Installation

Installation

Recommended: Install via Hermes CLI

hermes plugins install scross01/hermes-custom-dangerous-patterns-plugin
hermes plugins enable custom-dangerous-patterns

The install command clones the repo into ~/.hermes/plugins/custom-dangerous-patterns/ and prompts to enable it. Use --enable to skip the prompt:

hermes plugins install scross01/hermes-custom-dangerous-patterns-plugin --enable

Updating

hermes plugins update custom-dangerous-patterns

Then restart Hermes for the changes to take effect.

Alternative: Manual Clone or Symlink

git clone https://github.com/scross01/hermes-custom-dangerous-patterns-plugin.git \
    ~/.hermes/plugins/custom-dangerous-patterns

Or if you already have the source elsewhere:

ln -s /path/to/hermes-custom-dangerous-patterns-plugin \
      ~/.hermes/plugins/custom-dangerous-patterns

Important: The directory inside ~/.hermes/plugins/ must be named custom-dangerous-patterns (with the trailing s).

Then enable:

hermes plugins enable custom-dangerous-patterns

Step 2: Create the Config File

cp ~/.hermes/plugins/custom-dangerous-patterns/examples/custom-dangerous-patterns.yaml \
   ~/.hermes/custom-dangerous-patterns.yaml

Or create ~/.hermes/custom-dangerous-patterns.yaml manually (see Configuration).

Step 3: Restart Hermes

The plugin loads at startup. Restart the gateway or start a new CLI session:

hermes gateway restart    # if using the gateway
# or just start a new `hermes` CLI session

Step 4: Test It

> vultr instance delete --instance-id cb670a12-e4f5-6d78-ab90-1234567890ab

⚠️ Dangerous command detected: Vultr destructive instance/snapshot command
    vultr instance delete --instance-id cb670a12-e4f5-6d78-ab90-1234567890ab

  [o]nce    — allow this one time
  [s]ession — allow for this session
  [a]lways  — always allow this pattern
  [d]eny    — block (default)

Troubleshooting

Plugin Not Loading

Check that the plugin is enabled:

hermes plugins list | grep custom-dangerous-patterns

If not listed, enable it:

hermes plugins enable custom-dangerous-patterns

Patterns Not Triggering Approval

1. Verify the plugin loaded successfully:

   grep "custom-dangerous-patterns" ~/.hermes/logs/agent.log | tail -5

2. Check for import errors:

   grep "Failed to load plugin.*custom-dangerous-patterns" ~/.hermes/logs/errors.log

3. Ensure you restarted Hermes after enabling the plugin.

4. Test pattern matching directly:

   cd ~/.hermes/plugins/custom-dangerous-patterns
   python3 -c "
   from .config import load_config
   from .patterns import compile_all, get_block_patterns
   config = load_config(force=True)
   compile_all(config)
   patterns = get_block_patterns()
   print(f'{len(patterns)} block patterns loaded')
   for regex, desc in patterns:
       print(f'  {regex.pattern} — {desc}')
   "

Allow Patterns Not Working

Allow patterns are checked before block patterns. If a command matches both, the allow wins. Verify your allow pattern matches the exact command string:

cd ~/.hermes/plugins/custom-dangerous-patterns
python3 -c "
from .config import load_config
from .patterns import compile_all, is_allow_pattern
config = load_config(force=True)
compile_all(config)
result = is_allow_pattern('vultr account info')
print(f'Match: {result}')
"

Config File Not Found

The plugin looks for ~/.hermes/custom-dangerous-patterns.yaml. Override with:

export HERMES_CUSTOM_PATTERNS_PATH=/path/to/file.yaml