Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 38 Pull Requests 2 Actions 18 Packages Projects Releases Wiki Activity

fix: add self-termination guard for pkill/killall targeting hermes/gateway (#3593)

Browse Source 
Prevent the agent from accidentally killing its own process with
pkill -f gateway, killall hermes, etc. Adds a dangerous command
pattern that triggers the approval flow.

Co-authored-by: arasovic <arasovic@users.noreply.github.com>
This commit is contained in:
Teknium
2026-03-28 14:33:48 -07:00
committed by GitHub
parent dabe3c34cc
commit 404a0b823e
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
tests/tools/test_approval.py
View File

@@ -512,6 +512,30 @@ class TestGatewayProtection:
dangerous, key, desc = detect_dangerous_command(cmd)
assert dangerous is False
def test_pkill_hermes_detected(self):
"""pkill targeting hermes/gateway processes must be caught."""
cmd = 'pkill -f "cli.py --gateway"'
dangerous, key, desc = detect_dangerous_command(cmd)
assert dangerous is True
assert "self-termination" in desc
def test_killall_hermes_detected(self):
cmd = "killall hermes"
dangerous, key, desc = detect_dangerous_command(cmd)
assert dangerous is True
assert "self-termination" in desc
def test_pkill_gateway_detected(self):
cmd = "pkill -f gateway"
dangerous, key, desc = detect_dangerous_command(cmd)
assert dangerous is True
def test_pkill_unrelated_not_flagged(self):
"""pkill targeting unrelated processes should not be flagged."""
cmd = "pkill -f nginx"
dangerous, key, desc = detect_dangerous_command(cmd)
assert dangerous is False
class TestNormalizationBypass:
"""Obfuscation techniques must not bypass dangerous command detection."""

2
tools/approval.py
View File

@@ -53,6 +53,8 @@ DANGEROUS_PATTERNS = [
# Gateway protection: never start gateway outside systemd management
(r'gateway\s+run\b.*(&\s*$|&\s*;|\bdisown\b|\bsetsid\b)', "start gateway outside systemd (use 'systemctl --user restart hermes-gateway')"),
(r'\bnohup\b.*gateway\s+run\b', "start gateway outside systemd (use 'systemctl --user restart hermes-gateway')"),
# Self-termination protection: prevent agent from killing its own process
(r'\b(pkill|killall)\b.*\b(hermes|gateway|cli\.py)\b', "kill hermes/gateway process (self-termination)"),
]