Implement dangerous command approval system for terminal tool
- Added a safety mechanism to detect and approve potentially dangerous commands (e.g., `rm -rf`, `DROP TABLE`). - Introduced an approval flow for local/SSH backends, prompting users for confirmation with options to allow once, for the session, or permanently. - Updated configuration to include a `command_allowlist` for storing approved patterns. - Enhanced messaging for sudo failures in messaging contexts. - Updated relevant documentation in AGENTS.md and TODO.md to reflect these changes.
This commit is contained in:
teknium1
parent
be91af7551
commit
76d929e177
5 changed files with 306 additions and 2 deletions
18
TODO.md
18
TODO.md
|
|
@ -423,4 +423,22 @@
|
|||
|
||||
---
|
||||
|
||||
## Recently Completed ✅
|
||||
|
||||
### Dangerous Command Approval System
|
||||
**Implemented:** Dangerous command detection and approval for terminal tool.
|
||||
|
||||
**Features:**
|
||||
- Pattern-based detection of dangerous commands (rm -rf, DROP TABLE, chmod 777, etc.)
|
||||
- CLI prompt with options: `[o]nce | [s]ession | [a]lways | [d]eny`
|
||||
- Session caching (approved patterns don't re-prompt)
|
||||
- Permanent allowlist in `~/.hermes/config.yaml`
|
||||
- Force flag for agent to bypass after user confirmation
|
||||
- Skip check for isolated backends (Docker, Singularity, Modal)
|
||||
- Helpful sudo failure messages for messaging platforms
|
||||
|
||||
**Files:** `tools/terminal_tool.py`, `model_tools.py`, `hermes_cli/config.py`
|
||||
|
||||
---
|
||||
|
||||
*Last updated: $(date +%Y-%m-%d)* 🤖
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue