Bj1 &dZddlZddlZddlZddlZddlZddlmZddlm Z m Z ddl m Z ddl Z ejeZehdZd0de d ed efd Zd1d ed ed efd Zded dfdZdeddd dfdZde eefde eefd efdZddde eefde dede d df dZddddde eefde dedededzd df d Zde eefd!ede d dfd"Zd2d#ed e d e fd$Zd3d%ed ed efd&Zd0d%ed ed efd'Z d(Z!d)edzd edzfd*Z"d4d+Z#d,ed efd-Z$d,ed.ed efd/Z%y)5z*Shared utility functions for hermes-agent.N)Path)AnyUnion)urlparse>1onyestrueFvaluedefaultreturnc||St|tr|St|tr$|jj t vSt|S)zDCoerce bool-ish values using the project's shared truthy string set.) isinstanceboolstrstriplowerTRUTHY_STRINGS)r r s */home/ubuntu/.hermes/hermes-agent/utils.pyis_truthy_valuersI }% %{{}""$66 ;namecDttj||dS)zBReturn True when an environment variable is set to a truthy value.Fr rosgetenv)rr s renv_var_enabledrs 299T73U CCrpathz int | Nonec |jr-tj|jjSdS#t$rYywxYw)zBCapture the permission bits of *path* if it exists, else ``None``.N)existsstatS_IMODEst_modeOSError)rs r_preserve_file_moder&$sA48KKMt||DIIK//0KtK sr?rCrDrE)rYrZN)rrHrIr&rJrKrrLrrMyamlrOwriterPrQrRr3r*rSrTr%) rr6rYrZr[rUrVr+rWr2s ratomic_yaml_writer_s , :DKKdT2'-M##  499+QLB  YYr3 1 !Q IIdA2DPY Z & GGI HHQXXZ  !#8T2 9m4 ! !   IIh       sI1D A D ) D DD E D65E6 E?EEEkey_pathcXddlm}ddlm}t |}|j j dd|d}d|_d|_d|_ |jd d d |jr7|jd d 5}|j|xs|}dddn|}t|s||}|}|jd} | ddD]-} |j!| } t| |s |} | || <| }/||| d<t#|} t%j&t)|j d|j*dd\} } t-j.| dd 5}|j1|||j3t-j4|j7dddt9||}t;|| y#1swY5xYw#1swY/xYw#t<$r' t-j>|#t@$rYwxYwwxYw)a_Update one dotted YAML key while preserving comments and readable text. This is intentionally narrower than :func:`atomic_yaml_write`: it is for user-edited config files where comments, ordering, quoting, and Unicode should survive a single setting mutation. Writes still use the same temp file + fsync + atomic replace pattern. r)YAML) CommentedMapTr9rt)typFr4)mappingsequenceoffsetrrDrENr<r=r>r?rC)! ruamel.yamlrbruamel.yaml.commentsrcrrHrIpreserve_quotes allow_unicoderYr5r!openloadrsplitgetr&rJrKrrLrrMrOrPrQrRr3r*rSrTr%)rr`r rbrcyaml_rtrWconfigcurrentkeyskey next_valuerUrVr+r2s ratomic_roundtrip_yaml_updaterzs!1 :DKKdT2tnG"G G!&G NN1qN3 {{} YYsWY - 7\\!_6 F 7 7 fl +f%G >># DCRy[[% *l3%J%GCL  GDH'-M##  499+QLB  YYr3 1 !Q LL # GGI HHQXXZ  !#8T2 9m4= 7 72 ! !   IIh      sU G !G99AG-? G9 G*-G62G99 H)HH) H%"H)$H%%H)textcz tj|S#tjttf$r|cYSwxYw)zParse JSON, returning *default* on any parse error. Replaces the ``try: json.loads(x) except (JSONDecodeError, TypeError)`` pattern duplicated across display.py, anthropic_adapter.py, auxiliary_client.py, and others. )rNloadsJSONDecodeError TypeError ValueError)r{r s rsafe_json_loadsrs7zz$  )Z 8s  ::rxctj|dj}|s|S t|S#tt f$r|cYSwxYw)z:Read an environment variable as an integer, with fallback.)rrrintrr)rxr raws renv_intrsJ ))C  " " $C 3x  "s 5A A cDttj|d|S)z*Read an environment variable as a boolean.rrr)rxr s renv_boolrs 299S"-w ??r) HTTPS_PROXY HTTP_PROXY ALL_PROXY https_proxy http_proxy all_proxy proxy_urlct|xsdj}|sy|jjdrd|t ddS|S)zNormalize proxy URLs for httpx/aiohttp compatibility. WSL/Clash-style environments often export SOCKS proxies as ``socks://127.0.0.1:PORT``. httpx rejects that alias and expects the explicit ``socks5://`` scheme instead. rNzsocks://z socks5://)rrr startswithlen)r candidates rnormalize_proxy_urlr+sVIO$**,I ##J/9S_%56788 rctD]?}tj|d}t|}|s'||k7s-|tj|<Ay)zARewrite supported proxy env vars to canonical URL forms in-place.rN)_PROXY_ENV_KEYSrrrenviron)rxr normalizeds rnormalize_proxy_env_varsr:sB) #r"(/ *-(BJJsO )rbase_urlc|xsdj}|sytd|vr|nd|}|jxsdjj dS)aReturn the lowercased hostname for a base URL, or ``""`` if absent. Use exact-hostname comparisons against known provider hosts (``api.openai.com``, ``api.x.ai``, ``api.anthropic.com``) instead of substring matches on the raw URL. Substring checks treat attacker- or proxy-controlled paths/hosts like ``https://api.openai.com.example/v1`` or ``https://proxy.test/api.openai.com/v1`` as native endpoints, which leads to wrong api_mode / auth routing. rz://z//r<)rrhostnamerrstrip)rrparseds rbase_url_hostnamerFsW >r "C  Uc\cC5z :F OO !r ( ( * 1 1# 66rdomainct|}|sy|xsdjjjd}|sy||k(xs|j d|zS)acReturn True when the base URL's hostname is ``domain`` or a subdomain. Safer counterpart to ``domain in base_url``, which is the substring false-positive class documented on ``base_url_hostname``. Accepts bare hosts, full URLs, and URLs with paths. base_url_host_matches("https://api.moonshot.ai/v1", "moonshot.ai") == True base_url_host_matches("https://moonshot.ai", "moonshot.ai") == True base_url_host_matches("https://evil.com/moonshot.ai/v1", "moonshot.ai") == False base_url_host_matches("https://moonshot.ai.evil/v1", "moonshot.ai") == False Frr<)rrrrendswith)rrrs rbase_url_host_matchesrWs_!*H l ! ! # ) ) + 2 23 7F  v  @!2!23rsH0  !   8 $563$D#DDTD d| T  $ "U39-uS$Y7GC8 3 T 3 3  3  3  3t % $ 1 T 1 1 1  1 : 1 1h= T == = =F #  s  s3@#@@@ 3: #* )777"ACAAAr