How-To Series · Episode 56 / 59 · Module 9: Locking It Down

Hermes · Security: Approvals & Allowlists

An agent runs shell commands, some destructive. Hermes gates the dangerous ones behind your approval.

After this videoYou can now control exactly which dangerous commands run, and which never can.

Before executing anything, Hermes matches the command against a curated list of dangerous patterns (recursive deletes, disk formats, DROP DATABASE, overwriting /etc/) and pauses for approval on a match. Three modes set how strict the gate is: manual (default, prompt every time), smart (a cheap model auto-approves safe, auto-denies dangerous, asks when unsure), and off (= YOLO). The CLI prompt offers once / session / always / deny, deny is the default, and a timeout denies too (fail-closed). "Always" writes to a command_allowlist you can audit with hermes config edit. Below everything sits a hardline blocklist (rm -rf /, fork bombs, formatting a live disk) refused regardless of YOLO or allowlist, with no override. For unattended work, the cleaner answer is a container backend: the container becomes the boundary and checks are skipped safely.

About these resources. Every command comes from the Security doc; this episode covers the dangerous-command approval gate specifically.

Sources · What this video distills

1 docs page · every command below traces to one of them
Primary · approval modes, approval flow, command_allowlist, hardline blocklist, YOLO, container isolation
Security
Read ↗

Commands shown · Copy and paste

each shows the source doc it came from
Approval mode (config.yaml)from source ↗
approvals: { mode: smart, timeout: 60 }
YOLO (session)from source ↗
hermes chat --yolo · /yolo (toggle)
Isolate (container is the boundary)from source ↗
terminal: { backend: docker }

Going deeper · Related Hermes docs

further reading · not sources of facts shown above
Hermes in Docker
how container isolation works
Configuration Deep Dive
the full config.yaml schema
Configuring Models
the aux model behind smart mode

Next in the series · Episodes that build on this

E57
Hermes in Docker
E58
Configuration Deep Dive
E55
Configuring Models