iB^dZddlZddlZddlZddlZddlZddlZddlZddlm Z m Z ej dkZ dZ defdZeZddedzd edzdefd Zdefd ZeZd Zd edefdZdeeeeffdZdeefdZdedeedefdZGdde ZdS)uELocal execution environment — spawn-per-call with session snapshot.N)BaseEnvironment _pipe_stdinWindows_HERMES_FORCE_returnc`t} ddlm}|D]=}||j|jr||j>n#t$rYnwxYw ddl m }| D]d\}}| d}|dvr||4|dkr*| dr||en#t$rYnwxYw|hdt|S) z=Derive the blocklist from provider, tool, and gateway config.r)PROVIDER_REGISTRY)OPTIONAL_ENV_VARScategory>tool messagingsettingpassword>?GH_TOKENHASS_URL LLM_MODEL HASS_TOKEN XAI_API_KEY GROQ_API_KEY VERCEL_TOKEN EMAIL_ADDRESS GITHUB_APP_ID OPENAI_ORG_ID WHATSAPP_MODECOHERE_API_KEYEMAIL_PASSWORDGOOGLE_API_KEYMODAL_TOKEN_IDOPENAI_API_KEYSIGNAL_ACCOUNTVERCEL_TEAM_IDANTHROPIC_TOKENDAYTONA_API_KEYEMAIL_IMAP_HOSTEMAIL_SMTP_HOSTMISTRAL_API_KEYOPENAI_API_BASEOPENAI_BASE_URLSIGNAL_HTTP_URLDEEPSEEK_API_KEYHELICONE_API_KEYPARALLEL_API_KEYTOGETHER_API_KEYWHATSAPP_ENABLEDFIRECRAWL_API_KEYFIRECRAWL_API_URLFIREWORKS_API_KEYVERCEL_OIDC_TOKENVERCEL_PROJECT_IDANTHROPIC_BASE_URLEMAIL_HOME_ADDRESSMODAL_TOKEN_SECRETOPENROUTER_API_KEYPERPLEXITY_API_KEYSLACK_HOME_CHANNELDISCORD_AUTO_THREADOPENAI_ORGANIZATIONSIGNAL_HOME_CHANNELSLACK_ALLOWED_USERSDISCORD_HOME_CHANNELSIGNAL_ALLOWED_USERSGATEWAY_ALLOWED_USERSSIGNAL_IGNORE_STORIESTELEGRAM_HOME_CHANNELWHATSAPP_ALLOWED_USERSCLAUDE_CODE_OAUTH_TOKENDISCORD_REQUIRE_MENTIONEMAIL_HOME_ADDRESS_NAMESLACK_HOME_CHANNEL_NAMESIGNAL_HOME_CHANNEL_NAMEDISCORD_HOME_CHANNEL_NAMEGITHUB_APP_INSTALLATION_IDSIGNAL_GROUP_ALLOWED_USERSTELEGRAM_HOME_CHANNEL_NAMEGITHUB_APP_PRIVATE_KEY_PATHDISCORD_FREE_RESPONSE_CHANNELS)sethermes_cli.authr valuesupdateapi_key_env_varsbase_url_env_varadd ImportErrorhermes_cli.configr itemsget frozenset)blockedr pconfigr namemetadatar s =/home/ubuntu/.hermes/hermes-agent/tools/environments/local.py_build_provider_env_blocklistr`sG 555555(//11 6 6G NN73 4 4 4' 6 G4555 6        777777/5577 " "ND(||J//H000 D!!!!Y&&8<< +C+C& D!!!  "       NN@@@@@@B W  s%AA)) A65A6:A?C:: DDbase_env extra_envc ddlm}n#t$rd}YnwxYwi}|piD]9\}}|t r |t vs ||r|||<:|piD]Z\}}|t r"|tt d}|||<A|t vs ||r|||<[ddlm }|}|r||d<|S)zz*_sanitize_subprocess_env..xENget_subprocess_homeHOME) tools.env_passthroughre ExceptionrX startswith!_HERMES_PROVIDER_ENV_FORCE_PREFIX_HERMES_PROVIDER_ENV_BLOCKLISTlenhermes_constantsro) rarb_is_passthrough sanitizedkeyvaluereal_keyro _profile_homes r__sanitize_subprocess_envr~ssf*OOOOOOO ***)/*!#I~2,,..## U >>; < <   4 4 48L8L 4"IcN B--//## U >>; < < #3@AABBCH"'Ih   6 6 6//#:N:N 6"IcN544444''))M*) &   c ts{tjdpftjdrdndpCtjdrdndp tjdpdStjd}|r!tj|r|Stjd}|r|Stjtjdd d d d tjtjd dd d d tjtjdddd d d fD]'}|r#tj|r|cS(td)z Find bash for command execution.bashz /usr/bin/bashNz /bin/bashSHELLz/bin/shHERMES_GIT_BASH_PATH ProgramFileszC:\Program FilesGitbinzbash.exezProgramFiles(x86)zC:\Program Files (x86) LOCALAPPDATAProgramszGit Bash not found. Hermes Agent requires Git for Windows on Windows. Install it from: https://git-scm.com/download/win Or set HERMES_GIT_BASH_PATH to your bash.exe location.) _IS_WINDOWSshutilwhichospathisfileenvironrYjoin RuntimeError)customfound candidates r_ _find_bashrs  L  #%7>>/#B#BL !w~~k::D  z~~g&&   Z^^2 3 3F "'..(( L E    RZ^^N4GHH%QVXbcc  RZ^^$79RSSUZ\acmnn  RZ^^NB77UES]^^   22      A  rmza/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binenvc ddlm}n#t$rd}YnwxYwttj|z}i}|D]Z\}}|tr"|ttd}|||<A|tvs ||r|||<[| dd}d| dvr|r |dtnt|d<dd lm}|} | r| |d <|S) zDBuild a run environment with a sane PATH and provider-var stripping.rrdcdSrgrhris r_rkz_make_run_env..rlrmNPATHrz/usr/bin:rnrp)rqrerrdictrrrXrsrtrvrurYsplit _SANE_PATHrwro) rrxmergedrun_envkvr| existing_pathror}s r_ _make_run_envrs^*OOOOOOO ***)/*"*s" # #FG 1 <<9 : : >??@@AH !GH   4 4 48J8J 4GAJKK++M,,S1111=JZ]99Z999PZ 544444''))M(' Nrc< ddlm}|pi}|dpi}|dpg}t|tsg}t |dd}d|D|fS#t $rgdfcYSwxYw)uReturn (shell_init_files, auto_source_bashrc) from config.yaml. Best-effort — returns sensible defaults on any failure so terminal execution never breaks because the config file is unreadable. r) load_configterminalshell_init_filesauto_source_bashrcTc0g|]}|t|Srh)str).0fs r_ z4_read_terminal_shell_init_config..s#+++1+A+++rm)rWrrY isinstancelistboolrr)rcfg terminal_cfgfiles auto_bashrcs r_ _read_terminal_shell_init_configrs 111111kmm!rwwz**0b   !344:%&& E<++,@$GGHH +++++[88 4xsBB BBct\}}g}|r||n |rts|gdg}|D]} tjtj|}n#t$rYLwxYw|r4tj|r| ||S)uhResolve the list of files to source before the login-shell snapshot. Expands ``~`` and ``${VAR}`` references and drops anything that doesn't exist on disk, so a missing ``~/.bashrc`` never breaks the snapshot. The ``auto_source_bashrc`` path runs only when the user hasn't supplied an explicit list — once they have, Hermes trusts them. )z ~/.profilez~/.bash_profilez ~/.bashrc) rextendrrr expandvars expanduserrrrappend)explicitr candidatesresolvedrawrs r__resolve_shell_init_filesrs=>>HkJJ(#### J[J HHHIIIH"" 7%%bg&8&8&=&=>>DD    H   "BGNN4(( " OOD ! ! ! Os`` lines (guarded + silent) to a bash script. Each file is wrapped so a failing rc file doesn't abort the whole bootstrap: ``set +e`` keeps going on errors, ``2>/dev/null`` hides noisy prompts, and ``|| true`` neutralises the exit status. zset +e'z'\''z[ -r 'z ' ] && . 'z' 2>/dev/null || true )replacerr)rr prelude_partsrsafepreludes r__prepend_shell_initrs JMSS||C))QdQQdQQQRRRRii &&-G Z rmc eZdZdZddededeffd Zd efd Zd d dd dede dededzd e j f dZ dZ defdZdZxZS)LocalEnvironmentzRun commands directly on the host machine. Spawn-per-call: every execute() spawns a fresh bash process. Session snapshot preserves env vars across calls. CWD persists via file-based read after each command. r<Ncwdtimeoutrc|rtj|}t|ptj|||dS)N)rrr)rrrsuper__init__getcwd init_session)selfrrr __class__s r_rzLocalEnvironment.__init__8sb  *'$$S))C S/BIKKcJJJ rmrcdD]k}|j|ptj|}|r.|dr|dpdcSltjdr.tjdtj tj zrdStj }|dr|dpdSdS)a6Return a shell-safe writable temp dir for local execution. Termux does not provide /tmp by default, but exposes a POSIX TMPDIR. Prefer POSIX-style env vars when available, keep using /tmp on regular Unix systems, and only fall back to tempfile.gettempdir() when it also resolves to a POSIX path. Check the environment configured for this backend first so callers can override the temp root explicitly (for example via terminal.env or a custom TMPDIR), then fall back to the host process environment. )TMPDIRTMPTEMP/z/tmp) rrYrrrsrstriprisdiraccessW_OKX_OKtempfile gettempdir)renv_varrs r_ get_temp_dirzLocalEnvironment.get_temp_dir>s1 4 4G W--H1H1HI 4Y11#66 4 '',,3333 7==  RYvrw7H%I%I 6'))    $ $ 0##C((/C /vrmFx)loginr stdin_datarrrc t}|r t}|rt||}|r|dd|gn|d|g}t|j}t j|d|ddt jt j| t jn t j trdn tj |j  } ts0 tj| j| _n#t"$rYnwxYw|t%| || S)Nz-lz-cTzutf-8r) textrencodingerrorsstdoutstderrstdin preexec_fnr)rrrrr subprocessPopenPIPESTDOUTDEVNULLrrsetsidrgetpgidpid _hermes_pgidProcessLookupErrorr) rrrrrr init_filesargsrprocs r_ _run_bashzLocalEnvironment._run_bashXs!||  I244J I0ZHH 16TdD*--T4._group_alivesY  $"""t%   uu"   tt s 3 33rc~tj|z}tj|kr^ n#t$rYnwxYw|sdStjdtj|k^ n#t$rYnwxYw| S)NTg?)time monotonicpollrrsleep)rrdeadlinerrs r__wait_for_group_exitz._wait_for_group_exits~'''1H.""X--IIKKKK D#|D)) 4 4   .""X--      #|D))) )s#A AAB## B0/B0rNg?g@g?)r)intrfloatr terminaterrrrgetattrrsignalSIGTERMSIGKILLwaitrTimeoutExpiredOSErrorrkillrr)rrr rrs ` @r_ _kill_processzLocalEnvironment._kill_processs& s t     *s *U *t * * * * * * *$$       :dh//DD)"4>>D|$| IdFN3333)FF ('c22FIdFN3333)FF$$T3///IIcI*****"17;DD"OW=          sEA*)E*B E B  EB/.E/ B=9E<B==EC/.E/ C=9E<C==E D%%D?;E>D??EFE11 F;F?FFresultc t|j5}|}dddn #1swxYwY|r||_n#t t f$rYnwxYw||dS)z;Read CWD from temp file (local-only, no round-trip needed).N)open _cwd_filereadstriprrFileNotFoundError_extract_cwd_from_output)rrrcwd_paths r_ _update_cwdzLocalEnvironment._update_cwds dn%% ,6688>>++ , , , , , , , , , , , , , , , $#*+    D  %%f-----s3A'A  A A  AA  AA21A2cr|j|jfD]'} tj|#t$rY$wxYwdS)zClean up temp files.N)_snapshot_pathrrunlinkr)rrs r_cleanupzLocalEnvironment.cleanupsY%t~6  A  !       s ' 44)rrN)__name__ __module__ __qualname____doc__rr rrrrrrrrrr# __classcell__)rs@r_rr0sCsd c4;@!$+/&&&C&4&&!Dj&4>4D&&&&PDDDL .$ . . . .rmr)N)r'rplatformrrrrrtools.environments.baserrsystemrrtrZr`rurr~rr _find_shellrrtuplerrrrrrrhrmr_r.sKK   @@@@@@@@ho9, %5!YyYYYYx"?!>!@!@td{td{VZ>CF C t<%S 4*@('49''''T C S  c    *iiiiiiiiiirm