}-ji *UdZddlZddlZddlZddlZddlZddlZddlZddlm Z ej e Z ej dZgdZgdZdaejZeaeeed<ejZd Zd e d dfd Zd e d e fd Zd e fdZeZd efdZdhZ eeed<ejZ!da"dgdZ#ded e$fdZ%d e$fdZ&d efdZ'ded dfdZ(dgdZ)ded e fdZ*d e fdZ+ejZ,d e-fdZ.dgdZ/dgdZ0de1d e fdZ2dgd Z3Gd!d"Z4Gd#d$Z5ded e fd%Z6id&d'd(d'd)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOZ7d efdPZ8d e d e1eeffdQZ9d e fdRZ:d e fdSZ;dgdTZfdYZ?d e1fdZZ@defd[ZAd e fd\ZBded e fd]ZC dhded^ed_e$d e fd`ZDdidae dbedced dfddZE djded^ed_e$dbedced e1f deZFded e1fdfZGdS)ka Hermes Web UI -- Profile state management. Wraps hermes_cli.profiles to provide profile switching for the web UI. The web UI maintains a process-level "active profile" that determines which HERMES_HOME directory is used for config, skills, memory, cron, and API keys. Profile switches update os.environ['HERMES_HOME'] and monkey-patch module-level cached paths in hermes-agent modules (skills_tool, skill_manager_tool, cron/jobs) that snapshot HERMES_HOME at import time. N)Pathz^[a-z0-9][a-z0-9_-]{0,63}$)memoriessessionsskillsskinslogsplans workspacecron) config.yaml.envzSOUL.mddefault_loaded_profile_env_keys)ztools.skills_toolztools.skill_manager_toolhomereturnctD]a}tj|}|$ ||_|dz |_7#t $rtd|Y^wxYwdS)zCPatch imported skill modules that cache HERMES_HOME at import time.NrzFailed to patch %s module) _SKILL_HOME_MODULESsysmodulesget HERMES_HOME SKILLS_DIRAttributeErrorloggerdebug)r module_namemodules "/root/hermes-webui/api/profiles.pypatch_skill_home_modulesr,s*CC -- >  C!%F  $xF   C C C LL4k B B B B B CCCs?%A'&A'c>|jjdkr |jjS|S)zGReturn the base Hermes home when *home* is already a named profile dir.profiles)parentnamers r_unwrap_profile_home_to_baser%9s" {:%%{!! Kctjdd}|r.tt |Stjdd}|r0t |}t|St jdz S)u/Return the BASE ~/.hermes directory — the root that contains profiles/. This is intentionally distinct from HERMES_HOME, which tracks the *active profile's* home and changes on every profile switch. The base dir must always point to the top-level .hermes regardless of which profile is active. Resolution order: 1. HERMES_BASE_HOME env var (set explicitly, highest priority) 2. HERMES_HOME env var — but only if it does NOT look like a profile subdir (i.e. its parent is not named 'profiles'). This handles test isolation where HERMES_HOME is set to an isolated test state dir. 3. ~/.hermes (always-correct default) The bug this prevents: if HERMES_HOME has already been mutated to /home/user/.hermes/profiles/webui (by init_profile_state at startup), reading it here would make _DEFAULT_HERMES_HOME point to that subdir, causing switch_profile('webui') to look for /home/user/.hermes/profiles/webui/profiles/webui — which doesn't exist. HERMES_BASE_HOME normally points at the base home already, but isolated single-profile WebUI deployments can provide /base/profiles/ there as well. Normalize both env vars through the same helper so active-profile and per-request resolution share one base-root contract (#749). HERMES_BASE_HOMErz.hermes)osgetenvstripr%r expanduserr) base_override hermes_homeps r_resolve_base_hermes_homer1@s4I0"55;;==MN+D,?,?,J,J,L,LMMM)M2..4466K/    ( ( * *+A... 9;; ""r&ctdz }|rX |d}|r|Sn*#t$rt dYnwxYwdS)z=Read the sticky active profile from ~/.hermes/active_profile.active_profileutf-8encodingz"Failed to read active profile filer)_DEFAULT_HERMES_HOMEexists read_textr, Exceptionrr)ap_filer#s r_read_active_profile_filer<is"%55G~~? ?$$g$66<<>>D    ? ? ? LL= > > > > > ? 9s+A $A43A4_root_profile_name_cacheFct5ttddaddddS#1swxYwYdS)zDrop the memoized root-profile-name set. Called whenever profile metadata might have changed: create, clone, delete, rename. The next _is_root_profile() call repopulates from list_profiles_api(). rFN)_root_profile_name_cache_lockr=clearadd_root_profile_name_cache_loadedr&r_invalidate_root_profile_cacherDs '00 &&((( $$Y///*/'000000000000000000s6A  AAr#c|sdS|dkrdSt5tr|tvcdddS dddn #1swxYwY t}n-#t$r t ddYdSwxYwt5ttd|D]d} | dr5| dr t|dN#ttf$rYawxYwda|tvcdddS#1swxYwYdS) a True if *name* resolves to the Hermes Agent root profile (~/.hermes). Matches the legacy 'default' alias plus any name where list_profiles_api() reports is_default=True. Memoized; call _invalidate_root_profile_cache() after mutating profile metadata. FrTNz/Failed to list profiles for root-profile lookup)exc_info is_defaultr#) r?rBr=list_profiles_apir:rrr@rArr TypeError)r#infosr0s r_is_root_profilerKs u yt &44 * 43344444444 4444444444444444 !##  FQU VVVuu ' 0 0 &&((( $$Y///  A 55&&<155==<,006;;;"I.    *.'// 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0sX>AA A&BB 8D?A DD?D%"D?$D%% D??EEcf|pd}|pd}||krdSt|rt|rdSdS)uDReturn True if a session/project row's profile matches the active profile. Treats both the literal alias 'default' and any renamed-root display name (per _is_root_profile) as equivalent, so legacy rows tagged 'default' still surface when the user has renamed the root profile to e.g. 'kinni', and vice versa. A row with no profile (`None` or empty string) is treated as belonging to the root profile — that's the convention used by the legacy backfill at api/models.py::all_sessions, and matches the default seen in `static/sessions.js` (`S.activeProfile||'default'`). Originally lived in api/routes.py; relocated here so both routes.py and out-of-process consumers (mcp_server.py) can import the canonical helper instead of duplicating the body. See #1614 for the visibility model. rTF)rK) row_profiler3rowactives r_profiles_matchrPsP"  "C  (yF f}}t!1&!9!9t 5r&cDttdd}||StS)uReturn the currently active profile name. Priority: 1. Thread-local (set per-request from hermes_profile cookie) — issue #798 2. Process-level default (_active_profile) profileN)getattr_tls_active_profile)tls_names rget_active_profile_namerWs&tY--H r&c|t_dS)aSet the per-request profile context for this thread. Called by server.py at the start of each request when a hermes_profile cookie is present. Always paired with clear_request_profile() in a finally block so the thread-local is released after the request. NrTrRr#s rset_request_profiler[sDLLLr&cdt_dS)zClear the per-request profile context for this thread. Called by server.py in the finally block of do_GET / do_POST. Safe to call even if set_request_profile() was never called. NrYrCr&rclear_request_profiler]s DLLLr&c|rt|rtSt|stSt |S)aResolve a logical profile name to its Hermes home path. Root/default aliases resolve to _DEFAULT_HERMES_HOME. Valid named profiles resolve to _DEFAULT_HERMES_HOME/profiles/ even when the directory has not been created yet; the agent layer may create it on first use. Invalid names fall back to the base home so traversal-shaped cookie values cannot influence filesystem paths. )rKr7_PROFILE_ID_RE fullmatch_resolve_named_profile_homerZs r_resolve_profile_home_for_namerbsL $#D))$##  # #D ) )$## &t , ,,r&c8ttS)zReturn the HERMES_HOME path for the currently active profile. Uses get_active_profile_name() so per-request TLS context (issue #798) is respected, not just the process-level global. )rbrWrCr&rget_active_hermes_homerd s **A*C*C D DDr&cLtttddpdS)Ncron_profile_depthr)intrSrTrCr&r_cron_profile_context_depthrh's" wt1155: ; ;;r&c<tdzt_dS)N)rhrTrfrCr&r _push_cron_profile_context_depthrk+s9;;a?Dr&c\t}td|dz t_dS)Nrrj)rhmaxrTrf)depths r_pop_cron_profile_context_depthro/s) ' ) )E!!UQY//Dr&jobc<t|pidpd}|stSt |rt St |s@t d|pidd|tSt|}| s@t d|pidd|tS|S)aResolve the profile home an auto-fired scheduler job should execute in. Legacy jobs with no profile keep the scheduler's server-default profile. Jobs pinned to a named profile execute under that profile's HERMES_HOME, so an in-process WebUI scheduler thread does not leak process-global config or .env into the agent run. If a profile was deleted after the job was saved, fall back to the server default rather than crashing every scheduler tick. rRr)zBCron job %s has invalid profile %r; falling back to server defaultid?zICron job %s references missing profile %r; falling back to server default) strrr,rdrKr7r_r`rwarningrais_dir)rprawrs r_home_for_scheduled_cron_jobrx4s sybooi((.B / / 5 5 7 7C (%'''$##  # #C ( (( P YBOOD# & &   &''' &s + +D ;;==( W YBOOD# & &   &''' Kr&c ddlm}n+#t$rtdYdSwxYwt |ddt ddrdSfd}d|_|_||_dS) aPatch cron.scheduler.run_job for WebUI in-process scheduler safety. Standard WebUI deployments do not start the scheduler thread in-process, but if a future/single-process deployment calls cron.scheduler.tick() from the WebUI worker, tick's background job path has no request TLS context. Wrap run_job so each auto-fired job's persisted ``profile`` field gets the same HERMES_HOME isolation as the manual /api/crons/run path. rNzDinstall_cron_scheduler_profile_isolation: cron.scheduler unavailablerun_job_webui_profile_isolatedFctdkr |g|Ri|Stt|5|g|Ri|cdddS#1swxYwYdS)Nr)rhcron_profile_context_for_homerx)rpargskwargsoriginals r_webui_profile_isolated_run_jobzQinstall_cron_scheduler_profile_isolation.._webui_profile_isolated_run_jobes ' ( (1 , ,8C1$111&11 1 *+G+L+L M M 2 28C1$111&11 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2s AAAT) cron.scheduler scheduler ImportErrorrrrSr{_webui_original_run_jobrz)_csrrs @r(install_cron_scheduler_profile_isolationrRs$$$$$$$  [\\\sIt,,H78-FNN22222?C#;>F#;1CKKKs  $22c*eZdZdZdefdZdZdZdS)r}a Context manager that pins HERMES_HOME to an explicit profile home path. Use this variant from worker threads that don't have TLS context (e.g. the background thread started by /api/crons/run). The HTTP-side variant below resolves the home via TLS. rc.t||_dS)N)r_home)selfrs r__init__z&cron_profile_context_for_home.__init__{s$ZZ r&ctt tjd|_t|jtjd<d|_ ddl m }|j |j |j|jf|_ |j|_ |jdz |_ |j dz |_|j dz |_n1#t t"f$rt$dYnwxYwd|_ ddlm}t/|ddt/|ddt/|d df|_|j|_|jdz |_|jd z |_n1#t t"f$rt$d YnwxYwn6#t6$r)t9twxYw|S) Nrrr jobs.jsonoutputz4cron_profile_context_for_home: cron.jobs unavailable _hermes_home _LOCK_DIR _LOCK_FILE .tick.lockz9cron_profile_context_for_home: cron.scheduler unavailable)_cron_env_lockacquirerkr*environr _prev_envrtr_prev_cj cron.jobsjobs HERMES_DIRCRON_DIR JOBS_FILE OUTPUT_DIRrrrr_prev_csrrrSrrrr:rorelease)r_cjrs r __enter__z'cron_profile_context_for_home.__enter__~s   (***% Z^^M::DN(+DJBJ} %!DM U''''''!$s}cn ] !%#zF2 # { : !$!80 U U U STTTTT U!DM Z,,,,,,C66Cd33Ct44! $(: $ V 3 !$!=0 Z Z Z XYYYYY Z    + - - -  " " $ $ $   sVA F(6ACF(+DF(D F(A'E65F(6+F$!F(#F$$F((3GcH |j!tjddn|jtjd<|j? ddlm}|j\|_|_|_ |_ n#ttf$rYnwxYwt|dd9 ddlm}|j\|_|_|_n#ttf$rYnwxYwt)t*n,#t)t*wxYwdSNrrrFrr*rpoprrrrrrrrrrSrrrrrrrorrrexc_typeexc_valexc_tbrrs r__exit__z&cron_profile_context_for_home.__exit__sI %~% }d3333,0N =)}(++++++RVR_OCNCL#-#^4DtZ..:000000FJmCC$cmS^^#^4D , - - -  " " $ $ $ $ , - - -  " " $ $ $ $uTAC6&A-,C6-B>C6BC6 B76C67C C6 C  C66)DN)__name__ __module__ __qualname____doc__rrrrrCr&rr}r}ssX T    )))Vr&r}ceZdZdZdZdZdS)cron_profile_contexta`Context manager that pins HERMES_HOME to the TLS-active profile. Usage: with cron_profile_context(): from cron.jobs import list_jobs jobs = list_jobs(include_disabled=True) Serializes cron API calls across profiles (cron API is low-frequency; serialization cost is negligible compared to correctness). ctt tjd|_t}t|tjd<d|_ ddl m }|j |j |j|jf|_ ||_ |dz |_ |j dz |_|j dz |_n1#t t"f$rt$dYnwxYwd|_ ddlm}t/|ddt/|ddt/|d df|_||_|dz |_|jd z |_n1#t t"f$rt$d YnwxYwn6#t6$r)t9twxYw|S) Nrrr rrz9cron_profile_context: cron.jobs unavailable; env-var onlyrrrrz>cron_profile_context: cron.scheduler unavailable; env-var only)rrrkr*rrrrdrtrrrrrrrrrrrrrrrSrrrr:ror)rrrrs rrzcron_profile_context.__enter__s   (***$ Z^^M::DN)++D(+D BJ} % !DM Z''''''!$s}cn ] !%#f} # { : !$!80 Z Z Z XYYYYY Z!DM _,,,,,,C66Cd33Ct44! $( $v  !$!=0 _ _ _ ]^^^^^ _    + - - -  " " $ $ $   sVAF?ACF+D?FD F AE+*F++FFFF3GcH |j!tjddn|jtjd<|j? ddlm}|j\|_|_|_ |_ n#ttf$rYnwxYwt|dd9 ddlm}|j\|_|_|_n#ttf$rYnwxYwt)t*n,#t)t*wxYwdSrrrs rrzcron_profile_context.__exit__sK %~% }d3333,0N =)}(++++++RVR_OCNCL#-#^4DtZ..:000000FJmCC$cmS^^#^4D , - - -  " " $ $ $ $ , - - -  " " $ $ $ $urN)rrrrrrrCr&rrrs=  (((Tr&rc t|S)uReturn the HERMES_HOME Path for *name* without mutating any process state. Safe to call from per-request context (streaming, session creation) because it reads only the filesystem — it never touches os.environ, module-level cached paths, or the process-level _active_profile global. Falls back to _DEFAULT_HERMES_HOME (same as 'default') when *name* is None, empty, 'default', or does not match the profile-name format (rejects path traversal such as '../../etc'). )rbrZs rget_hermes_home_for_profilers *$ / //r&backend TERMINAL_ENVenv_typecwd TERMINAL_CWDtimeoutTERMINAL_TIMEOUTlifetime_secondsTERMINAL_LIFETIME_SECONDS modal_modeTERMINAL_MODAL_MODE docker_imageTERMINAL_DOCKER_IMAGEdocker_forward_envTERMINAL_DOCKER_FORWARD_ENV docker_envTERMINAL_DOCKER_ENVdocker_mount_cwd_to_workspace&TERMINAL_DOCKER_MOUNT_CWD_TO_WORKSPACEsingularity_imageTERMINAL_SINGULARITY_IMAGE modal_imageTERMINAL_MODAL_IMAGE daytona_imageTERMINAL_DAYTONA_IMAGE container_cpuTERMINAL_CONTAINER_CPUcontainer_memoryTERMINAL_CONTAINER_MEMORYcontainer_diskTERMINAL_CONTAINER_DISKcontainer_persistentTERMINAL_CONTAINER_PERSISTENTTERMINAL_DOCKER_VOLUMESTERMINAL_PERSISTENT_SHELLTERMINAL_SSH_HOSTTERMINAL_SSH_USERTERMINAL_SSH_PORTTERMINAL_SSH_KEYTERMINAL_SSH_PERSISTENTTERMINAL_LOCAL_PERSISTENT)docker_volumespersistent_shellssh_hostssh_userssh_portssh_keyssh_persistentlocal_persistentct|tr|rdndSt|ttfrt j|St |S)Ntruefalse) isinstanceboollistdictjsondumpsrt)values r_stringify_env_valuer=sU%,+vvG+%$&&!z%   u::r&c\t|}i} ddl}|dz }|r)||dni}t |tsi}n#t$ri}YnwxYwt |tr| dini}t |trCt D])\}}||vr ||t||||<*|dz }|r |d D]} | } | r| dstd | vrp| d d \} } | } | d d } | r| r| || <n+#t$rt"d |YnwxYw|S)aReturn env vars needed to run an agent turn for a profile home. WebUI profile switching is per-client/cookie scoped, so it intentionally does not call ``switch_profile(..., process_wide=True)`` for every browser. Agent/tool code still consumes terminal backend settings through environment variables (matching ``hermes -p ``), so streaming must apply the selected profile's terminal config and ``.env`` for the duration of that run. rNr r4r5terminalr #=rj"'z"Failed to read runtime env from %s)rr-yamlr8 safe_loadr9rrr:r_TERMINAL_ENV_MAPPINGSitemsr splitlinesr, startswithsplitrr) renv_yamlcfg_pathcfg terminal_cfgkeyenv_keyenv_pathlinekvs rget_profile_runtime_envr Esa :: " "DC-'GOGXGX`eooh00'0BBCCC^`#t$$ C /9d.C.CK377:r***L,%%G288:: G GLCl""|C'8'D3L4EFFG f}H I I **G*<<GGII # #zz||# 4 4#::c1--DAq A ,,22377A#Q#!"A # I I I LL=x H H H H H I Js%AB BB6C H%H)(H)ct|tjd<t| ddlm}||_|dz |_|jdz |_|jdz |_ n1#ttf$rt dYnwxYw ddlm}||_|dz |_|jdz |_dS#ttf$rt d YdSwxYw) zCSet HERMES_HOME env var and monkey-patch cached module-level paths.rrNr rrz Failed to patch cron.jobs modulerz%Failed to patch cron.scheduler module)rtr*rrrrrrrrrrrrrrrrr)rrrs r_set_hermes_homer ss #D BJ}T"""9f}  {2 0  (999 7888889>$$$$$$v  5  (>>> <======>s#5A##+BB&B==+C,+C,c.ttD]"}tj|d#t a|dz }|sdS t }|dD]}| }|r| dsd|vr| dd\}}| }| d d }|r&|r$|tj|<| ||adS#t$r-t atd |YdSwxYw) a&Load .env from the profile dir into os.environ with profile isolation. Clears env vars that were loaded from the previously active profile before applying the current profile's .env. This prevents API keys and other profile-scoped secrets from leaking across profile switches. Nr r4r5rrrjrrzFailed to reload dotenv from %s)rrr*rrsetr8r9rr,rrrAr:rr)rrr loaded_keysrr r s r_reload_dotenvrs,--"" sD!!!!"uuf}H ??  B # &&&88CCEE ' 'D::< ? ? ? ? ? @    ))))))jll  m+HKS??K\K\d%//("4"4g"4"F"FGGGbdCc4((    CCC $$IM)S!!1! It $ $1! i00  1777777&)== >>   ;""G"44::<>Czz||,/HH)  $''*b))C#t$$ 5wwub))5CIIY66s4yy//4466>>@@Czz||5,/HH)  $ #C  111 1 < < < < < < #D   1 1 1 #DIKK 0 0    1 1&''&.   s}#?AA#C  CC2D$D54D5AF66 GG%G/P Q) P65Q)6*Q# Q)"Q##Q)(Q)c L ddlm}|}n#t$rtgcYSwxYwt }g}|D]_}||jt|j|j |j|k|j |j |j |j |jd `|S)z>List all profiles with metadata, serialized for JSON response.r) list_profiles r#pathrG is_activegateway_runningrproviderhas_env skill_count)hermes_cli.profilesr5r_default_profile_dictrWappendr#rtr7rGr9rr:r;r<)r5rJrOresultr0s rrHrHEs)555555  )))%''(((()% & &F F     FKK,6) 0W y=    Ms //c rdttdddddtdz dd S)z8Fallback profile dict when hermes_cli is not importable.rTFNr rr6)rtr7r8rCr&rr>r>_sH()) (6199;;   r&c|dkrtdt|std|ddS)zDValidate profile name format (matches hermes_cli.profiles upstream).rzFCannot create a profile named 'default' -- it is the built-in profile.zInvalid profile name z%. Must match [a-z0-9][a-z0-9_-]{0,63}N)r%r_r`rZs r_validate_profile_namerCnsd yabbb  # #D ) )  2D 2 2 2     r&c:tdz S)z7Return the canonical root that contains named profiles.r!)r7r(rCr&r_profiles_rootrEzs : - 6 6 8 88r&ct|t}||z }|||S)zResolve a named profile to a directory under the profiles root. Validates *name* as a logical profile identifier first, then resolves the final filesystem path and enforces containment under ~/.hermes/profiles. )rCrEr( relative_to)r# profiles_root candidates rrarasM 4   "$$M%..00I -((( r& clone_from clone_configctdz |z }|rtd|d|ddtD]}||z dd|ru|rst |rt}n tdz |z }|r;tD]3}||z }|rtj |||z 4|S)zKCreate a profile directory without hermes_cli (Docker/standalone fallback).r!rz' already exists.TFparentsexist_ok) r7r8FileExistsErrormkdir _PROFILE_DIRSrKrv_CLONE_CONFIG_FILESshutilcopy2)r#rJrK profile_dirsubdir source_dirfilenamesrcs r_create_profile_fallbackr[s"'3d:KCA$AAABBBdU333BB v $$TD$AAAA > > J ' ' H-JJ- :ZGJ      >/ > > 8+::<<>LkH&<=== r&rVbase_urlapi_keyc*|s|sdS|dz } ddl}n#t$rYdSwxYwi}|rm ||d}t |t r|}n+#t$rt d|YnwxYw| di}t |t si}|r||d<|r||d <||d<| | |d d ddS) z!  3  ' +7'$%M5)--3 /!";#$03###!/33:3+$+4S>++++\>4>>>>2BBBBBD    7;FFFFtFtFFFFR44 t           99999 c d    ;?383C,0=A6ll4l3lPSl_cllll859,1'+&*<<S<c<%)<!$<!$<04<<<<~&S&T&&&&&&r&