i UdZddlmZddlZddlmZddlmZeje Z edZ de d<dd Z dad e d <ddZddZddZddZddZdS)uaEnvironment variable passthrough registry. Skills that declare ``required_environment_variables`` in their frontmatter need those vars available in sandboxed execution environments (execute_code, terminal). By default both sandboxes strip secrets from the child process environment for security. This module provides a session-scoped allowlist so skill-declared vars (and user-configured overrides) pass through. Two sources feed the allowlist: 1. **Skill declarations** — when a skill is loaded via ``skill_view``, its ``required_environment_variables`` are registered here automatically. 2. **User config** — ``terminal.env_passthrough`` in config.yaml lets users explicitly allowlist vars for non-skill use cases. Both ``code_execution_tool.py`` and ``tools/environments/local.py`` consult :func:`is_env_passthrough` before stripping a variable. ) annotationsN) ContextVar)Iterable_allowed_env_varszContextVar[set[str]]_allowed_env_vars_varreturnset[str]c tS#t$r-t}t||cYSwxYw)zGGet or create the allowed env vars set for the current context/session.)rget LookupErrorset)vals =/home/agentuser/.hermes/hermes-agent/tools/env_passthrough.py _get_allowedr!sZ$((*** !!#&&& s4AAzfrozenset[str] | None_config_passthrough var_names Iterable[str]Nonec|D]T}|}|r>!!t /11 11rcVtttzS)zGReturn the union of skill-registered and config-based passthrough vars.)r'rr-rrget_all_passthroughr4\s \^^ $ $'?'A'A AArcFtdS)z9Reset the skill-scoped allowlist (e.g. on session reset).N)rclearr3rrclear_env_passthroughr7asNNr)rr )rrrr)rr)r.r%rr/)rr)__doc__ __future__rlogging contextvarsrtypingr getLogger__name__rr__annotations__rrrr-r1r4r7r3rrr@s$&#"""""""""""  8 $ $/9j9L.M.MMMMM.21111 A A A A,2222BBBB r