fix: add self-termination guard for pkill/killall targeting hermes/gateway (#3593)

Prevent the agent from accidentally killing its own process with pkill -f gateway, killall hermes, etc. Adds a dangerous command pattern that triggers the approval flow. Co-authored-by: arasovic <arasovic@users.noreply.github.com>
2026-04-25 00:51:20 +00:00 · 2026-03-28 14:33:48 -07:00 · 2026-03-28 14:33:48 -07:00 · 404a0b823e
commit 404a0b823e
parent dabe3c34cc
2 changed files with 26 additions and 0 deletions
--- a/tests/tools/test_approval.py
+++ b/tests/tools/test_approval.py
@ -512,6 +512,30 @@ class TestGatewayProtection:
        dangerous, key, desc = detect_dangerous_command(cmd)
        assert dangerous is False

+    def test_pkill_hermes_detected(self):
+        """pkill targeting hermes/gateway processes must be caught."""
+        cmd = 'pkill -f "cli.py --gateway"'
+        dangerous, key, desc = detect_dangerous_command(cmd)
+        assert dangerous is True
+        assert "self-termination" in desc
+
+    def test_killall_hermes_detected(self):
+        cmd = "killall hermes"
+        dangerous, key, desc = detect_dangerous_command(cmd)
+        assert dangerous is True
+        assert "self-termination" in desc
+
+    def test_pkill_gateway_detected(self):
+        cmd = "pkill -f gateway"
+        dangerous, key, desc = detect_dangerous_command(cmd)
+        assert dangerous is True
+
+    def test_pkill_unrelated_not_flagged(self):
+        """pkill targeting unrelated processes should not be flagged."""
+        cmd = "pkill -f nginx"
+        dangerous, key, desc = detect_dangerous_command(cmd)
+        assert dangerous is False
+

 class TestNormalizationBypass:
    """Obfuscation techniques must not bypass dangerous command detection."""