§ áìõi&ãó —UdZddlmZddlZddlZddlmZddlmZddl m Z dZe¦«Z ded <dd d„Zd!d„Zd"d„Zd#d„Zdddœd$d„ZdS)%zFHelpers for loading Hermes .env files consistently across entrypoints.é)ÚannotationsN)ÚPath)Úload_dotenv)Úatomic_replace)Ú_API_KEYÚ_TOKENÚ_SECRETÚ_KEYzset[str]Ú_WARNED_KEYSéÚvalueÚstrÚlimitÚintÚreturncó—g}|D]s}t|¦«dkr^dt|¦«d›}| ¦«r |d|›dz }||vr| |¦«t|¦«|krnŒtd |¦«S)zEReturn a compact 'U+XXXX ('c'), ...' summary of non-ASCII codepoints.ézU+Ú04Xú (ú)z, )ÚordÚisprintableÚappendÚlenÚjoin)r rÚseenÚchÚlabels ú:/home/ubuntu/.hermes/hermes-agent/hermes_cli/env_loader.pyÚ_format_offending_charsr s£€à€DØððˆÝˆr‰7Œ7SŠ=ˆ=Ø&˜R™œÐ&Ð&Ð&ˆEØ~Š~ÑÔð &Ø˜˜b˜˜˜Ñ%Ø˜DÐ Ð Ø—’˜EÑ"Ô"Ð"Ý4‰yŒy˜EÒ!Ð!ØøØ9Š9T‰?Œ?ÐóÚNonecó®‡—ttj ¦«¦«D]&\Š}t ˆfd„t D¦«¦«sŒ' | d¦«Œ>#t$rYnwxYw| dd¬¦« d¦«}|tj‰<‰tvrŒ‘t ‰¦«t|¦«t|¦«z }t|¦«pd}td‰›d|›d|d krd nd›d|›d tj¬¦«tdtj¬¦«Œ(dS)a!Strip non-ASCII characters from credential env vars in os.environ. Called after dotenv loads so the rest of the codebase never sees non-ASCII API keys. Only touches env vars whose names end with known credential suffixes (``_API_KEY``, ``_TOKEN``, etc.). Emits a one-line warning to stderr when characters are stripped. Silent stripping would mask copy-paste corruption (Unicode lookalike glyphs from PDFs / rich-text editors, ZWSP from web pages) as opaque provider-side "invalid API key" errors (see #6843). c3óB•K—|]}‰ |¦«V—ŒdS)N)Úendswith)Ú.0ÚsuffixÚkeys €rú z/_sanitize_loaded_credentials..5s/øèè€ÐKÐK¨F3—<’< Ñ'Ô'ÐKÐKÐKÐKÐKÐKr!ÚasciiÚignore)Úerrorsz non-printablez Warning: z contained z non-ASCII characteréÚsÚru8) â€” stripped so the key can be sent as an HTTP header.)Úfilea@ This usually means the key was copy-pasted from a PDF, rich-text editor, or web page that substituted lookalike Unicode glyphs for ASCII letters. If authentication fails (e.g. "API key not valid"), re-copy the key from the provider's dashboard and run `hermes setup` (or edit the .env file in a plain-text editor).N)ÚlistÚosÚenvironÚitemsÚanyÚ_CREDENTIAL_SUFFIXESÚencodeÚUnicodeEncodeErrorÚdecoderÚaddrr ÚprintÚsysÚstderr)r ÚcleanedÚstrippedÚdetailr(s @rÚ_sanitize_loaded_credentialsrA(s£ø€õ2œ:×+Ò+Ñ-Ô-Ñ.Ô.ð ñ ‰ ˆˆUÝÐKÐKÐKÐKÕ6JÐKÑKÔKÑKÔKð Øð ØLŠL˜Ñ!Ô!Ð!ØøÝ!ð ð ð ØˆDð øøøà—,’,˜w¨x,Ñ8Ô8×?Ò?ÀÑHÔHˆØ!Œ 3‰Ø•,ÐÐØÝ×Ò˜ÑÔÐÝu‘:”:¥ G¡¤Ñ,ˆÝ(¨Ñ/Ô/ÐB°?ˆÝ ð 2˜#ð 2ð 2¨(ð 2ð 2Ø !’mmˆsˆs¨ð 2ð 2Ø/5ð 2ð 2ð 2õ”ð ñ ô ð õ ð 1õ”ð ñ ô ð ñ ð+ ð sÁA+Á+ A8Á7A8ÚpathrÚoverrideÚboolcóŽ— t||d¬¦«n"#t$rt||d¬¦«YnwxYwt¦«dS)Núutf-8)Údotenv_pathrCÚencodingzlatin-1)rÚUnicodeDecodeErrorrA)rBrCs rÚ_load_dotenv_with_fallbackrJTsn€ðMÝ ¨xÀ'ÐJÑJÔJÐJÐJøÝðMðMðMÝ ¨xÀ)ÐLÑLÔLÐLÐLÐLðMøøøõ!Ñ"Ô"Ð"Ð"Ð"s‚•4³4có—| ¦«sdS ddlm}n#t$rYdSwxYwdddœ} t |fi|¤Ž5}| ¦«}ddd¦«n#1swxYwY||¦«}||kr÷ddl}| t|j ¦«dd¬ ¦«\}} tj|d d¬¦«5}| |¦«| ¦«tj| ¦«¦«ddd¦«n#1swxYwYt!||¦«dS#t"$r( tj|¦«n#t&$rYnwxYw‚wxYwdS#t($rYdSwxYw)uÂPre-sanitize a .env file before python-dotenv reads it. python-dotenv does not handle corrupted lines where multiple KEY=VALUE pairs are concatenated on a single line (missing newline). This produces mangled values â€” e.g. a bot token duplicated 8Ã— (see #8908). We delegate to ``hermes_cli.config._sanitize_env_lines`` which already knows all valid Hermes env-var names and can split concatenated lines correctly. Nr)Ú_sanitize_env_linesrFÚreplace)rHr,z.tmpz.env_)Údirr'ÚprefixÚw)rH)ÚexistsÚhermes_cli.configrLÚImportErrorÚopenÚ readlinesÚtempfileÚmkstemprÚparentr2ÚfdopenÚ writelinesÚflushÚfsyncÚfilenorÚ BaseExceptionÚunlinkÚOSErrorÚ Exception) rBrLÚread_kwÚfÚoriginalÚ sanitizedrVÚfdÚtmps rÚ_sanitize_env_file_if_neededrhasl€ð;Š;‰=Œ=ðØˆðØ9Ð9Ð9Ð9Ð9Ð9Ð9øÝðððØˆˆðøøøð#¨iÐ8Ð8€Gð Ý $Ð "Ð "˜'Ð "Ð "ð % aØ—{’{‘}”}ˆHð %ð %ð %ñ %ô %ð %ð %ð %ð %ð %ð %øøøð %ð %ð %ð %à'Ð'¨Ñ1Ô1ˆ Ø˜Ò Ð ØˆOˆOˆOØ×&Ò&Ý˜œÑ$Ô$¨V¸Gð'ñô‰GˆBð Ý”Y˜r 3°Ð9Ñ9Ô9ð)¸QØ—L’L Ñ+Ô+Ð+Ø—G’G‘I”IIÝ”H˜QŸXšX™ZœZÑ(Ô(Ð(ð)ð)ð)ñ)ô)ð)ð)ð)ð)ð)ð)øøøð)ð)ð)ð)õ˜s DÑ)Ô)Ð)Ð)Ð)øÝ ð ð ð ðÝ”I˜c‘N”NNNøÝðððØDðøøøàð øøøð!Ð øõ"ð ð ð Øˆˆð øøøs˜Ÿ -¬-¶ E9ÁA$ÁE9Á$A(Á(E9Á+A(Á,AE9Â2EÃ AD%ÄEÄ%D)Ä)EÄ,D)Ä-EÅ E4Å E"Å!E4Å" E/Å,E4Å.E/Å/E4Å4E9Å9 FÆF)Úhermes_homeÚproject_envriústr | os.PathLike | Nonerjú list[Path]có(—g}t|p(tjdtj¦«dz¦«¦«}|dz}|rt|¦«nd}| ¦«rt|¦«|r#| ¦«rt|¦«| ¦«r&t |d¬¦«| |¦«|r;| ¦«r't ||¬¦«| |¦«|S)a[Load Hermes environment files with user config taking precedence. Behavior: - `~/.hermes/.env` overrides stale shell-exported values when present. - project `.env` acts as a dev fallback and only fills missing values when the user env exists. - if no user env exists, the project `.env` also overrides stale shell vars. ÚHERMES_HOMEz.hermesz.envNT)rC)rr2ÚgetenvÚhomerQrhrJr)rirjÚloadedÚ home_pathÚuser_envÚproject_env_paths rÚload_hermes_dotenvruŽs"€ð€Få[ÐU¥B¤I¨m½T¼Y¹[¼[È9Ñ=TÑ$UÔ$UÑVÔV€IØ˜6Ñ!€HØ,7ÐA•t˜KÑ(Ô(Ð(¸TÐð‡‚ÑÔð/Ý$ XÑ.Ô.Ð.Øð7Ð,×3Ò3Ñ5Ô5ð7Ý$Ð%5Ñ6Ô6Ð6à‡‚ÑÔð Ý" 8°dÐ;Ñ;Ô;Ð;Ø Š hÑÔÐàð(Ð,×3Ò3Ñ5Ô5ð(Ý"Ð#3À&¸jÐIÑIÔIÐIØ Š Ð&Ñ'Ô'Ð'à€Mr!)r)r rrrrr)rr")rBrrCrDrr")rBrrr")rirkrjrkrrl)Ú__doc__Ú __future__rr2r<ÚpathlibrÚdotenvrÚutilsrr6ÚsetrÚ__annotations__r rArJrhru©r!rúr~sðØLÐLÐLà"Ð"Ð"Ð"Ð"Ð"à € € € Ø € € € ØÐÐÐÐÐàÐÐÐÐÐØ Ð Ð Ð Ð Ð ðAÐð ˜™œ€ÐÐÐÑðððððð) ð) ð) ð) ðX #ð #ð #ð #ð* ð* ð* ð* ð^-1Ø,0ð!ð!ð!ð!ð!ð!ð!ð!r!