mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-28 01:21:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

fix(security): harden terminal safety and sandbox file writes (#1653)

Browse source 
* fix(security): harden terminal safety and sandbox file writes

Two security improvements:

1. Dangerous command detection: expand shell -c pattern to catch
   combined flags (bash -lc, bash -ic, ksh -c) that were previously
   undetected. Pattern changed from matching only 'bash -c' to
   matching any shell invocation with -c anywhere in the flags.

2. File write sandboxing: add HERMES_WRITE_SAFE_ROOT env var that
   constrains all write_file/patch operations to a configured directory
   tree. Opt-in — when unset, behavior is unchanged. Useful for
   gateway/messaging deployments that should only touch a workspace.

Based on PR #1085 by ismoilh.

* fix: correct "POSIDEON" typo to "POSEIDON" in banner ASCII art

The poseidon skin's banner_logo had the E and I letters swapped,
spelling "POSIDEON-AGENT" instead of "POSEIDON-AGENT".

---------

Co-authored-by: ismoilh <ismoilh@users.noreply.github.com>
Co-authored-by: unmodeled-tyler <unmodeled.tyler@proton.me>
This commit is contained in:
Teknium 2026-03-17 02:22:12 -07:00 committed by GitHub
parent 6a320e8bfe
commit 2c7c30be69
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 137 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

19
tests/tools/test_approval.py
View file

@ -43,6 +43,25 @@ class TestDetectDangerousSudo:
assert key is not None
assert "pipe" in desc.lower() or "shell" in desc.lower()
def test_shell_via_lc_flag(self):
"""bash -lc should be treated as dangerous just like bash -c."""
is_dangerous, key, desc = detect_dangerous_command("bash -lc 'echo pwned'")
assert is_dangerous is True
assert key is not None
def test_shell_via_lc_with_newline(self):
"""Multi-line bash -lc invocations must still be detected."""
cmd = "bash -lc \\\n'echo pwned'"
is_dangerous, key, desc = detect_dangerous_command(cmd)
assert is_dangerous is True
assert key is not None
def test_ksh_via_c_flag(self):
"""ksh -c should be caught by the expanded pattern."""
is_dangerous, key, desc = detect_dangerous_command("ksh -c 'echo test'")
assert is_dangerous is True
assert key is not None
class TestDetectSqlPatterns:
def test_drop_table(self):