feat: add /temp ephemeral session command#32180
Conversation
/temp starts an ephemeral session where write-side tools are blocked: - memory (add/replace/remove) — blocked - skill_manage (create/edit/delete/write_file/remove_file) — blocked - cronjob (create) — blocked All read/search/browse tools work normally. On /new, /reset, /clear, or exit from a temp session, the entire session is purged from the database and transcript files — no trace remains. The LLM receives a system prompt note informing it of ephemeral mode so it doesn't waste turns attempting blocked operations. Works in both CLI and gateway (Telegram/Discord/etc) modes.
hclsys
left a comment
There was a problem hiding this comment.
Nice feature, and the enforcement wiring is in the right place (_check_temp_session_block gated on agent.temp_session in the tool-dispatch path, plus the system-prompt notice and the purge-on-/new//reset cleanup). But I think the memory/skill_manage blocking is broader than intended — it blocks reads too.
In _TEMP_BLOCKED_TOOLS:
"memory": None, # view is fine; add/replace/remove blocked
"skill_manage": None, # view/skill_view fine; create/edit/delete/... blocked
"cronjob": {"create"}, # only create blocked; list/poll/run/etc. are fineand _check_temp_session_block:
blocked_actions = _TEMP_BLOCKED_TOOLS[function_name]
# If None, all actions for this tool are blocked.
if blocked_actions is None:
return ("... is blocked in ephemeral session mode. ...")None means block every action, so memory and skill_manage are fully blocked — including their read-only actions (memory view, skill_manage view/skill_view). That contradicts:
- the inline comments themselves (
# view is fine,# view/skill_view fine), - the PR description's table (which scopes the block to write actions: add/replace/remove for memory, create/edit/patch/delete/write_file/remove_file for skill_manage),
- and the "all other tools still work" framing.
So in an ephemeral session the model currently can't even read memory or inspect skills, which is a usability regression versus the stated design (read should stay available; only persistence writes should be blocked).
The cronjob: {"create"} entry shows the action-set form already works for exactly this — I'd switch memory/skill_manage to explicit blocked-action sets, e.g.:
"memory": {"add", "replace", "remove"},
"skill_manage": {"create", "edit", "patch", "delete", "write_file", "remove_file"},
"cronjob": {"create"},(double-checking those action names against the actual tool schemas), and drop the None → block-all branch — or keep it but document that None is intentionally block-all and don't use it for memory/skill_manage.
One smaller thing worth confirming separately: the message/help text promises the session is "auto-deleted ... or exit", and there's a purge on /new and /reset — is the exit/crash path also covered (e.g. a finally/atexit), or only the graceful slash-commands? If a crash leaves the ephemeral session persisted, the "ephemeral" guarantee is softer than advertised. (I couldn't confirm an atexit/finally hook in the diff.)
1. _TEMP_BLOCKED_TOOLS: Replace None sentinel with explicit frozensets.
- memory: {add, replace, remove}
- skill_manage: {create, edit, patch, delete, write_file, remove_file}
- cronjob: {create}
This makes block-by-action explicit rather than relying on None = block-all,
and correctly allows read-only actions (which are separate tools like
skill_view/skills_list, or implicit via system prompt for memory).
2. atexit cleanup: Add _active_cli_ref module variable and ephemeral
session purge to _run_cleanup() in cli.py, plus _purge_all_temp_sessions()
in gateway shutdown. Crashes/SIGKILL that bypass graceful /quit will
still purge ephemeral sessions.
3. System prompt notice: List blocked actions explicitly so the model
knows what's blocked vs. still available.
4. Command description: Clarify that /reset also triggers cleanup.
Summary
Adds a
/tempslash command that starts an ephemeral session — a fully functional chat session where write-side persistence tools are blocked and the entire session is auto-deleted on/new,/reset,/clear, or exit.Blocked tools in ephemeral mode
memoryskill_managecronjobcreateonly (list/poll/run/update/pause/resume/remove still work)All other tools (web_search, browse, terminal, file read/write, send_message, session_search, delegate_task, todo, vision, etc.) work normally.
Key behaviors
_check_temp_session_block()inagent_runtime_helpers.pyintercepts blocked tool calls before execution and returns a clear error message_cleanup_temp_session_if_active()callsSessionDB.delete_session()withsessions_dirto wipe the session row, messages, and transcript files/tempis registered inCOMMAND_REGISTRYand handled in bothcli.pyandgateway/run.pytemp_sessionflag flows from CLI → AIAgent → system prompt and tool dispatchFiles changed (8)
hermes_cli/commands.py— Command registry entrycli.py—/temphandler,_temp_sessionflag, cleanup logicrun_agent.py+agent/agent_init.py—temp_sessionparam on AIAgentagent/agent_runtime_helpers.py— Tool blocking logicagent/system_prompt.py— Ephemeral session noticegateway/run.py— Gateway/temphandler + reset cleanupgateway/session.py—temp_sessionfield on SessionEntry