Commit ffd2482
committed
fix(sync): adopt upstream cron-script env sanitization (SECURITY.md §2.3)
Post-merge fix for the cron/scheduler.py env conflict. Upstream hardened
no_agent cron-script subprocess env to strip provider secrets via
_sanitize_subprocess_env (_HERMES_PROVIDER_ENV_BLOCKLIST). Resolution:
- Pass our profile-built run_env (HERMES_HOME, profile HOME, non-provider
.env config) THROUGH _sanitize_subprocess_env — keeps our profile setup
AND satisfies upstream's test_script_subprocess_env_sanitized.
- Verified zero blast radius: our only no_agent scripts (evolution_watchdog,
evolution_funnel) do not read provider keys from env.
- Adapt our test_script_reads_env_from_hermes_dotenv to assert NON-provider
.env config still reaches scripts (provider-secret stripping is covered by
upstream's test).1 parent cd4fb38 commit ffd2482
2 files changed
Lines changed: 14 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1086 | 1086 | | |
1087 | 1087 | | |
1088 | 1088 | | |
| 1089 | + | |
| 1090 | + | |
| 1091 | + | |
| 1092 | + | |
| 1093 | + | |
1089 | 1094 | | |
1090 | 1095 | | |
1091 | 1096 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
198 | 198 | | |
199 | 199 | | |
200 | 200 | | |
201 | | - | |
| 201 | + | |
| 202 | + | |
| 203 | + | |
| 204 | + | |
| 205 | + | |
| 206 | + | |
202 | 207 | | |
203 | 208 | | |
204 | 209 | | |
205 | | - | |
| 210 | + | |
206 | 211 | | |
207 | 212 | | |
208 | 213 | | |
209 | 214 | | |
210 | | - | |
| 215 | + | |
211 | 216 | | |
212 | 217 | | |
213 | 218 | | |
214 | 219 | | |
215 | | - | |
| 220 | + | |
216 | 221 | | |
217 | 222 | | |
218 | 223 | | |
| |||
0 commit comments