fix: prevent agents from starting gateway outside systemd management#2617
Merged
Conversation
An agent session killed the systemd-managed gateway (PID 1605) and restarted it with '&disown', taking it outside systemd's Restart= management. When the orphaned process later received SIGTERM, nothing restarted it. Add dangerous command patterns to detect: - 'gateway run' with & (background), disown, nohup, or setsid - These should use 'systemctl --user restart hermes-gateway' instead Also applied directly to main repo and fixed the systemd service: - Changed Restart=on-failure to Restart=always (clean SIGTERM = exit 0 = not a 'failure', so on-failure never triggered) - RestartSec=10 for reasonable restart delay
InB4DevOps
pushed a commit
to InB4DevOps/hermes-agent
that referenced
this pull request
Mar 25, 2026
…ousResearch#2617) An agent session killed the systemd-managed gateway (PID 1605) and restarted it with '&disown', taking it outside systemd's Restart= management. When the orphaned process later received SIGTERM, nothing restarted it. Add dangerous command patterns to detect: - 'gateway run' with & (background), disown, nohup, or setsid - These should use 'systemctl --user restart hermes-gateway' instead Also applied directly to main repo and fixed the systemd service: - Changed Restart=on-failure to Restart=always (clean SIGTERM = exit 0 = not a 'failure', so on-failure never triggered) - RestartSec=10 for reasonable restart delay
outsourc-e
pushed a commit
to outsourc-e/hermes-agent
that referenced
this pull request
Mar 26, 2026
…ousResearch#2617) An agent session killed the systemd-managed gateway (PID 1605) and restarted it with '&disown', taking it outside systemd's Restart= management. When the orphaned process later received SIGTERM, nothing restarted it. Add dangerous command patterns to detect: - 'gateway run' with & (background), disown, nohup, or setsid - These should use 'systemctl --user restart hermes-gateway' instead Also applied directly to main repo and fixed the systemd service: - Changed Restart=on-failure to Restart=always (clean SIGTERM = exit 0 = not a 'failure', so on-failure never triggered) - RestartSec=10 for reasonable restart delay
This was referenced Mar 27, 2026
angelburgosrosado
pushed a commit
to angelburgosrosado/hermes-agent
that referenced
this pull request
Apr 27, 2026
…ousResearch#2617) An agent session killed the systemd-managed gateway (PID 1605) and restarted it with '&disown', taking it outside systemd's Restart= management. When the orphaned process later received SIGTERM, nothing restarted it. Add dangerous command patterns to detect: - 'gateway run' with & (background), disown, nohup, or setsid - These should use 'systemctl --user restart hermes-gateway' instead Also applied directly to main repo and fixed the systemd service: - Changed Restart=on-failure to Restart=always (clean SIGTERM = exit 0 = not a 'failure', so on-failure never triggered) - RestartSec=10 for reasonable restart delay
02356abc
pushed a commit
to 02356abc/hermes-agent
that referenced
this pull request
May 14, 2026
…ousResearch#2617) An agent session killed the systemd-managed gateway (PID 1605) and restarted it with '&disown', taking it outside systemd's Restart= management. When the orphaned process later received SIGTERM, nothing restarted it. Add dangerous command patterns to detect: - 'gateway run' with & (background), disown, nohup, or setsid - These should use 'systemctl --user restart hermes-gateway' instead Also applied directly to main repo and fixed the systemd service: - Changed Restart=on-failure to Restart=always (clean SIGTERM = exit 0 = not a 'failure', so on-failure never triggered) - RestartSec=10 for reasonable restart delay
olympus-terminal
pushed a commit
to olympus-terminal/hermes-agent
that referenced
this pull request
May 16, 2026
…ousResearch#2617) An agent session killed the systemd-managed gateway (PID 1605) and restarted it with '&disown', taking it outside systemd's Restart= management. When the orphaned process later received SIGTERM, nothing restarted it. Add dangerous command patterns to detect: - 'gateway run' with & (background), disown, nohup, or setsid - These should use 'systemctl --user restart hermes-gateway' instead Also applied directly to main repo and fixed the systemd service: - Changed Restart=on-failure to Restart=always (clean SIGTERM = exit 0 = not a 'failure', so on-failure never triggered) - RestartSec=10 for reasonable restart delay
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
…ousResearch#2617) An agent session killed the systemd-managed gateway (PID 1605) and restarted it with '&disown', taking it outside systemd's Restart= management. When the orphaned process later received SIGTERM, nothing restarted it. Add dangerous command patterns to detect: - 'gateway run' with & (background), disown, nohup, or setsid - These should use 'systemctl --user restart hermes-gateway' instead Also applied directly to main repo and fixed the systemd service: - Changed Restart=on-failure to Restart=always (clean SIGTERM = exit 0 = not a 'failure', so on-failure never triggered) - RestartSec=10 for reasonable restart delay
Egavasyug
pushed a commit
to Egavasyug/hermes-agent
that referenced
this pull request
Jun 10, 2026
…ousResearch#2617) An agent session killed the systemd-managed gateway (PID 1605) and restarted it with '&disown', taking it outside systemd's Restart= management. When the orphaned process later received SIGTERM, nothing restarted it. Add dangerous command patterns to detect: - 'gateway run' with & (background), disown, nohup, or setsid - These should use 'systemctl --user restart hermes-gateway' instead Also applied directly to main repo and fixed the systemd service: - Changed Restart=on-failure to Restart=always (clean SIGTERM = exit 0 = not a 'failure', so on-failure never triggered) - RestartSec=10 for reasonable restart delay
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
An agent session on Telegram was asked to restart the gateway for DNS recovery. It ran:
This killed the systemd-managed gateway process and started a replacement with
&disown, completely outside systemd's management. The systemd service saw a clean exit (code 0) and withRestart=on-failure, didn't restart. The orphaned gateway ran for ~7 hours until it received SIGTERM, at which point nothing restarted it.Root Causes
Restart=on-failurein systemd service — clean SIGTERM shutdown exits with code 0, which isn't a 'failure', so systemd never restarts&disown— took it out of systemd management entirelyFixes
Code changes (this PR)
tools/approval.pydetecting:gateway runwith&,disown, orsetsid(backgrounding)nohup ... gateway run(detaching from terminal)systemctl --user restart hermes-gatewayinsteadAlready applied directly (not in this PR)
Restart=on-failure→Restart=always,RestartSec=10Test plan
python -m pytest tests/tools/test_approval.py -n0 -q— 74 passed