Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 38 Pull Requests 2 Actions 18 Packages Projects Releases Wiki Activity
Files
0ce190be0dd7b0d6e0b9ccc59f6cfc372b1cd835
hermes-agent/hermes_cli/config.py
teknium1 0ce190be0d security: enforce 0600/0700 file permissions on sensitive files (inspired by openclaw) 
Enforce owner-only permissions on files and directories that contain
secrets or sensitive data:

- cron/jobs.py: jobs.json (0600), cron dirs (0700), job output files (0600)
- hermes_cli/config.py: config.yaml (0600), .env (0600), ~/.hermes/* dirs (0700)
- cli.py: config.yaml via save_config_value (0600)

All chmod calls use try/except for Windows compatibility.

Includes _secure_file() and _secure_dir() helpers with graceful fallback.
8 new tests verify permissions on all file types.

Inspired by openclaw v2026.3.7 file permission enforcement.
2026-03-09 02:19:32 -07:00

46 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink