hermes - 💡(How to fix) Fix Terminal tool: false positive blocking npm update/install commands containing 'vite'

Bug Description

The terminal tool's long-lived process detection incorrectly blocks npm update vite (and similar package manager update commands) because the regex pattern for detecting the Vite dev server is too broad.

Steps to Reproduce

1. Run the following command via Hermes terminal tool:

npm update vite lodash axios

1. Observe the error:

This foreground command appears to start a long-lived server/watch process.
Run it with background=true, verify readiness (health endpoint/log signal),
then execute tests in a separate command.

Expected Behavior

npm update vite should run successfully in foreground mode, as it's a bounded operation (installs packages then exits), not a long-lived server process.

Actual Behavior

Command is blocked because the word "vite" appears anywhere in the command string, triggering the long-lived process detection heuristic.

Root Cause

File: tools/terminal_tool.py line 1668

re.compile(r"\bvite(?:\s|$)", re.IGNORECASE),

This pattern matches:

• ✅ vite (dev server command) — should block
• ✅ vite dev — should block
• ❌ npm update vite — should NOT block (false positive)
• ❌ npm install vite — should NOT block (false positive)

The regex doesn't distinguish between:

1. vite as a standalone command (dev server)
2. vite as a package name argument to npm/pnpm/yarn

Suggested Fix

Option 1: Only match vite when it's the primary command (not preceded by package manager):

# Negative lookbehind to exclude package manager context
re.compile(r"(?<!npm\s)(?<!pnpm\s)(?<!yarn\s)(?<!bun\s)\bvite(?:\s|$)", re.IGNORECASE),

Option 2: Match vite with specific subcommands only:

# Only block vite when followed by dev/build/preview/serve or standalone
re.compile(r"(?:^|\s)vite(?:\s+(?:dev|build|preview|serve))?(?:\s|$)", re.IGNORECASE),

Option 3: Add vite to the first pattern that already handles npm run dev/start/watch:

# Extend existing pattern to include vite subcommands
re.compile(r"\b(?:npm|pnpm|yarn|bun)\s+(?:run\s+)?(?:dev|start|serve|watch|vite)\b", re.IGNORECASE),
# Remove standalone vite pattern

Environment

• Hermes Agent: v0.16.0
• Python: 3.12.3
• OS: Linux (Armbian/Debian)

Impact

• Severity: Low-Medium
• Frequency: Common (affects routine package updates)
• Workaround: Edit package.json manually then run npm install, or add timeout wrapper

Additional Context

This affects any package manager command that includes package names matching the long-lived process patterns (vite, nodemon, etc.). The heuristic is valuable for preventing accidental foreground server starts, but needs refinement to avoid false positives on package management operations.

Meta note: This bug even blocked the creation of this issue report itself — the cat > file << 'EOF' command containing the word "vite" was rejected by the same regex pattern being reported!