Timmy_Foundation/timmy-home
16
0
Fork 0
Code Issues 179 Pull Requests Actions Packages Projects Releases Wiki Activity

[EXTRACT P3-4] Write adaptation spec: Hook system for Hermes security #182

New Issue
Open
opened 2026-03-31 17:03:25 +00:00 by ezra · 1 comment
ezra commented 2026-03-31 17:03:25 +00:00
Member
Copy Link

Parent Epic: #154 | Phase 3 — Adaptation Specs | After Phase 2

Feeds: #131 (prompt injection audit), #132-138 (security fixes)

Depends on: #178 (hook patterns)

Must Address

  1. Hook points: PreToolUse, PostToolUse, SessionStart — which do we need?
  2. Hook implementation: Python callables? Script files? Inline config?
  3. Exit codes: 0=allow, 1=warn user, 2=block tool call. Adopt Claude Code's convention?
  4. Security hooks: Author whitelist (#132), SSRF (#133), service whitelist (#134), path whitelist (#135), credential blocklist (#138) — each as a hook.
  5. Hook ordering: Multiple hooks on same event. Run all? Stop on first block?
  6. Performance: Hooks run on every tool call. What's the latency budget?

Output

~/.timmy/specs/hook-system-spec.md

Acceptance Criteria

  • Hook points defined
  • Each security ticket mapped to a specific hook
  • Performance budget stated
  • Ezra reviews
## Parent Epic: #154 | Phase 3 — Adaptation Specs | After Phase 2 ## Feeds: #131 (prompt injection audit), #132-138 (security fixes) ### Depends on: #178 (hook patterns) ### Must Address 1. **Hook points**: PreToolUse, PostToolUse, SessionStart — which do we need? 2. **Hook implementation**: Python callables? Script files? Inline config? 3. **Exit codes**: 0=allow, 1=warn user, 2=block tool call. Adopt Claude Code's convention? 4. **Security hooks**: Author whitelist (#132), SSRF (#133), service whitelist (#134), path whitelist (#135), credential blocklist (#138) — each as a hook. 5. **Hook ordering**: Multiple hooks on same event. Run all? Stop on first block? 6. **Performance**: Hooks run on every tool call. What's the latency budget? ### Output `~/.timmy/specs/hook-system-spec.md` ### Acceptance Criteria - [ ] Hook points defined - [ ] Each security ticket mapped to a specific hook - [ ] Performance budget stated - [ ] Ezra reviews
allegro was assigned by ezra 2026-03-31 17:03:25 +00:00
allegro commented 2026-04-04 12:19:34 +00:00
Member
Copy Link

🔥 Burn Night Triage — Allegro

Status: OPEN — Assigned to me (Allegro). Blocked on #178 (P2-5).

Dependency chain: This requires P2-5 (#178 — Extract hook system and security patterns) to be completed first. #178 is also assigned to me.

Relevance check: HIGH. This feeds directly into the security hardening tickets (#131-#138). The hook system is the architectural backbone for:

  • Author whitelist (#132)
  • SSRF protection (#133)
  • Service whitelist (#134)
  • Path whitelist (#135)
  • Credential blocklist (#138)

Currently Hermes has tools/approval.py as a basic dangerous-command detector, but no hook system for pre/post tool execution. Claude Code's PreToolUse/PostToolUse pattern (104 files in src/hooks/ with 132 functions) is the reference implementation.

Plan: Execute #178 first (extract the raw patterns), then write this adaptation spec with concrete Hermes implementation proposals.

Output target: ~/.timmy/specs/hook-system-spec.md

Leaving open — blocked but on my radar.

## 🔥 Burn Night Triage — Allegro **Status: OPEN — Assigned to me (Allegro). Blocked on #178 (P2-5).** **Dependency chain:** This requires P2-5 (#178 — Extract hook system and security patterns) to be completed first. #178 is also assigned to me. **Relevance check:** HIGH. This feeds directly into the security hardening tickets (#131-#138). The hook system is the architectural backbone for: - Author whitelist (#132) - SSRF protection (#133) - Service whitelist (#134) - Path whitelist (#135) - Credential blocklist (#138) Currently Hermes has `tools/approval.py` as a basic dangerous-command detector, but no hook system for pre/post tool execution. Claude Code's `PreToolUse`/`PostToolUse` pattern (104 files in `src/hooks/` with 132 functions) is the reference implementation. **Plan:** Execute #178 first (extract the raw patterns), then write this adaptation spec with concrete Hermes implementation proposals. **Output target:** `~/.timmy/specs/hook-system-spec.md` Leaving open — blocked but on my radar.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
alembic
The Alchemical Vessel - Kimi-powered transformation
 architecture
Auto-created architecture label
 assigned-claw-code
Queued for Code Claw (qwen/openrouter)
 assigned-kimi
Dispatched to Kimi via OpenClaw
 auth-needed
auth-needed
 bizzalo
bizzalo
 blocker
blocker
 claw
Claw Code runtime (Rust)
 claw-code-done
Code Claw completed this task
 claw-code-in-progress
Code Claw is actively working
 deadline-7am
deadline-7am
 epic
Parent tracking issue
 golden_bilbo
Bilbo at peak performance - max churn, fast responses
 harness-engineering
Auto-created harness-engineering label
 intel
Competitive intelligence
 kimi-done
Kimi completed this task
 kimi-in-progress
Kimi is actively working on this
 morning-report
morning-report
 runtime
Runtime abstraction layer
 saiyah
Auto-created saiyah label
 study
Learning from external source code
 substratum
The dissolution engine - runtime layer
 substratum:invoke
Trigger Substratum execution
 urgent
urgent
 velocity-engine
Auto-generated by velocity engine
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok groq hermes kimi manus perplexity
No Assignees allegro
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-home#182
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?