Skip to content

Commit ffd2482

Browse files
committed
fix(sync): adopt upstream cron-script env sanitization (SECURITY.md §2.3)
Post-merge fix for the cron/scheduler.py env conflict. Upstream hardened no_agent cron-script subprocess env to strip provider secrets via _sanitize_subprocess_env (_HERMES_PROVIDER_ENV_BLOCKLIST). Resolution: - Pass our profile-built run_env (HERMES_HOME, profile HOME, non-provider .env config) THROUGH _sanitize_subprocess_env — keeps our profile setup AND satisfies upstream's test_script_subprocess_env_sanitized. - Verified zero blast radius: our only no_agent scripts (evolution_watchdog, evolution_funnel) do not read provider keys from env. - Adapt our test_script_reads_env_from_hermes_dotenv to assert NON-provider .env config still reaches scripts (provider-secret stripping is covered by upstream's test).
1 parent cd4fb38 commit ffd2482

2 files changed

Lines changed: 14 additions & 4 deletions

File tree

cron/scheduler.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1086,6 +1086,11 @@ def _run_job_script(script_path: str) -> tuple[bool, str]:
10861086
text=True,
10871087
timeout=script_timeout,
10881088
cwd=str(path.parent),
1089+
# Start from our profile-built run_env (HERMES_HOME, profile HOME,
1090+
# non-provider .env config) then strip provider secrets per upstream
1091+
# SECURITY.md §2.3: cron scripts must NOT inherit Hermes provider env
1092+
# (anti-exfiltration). Our no_agent scripts (evolution_watchdog/funnel)
1093+
# don't read provider keys from env, so this is safe.
10891094
env=_sanitize_subprocess_env(run_env),
10901095
**popen_kwargs,
10911096
)

tests/cron/test_cron_script.py

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -198,21 +198,26 @@ def test_script_json_output(self, cron_env):
198198
assert parsed["new_prs"][0]["number"] == 42
199199

200200
def test_script_reads_env_from_hermes_dotenv(self, cron_env):
201-
"""no_agent scripts should inherit API keys from HERMES_HOME/.env."""
201+
"""no_agent scripts inherit NON-provider config from HERMES_HOME/.env.
202+
203+
Provider secrets (OPENROUTER_API_KEY, etc.) are stripped per upstream
204+
SECURITY.md §2.3 — see test_script_subprocess_env_sanitized. Non-secret
205+
config from .env still reaches the script.
206+
"""
202207
from cron.scheduler import _run_job_script
203208

204209
env_file = cron_env / ".env"
205-
env_file.write_text("OPENROUTER_API_KEY=sk-test-123\n")
210+
env_file.write_text("EVOLUTION_PIPELINE_REGION=eu-west\n")
206211

207212
script = cron_env / "scripts" / "read_env.py"
208213
script.write_text(textwrap.dedent("""\
209214
import os
210-
print(os.getenv("OPENROUTER_API_KEY", "MISSING"))
215+
print(os.getenv("EVOLUTION_PIPELINE_REGION", "MISSING"))
211216
"""))
212217

213218
success, output = _run_job_script("read_env.py")
214219
assert success is True
215-
assert output == "sk-test-123"
220+
assert output == "eu-west"
216221

217222

218223
class TestBuildJobPromptWithScript:

0 commit comments

Comments
 (0)