscription 2026-03-31 08:48:54 +09:00
tts_tool.py Merge branch 'main' into rewbs/tool-use-charge-to-subscription 2026-03-31 08:48:54 +09:00
url_safety.py
vision_tools.py fix: background task media delivery + vision download timeout (#3919) 2026-03-30 02:59:39 -07:00
voice_mode.py fix: allow voice mode in WSL when PulseAudio bridge is configured 2026-03-31 12:13:33 -07:00
web_tools.py fix(tools): add debug logging for token refresh and tighten domain check 2026-04-02 12:40:03 +11:00
website_policy.py