mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hermes-agent/hermes_cli
History
Teknium ce089169d5 feat(skills-guard): gate agent-created scanner on config.skills.guard_agent_created (default off) 
Replaces the blanket 'always allow' change from the previous commit with
an opt-in config flag so users who want belt-and-suspenders security can
still get the keyword scan on skill_manage output.

## Default behavior (flag off)
skill_manage(action='create'|'edit'|'patch') no longer runs the keyword
scanner. The agent can write skills that mention risky keywords in prose
(documenting what reviewers should watch for, describing cache-bust
semantics in a PR-review skill, referencing AGENTS.md, etc.) without
getting blocked.

Rationale: the agent can already execute the same code paths via
terminal() with no gate, so the scan adds friction without meaningful
security against a compromised or malicious agent.

## Opt-in behavior (flag on)
Set skills.guard_agent_created: true in config.yaml to get the original
behavior back. Scanner runs on every skill_manage write; dangerous
verdicts surface as a tool error the agent can react to (retry without
the flagged content).

## External hub installs unaffected
trusted/community sources (hermes skills install) always get scanned
regardless of this flag. The gate is specifically for skill_manage,
which only agents call.

## Changes
- hermes_cli/config.py: add skills.guard_agent_created: False to DEFAULT_CONFIG
- tools/skill_manager_tool.py: _guard_agent_created_enabled() reads the flag;
  _security_scan_skill() short-circuits to None when the flag is off
- tools/skills_guard.py: restore INSTALL_POLICY['agent-created'] =
  ('allow', 'allow', 'ask') so the scan remains strict when it does run
- tests/tools/test_skills_guard.py: restore original ask/force tests
- tests/tools/test_skill_manager_tool.py: new TestSecurityScanGate class
  covering both flag states + config error handling

## Validation
- tests/tools/test_skills_guard.py + test_skill_manager_tool.py: 115/115 pass
- E2E: flagged-keyword skill creates with default config, blocks with flag on
2026-04-23 06:20:47 -07:00
..
__init__.py chore: release v0.10.0 (2026.4.16) (#11209) 2026-04-16 12:53:06 -07:00
auth.py fix: add base_url_env_var to Anthropic ProviderConfig 2026-04-22 17:56:14 -07:00
auth_commands.py fix(auth): unify credential source removal — every source sticks (#13427) 2026-04-21 01:52:49 -07:00
backup.py fix(backup): handle files with pre-1980 timestamps 2026-04-20 00:47:40 -07:00
banner.py refactor: remove dead code — 1,784 lines across 77 files (#9180) 2026-04-13 16:32:04 -07:00
callbacks.py fix: ESC cancels secret/sudo prompts, clearer skip messaging (#9902) 2026-04-14 16:11:37 -07:00
claw.py Normalize claw workspace paths for Windows 2026-04-22 18:15:27 -07:00
cli_output.py refactor: remove dead code — 1,784 lines across 77 files (#9180) 2026-04-13 16:32:04 -07:00
clipboard.py feat: fix img pasting in new ink plus newline after tools 2026-04-11 13:14:32 -05:00
codex_models.py fix: remove codex spark model support 2026-04-20 04:51:44 -07:00
colors.py feat: respect NO_COLOR env var and TERM=dumb (#4079) 2026-03-30 17:07:21 -07:00
commands.py feat(gateway): expose plugin slash commands natively on all platforms + decision-capable command hook 2026-04-22 16:23:21 -07:00
completion.py fix: preserve profile name completion in dynamic shell completion 2026-04-14 10:45:42 -07:00
config.py feat(skills-guard): gate agent-created scanner on config.skills.guard_agent_created (default off) 2026-04-23 06:20:47 -07:00
copilot_auth.py fix(copilot): resolve GHE token poisoning when GITHUB_TOKEN is set 2026-04-13 05:12:36 -07:00
cron.py feat(cron): track delivery failures in job status (#6042) 2026-04-07 22:49:01 -07:00
curses_ui.py feat: ungate Tool Gateway — subscription-based access with per-tool opt-in 2026-04-16 12:36:49 -07:00
debug.py style(debug): add missing blank line between LogSnapshot and helpers 2026-04-22 16:34:05 -05:00
default_soul.py fix: reset default SOUL.md to baseline identity text (#3159) 2026-03-26 01:34:27 -07:00
dingtalk_auth.py test(dingtalk): cover QR device-flow auth + OpenClaw branding disclosure 2026-04-17 05:08:07 -07:00
doctor.py feat: add Step Plan provider support (salvage #6005) 2026-04-22 02:59:58 -07:00
dump.py refactor: remove smart_model_routing feature (#12732) 2026-04-19 18:12:55 -07:00
env_loader.py fix(cli): ensure project .env is sanitized before loading 2026-04-22 05:51:44 -07:00
gateway.py fix(gateway): preflight user D-Bus before systemctl --user start (#14531) 2026-04-23 05:09:38 -07:00
hooks.py feat: shell hooks — wire shell scripts as Hermes hook callbacks 2026-04-20 20:53:51 -07:00
logs.py feat: component-separated logging with session context and filtering (#7991) 2026-04-11 17:23:36 -07:00
main.py feat(cli): add --ignore-user-config and --ignore-rules flags 2026-04-22 19:58:42 -07:00
mcp_config.py fix(mcp): consolidate OAuth handling, pick up external token refreshes (#11383) 2026-04-16 21:57:10 -07:00
memory_setup.py fix(memory): discover user-installed memory providers from $HERMES_HOME/plugins/ (#10529) 2026-04-15 14:25:40 -07:00
model_normalize.py fix(copilot): normalize vendor-prefixed and dash-notation model IDs (#6879) (#11561) 2026-04-17 04:19:36 -07:00
model_switch.py fix(model_switch): group custom_providers by endpoint in /model picker (#9210) 2026-04-23 03:10:30 -07:00
models.py feat(/model): merge models.dev entries for lesser-loved providers (#14221) 2026-04-22 17:33:42 -07:00
nous_subscription.py fix(fal): extend whitespace-only FAL_KEY handling to all call sites 2026-04-21 02:04:21 -07:00
pairing.py fix(pairing): handle null user_name in pairing list display 2026-04-23 02:34:11 -07:00
platforms.py feat(gateway): unify QQBot branding, add PLATFORM_HINTS, fix streaming, restore missing setup functions 2026-04-14 00:11:49 -07:00
plugins.py fix(image-gen): force-refresh plugin providers in long-lived sessions 2026-04-23 03:01:18 -07:00
plugins_cmd.py feat(plugins): make all plugins opt-in by default 2026-04-20 04:46:45 -07:00
profiles.py fix(profiles): stage profile imports to prevent directory clobbering 2026-04-23 03:02:34 -07:00
providers.py feat: add Step Plan provider support (salvage #6005) 2026-04-22 02:59:58 -07:00
runtime_provider.py fix(kimi-coding): add KIMI_CODING_API_KEY fallback + api_mode detection for /coding endpoint 2026-04-21 19:48:39 -07:00
setup.py fix(gateway): preflight user D-Bus before systemctl --user start (#14531) 2026-04-23 05:09:38 -07:00
skills_config.py refactor: remove dead code — 1,784 lines across 77 files (#9180) 2026-04-13 16:32:04 -07:00
skills_hub.py Merge branch 'main' of github.com:NousResearch/hermes-agent into feat/ink-refactor 2026-04-17 08:59:33 -05:00
skin_engine.py fix(skins): don't inherit status_bar_* into light-mode skins 2026-04-22 13:20:02 -07:00
status.py feat: add Step Plan provider support (salvage #6005) 2026-04-22 02:59:58 -07:00
timeouts.py fix(config): add stale timeout settings 2026-04-20 00:52:50 -07:00
tips.py feat(delegate): orchestrator role and configurable spawn depth (default flat) 2026-04-21 14:23:45 -07:00
tools_config.py fix(image-gen): persist plugin provider on reconfigure 2026-04-23 01:56:09 -07:00
uninstall.py feat(uninstall): offer to remove named profiles when uninstalling from default 2026-04-18 19:18:13 -07:00
web_server.py feat(dashboard): track real API call count per session 2026-04-22 05:51:58 -07:00
webhook.py feat(webhook): direct delivery mode for zero-LLM push notifications (#12473) 2026-04-19 05:18:19 -07:00