il) dZddlZddlZddlZddlZddlZddlmZddlm Z m Z ddl m Z ddl Z ejeZehdZd.de d ed efd Zd/d ed ed efd Zded dfdZdeddd dfdZde eefde eefd efdZddde eefde dede d df dZddddde eefde dedededzd df d Zd0d!ed e d e fd"Zd1d#ed ed efd$Zd.d#ed ed efd%Zd&Z d'edzd edzfd(Z!d2d)Z"d*ed efd+Z#d*ed,ed efd-Z$y)3z*Shared utility functions for hermes-agent.N)Path)AnyUnion)urlparse>1onyestrueFvaluedefaultreturnc||St|tr|St|tr$|jj t vSt|S)zDCoerce bool-ish values using the project's shared truthy string set.) isinstanceboolstrstriplowerTRUTHY_STRINGS)r r s ,/home/longshao/.hermes/hermes-agent/utils.pyis_truthy_valuersI }% %{{}""$66 ;namecDttj||dS)zBReturn True when an environment variable is set to a truthy value.Fr rosgetenv)rr s renv_var_enabledrs 299T73U CCrpathz int | Nonec |jr-tj|jjSdS#t$rYywxYw)zBCapture the permission bits of *path* if it exists, else ``None``.N)existsstatS_IMODEst_modeOSError)rs r_preserve_file_moder&$sA48KKMt||DIIK//0KtK sr?rCrDrE)rYrZN)rrHrIr&rJrKrrLrrMyamlrOwriterPrQrRr3r*rSrTr%) rr6rYrZr[rUrVr+rWr2s ratomic_yaml_writer_s , :DKKdT2'-M##  499+QLB  YYr3 1 !Q IIdA2DPY Z & GGI HHQXXZ  !#8T2 9m4 ! !   IIh       sI1D A D ) D DD E D65E6 E?EEEtextcz tj|S#tjttf$r|cYSwxYw)zParse JSON, returning *default* on any parse error. Replaces the ``try: json.loads(x) except (JSONDecodeError, TypeError)`` pattern duplicated across display.py, anthropic_adapter.py, auxiliary_client.py, and others. )rNloadsJSONDecodeError TypeError ValueError)r`r s rsafe_json_loadsrfs7zz$  )Z 8s  ::keyctj|dj}|s|S t|S#tt f$r|cYSwxYw)z:Read an environment variable as an integer, with fallback.)rrrintrerd)rgr raws renv_intrlsJ ))C  " " $C 3x  "s 5A A cDttj|d|S)z*Read an environment variable as a boolean.rirr)rgr s renv_boolrns 299S"-w ??r) HTTPS_PROXY HTTP_PROXY ALL_PROXY https_proxy http_proxy all_proxy proxy_urlct|xsdj}|sy|jjdrd|t ddS|S)zNormalize proxy URLs for httpx/aiohttp compatibility. WSL/Clash-style environments often export SOCKS proxies as ``socks://127.0.0.1:PORT``. httpx rejects that alias and expects the explicit ``socks5://`` scheme instead. riNzsocks://z socks5://)rrr startswithlen)ru candidates rnormalize_proxy_urlrzsVIO$**,I ##J/9S_%56788 rctD]?}tj|d}t|}|s'||k7s-|tj|<Ay)zARewrite supported proxy env vars to canonical URL forms in-place.riN)_PROXY_ENV_KEYSrrrzenviron)rgr normalizeds rnormalize_proxy_env_varsrsB) #r"(/ *-(BJJsO )rbase_urlc|xsdj}|sytd|vr|nd|}|jxsdjj dS)aReturn the lowercased hostname for a base URL, or ``""`` if absent. Use exact-hostname comparisons against known provider hosts (``api.openai.com``, ``api.x.ai``, ``api.anthropic.com``) instead of substring matches on the raw URL. Substring checks treat attacker- or proxy-controlled paths/hosts like ``https://api.openai.com.example/v1`` or ``https://proxy.test/api.openai.com/v1`` as native endpoints, which leads to wrong api_mode / auth routing. riz://z//r<)rrhostnamerrstrip)rrkparseds rbase_url_hostnamersW >r "C  Uc\cC5z :F OO !r ( ( * 1 1# 66rdomainct|}|sy|xsdjjjd}|sy||k(xs|j d|zS)acReturn True when the base URL's hostname is ``domain`` or a subdomain. Safer counterpart to ``domain in base_url``, which is the substring false-positive class documented on ``base_url_hostname``. Accepts bare hosts, full URLs, and URLs with paths. base_url_host_matches("https://api.moonshot.ai/v1", "moonshot.ai") == True base_url_host_matches("https://moonshot.ai", "moonshot.ai") == True base_url_host_matches("https://evil.com/moonshot.ai/v1", "moonshot.ai") == False base_url_host_matches("https://moonshot.ai.evil/v1", "moonshot.ai") == False Frir<)rrrrendswith)rrrs rbase_url_host_matchesrs_!*H l ! ! # ) ) + 2 23 7F  v  @!2!23rs0  !   8 $563$D#DDTD d| T  $ "U39-uS$Y7GC8 3 T 3 3  3  3  3t % $ 1 T 1 1 1  1 : 1 1n #  s  s3@#@@@ 3: #* )777"ACAAAr