hermes - 💡(How to fix) Fix [Bug]: CJK and non-ASCII Unicode paths blocked by terminal tool workdir validator [2 pull requests]

Problem

The terminal_tool._validate_workdir() function uses an ASCII-only allowlist regex that blocks any workdir path containing CJK (Chinese/Japanese/Korean) characters or other non-ASCII Unicode letters:

# tools/terminal_tool.py line 270
_WORKDIR_SAFE_RE = re.compile(r'^[A-Za-z0-9/\\:_\-.~ +@=,]+$')

This means any project directory with Chinese characters in the path — e.g., ~/项目, ~/文档/报告, ~/桌面/工作 — is rejected with the misleading error:

Blocked: workdir contains disallowed character '项'. Use a simple filesystem path without shell metacharacters.

These are perfectly valid Linux filesystem paths. The character is not a shell metacharacter — it's a legitimate Unicode letter.

Steps to Reproduce

1. Create a directory with a CJK character: mkdir -p ~/测试
2. Call terminal(command="pwd", workdir="~/测试")
3. The call is blocked with: Blocked: workdir contains disallowed character '测'

Expected Behavior

Workdir paths containing Unicode letters (including CJK) should be accepted. The regex should only reject actual shell metacharacters (;, |, &, $, `, \n, etc.), not legitimate path characters.

Actual Behavior

Any character outside [A-Za-z0-9/\\:_\-.~ +@=,] is rejected, including all CJK, Cyrillic, accented Latin, and other Unicode scripts.

Impact

This affects every Hermes user whose filesystem contains non-ASCII paths. In particular:

• Chinese-speaking users with directories like ~/量化/ (quant), ~/数据/ (data), ~/研究/ (research)
• Japanese users with ~/書類/, ~/開発/
• Korean users with ~/문서/, ~/개발/
• Any user with accented characters in paths (e.g., French ~/développement/)

The error message is also misleading — it calls the character a "shell metacharacter" when it's not, which sends users down the wrong debugging path.

Proposed Fix

Expand the allowlist to include Unicode letter characters. The simplest fix is to add \w (which matches Unicode word characters with re.UNICODE) or use re.ASCII-inverted matching:

# Option A: add Unicode letter support
_WORKDIR_SAFE_RE = re.compile(r'^[A-Za-z0-9/\w\\:_\-.~ +@=,]+$')

# Option B: deny-list approach (safer for security, more future-proof)
_SHELL_META_RE = re.compile(r'[;&|`$\n\r]')
def _validate_workdir(workdir: str) -> str | None:
    if not workdir:
        return None
    if _SHELL_META_RE.search(workdir):
        return "Blocked: workdir contains shell metacharacter..."
    return None

Option B is arguably safer long-term — it's more robust against novel attack vectors than maintaining an ever-growing allowlist of "safe" characters.

Environment

Hermes Agent v0.16.0, Linux (aarch64), Python 3.11.