v0.46.0: security, Docker UID/GID, model discovery, i18n, cancel fix

* fix: decode HTML entities before markdown processing + zh/zh-Hant translations (#239)

Adds decode() helper in renderMd() to fix double-escaping of HTML entities
from LLM output (e.g. <code> becoming <code> instead
of rendering). XSS-safe: decode runs before esc(), only 5 entity patterns.

Also adds 40+ missing zh (Simplified Chinese) translation keys and a new
zh-Hant (Traditional Chinese) locale with 163 keys.

Fix applied: removed duplicate settings_label_notifications key in both
zh and zh-Hant locales.

Fixes #240

* fix: restore custom model list discovery with config api key (#238)

get_available_models() now reads api_key from config.yaml before env vars:
  1. model.api_key
  2. providers.<active>.api_key / providers.custom.api_key
  3. env var fallbacks (HERMES_API_KEY, OPENAI_API_KEY, etc.)

Also adds OpenAI/Python User-Agent header and a regression test covering
authenticated /v1/models discovery.

Fixes users with LM Studio / Ollama custom endpoints configured in
config.yaml whose model picker silently collapsed to the default model.

* feat: Docker UID/GID matching to avoid root-owned .hermes files (#237)

Adds docker_init.bash with hermeswebuitoo/hermeswebui user pattern so
container files match the host user UID/GID. Prevents .hermes volume
mounts from being owned by root when using a non-root host user.

Configure via WANTED_UID and WANTED_GID env vars (default 1000/1000).
Readme updated with setup instructions.

Fix applied: removed duplicate WANTED_GID=1000 line in docker-compose.yml
that was overriding the ${GID:-1000} variable expansion.

* security: redact credentials from API responses and fix credential file permissions (#243)

Adds response-layer credential redaction to three endpoints:
  - GET /api/session — messages[], tool_calls[], and title
  - GET /api/session/export — download also redacted
  - SSE done event — session payload in stream
  - GET /api/memory — MEMORY.md and USER.md content

Adds api/startup.py with fix_credential_permissions() at server startup.
Adds 13 tests in tests/test_security_redaction.py.

Merged with #237 container detection changes in server.py.

* fix: cancel button now interrupts agent and cleans up UI state (#244)

Wires agent.interrupt() into cancel_stream() so the backend actually
stops tool execution when the user clicks Cancel, rather than only
stopping the SSE stream while the agent keeps running.

Changes:
  - api/config.py: adds AGENT_INSTANCES dict (stream_id -> AIAgent)
  - api/streaming.py: stores agent in AGENT_INSTANCES after creation,
    checks CANCEL_FLAGS immediately after store (race condition fix),
    calls agent.interrupt() in cancel_stream(), cleans up in finally block
  - static/boot.js: removes stale setStatus(cancelling) call
  - static/messages.js: setBusy(false)/setStatus('') unconditionally on cancel

Race condition fix: after storing agent in AGENT_INSTANCES, immediately
checks if CANCEL_FLAGS[stream_id] is already set (cancel arrived during
agent init) and interrupts before starting. Check is inside the same
STREAMS_LOCK acquisition, making it atomic.

New test file: tests/test_cancel_interrupt.py with 6 unit tests.

* docs: v0.46.0 release notes, bump version, update test counts

---------

Co-authored-by: Nathan Esquenazi <nesquena@gmail.com>

api/routes.py

@@ -20,7 +20,7 @@ from api.config import (
     IMAGE_EXTS, MD_EXTS, MIME_MAP, MAX_FILE_BYTES, MAX_UPLOAD_BYTES,
     CHAT_LOCK, load_settings, save_settings,
 )
-from api.helpers import require, bad, safe_resolve, j, t, read_body, _security_headers, _sanitize_error
+from api.helpers import require, bad, safe_resolve, j, t, read_body, _security_headers, _sanitize_error, redact_session_data, _redact_text
 
 # ── CSRF: validate Origin/Referer on POST ────────────────────────────────────
 import re as _re
@@ -203,10 +203,11 @@ def handle_get(handler, parsed) -> bool:
             return j(handler, {'error': 'session_id is required'}, status=400)
         try:
             s = get_session(sid)
-            return j(handler, {'session': s.compact() | {
+            raw = s.compact() | {
                 'messages': s.messages,
                 'tool_calls': getattr(s, 'tool_calls', []),
-            }})
+            }
+            return j(handler, {'session': redact_session_data(raw)})
         except KeyError:
             # Not a WebUI session -- try CLI store
             msgs = get_cli_session_messages(sid)
@@ -232,7 +233,7 @@ def handle_get(handler, parsed) -> bool:
                     'messages': msgs,
                     'tool_calls': [],
                 }
-                return j(handler, {'session': sess})
+                return j(handler, {'session': redact_session_data(sess)})
             return bad(handler, 'Session not found', 404)
 
     if parsed.path == '/api/sessions':
@@ -817,7 +818,8 @@ def _handle_session_export(handler, parsed):
     if not sid: return bad(handler, 'session_id is required')
     try: s = get_session(sid)
     except KeyError: return bad(handler, 'Session not found', 404)
-    payload = json.dumps(s.__dict__, ensure_ascii=False, indent=2)
+    safe = redact_session_data(s.__dict__)
+    payload = json.dumps(safe, ensure_ascii=False, indent=2)
     handler.send_response(200)
     handler.send_header('Content-Type', 'application/json; charset=utf-8')
     handler.send_header('Content-Disposition', f'attachment; filename="hermes-{sid}.json"')
@@ -1043,7 +1045,7 @@ def _handle_memory_read(handler):
     memory = mem_file.read_text(encoding='utf-8', errors='replace') if mem_file.exists() else ''
     user = user_file.read_text(encoding='utf-8', errors='replace') if user_file.exists() else ''
     return j(handler, {
-        'memory': memory, 'user': user,
+        'memory': _redact_text(memory), 'user': _redact_text(user),
         'memory_path': str(mem_file), 'user_path': str(user_file),
         'memory_mtime': mem_file.stat().st_mtime if mem_file.exists() else None,
         'user_mtime': user_file.stat().st_mtime if user_file.exists() else None,