Ë Bj*ãó¢—UdZddlmZddlZddlZddlmZddlmZddl m Z dZe«Z ded <ddd „Zdd„Zdd„Zdd „Zdddœ dd„Zy)zFHelpers for loading Hermes .env files consistently across entrypoints.é)ÚannotationsN)ÚPath)Úload_dotenv)Úatomic_replace)Ú_API_KEYÚ_TOKENÚ_SECRETÚ_KEYzset[str]Ú_WARNED_KEYScóî—g}|D]^}t|«dkDsŒdt|«d›}|j«r |d|›dz }||vr|j|«t|«|k\sŒ^ndj |«S)zEReturn a compact 'U+XXXX ('c'), ...' summary of non-ASCII codepoints.ézU+Ú04Xú (ú)z, )ÚordÚisprintableÚappendÚlenÚjoin)ÚvalueÚlimitÚseenÚchÚlabels ú:/home/ubuntu/.hermes/hermes-agent/hermes_cli/env_loader.pyÚ_format_offending_charsrs‚€à€DØòˆÜˆr‹7S‹=Øœ˜R› ˜ Ð&ˆEØ~‰~ÔØ˜2˜b˜V 1˜Ñ%Ø˜DÑ Ø—‘˜EÔ"Ü4‹y˜EÓ!Ùðð9‰9T‹?Ðócób‡—ttjj««D]0\Š}t ˆfd„t D««sŒ |j d«Œ2y#t$rYnwxYw|j dd¬«jd«}|tj‰<‰tvrŒtj‰«t|«t|«z }t|«xsd}td‰›d|›d|d k7rd nd›d|›d tj¬«tdtj¬«Œ)a!Strip non-ASCII characters from credential env vars in os.environ. Called after dotenv loads so the rest of the codebase never sees non-ASCII API keys. Only touches env vars whose names end with known credential suffixes (``_API_KEY``, ``_TOKEN``, etc.). Emits a one-line warning to stderr when characters are stripped. Silent stripping would mask copy-paste corruption (Unicode lookalike glyphs from PDFs / rich-text editors, ZWSP from web pages) as opaque provider-side "invalid API key" errors (see #6843). c3ó@•K—|]}‰j|«–—Œyw)N)Úendswith)Ú.0ÚsuffixÚkeys €rú z/_sanitize_loaded_credentials..5søèø€ÒK¨F3—<‘< ×'ÑKùsƒÚasciiÚignore)Úerrorsz non-printablez Warning: z contained z non-ASCII characteréÚsÚru8) â€” stripped so the key can be sent as an HTTP header.)Úfilea@ This usually means the key was copy-pasted from a PDF, rich-text editor, or web page that substituted lookalike Unicode glyphs for ASCII letters. If authentication fails (e.g. "API key not valid"), re-copy the key from the provider's dashboard and run `hermes setup` (or edit the .env file in a plain-text editor).N)ÚlistÚosÚenvironÚitemsÚanyÚ_CREDENTIAL_SUFFIXESÚencodeÚUnicodeEncodeErrorÚdecoderÚaddrrÚprintÚsysÚstderr)rÚcleanedÚstrippedÚdetailr#s @rÚ_sanitize_loaded_credentialsr<(sø€ôœ2Ÿ:™:×+Ñ+Ó-Ó.ò ‰ ˆˆUÜÓKÔ6JÔKÔKØð ØL‰L˜Ô!Øñ øô"ò Ùð úà—,‘,˜w¨x,Ó8×?Ñ?ÀÓHˆØ!Œ ‰ 3‰Ø”,ÑØÜ×Ñ˜ÔÜu“:¤ G£Ñ,ˆÜ(¨Ó/ÒB°?ˆÜ Ø˜#˜˜k¨(¨Ð3GØ !’m‰s¨Ð,¨B¨v¨hð71ð 2ô—‘õ ô ð 1ô—‘÷ sÁ AÁ A)Á(A)có„— t||d¬«t«y#t$rt||d¬«Yt«ywxYw)Núutf-8)Údotenv_pathÚoverrideÚencodingzlatin-1)rÚUnicodeDecodeErrorr<)Úpathr@s rÚ_load_dotenv_with_fallbackrDTsC€ðMÜ ¨xÀ'ÕJô!Õ"øôòMÜ ¨xÀ)ÖLô!Õ"ðMús‚›?¾?có¸—|j«sy ddlm}dddœ} t |fi|¤Ž5}|j«}ddd«|«}||k7r¡ddl}|jt|j«dd¬ «\}} tj|d d¬«5}|j|«|j«tj|j««ddd«t!||«yy#t$rYywxYw#1swYŒÇxYw#1swYŒ2xYw#t"$r' tj$|«‚#t&$rY‚wxYwwxYw#t($rYywxYw) uÂPre-sanitize a .env file before python-dotenv reads it. python-dotenv does not handle corrupted lines where multiple KEY=VALUE pairs are concatenated on a single line (missing newline). This produces mangled values â€” e.g. a bot token duplicated 8Ã— (see #8908). We delegate to ``hermes_cli.config._sanitize_env_lines`` which already knows all valid Hermes env-var names and can split concatenated lines correctly. Nr)Ú_sanitize_env_linesz utf-8-sigÚreplace)rAr'z.tmpz.env_)Údirr"ÚprefixÚwr>)rA)ÚexistsÚhermes_cli.configrFÚImportErrorÚopenÚ readlinesÚtempfileÚmkstempÚstrÚparentr-ÚfdopenÚ writelinesÚflushÚfsyncÚfilenorÚ BaseExceptionÚunlinkÚOSErrorÚ Exception) rCrFÚread_kwÚfÚoriginalÚ sanitizedrPÚfdÚtmps rÚ_sanitize_env_file_if_neededrcas]€ð;‰;Œ=ØðÝ9ð'°)Ñ<€Gð Ü $Ñ "˜'Ñ "ð % aØ—{‘{“}ˆH÷ %á'¨Ó1ˆ Ø˜Ò ÛØ×&Ñ&Ü˜Ÿ™Ó$¨V¸Gð'ó‰GˆBð Ü—Y‘Y˜r 3°Ô9ð)¸QØ—L‘L Ô+Ø—G‘G”IÜ—H‘H˜QŸX™X›ZÔ(÷)ô˜s DÕ)ð!øôòÙðú÷ %ð %ú÷)ð)ûô !ò ðÜ—I‘I˜c”NðøôòØØðúð ûôò Ùð úsˆ“C3ŸE «D¼AE ÂDÂADÃDÃ3 C?Ã>C?ÄDÄE ÄDÄDÄ E Ä$D:Ä9E Ä: EÅE ÅEÅE Å E Å EÅE)Úhermes_homeÚproject_envcóÐ—g}t|xs+tjdtj«dz««}|dz}|rt|«nd}|j «rt|«|r|j «rt|«|j «rt |d¬«|j|«|r/|j «rt ||¬«|j|«|S)a[Load Hermes environment files with user config taking precedence. Behavior: - `~/.hermes/.env` overrides stale shell-exported values when present. - project `.env` acts as a dev fallback and only fills missing values when the user env exists. - if no user env exists, the project `.env` also overrides stale shell vars. ÚHERMES_HOMEz.hermesz.envNT)r@)rr-ÚgetenvÚhomerKrcrDr)rdreÚloadedÚ home_pathÚuser_envÚproject_env_paths rÚload_hermes_dotenvrnŽsÁ€ð€Fä[ÒU¤B§I¡I¨m¼T¿Y¹Y»[È9Ñ=TÓ$UÓV€IØ˜6Ñ!€HÙ,7”t˜KÔ(¸TÐð‡ÔÜ$ XÔ.ÙÐ,×3Ñ3Ô5Ü$Ð%5Ô6à‡ÔÜ" 8°dÕ;Ø ‰ hÔáÐ,×3Ñ3Ô5Ü"Ð#3À&¸jÕIØ ‰ Ð&Ô'à€Mr)é)rrRrÚintÚreturnrR)rqÚNone)rCrr@Úboolrqrr)rCrrqrr)rdústr | os.PathLike | Nonerertrqz list[Path])Ú__doc__Ú __future__rr-r7ÚpathlibrÚdotenvrÚutilsrr1ÚsetrÚ__annotations__rr<rDrcrn©rrúr}spðÚLå"ã Û ÝåÝ ðAÐñ ›€ˆhÓôó) óX #ó* ð^-1Ø,0ñ!à)ð!ð*ð!ðô !r