mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-30 06:41:51 +00:00
249534e472
New opt-in plugin that scans the content passed to write_file / patch /
skill_manage for 25 known-dangerous code patterns — pickle.load,
yaml.load, eval(, os.system, subprocess(shell=True), child_process.exec,
dangerouslySetInnerHTML, innerHTML/outerHTML/document.write/
insertAdjacentHTML, crypto.createCipher (no IV), AES ECB,
TLS verification disabled, XXE-prone xml.etree/minidom parsers,
<script src=//...> without SRI, torch.load without weights_only=True,
GitHub Actions ${{ github.event.* }} injection — and appends a
"Security guidance" warning block to the tool result via the
transform_tool_result hook.
Default behaviour is non-blocking: the file is written and the warning
rides back to the model in the next turn so it can self-correct or
document why the construct is safe. SECURITY_GUIDANCE_BLOCK=1 upgrades
to refusing the write entirely; SECURITY_GUIDANCE_DISABLE=1 is the
kill switch.
Pattern data (patterns.py) is a verbatim Apache-2.0 fork of
Anthropic's claude-plugins-official/plugins/security-guidance/hooks/
patterns.py at commit 0bde168 (2026-05-26). LICENSE and NOTICE
preserve attribution. The Hermes-side plugin glue (__init__.py,
plugin.yaml, README.md, tests) is original work.
Plugin is opt-in like all bundled plugins:
hermes plugins enable security-guidance
Inspired by https://x.com/ClaudeDevs/status/1927108527247... — Anthropic
shipped this as their security-guidance plugin for Claude Code on
2026-05-26 with a measured 30-40% reduction in security-related PR
comments on internal rollout.
What's NOT ported (deferred):
* Layer 2 (LLM diff review on turn end) — would route through main
model by default on Hermes, real money on reasoning models. A
follow-up can wire it to a cheap aux model with explicit opt-in.
* Layer 3 (agentic commit-time review) — agent can run this on
demand via delegate_task today.
* .hermes/security-guidance.md project-rules file — only used by
layers 2/3 upstream.
|
||
|---|---|---|
| .. | ||
| _category_.json | ||
| acp.md | ||
| api-server.md | ||
| batch-processing.md | ||
| browser.md | ||
| built-in-plugins.md | ||
| code-execution.md | ||
| codex-app-server-runtime.md | ||
| computer-use.md | ||
| context-files.md | ||
| context-references.md | ||
| credential-pools.md | ||
| cron.md | ||
| curator.md | ||
| delegation.md | ||
| deliverable-mode.md | ||
| extending-the-dashboard.md | ||
| fallback-providers.md | ||
| goals.md | ||
| honcho.md | ||
| hooks.md | ||
| image-generation.md | ||
| kanban-tutorial.md | ||
| kanban-worker-lanes.md | ||
| kanban.md | ||
| lsp.md | ||
| mcp.md | ||
| memory-providers.md | ||
| memory.md | ||
| overview.md | ||
| personality.md | ||
| plugins.md | ||
| provider-routing.md | ||
| skills.md | ||
| skins.md | ||
| spotify.md | ||
| subscription-proxy.md | ||
| tool-gateway.md | ||
| tools.md | ||
| tts.md | ||
| vision.md | ||
| voice-mode.md | ||
| web-dashboard.md | ||
| web-search.md | ||
| x-search.md | ||