mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-26 11:12:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

docs(hooks): document manual shell hook allowlisting

Browse source
This commit is contained in:
Sworntech-dev 2026-06-17 02:39:23 +03:00 committed by Teknium
parent f80088f035
commit fa53e36438
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
website/docs/user-guide/features/hooks.md
View file

@ -1385,6 +1385,23 @@ Non-TTY runs (gateway, cron, CI) need one of these three — otherwise any newly
**Script edits are silently trusted.** The allowlist keys on the exact command string, not the script's hash, so editing the script on disk does not invalidate consent. `hermes hooks doctor` flags mtime drift so you can spot edits and decide whether to re-approve.
#### Manual allowlisting
Manual allowlisting is useful for non-TTY or service-account deployments where an operator cannot answer the first-use prompt interactively. The allowlist file is `~/.hermes/shell-hooks-allowlist.json`, and the expected format is an `approvals` array. Each approval records the hook `event` and the exact `command` string:
```json
{
"approvals": [
{
"event": "post_llm_call",
"command": "/home/hermes/.hermes/hooks/my-hook.py"
}
]
}
```
The command string must match the configured hook command exactly. A path-keyed object with a `sha256` field is not the expected format and will not approve the hook. Verify manual entries with `hermes hooks list`.
### The `hermes hooks` CLI
| Command | What it does |