Skip to content

fix(backup): skip symlinked files in Hermes backups#25289

Merged
teknium1 merged 1 commit into
NousResearch:mainfrom
binhnt92:codex/backup-symlink-guard
May 25, 2026
Merged

fix(backup): skip symlinked files in Hermes backups#25289
teknium1 merged 1 commit into
NousResearch:mainfrom
binhnt92:codex/backup-symlink-guard

Conversation

@binhnt92

@binhnt92 binhnt92 commented May 13, 2026

Copy link
Copy Markdown
Contributor

Summary

  • skip symlinked files when collecting Hermes backup entries
  • share the skip logic with the pre-update and pre-migration backup zip helper
  • add regression coverage proving backup zips do not dereference links to files outside HERMES_HOME

Why

Python zipfile.write follows file symlinks. A symlink inside HERMES_HOME could cause hermes backup or update/migration safety backups to include target file content from outside the Hermes home directory.

Tests

  • python3 -m pytest tests/hermes_cli/test_backup.py::TestBackup::test_skips_symlinked_files tests/hermes_cli/test_backup.py::TestPreUpdateBackup::test_skips_symlinked_files -q
  • python3 -m pytest tests/hermes_cli/test_backup.py -q
  • python3 -m ruff check hermes_cli/backup.py tests/hermes_cli/test_backup.py
  • python3 -m compileall -q hermes_cli/backup.py tests/hermes_cli/test_backup.py
  • git diff --check

@binhnt92 binhnt92 force-pushed the codex/backup-symlink-guard branch from bd51a75 to c2c459f Compare May 13, 2026 23:35
@alt-glitch alt-glitch added type/security Security vulnerability or hardening P2 Medium — degraded but workaround exists comp/cli CLI entry point, hermes_cli/, setup wizard labels May 13, 2026
@binhnt92 binhnt92 changed the title [codex] skip symlinked files in Hermes backups fix(backup): skip symlinked files in Hermes backups May 14, 2026
@teknium1 teknium1 merged commit 0d55315 into NousResearch:main May 25, 2026
13 of 14 checks passed
@bot-ted bot-ted mentioned this pull request May 25, 2026
Merged
daletkc pushed a commit to daletkc/hermes-agent that referenced this pull request May 25, 2026
@binhnt92
fix(backup): skip symlinked files in zip archives (NousResearch#25289)
b6689d2
mathias3 pushed a commit to mathias3/hermes-agent that referenced this pull request May 28, 2026
@binhnt92 @mathias3
fix(backup): skip symlinked files in zip archives (NousResearch#25289)
54f4597
Bryce-huang pushed a commit to wbkunlun/hermes-agent that referenced this pull request May 29, 2026
@binhnt92
fix(backup): skip symlinked files in zip archives (NousResearch#25289)
02c1e31 
#AI commit#
mosaiq-systems pushed a commit to mosaiq-systems/hermes-agent that referenced this pull request May 29, 2026
@binhnt92
fix(backup): skip symlinked files in zip archives (NousResearch#25289)
b849a86
gweeteve pushed a commit to gweeteve/hermes-agent that referenced this pull request Jun 2, 2026
@binhnt92
fix(backup): skip symlinked files in zip archives (NousResearch#25289)
39cf925
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp/cli CLI entry point, hermes_cli/, setup wizard P2 Medium — degraded but workaround exists type/security Security vulnerability or hardening

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@binhnt92 @alt-glitch @teknium1