Skip to content

Installation

Jump to bottom
Stephen Cross edited this page Jun 9, 2026 · 4 revisions

Installation

Recommended: Install via Hermes CLI

hermes plugins install scross01/hermes-custom-dangerous-patterns-plugin
hermes plugins enable custom-dangerous-patterns

The install command clones the repo into ~/.hermes/plugins/custom-dangerous-patterns/ and prompts to enable it. Use --enable to skip the prompt:

hermes plugins install scross01/hermes-custom-dangerous-patterns-plugin --enable

Updating

hermes plugins update custom-dangerous-patterns

Then restart Hermes for the changes to take effect.

Alternative: Manual Clone or Symlink

git clone https://github.com/scross01/hermes-custom-dangerous-patterns-plugin.git \
    ~/.hermes/plugins/custom-dangerous-patterns

Or if you already have the source elsewhere:

ln -s /path/to/hermes-custom-dangerous-patterns-plugin \
      ~/.hermes/plugins/custom-dangerous-patterns

Important: The directory inside ~/.hermes/plugins/ must be named custom-dangerous-patterns (with the trailing s).

Then enable:

hermes plugins enable custom-dangerous-patterns

Step 2: Create the Config

Easiest — use the interactive bootstrap:

hermes custom-dangerous-patterns init --with-examples

This creates ~/.hermes/custom-dangerous-patterns/ (a directory) with:

  • 00-test.yaml — safe [TEST] patterns (all disabled)
  • All bundled example files copied individually (01-cloud.yaml, 02-infra.yaml, etc.) — fully-enabled example patterns (only with --with-examples)

Without --with-examples, creates a minimal config directory with safe test patterns (all disabled).

Or create ~/.hermes/custom-dangerous-patterns/ manually — see Configuration.

Note: Directory mode is the preferred configuration setup. The plugin also supports a single custom-dangerous-patterns.yaml file or combined mode where both the directory and sibling .yaml file are loaded and merged together.

Step 3: Restart Hermes

The plugin loads at startup. Restart the gateway or start a new CLI session:

hermes gateway restart    # if using the gateway
# or just start a new `hermes` CLI session

Step 4: Test It

Test your patterns without running real commands:

hermes custom-dangerous-patterns test "vultr instance delete --instance-id cb670a12"

Then try it live:

> vultr instance delete --instance-id cb670a12-e4f5-6d78-ab90-1234567890ab

⚠️ Dangerous command detected: Vultr destructive instance/snapshot command
    vultr instance delete --instance-id cb670a12-e4f5-6d78-ab90-1234567890ab

  [o]nce    — allow this one time
  [s]ession — allow for this session
  [a]lways  — always allow this pattern
  [d]eny    — block (default)

Troubleshooting

Plugin Not Loading

Check that the plugin is enabled:

hermes plugins list | grep custom-dangerous-patterns

If not listed, enable it:

hermes plugins enable custom-dangerous-patterns

Patterns Not Triggering Approval

  1. Verify the plugin loaded and see active patterns:

    hermes custom-dangerous-patterns list

  2. Test a command against your patterns:

    hermes custom-dangerous-patterns test "vultr instance delete"

  3. Check the plugin logs for errors:

    hermes custom-dangerous-patterns logs

  4. Ensure you restarted Hermes after enabling the plugin or changing config.

  5. Validate your config syntax:

    hermes custom-dangerous-patterns validate

Allow Patterns Not Working

Allow patterns are checked before block patterns. If a command matches both, the allow wins. Test your pattern matching:

hermes custom-dangerous-patterns test "vultr account info" --verbose

The --verbose output shows which patterns matched and the result.

Config File Not Found

The plugin looks for ~/.hermes/custom-dangerous-patterns.yaml (single file) or ~/.hermes/custom-dangerous-patterns/ (directory). Override with:

export HERMES_CUSTOM_PATTERNS_PATH=/path/to/config.yaml

# Or point to a directory:
export HERMES_CUSTOM_PATTERNS_PATH=/path/to/config-directory/

Clone this wiki locally