Release v0.51.549 — Release TH (HOTFIX: profile switching restored for single-user named profiles)
Ships #4589 (nesquena-hermes) — high-severity profile-isolation regression hotfix (#4586). Independently agent-reviewed; deep-gated here with two additional isolation-escape fixes applied during review.
Fixed
- Profile switching works again for normal single-user named profiles (#4586). Isolated single-profile mode is no longer inferred from the
HERMES_HOMEpath shape — it now requires an explicitHERMES_WEBUI_ISOLATED_PROFILEopt-in. The opt-in is also protected from being overridden by a profile's own.env(live-env + runtime/background-worker paths). Thanks @nesquena-hermes.
Gate + hardening (applied during review)
- Full pytest suite: 9911 passed, 0 failed (incl. #4586 regression tests + #2698 legitimate-isolation-preserved + 2 new escape-path regression tests)
- Codex: SAFE TO SHIP (final re-confirm — no remaining escape path); Opus: SAFE
- 🔴 Isolation-escape via profile
.env(door 1) fixed:_reload_dotenv()refuses to copyHERMES_WEBUI_ISOLATED_PROFILEfrom a profile.env(_PROTECTED_ENV_KEYS). - 🔴 Isolation-escape via runtime-env path (door 2) fixed:
get_profile_runtime_env()also strips it, andHERMES_WEBUI_ISOLATED_PROFILEis added to_BLOCKED_RUNTIME_ENV_KEYS(gateway-parity filter). Without these, a contained user could set=0in their own profile.envand escape isolation.
Both directions verified: regression fixed (normal named profile = full switching) AND legitimate operator isolation still enforced.
Closes #4586.