Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 287 Pull Requests 92 Actions 1 Packages Projects Releases Wiki Activity
4,266 Commits 513 Branches 3 Tags
5dcb90531b5db7ed38bbd9c41b6dde28c60023e0
Commit Graph

2 Commits

Author SHA1 Message Date
Alexander Whitestone
5dcb90531b feat: Poka-yoke — prevent hardcoded home-directory paths (closes #921)
Some checks failed
Contributor Attribution Check / check-attribution (pull_request) Failing after 49s
Details
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Details
Nix / nix (ubuntu-latest) (pull_request) Failing after 6s
Details
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 25s
Details
Tests / e2e (pull_request) Successful in 4m26s
Details
Tests / test (pull_request) Failing after 59m48s
Details
Nix / nix (macos-latest) (pull_request) Has been cancelled
Details 
Three-layer defense against latent /Users/<name>/ and ~/ path defects:

1. Runtime guard (tools/path_guard.py):
   - validate_path() catches /Users/<name>/, /home/<name>/ in tool args
   - Allows current HOME prefix (expanduser output is safe)
   - Wired into write_file_tool() and execute_code()

2. Pre-commit hook (hooks/pre-commit-path-guard.py):
   - Scans staged .py files for hardcoded path patterns
   - Blocks commit with actionable error message
   - # noqa: hardcoded-path-ok escape hatch for legitimate cases

3. CI lint (scripts/lint_hardcoded_paths.py):
   - Scans directory tree for violations
   - --fix flag shows remediation suggestions
   - Skips test dirs, __pycache__, venv

4. 21 tests (tests/test_path_guard.py):
   - Runtime validation (valid/invalid paths, batch, edge cases)
   - Static scanning (clean files, violations, noqa, comments)
   - Directory scanning (tree traversal, skip rules)

Existing violations annotated with # noqa: hardcoded-path-ok where
legitimate (config defaults, display strings, test fixtures, skills).
 2026-04-21 07:37:14 -04:00
PRIMA
85a654348a feat: poka-yoke — prevent hardcoded ~/.hermes paths (closes #835)
Some checks failed
Contributor Attribution Check / check-attribution (pull_request) Successful in 27s
Details
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Details
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 19s
Details
Tests / e2e (pull_request) Successful in 1m55s
Details
Tests / test (pull_request) Failing after 56m41s
Details 
scripts/lint_hardcoded_paths.py (new):
- Scans Python files for hardcoded home-directory paths
- Detects: Path.home()/.hermes without env fallback, /Users/<name>/, /home/<name>/
- Excludes: comments, docstrings, test files, skills, plugins, docs
- Excludes correct patterns: profiles_parent, current_default, native_home
- Supports --staged (git pre-commit), --fix (suggestions), --json output

scripts/pre-commit-hardcoded-paths.sh (new):
- Pre-commit hook that runs lint_hardcoded_paths.py --staged
- Blocks commits containing hardcoded path violations

tools/confirmation_daemon.py (fixed):
- Replaced Path.home() / '.hermes' / 'approval_whitelist.json'
  with get_hermes_home() / 'approval_whitelist.json'
- Added import of get_hermes_home from hermes_constants

tests/test_hardcoded_paths.py (new):
- 11 tests: detection, exclusion, fallback patterns, clean files
 2026-04-15 22:56:32 -04:00