6jefdZddlmZddlZddlZddlZddlZddlmZdZ ddZ dd Z ddZ ddZ dS)z!Hermes Web UI -- startup helpers.) annotationsN)Path)z.envzgoogle_token.jsonzgoogle_client_secret.jsonz .signing_keyz auth.jsonreturnNonec tjdddvrdSd}tjdd}|r" t |d}n#t $rYnwxYwt tjdtt jdz }| sdStD]}||z }| s tj | j}|[|d zrU||d zt!d |jd t%|d t%|d zddnD|dzr?|dt!d|jd t%|dd#t&$rYwxYwdS)u#Ensure sensitive files in HERMES_HOME have safe permissions. Respects: - HERMES_SKIP_CHMOD=1 → bypass entirely - HERMES_HOME_MODE → group bits are allowed if set by the operator, only world-readable/world-writable files are fixed HERMES_SKIP_CHMOD)1trueNHERMES_HOME_MODE HERMES_HOME.hermesiz# [security] removed world bits on z (z -> )Tflush?iz" [security] fixed permissions on z -> 0600))osenvirongetstripint ValueErrorrstrhomeis_dir_SENSITIVE_FILESexistsstatS_IMODEst_modechmodprintnameoctOSError) declared_moderaw_mode hermes_homer%fpathcurrents !/root/hermes-webui/api/startup.pyfix_credential_permissionsr.s- z~~)2..4466-GGMz~~0"55;;==H !,,MM    D rz~~mSy9P5Q5QRRSSK      d"||~~   l5::<<#788G(U?FKK& 0111x xxcRYllxx`cdkntdt`u`uxxxAEFFFFU?rKK&&&duzddSQX\\dddlpqqqq    D s%.A?? B  B C G$$ G10G1 Path | Nonec ttjdt tjdz }tjddt |dz fD]P}|st|}|r| cSQdS)NrrHERMES_WEBUI_AGENT_DIRr z hermes-agent) rrrrrrr expanduserrresolve)r*rawps r- _agent_dirr6:srz~~mSy9P5Q5QRRSSK 7<<BBDDc+XfJfFgFgh   II " " 88:: 99;;     4 agent_dirrboolc |}tj|jdzrdSttdr|jt jkrdSdS#t$rYdSwxYw)aReturn True if agent_dir passes ownership and permission checks. Validates that the directory is not world- or group-writable and, on POSIX systems, is owned by the current process user. Intentionally does NOT enforce a canonical path (i.e. does not require the dir to be ~/.hermes/hermes-agent), so custom HERMES_WEBUI_AGENT_DIR paths work correctly when HERMES_WEBUI_AUTO_INSTALL=1 is set. FgetuidT)r r!r"hasattrrst_uidr<r')r8sts r-_trusted_agent_dirr@Ds  ^^   < # #e + 5 2x  RY")++%=%=5t uus0A)1A)) A76A7c Xtjdddv}|st dddSt }|t dddSt|st d ddS|d z }|d z }|r6tj d d dddt|g}t d|ddn\|r5tj d d ddt|g}t d|ddnt dddS tj |ddd}|jdkrVt d|jdd|jpdddD]}t d|ddSt dddS#tj$rt ddYdSt$$r}t d|dYd}~dSd}~wwxYw)NHERMES_WEBUI_AUTO_INSTALLr )r r yeszF[!!] Auto-install disabled. Set HERMES_WEBUI_AUTO_INSTALL=1 to enable.TrFz5[!!] Auto-install skipped: agent directory not found.z\[!!] Auto-install skipped: agent directory failed trust check (check ownership/permissions).zrequirements.txtzpyproject.tomlz-mpipinstallz--quietz-rz Installing from z ...z (pyproject.toml) ...zN[!!] Auto-install skipped: no requirements.txt or pyproject.toml in agent dir.x)capture_outputtexttimeoutrz[!!] pip install failed (exit z):iz zk] pip install completed.z'[!!] Auto-install timed out after 120s.z[!!] Auto-install error: )rrrrlowerr$r6r@rsys executabler subprocessrun returncodestderr splitlinesTimeoutExpired Exception)enabledr8req_file pyproject install_argsresultlinees r-auto_install_agent_depsr[[sjnn8"==CCEEKKMMQeeG  V^bccccu I ETRRRRu i ( ( ltxyyyyu--H,,IeY 4QTU]Q^Q^_  4h444DAAAAA     eY 3y>>Z  FiFFFdSSSSS ^fjkkkku TVYZZZ   ! ! H63DHHHPT U U U U,"88::344@ 2 2ndnnD111115 +48888t  $ 7tDDDDuu  -!--T::::uuuuus%A7G G H) H) H$$H))rr)rr/)r8rrr9)rr9)__doc__ __future__rrr rMrKpathlibrrr.r6r@r[r7r-r`s''"""""" ''''T.%%%%%%r7