Bug Description
load_permanent_allowlist() in tools/approval.py is defined (line 304) but never called anywhere in the codebase.
The save path works correctly — when a user approves a command with /approve always, save_permanent_allowlist() writes the pattern to config.yaml under command_allowlist. However, on process restart, these patterns are never loaded back into the in-memory _permanent_approved set because nothing calls load_permanent_allowlist().
This means all "permanent" approvals are silently lost after every gateway or CLI restart, and users are re-prompted for the same commands they already permanently approved.
Steps to Reproduce
- Run hermes with
approvals.mode: manual
- Trigger a dangerous command (e.g.,
python3 -c "print('hello')")
- Approve with
/approve always
- Verify
command_allowlist in config.yaml now contains the pattern ✅
- Restart the gateway
- Trigger the same command again
- Expected: Command is auto-approved from the persisted allowlist
- Actual: User is prompted again — the allowlist was never loaded
Root Cause
save_permanent_allowlist() is called in three places (lines 581, 792, 838) but load_permanent_allowlist() is never called anywhere — not at module import, not at gateway startup, not at CLI init.
Suggested Fix
Add at the end of tools/approval.py:
# Load permanent allowlist from config on module import
load_permanent_allowlist()
This is a one-line fix. The function already exists and works correctly — it just needs to be called.
Environment
- Hermes Agent v0.6.0 (commit 3659e1f)
- Gateway mode (Discord platform)
- Ubuntu 24.04
Bug Description
load_permanent_allowlist()intools/approval.pyis defined (line 304) but never called anywhere in the codebase.The save path works correctly — when a user approves a command with
/approve always,save_permanent_allowlist()writes the pattern toconfig.yamlundercommand_allowlist. However, on process restart, these patterns are never loaded back into the in-memory_permanent_approvedset because nothing callsload_permanent_allowlist().This means all "permanent" approvals are silently lost after every gateway or CLI restart, and users are re-prompted for the same commands they already permanently approved.
Steps to Reproduce
approvals.mode: manualpython3 -c "print('hello')")/approve alwayscommand_allowlistinconfig.yamlnow contains the pattern ✅Root Cause
save_permanent_allowlist()is called in three places (lines 581, 792, 838) butload_permanent_allowlist()is never called anywhere — not at module import, not at gateway startup, not at CLI init.Suggested Fix
Add at the end of
tools/approval.py:This is a one-line fix. The function already exists and works correctly — it just needs to be called.
Environment