hermes-agent/website/docs
Teknium e2fe529efb
feat(approvals): user-defined deny rules that block commands even under yolo (#59164)
Adds approvals.deny to config.yaml — a list of fnmatch globs matched
against terminal commands. A match blocks unconditionally, BEFORE the
--yolo / /yolo / approvals.mode=off bypass, making it the user-editable
counterpart to the code-shipped hardline blocklist.

- Checked in both command gates (check_dangerous_command and
  check_all_command_guards), after the hardline floor and sudo-stdin
  guard, before the yolo bypass and permanent allowlist.
- Matching runs over the same normalized/deobfuscated command variants
  as the dangerous-pattern detector, case-insensitive.
- Opt-in: empty/absent list is a no-op; behavior unchanged.

Supersedes the trust-engine approach from #21500 with a minimal
config-native design: the only capability the existing stack lacked
was deny-that-beats-yolo. Allow already exists (command_allowlist),
ask already exists (session approvals).
2026-07-05 14:48:40 -07:00
..
developer-guide docs: warn that mid-session model switches break prompt caching (#58747) 2026-07-05 04:34:05 -07:00
getting-started Revert "Merge pull request #30179 from NousResearch/feat/iron-proxy" 2026-07-04 13:38:59 -07:00
guides feat(hooks): spill oversized hook-injected context to disk (#20468) 2026-07-05 13:51:26 -07:00
integrations feat(auth): make xAI Grok OAuth device-code-only, drop loopback login 2026-07-02 13:17:41 -07:00
reference docs: warn that mid-session model switches break prompt caching (#58747) 2026-07-05 04:34:05 -07:00
user-guide feat(approvals): user-defined deny rules that block commands even under yolo (#59164) 2026-07-05 14:48:40 -07:00
index.mdx feat(docs): clarify platform support 2026-06-26 11:37:56 -07:00
user-stories.mdx docs(website): add User Stories and Use Cases collage page (#18282) 2026-04-30 23:56:59 -07:00