Skip to content

Home

Jump to bottom
Stephen Cross edited this page Jun 3, 2026 · 8 revisions

hermes-custom-dangerous-patterns

⚠️ EXPERIMENTAL — USE AT YOUR OWN RISK

This plugin is in early development and has not been rigorously tested across all Hermes environments, versions, or edge cases. There is no guarantee that all destructive commands will be caught or blocked. Pattern matching is best-effort — creative command obfuscation, shell expansions, piped commands, or edge cases in the approval flow may bypass detection. Do not rely on this plugin as your sole safety net for critical operations.

A Hermes Agent plugin that adds custom dangerous command patterns to Hermes's built-in approval system.

What It Does

Hermes ships with ~47 hardcoded dangerous command patterns (rm -rf, git reset --hard, docker stop, etc.). When a command matches, you get an interactive approval prompt: [o]nce, [s]ession, [a]lways, or [d]eny.

This plugin lets you define your own patterns in a YAML config file. They get the exact same approval flow — same prompts, same session persistence, same permanent allowlist, same gateway /approve and /deny support.

Use cases:

  • Guard cloud CLI tools (vultr, gcloud, aws, az)
  • Protect deployment scripts (cap deploy, fab deploy)
  • Block dangerous database operations (DROP TABLE, mongodump --drop)
  • Gate any command that should require explicit human approval

Quick Start

# Install
hermes plugins install scross01/hermes-custom-dangerous-patterns-plugin --enable

# Copy example config
cp ~/.hermes/plugins/custom-dangerous-patterns/examples/custom-dangerous-patterns.yaml \
   ~/.hermes/custom-dangerous-patterns.yaml

# Restart Hermes
hermes gateway restart

Then try it:

> vultr instance delete --instance-id cb670a12-e4f5-6d78-ab90-1234567890ab

⚠️ Dangerous command detected: Vultr destructive instance/snapshot command
    vultr instance delete --instance-id cb670a12-e4f5-6d78-ab90-1234567890ab

  [o]nce    — allow this one time
  [s]ession — allow for this session
  [a]lways  — always allow this pattern
  [d]eny    — block (default)

Wiki Pages

  • Installation — Install, update, and enable the plugin
  • Configuration — YAML config format, patterns, allow patterns, evaluation order
  • Architecture — How the plugin works internally, plugin structure, design decisions
  • Roadmap — v0.2.0 safety hardening, v0.3.0 usability, v0.4.0 power features
  • Security-&-Risks — Agent self-modification, evaluation order, hardline backstop

Requirements

License

MIT — see LICENSE.

Clone this wiki locally