-
Notifications
You must be signed in to change notification settings - Fork 0
Roadmap
Stephen Cross edited this page Jun 3, 2026
·
4 revisions
| Item | Priority | Description |
|---|---|---|
enabled field on patterns |
High |
enabled: false skips pattern at load; re-enable without rewriting regex |
group tag on patterns |
High | Optional label for bulk filtering; supports --group testing and future bulk enable/disable |
deny_patterns top-level list |
High | New action tier: matched commands blocked immediately, no prompt (below hardline, above block patterns). Respects --yolo/mode=off. |
Protected pattern tier (protected: true) |
High | At load: protected patterns must be present and their regex must match the stored hash. Missing/changed → CRITICAL log with details. |
| Config hash tracking | High | SHA-256 of config at load, persisted in ~/.hermes/.custom-patterns-hash. Changed → security warning with delta. |
| New-allow shadowing warning | Medium | When a new allow pattern matches a built-in dangerous pattern with no overlapping custom block pattern, log WARN. |
| Directory config support | High |
*.d/ directory loading with alphabetic precedence |
| AGENTS.md safety guard | High | Add testing safety and self-modification risk sections to project AGENTS.md |
| Test pattern collection | Medium | Ship the [TEST] patterns as examples/test-patterns.yaml, all enabled: false, group: testing
|
patterns:
- pattern: '\brm\s+-rf\b'
description: 'Recursive delete'
enabled: true # optional, default true
protected: false # optional, default false
guidance: 'Use `rm -rf` only after confirming with `ls` first.' # optional
group: filesystem # optional tag for grouping
allow_patterns:
- pattern: '\bvultr\s+account\s+info\b'
description: 'Read-only Vultr commands'
enabled: true
deny_patterns: # NEW: blocked immediately, no prompt
- pattern: '\bruby\s+-e\s+.*system\b'
description: 'Ruby system() exec via -e'
guidance: 'Use subprocess.run() instead.'1. Hardline (unconditional, immutable)
2. Sudo stdin guard (unconditional)
3. Yolo / mode=off / cron_mode
4. Allow patterns (enabled only)
5. Deny patterns (enabled only) → immediate block, no prompt
6. Custom block patterns (enabled only) → approval prompt
7. Built-in DANGEROUS_PATTERNS → approval prompt
8. Tirith scan
Note: Hermes plugins can register CLI subcommands via
ctx.register_cli_command().
| Item | Priority | Description |
|---|---|---|
hermes custom-patterns CLI |
High |
add, remove, list, test, enable, disable, enable --group testing subcommands |
| Pattern test runner | High |
hermes custom-patterns test "vultr instance delete" → shows which patterns match, outcome, and whether the prompt would appear |
| Config syntax validation | Medium |
hermes custom-patterns validate — check YAML + regex validity without running |
| Built-in pattern reference | Medium |
hermes custom-patterns builtins — list Hermes's ~47 hardcoded patterns |
| Pattern description search | Low |
hermes custom-patterns search "terraform" — find all patterns matching a keyword |
| Item | Priority | Description |
|---|---|---|
| Pattern profiles | Medium | Named config sets: profiles/work.yaml (strict), profiles/personal.yaml (relaxed), switchable via env var |
| Include/import directive | Medium |
patterns: ["#include: community/cloud-aws.yaml"] for YAML-level composition |
| Community pattern packs | Low | Curated sets published as GitHub repos, installable via hermes custom-patterns install scross01/cloud-patterns
|
| Pattern audit log | Low | Record which patterns triggered, how often, user's decision — helps users refine their config |
These require Hermes core changes:
-
register_dangerous_pattern()API onPluginContext— eliminates the need for monkey-patching -
Sensitive-write gate for plugin config —
_SENSITIVE_WRITE_TARGETshould covercustom-dangerous-patterns.yaml -
pre_tool_executionhook — pre-execution veto without monkey-patching - Structured logging for approval events — standardized event format for analytics
- GUI config editor:
hermes custom-patterns add "vultr" "Vultr CLI"CLI command - Pattern groups: Pre-defined pattern sets (e.g.,
cloud: [aws, gcp, azure]) - Pattern testing:
hermes custom-patterns test "vultr account info"→ shows which patterns match - Community patterns: Share pattern sets via GitHub (e.g., "common cloud CLI patterns")