mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-30 06:41:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
hermes-agent/plugins/security-guidance/NOTICE
Teknium 249534e472
plugins: add security-guidance — pattern-matched warnings on dangerous code writes (#33131) 
New opt-in plugin that scans the content passed to write_file / patch /
skill_manage for 25 known-dangerous code patterns — pickle.load,
yaml.load, eval(, os.system, subprocess(shell=True), child_process.exec,
dangerouslySetInnerHTML, innerHTML/outerHTML/document.write/
insertAdjacentHTML, crypto.createCipher (no IV), AES ECB,
TLS verification disabled, XXE-prone xml.etree/minidom parsers,
<script src=//...> without SRI, torch.load without weights_only=True,
GitHub Actions ${{ github.event.* }} injection — and appends a
"Security guidance" warning block to the tool result via the
transform_tool_result hook.

Default behaviour is non-blocking: the file is written and the warning
rides back to the model in the next turn so it can self-correct or
document why the construct is safe. SECURITY_GUIDANCE_BLOCK=1 upgrades
to refusing the write entirely; SECURITY_GUIDANCE_DISABLE=1 is the
kill switch.

Pattern data (patterns.py) is a verbatim Apache-2.0 fork of
Anthropic's claude-plugins-official/plugins/security-guidance/hooks/
patterns.py at commit 0bde168 (2026-05-26). LICENSE and NOTICE
preserve attribution. The Hermes-side plugin glue (__init__.py,
plugin.yaml, README.md, tests) is original work.

Plugin is opt-in like all bundled plugins:
  hermes plugins enable security-guidance

Inspired by https://x.com/ClaudeDevs/status/1927108527247... — Anthropic
shipped this as their security-guidance plugin for Claude Code on
2026-05-26 with a measured 30-40% reduction in security-related PR
comments on internal rollout.

What's NOT ported (deferred):
  * Layer 2 (LLM diff review on turn end) — would route through main
    model by default on Hermes, real money on reasoning models. A
    follow-up can wire it to a cheap aux model with explicit opt-in.
  * Layer 3 (agentic commit-time review) — agent can run this on
    demand via delegate_task today.
  * .hermes/security-guidance.md project-rules file — only used by
    layers 2/3 upstream.
2026-05-27 02:07:21 -07:00

30 lines
1.2 KiB
Text
Raw Blame History

Hermes Agent security-guidance plugin
=====================================
This plugin (plugins/security-guidance/) includes work originally
published in the claude-plugins-official repository by Anthropic, PBC.,
licensed under the Apache License, Version 2.0.
Source: https://github.com/anthropics/claude-plugins-official
Subpath: plugins/security-guidance/hooks/patterns.py
Commit: 0bde168 (2026-05-26)
License: Apache License 2.0 (see LICENSE in this directory)
Forked content
--------------
The file patterns.py in this directory is a verbatim copy of the upstream
patterns.py at the commit above, with a modified module docstring noting
this attribution. The pattern data — 25 regex/substring rules covering
unsafe deserialization, command injection, XSS sinks, crypto footguns,
XXE, GitHub Actions injection, and TLS-verification disablement — is
unmodified.
Original work
-------------
The Hermes-side plugin glue code (__init__.py, plugin.yaml, README.md,
tests) is original work by NousResearch and is licensed under the MIT
License that applies to the rest of the hermes-agent project, except
where it imports from patterns.py — that import does not change the
license of either file.
Reference in a new issue View git blame Copy permalink