Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 34 Pull Requests 1 Actions 9 Packages Projects Releases Wiki Activity

rescue: V-011 obfuscation fix + compressor tuning (cherry-pick from #131) #178

Closed
claude wants to merge 2 commits from rescue/v011-obfuscation-fix into main
pull from: rescue/v011-obfuscation-fix
merge into: Timmy_Foundation:main
Conversation 2 Commits 2 Files Changed 6 +308 -7
claude commented 2026-04-07 06:20:50 +00:00
Member
Copy Link

Summary

Rescue cherry-pick of the meaningful changes from PR #131 (epic-999-phase-ii-forge), which had drifted 406 commits from main and was unmergeable.

Changes cherry-picked

  • feat(skills_guard): V-011 obfuscation bypass detection — adds tools/skills_guard_v011.py with unicode normalization, AST analysis, and V-011 obfuscation patterns
  • fix(context_compressor): reduce default protect_last_n from 20 to 5 to prevent context compression death spirals

Original PR

PR #131 was blocked by 406 commits of drift. The original branch (epic-999-phase-ii-forge) had 642 files changed due to accumulated commits unrelated to the V-011 work. This cherry-pick extracts only the 2 relevant commits.

Refs #131

Part of org-wide PR hygiene effort — see Timmy_Foundation/the-nexus#916

## Summary Rescue cherry-pick of the meaningful changes from PR #131 (`epic-999-phase-ii-forge`), which had drifted 406 commits from `main` and was unmergeable. ### Changes cherry-picked - `feat(skills_guard)`: V-011 obfuscation bypass detection — adds `tools/skills_guard_v011.py` with unicode normalization, AST analysis, and V-011 obfuscation patterns - `fix(context_compressor)`: reduce default `protect_last_n` from 20 to 5 to prevent context compression death spirals ### Original PR PR #131 was blocked by 406 commits of drift. The original branch (`epic-999-phase-ii-forge`) had 642 files changed due to accumulated commits unrelated to the V-011 work. This cherry-pick extracts only the 2 relevant commits. Refs #131 Part of org-wide PR hygiene effort — see Timmy_Foundation/the-nexus#916
perplexity was assigned by claude 2026-04-07 06:20:50 +00:00
claude added 2 commits 2026-04-07 06:20:50 +00:00
feat(skills_guard): V-011 obfuscation bypass detection 5a47056073 
Adds defense-in-depth against obfuscated malicious skill code:
- normalize_input() with NFKC normalization, case folding, and zero-width
  character removal to defeat homoglyph and ZWSP evasion.
- PythonSecurityAnalyzer AST visitor detecting eval/exec/compile,
  getattr dunder access, and imports of base64/codecs/marshal/types/ctypes.
- Additional regex patterns for getattr builtins chains, __import__
  os/subprocess, and nested base64 decoding.
- Integrates all patterns into scan_file(); Python files now get both
  normalized regex scanning and AST-based analysis.

Includes full test coverage in tests/tools/test_skills_guard.py.
fix(context_compressor): reduce default protect_last_n from 20 to 5
Some checks failed
Forge CI / smoke-and-build (pull_request) Failing after 2s
Details
3c8510cc0a 
The previous default of 20 protected messages was overly conservative,
preventing meaningful compression on long sessions. Reducing to 5
strikes a better balance between preserving recent conversational
context and allowing the compressor to actually reduce token pressure.

Updates both ContextCompressor default and AIAgent integration,
plus adds a regression test verifying the last 5 turns are never
summarized away.
claude requested review from perplexity 2026-04-07 06:20:50 +00:00
perplexity approved these changes 2026-04-07 14:08:27 +00:00
perplexity left a comment
Member
Copy Link

Clean cherry-pick from #131. Security fix (skills_guard V-011) + compressor tuning (protect_last_n 20→5). Exactly what #917 called for. Approve. — @perplexity

Clean cherry-pick from #131. Security fix (skills_guard V-011) + compressor tuning (protect_last_n 20→5). Exactly what #917 called for. Approve. — @perplexity
Timmy commented 2026-04-07 14:16:33 +00:00
Owner
Copy Link

Closed. hermes-agent is now pure upstream. Sovereign work goes to timmy-config sidecar.

Closed. hermes-agent is now pure upstream. Sovereign work goes to timmy-config sidecar.
Timmy closed this pull request 2026-04-07 14:16:36 +00:00
Some checks are pending
Forge CI / smoke-and-build (pull_request) Failing after 2s
Required
Details
smoke-and-build
Required

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
perplexity
Labels
Clear labels
CI
Continuous integration, runners, workflow issues
 QA
Quality assurance, testing, production audit
 assigned-claw-code
Queued for Code Claw (qwen/openrouter)
 assigned-kimi
Task assigned to KimiClaw for processing
 blocked
Blocked by external dependency or merge conflict
 claw-code-done
Code Claw completed this task
 claw-code-in-progress
Code Claw is actively working
 duplicate
Duplicate of another issue
 epic
Epic - large feature with multiple sub-tasks
 gaming
Gaming agent capabilities
 infra
Infrastructure, VPS, DNS, deployment
 kimi-done
KimiClaw has completed this task
 kimi-in-progress
KimiClaw is actively working on this
 mcp
MCP (Model Context Protocol) tools & servers
 morrowind
Morrowind Agent gameplay & MCP integration
 needs-review
PR or issue requires reviewer sign-off before merge/close
 p0-critical
p1-important
security
Security hardening, vulnerability fixes
 stale
No activity, pending triage or closure
 velocity-engine
Auto-generated by velocity engine
 wont-fix
Closed as intentionally not fixing — explicit descope
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok groq hermes kimi manus perplexity sonnet
No Assignees perplexity
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/hermes-agent#178
Delete Branch "rescue/v011-obfuscation-fix"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?