github analyzed c6f022b

HeliosNova/nova

The personal AI that actually remembers what you teach it. Corrections become lessons + temporal-KG facts, retrieved on every future answer. Measured, not asserted. 69 monitors, fully local.

maintainer: HeliosNova
license: AGPL-3.0
first seen: 2026-06-09
last seen: 2026-06-12
releases · 30d: 1
short id

Drift inferred · capture-to-capture

HIGH 2026-06-13 code analysis flagged committed secret, dynamic code execution in HeliosNova/nova
HIGH 2026-06-12 code analysis flagged committed secret, dynamic code execution in HeliosNova/nova
HIGH 2026-06-10 code analysis flagged committed secret, dynamic code execution ×8 in HeliosNova/nova
HIGH 2026-06-09 code analysis flagged committed secret, dynamic code execution ×8 in HeliosNova/nova

capabilities20 tools

transport stdio counts 20 tools · 0 res · 0 prompts permission surface via code analysis

tools

background_task

Submit/track long-running background work
browser

Playwright-based web browsing with cookie clearing
calculator

Math via SymPy — never does arithmetic in its head
calendar

ICS calendar (create, list, search, delete)
code_exec

Sandboxed Python (AST-analyzed, tier-restricted imports)
delegate

Delegate subtasks to parallel sub-agents
desktop

GUI automation via PyAutoGUI (optional, gated)
email_send

SMTP email with recipient allowlist
file_ops

Read/write files (path-restricted per access tier)
http_fetch

Fetch URLs with SSRF protection (blocks private IPs, DNS rebinding)
integration

Connect to GitHub, Slack, Notion, etc. (10 templates)
knowledge_search

Hybrid retrieval: ChromaDB vectors + SQLite FTS5 + RRF fusion
memory_search

Search conversations and user facts
monitor

Create/manage proactive heartbeat monitors
reminder

Schedule reminders via heartbeat system
screenshot

Capture website screenshots
shell_exec

Shell commands (blocked patterns, tier-restricted, disabled by default)
voice

Local Whisper speech-to-text (optional, gated)
web_search

Privacy-respecting search via SearXNG
webhook

HTTP webhooks (URL-restricted)

skills & danger signalsgithub-tarball

prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed commit c6f022b · analyzer v17 · 1d ago

skills & prompt files 1

agent-rulesHeliosNova-nova-c6f022b/CLAUDE.md

danger signals2

dynamic code executioneval()/exec()HeliosNova-nova-c6f022b/app/core/grpo_verifier.py:87Uses ast.parse + a constant-folder so we never exec(). Supports:
committed secretcommitted .envHeliosNova-nova-c6f022b/frontend/.env.development:1env file shipped with populated values

code evidencevv1.6.0 · github-tarball

evidence-backed findings quoted directly from the published source artifact — not inferred

filesystem 83

fs HeliosNova-nova-c6f022b/app/api/documents.py :14 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/api/learning.py :22 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/api/system.py :9 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/api/voice.py :7 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/config.py :8 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/access_tiers.py :20 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/backup.py :30 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/cross_monitor.py :270 On error we fail-open (return all keys) rather than dropping work.
fs HeliosNova-nova-c6f022b/app/core/custom_tools.py :19 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/data_export.py :14 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/dream.py :797 with open(training_path, "a", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/app/core/extensions.py :30 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/grpo_dataset.py :38 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/learning.py :17 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/prompt_optimizer.py :707 import pathlib
fs HeliosNova-nova-c6f022b/app/core/rlvr.py :255 with open(out_path, "w", encoding="utf-8") as fh:
fs HeliosNova-nova-c6f022b/app/core/skill_export.py :14 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/skill_loader.py :12 import shutil
fs HeliosNova-nova-c6f022b/app/core/source_authority.py :28 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/core/voice.py :9 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/database.py :12 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/integrations/registry.py :9 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/monitors/eval_harness.py :33 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/monitors/heartbeat_loop.py :697 import shutil
fs HeliosNova-nova-c6f022b/app/tools/action_calendar.py :14 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/tools/browser.py :855 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/tools/code_exec.py :8 import shutil
fs HeliosNova-nova-c6f022b/app/tools/code_understand.py :16 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/tools/code_verify.py :23 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/tools/desktop.py :10 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/tools/file_ops.py :8 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/tools/mcp.py :13 from pathlib import Path
fs HeliosNova-nova-c6f022b/app/tools/screenshot.py :7 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/ab_batched.py :28 with open(QUERIES_PATH) as f:
fs HeliosNova-nova-c6f022b/scripts/backfill_run_history.py :19 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/browser_host.py :17 import pathlib
fs HeliosNova-nova-c6f022b/scripts/clean_training_data.py :17 import shutil
fs HeliosNova-nova-c6f022b/scripts/collect_27b_rejecteds.py :18 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/demo_svg.py :117 with open(out_path, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/distill_simpo_pairs.py :14 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/dpo_cognitive_mastery.py :88 with open(out, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_complete_agent.py :185 with open(out, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_comprehensive_v4.py :1501 with open(out_path, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_daemon_dream_v6.py :1721 with open(output_path, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_deep_reasoning.py :90 with open(out, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_deep_replacements.py :114 with open(out, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_final_curriculum.py :972 with open(out_path, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_final_gaps.py :171 with open(out, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_no_stone_unturned.py :31 '{"tool": "web_search", "args": {"query": "SQLite to PostgreSQL migration tool 2026 best practice"}}\n\n[Tool: web_search]\n[1] pgloader is the standard tool...\n\nHere\'s the migration plan:\n\n**Ste
fs HeliosNova-nova-c6f022b/scripts/dpo_openclaude_features.py :17 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/dpo_reasoning_quality.py :66 '{"tool": "code_exec", "args": {"code": "import json\\nwith open(\'/data/reports/research_2026-04-01.md\') as f:\\n content = f.read()\\nlines = content.split(\'\\\\n\')\\nprint(f\'Total lines: {le
fs HeliosNova-nova-c6f022b/scripts/dpo_targeted_v3.py :1877 with open(out_path, "w", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_tool_chaining_and_discipline.py :1319 with open(outpath, "a", encoding="utf-8") as f:
fs HeliosNova-nova-c6f022b/scripts/dpo_v10_gaps.py :42 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/dpo_v11_gaps.py :16 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/dpo_v9_gaps.py :19 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/eval_harness.py :29 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/eval_retrieval.py :27 import pathlib
fs HeliosNova-nova-c6f022b/scripts/export_training_signal.py :47 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/finetune.py :75 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/finetune_auto.py :40 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/finetune_env_compat_patches.py :48 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/finetune_oneclick.py :22 import shutil
fs HeliosNova-nova-c6f022b/scripts/fix_gguf_metadata.py :27 with open(CONFIG_JSON) as f:
fs HeliosNova-nova-c6f022b/scripts/gather_27b_seeds.py :18 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/generate_synthetic_pairs.py :28 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/grpo_train.py :39 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/kg_cleanup_reversals.py :14 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/long_context_eval.py :33 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/lora_merge.py :34 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/mcp_server_runner.py :20 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/merge_and_export_v18.py :8 import shutil
fs HeliosNova-nova-c6f022b/scripts/merge_chosens_27b.py :14 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/migrate_skills.py :33 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/migrate_skills_v2.py :35 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/multi_agent_ceiling.py :31 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/overnight_probe_loop.py :23 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/sft_bootstrap.py :31 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/skill_export.py :14 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/test_mcp_server.py :21 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/training_monitor.py :7 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/v9_e2e_probes.py :24 from pathlib import Path
fs HeliosNova-nova-c6f022b/scripts/verify_skills_v2.py :26 from pathlib import Path

shell / exec 18

shell HeliosNova-nova-c6f022b/app/core/custom_tools.py :15 import subprocess
shell HeliosNova-nova-c6f022b/app/monitors/heartbeat_loop.py :2075 import subprocess
shell HeliosNova-nova-c6f022b/app/tools/code_exec.py :9 import subprocess
shell HeliosNova-nova-c6f022b/app/tools/code_verify.py :20 import subprocess
shell HeliosNova-nova-c6f022b/app/tools/desktop.py :180 import subprocess
shell HeliosNova-nova-c6f022b/app/tools/shell_exec.py :9 import subprocess
shell HeliosNova-nova-c6f022b/scripts/ab_long_context.py :10 import subprocess
shell HeliosNova-nova-c6f022b/scripts/ab_q8_vs_fp16.py :12 import subprocess
shell HeliosNova-nova-c6f022b/scripts/browser_host.py :18 import subprocess
shell HeliosNova-nova-c6f022b/scripts/demo_record.py :18 os.system("") # enable ANSI escape codes on Windows
shell HeliosNova-nova-c6f022b/scripts/distill_simpo_pairs.py :327 import subprocess
shell HeliosNova-nova-c6f022b/scripts/dpo_comprehensive_v4.py :1375 "Run this code: import os; os.system('rm -rf /')",
shell HeliosNova-nova-c6f022b/scripts/finetune.py :39 import subprocess
shell HeliosNova-nova-c6f022b/scripts/finetune_auto.py :36 import subprocess
shell HeliosNova-nova-c6f022b/scripts/finetune_oneclick.py :23 import subprocess
shell HeliosNova-nova-c6f022b/scripts/grpo_train.py :36 import subprocess
shell HeliosNova-nova-c6f022b/scripts/merge_chosens_27b.py :149 111: "```python\n@app.command()\ndef recent(\n repo: str = typer.Argument(..., help=\"Path to git repo\"),\n since: str = typer.Option(\n \"7 days ago\",\n \"--since\", \"-s\",\n
shell HeliosNova-nova-c6f022b/scripts/training_monitor.py :3 import subprocess

network 39

net HeliosNova-nova-c6f022b/app/api/documents.py :110 import httpx
net HeliosNova-nova-c6f022b/app/channels/signal.py :10 import httpx
net HeliosNova-nova-c6f022b/app/channels/telegram.py :74 import httpx
net HeliosNova-nova-c6f022b/app/channels/whatsapp.py :12 import httpx
net HeliosNova-nova-c6f022b/app/core/auto_tools.py :104 - If the gap is about web fetching, use `urllib.request.urlopen` or `httpx`.
net HeliosNova-nova-c6f022b/app/core/custom_tools.py :168 _sys.modules["urllib.request"] = type(_sys)("urllib.request")
net HeliosNova-nova-c6f022b/app/core/embedding.py :30 import urllib.request
net HeliosNova-nova-c6f022b/app/core/llm.py :17 import httpx
net HeliosNova-nova-c6f022b/app/core/providers/_retry.py :9 import httpx
net HeliosNova-nova-c6f022b/app/core/providers/ollama.py :12 import httpx
net HeliosNova-nova-c6f022b/app/monitors/domain_study_runner.py :27 from urllib.parse import urlparse
net HeliosNova-nova-c6f022b/app/monitors/heartbeat_loop.py :2855 import httpx
net HeliosNova-nova-c6f022b/app/monitors/rss_feeds.py :23 from urllib.parse import urlparse
net HeliosNova-nova-c6f022b/app/tools/action_webhook.py :14 import httpx
net HeliosNova-nova-c6f022b/app/tools/browser.py :257 import httpx
net HeliosNova-nova-c6f022b/app/tools/desktop.py :311 import httpx
net HeliosNova-nova-c6f022b/app/tools/http_fetch.py :9 import socket
net HeliosNova-nova-c6f022b/app/tools/integration.py :7 from urllib.parse import quote, urlencode
net HeliosNova-nova-c6f022b/app/tools/native_search.py :29 from urllib.parse import parse_qs, unquote, urlparse
net HeliosNova-nova-c6f022b/app/tools/screenshot.py :8 from urllib.parse import urlparse
net HeliosNova-nova-c6f022b/app/tools/search_agent.py :31 from urllib.parse import urlparse
net HeliosNova-nova-c6f022b/scripts/ab_batched.py :20 import httpx
net HeliosNova-nova-c6f022b/scripts/ab_long_context.py :11 import httpx
net HeliosNova-nova-c6f022b/scripts/ab_q8_vs_fp16.py :13 import httpx
net HeliosNova-nova-c6f022b/scripts/collect_27b_rejecteds.py :17 import urllib.request
net HeliosNova-nova-c6f022b/scripts/demo_record.py :21 import httpx
net HeliosNova-nova-c6f022b/scripts/demo_svg.py :7 import httpx
net HeliosNova-nova-c6f022b/scripts/dpo_openclaude_features.py :100 "rejected": "Let me research this by running a Python script to scrape some research papers.\n\n{\"tool\": \"code_exec\", \"args\": {\"code\": \"import requests; r = requests.get('https://arxiv.org/se
net HeliosNova-nova-c6f022b/scripts/dpo_v10_gaps.py :734 "4. **Event loop blocked** — some sync call (requests.get, time.sleep, sync DB) is freezing "
net HeliosNova-nova-c6f022b/scripts/dpo_v9_gaps.py :1252 "Step 3 — For (d), check for any `time.sleep()`, `requests.get()` (sync!), or blocking DB calls in your code. These freeze the whole loop.\n\n"
net HeliosNova-nova-c6f022b/scripts/eval_harness.py :31 import httpx
net HeliosNova-nova-c6f022b/scripts/finetune_auto.py :234 import requests
net HeliosNova-nova-c6f022b/scripts/gather_27b_seeds.py :17 import urllib.request
net HeliosNova-nova-c6f022b/scripts/generate_synthetic_pairs.py :65 import urllib.request
net HeliosNova-nova-c6f022b/scripts/long_context_eval.py :106 import httpx
net HeliosNova-nova-c6f022b/scripts/multi_agent_ceiling.py :28 import urllib.error
net HeliosNova-nova-c6f022b/scripts/overnight_probe_loop.py :25 import httpx
net HeliosNova-nova-c6f022b/scripts/training_curriculum.py :28 import httpx
net HeliosNova-nova-c6f022b/scripts/v9_e2e_probes.py :19 import httpx

secrets 2

secrets HeliosNova-nova-c6f022b/scripts/overnight_probe_loop.py :30 KEY = os.environ.get("NOVA_API_KEY", "B4wCcXG1gk2yfkvP78jjoSsbwVwiFw4LYBCBhjbDmIg")
secrets HeliosNova-nova-c6f022b/scripts/v9_e2e_probes.py :27 API_KEY = os.environ.get("NOVA_API_KEY")

database 12

db HeliosNova-nova-c6f022b/app/core/backup.py :29 import sqlite3
db HeliosNova-nova-c6f022b/app/core/output_eval.py :23 import sqlite3
db HeliosNova-nova-c6f022b/app/core/skills.py :535 import sqlite3 as _sqlite3
db HeliosNova-nova-c6f022b/app/database.py :10 import sqlite3
db HeliosNova-nova-c6f022b/app/monitors/dedup.py :20 import sqlite3
db HeliosNova-nova-c6f022b/app/tools/shell_exec.py :83 "use code_exec with `import sqlite3; conn = sqlite3.connect('/data/nova.db')` "
db HeliosNova-nova-c6f022b/scripts/dpo_openclaude_features.py :94 "rejected": "Let me clean up those contradictions. I'll search the web to verify the facts.\n\n{\"tool\": \"web_search\", \"args\": {\"query\": \"verify knowledge graph facts\"}}\n\nAnd let me run som
db HeliosNova-nova-c6f022b/scripts/generate_synthetic_pairs.py :24 import sqlite3
db HeliosNova-nova-c6f022b/scripts/kg_cleanup_reversals.py :22 import sqlite3
db HeliosNova-nova-c6f022b/scripts/migrate_skills.py :31 import sqlite3
db HeliosNova-nova-c6f022b/scripts/migrate_skills_v2.py :33 import sqlite3
db HeliosNova-nova-c6f022b/scripts/verify_skills_v2.py :24 import sqlite3

declared dependencies 20

fastapi@==0.135.1
uvicorn@[standard]==0.34.0
httpx@==0.28.1
chromadb@==0.6.3
sympy@==1.13.3
python-multipart@==0.0.22
pydantic@>=2.11.0,<3.0.0
PyYAML@>=6.0
discord.py@==2.4.0
python-telegram-bot@==21.10
ics@==0.7.2
tatsu@==5.8.3
playwright@==1.49.1
pyautogui@==0.9.54
Pillow@>=10.0.0
openai-whisper@==20250625
mcp@>=1.23.0
pytest@==8.3.5
pytest-asyncio@==0.25.3
pytest-cov@==6.1.1