mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-18 04:41:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix(windows): silence tirith-unavailable banner + skip install/spawn attempts on unsupported platforms (#26718)
Some checks are pending
Deploy Site / deploy-vercel (push) Waiting to run
Details
Deploy Site / deploy-docs (push) Waiting to run
Details
Docker Build and Publish / build-amd64 (push) Waiting to run
Details
Docker Build and Publish / build-arm64 (push) Waiting to run
Details
Docker Build and Publish / merge (push) Blocked by required conditions
Details
Docker Build and Publish / move-main (push) Blocked by required conditions
Details
Docker Build and Publish / move-latest (push) Blocked by required conditions
Details
Lint (ruff + ty) / ruff + ty diff (push) Waiting to run
Details
Lint (ruff + ty) / ruff enforcement (blocking) (push) Waiting to run
Details
Lint (ruff + ty) / Windows footguns (blocking) (push) Waiting to run
Details
Nix / nix (macos-latest) (push) Waiting to run
Details
Nix / nix (ubuntu-latest) (push) Waiting to run
Details
OSV-Scanner / Scan lockfiles (push) Waiting to run
Details
Tests / test (push) Waiting to run
Details
Tests / e2e (push) Waiting to run
Details
uv.lock check / uv lock --check (push) Waiting to run
Details

Browse source 
Tirith ships no Windows binary, so on every Windows CLI startup users
saw a scary 'tirith security scanner enabled but not available' banner
they could not act on. The banner suggested degraded security; in
reality pattern-matching guards still run and the message was pure noise.

Fix:
- New public is_platform_supported() helper in tools/tirith_security.py
  that returns False when _detect_target() doesn't resolve (Windows, any
  non-x86_64/aarch64 arch).
- ensure_installed(), _resolve_tirith_path(), and check_command_security()
  short-circuit on unsupported platforms: cache _resolved_path =
  _INSTALL_FAILED with reason 'unsupported_platform', skip PATH probes,
  skip the background download thread, skip the disk failure marker, and
  return allow with an empty summary from check_command_security so the
  spawn loop never fires.
- Explicit user-configured tirith_path is still honored everywhere (a
  user who built tirith themselves under WSL keeps that path).
- CLI banner in cli.py gated on is_platform_supported() — fires only on
  platforms where tirith *should* work but isn't installed.
- Docs note tirith's supported-platform list and point Windows users at
  WSL.

Tests: tests/tools/test_tirith_security.py +8 tests covering Linux
x86_64, Darwin arm64, Windows, and unknown-arch verdicts plus the
silent ensure_installed / check_command_security / _resolve_tirith_path
fast-paths and the explicit-path override.

  test_tirith_security.py     75 passed (8 new + 67 pre-existing)
  test_command_guards.py      19 passed
This commit is contained in:
Teknium 2026-05-15 20:29:28 -07:00 committed by GitHub
parent a31191c3f5
commit c5dc9700eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 143 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
website/docs/user-guide/security.md
View file

@ -537,6 +537,8 @@ security:
When `tirith_fail_open` is `true` (default), commands proceed if tirith is not installed or times out. Set to `false` in high-security environments to block commands when tirith is unavailable.
Tirith ships prebuilt binaries for Linux (x86_64 / aarch64) and macOS (x86_64 / arm64). On platforms with no prebuilt binary (Windows, etc.), tirith is silently skipped — pattern-matching guards still run, and the CLI does not surface an "unavailable" banner. To use tirith on Windows, run Hermes under WSL.
Tirith's verdict integrates with the approval flow: safe commands pass through, while both suspicious and blocked commands trigger user approval with the full tirith findings (severity, title, description, safer alternatives). Users can approve or deny — the default choice is deny to keep unattended scenarios secure.
### Context File Injection Protection