fix: include pattern description and alternatives in denial messages#13
Merged
juniperbevensee merged 5 commits intoJun 1, 2026
Merged
Conversation
When check_all_command_guards denied a command (via gateway or CLI), the LLM only saw generic "BLOCKED" text without knowing WHAT pattern triggered the block or what to do instead. This caused agents to retry the same dangerous pattern (e.g. curl | python3) with different URLs, hitting the same block repeatedly. Now the denial message includes the combined_desc (tirith findings + pattern info) and suggests concrete alternatives: download-then-process, jq, or native HTTP libraries. Cherry-picked from hermes-swarm 13030af1f. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🔎 Lint report:
|
| Rule | Count |
|---|---|
unresolved-import |
1 |
First entries
tests/gateway/test_approval_admin_gating.py:15: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
✅ Fixed issues: none
Unchanged: 4974 pre-existing issues carried over.
Diagnostics are surfaced as warnings — this check never fails the build.
The /approve and /deny handlers had no authorization check — any user who could message the bot could approve dangerous commands. Now checks approvals.admin_only config (defaults to true) and uses slash_access policy to verify admin status before allowing approve/deny. Covers gateway text commands, Telegram button callbacks, and adds _is_user_admin() to TelegramAdapter with HSM policy + ALLOWED_USERS fallback (fail-closed). Adapted from hermes-swarm a9c36a5d9 for the public fork's architecture. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tests asserted old message shape ("NOT consented", "rephrase") that no
longer exists after the denial message fix. Updated to match the new
contract ("Do NOT retry", "different approach"). Added juniperbevensee
to AUTHOR_MAP for attribution check.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- quick_commands: add session_store mock to GatewayRunner setup via shared _init_runner helper — pre_gateway_dispatch hook now accesses it before the quick command branch - noise_filter: update test_non_telegram_status_is_unchanged to expect Discord messages to be suppressed, matching the intentional change in 61c7b4e that extended filtering to all chat platforms (not just Telegram) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MagicMock auto-creates truthy attributes when accessed, which caused _handle_message to enter the observe_only branch (returns None) instead of reaching the quick command dispatch. Setting internal, observe_only, media_urls, media_types, message_id, and channel_prompt explicitly on the mock event fixes the root cause of the shard-3 CI failures. Also adds _running_agents_ts, _update_prompt_pending, _draining, adapters, pairing_store, and related attrs to _init_runner — the interceptor gauntlet before quick commands needs them. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
check_all_command_guardsnow includecombined_desc(tirith findings + pattern info) so the LLM knows WHAT was blockedCherry-picked from hermes-swarm
13030af1f. Adapted to the public fork's code structure.Test plan
tests/gateway/test_approve_deny_commands.py— 21/21 passcurl | python3patterns🤖 Generated with Claude Code