docs: expand quickstart Skills section#37047
Merged
Merged
Conversation
…nt silent approval bypass
Subway2023's #14639 blocks write_file/patch to ~/.hermes/config.yaml, but the terminal side was only partially paired: echo>/tee/cp/mv to config.yaml already tripped the project-config pattern, while `sed -i` and direct edits slipped through with auto-approve. An unpaired write_file deny is theater per SECURITY.md — the agent could flip approvals.mode=off via `sed -i` and the mtime-keyed config cache reloads it mid-session. config.yaml IS the security policy (approvals.mode/yolo/permanent allowlist live there), so it warrants real pairing, not a half-door. Add a _HERMES_CONFIG_PATH fragment mirroring _HERMES_ENV_PATH, fold it into _SENSITIVE_WRITE_TARGET (covers tee/>/>>/cp/mv), and add sed -i coverage for both config.yaml and .env. Pins 9 regression tests including no-regression guards (reads pass, /tmp writes pass). Co-authored-by: sbw2025 <subw3@mail2.sysu.edu.cn>
The Skills section was two bare commands with no framing — it never said what a skill is, how skills load, or what the install slug means. Expanded to explain the concept, the bundled catalog, install/browse/use flow, and slash-command activation. Removed the inaccurate /skills chat-command hint (skills become individual /<name> commands; hermes skills is the CLI verb).
Contributor
🔎 Lint report:
|
agogo233
added a commit
to agogo233/hermes-agent
that referenced
this pull request
Jun 2, 2026
* upstream/main: (30 commits) fix(dashboard): surface Docker update guidance instead of generic failure (NousResearch#34347) (NousResearch#37085) chore(release): map caojiguang@gmail.com in AUTHOR_MAP test(weixin): regression suite for _api_post/_api_get timeout migration fix(weixin): replace aiohttp ClientTimeout with asyncio.wait_for in _api_post/_api_get fix(gateway): recover extract-stripped tool responses on all platforms (NousResearch#29346) fix(gateway): scope final-delivery flags to turn-final segment (NousResearch#29346) docs: add 25 new community user stories to the collage (NousResearch#37048) feat(cli): ranked fuzzy search in the curses model picker feat(cli): add fuzzy search helpers for curses pickers feat: fuzzy search for the model picker (WebUI + TUI) docs: expand quickstart Skills section (NousResearch#37047) test(tools): characterize tool-surface TERMINAL_CWD contract (NousResearch#29265) test(agent): pin whitespace-strip and OSError-propagation in runtime_cwd docs(test): correct None-semantics comment in test_runtime_cwd (discovery not skipped) docs(agent): correct resolve_context_cwd comment (None → caller getcwd fallback, not skip) refactor(prompt): route context-file cwd through runtime_cwd resolver test(prompt): place cwd regression tests in TestEnvironmentHints (drop redundant docker case) fix(prompt): show configured working directory in system prompt (closes NousResearch#24882, NousResearch#24969, NousResearch#27383, NousResearch#29265) test(agent): pin context_cwd isdir-skip asymmetry and tilde expansion feat(agent): add runtime_cwd resolver (single source of truth for working dir) ...
changman
pushed a commit
to changman/hermes-agent
that referenced
this pull request
Jun 10, 2026
* fix(file_tools): block agent writes to ~/.hermes/config.yaml to prevent silent approval bypass * fix(approval): pair terminal-side gate for ~/.hermes/config.yaml writes Subway2023's NousResearch#14639 blocks write_file/patch to ~/.hermes/config.yaml, but the terminal side was only partially paired: echo>/tee/cp/mv to config.yaml already tripped the project-config pattern, while `sed -i` and direct edits slipped through with auto-approve. An unpaired write_file deny is theater per SECURITY.md — the agent could flip approvals.mode=off via `sed -i` and the mtime-keyed config cache reloads it mid-session. config.yaml IS the security policy (approvals.mode/yolo/permanent allowlist live there), so it warrants real pairing, not a half-door. Add a _HERMES_CONFIG_PATH fragment mirroring _HERMES_ENV_PATH, fold it into _SENSITIVE_WRITE_TARGET (covers tee/>/>>/cp/mv), and add sed -i coverage for both config.yaml and .env. Pins 9 regression tests including no-regression guards (reads pass, /tmp writes pass). Co-authored-by: sbw2025 <subw3@mail2.sysu.edu.cn> * chore(release): map Subway2023 for PR NousResearch#14639 salvage * docs: expand quickstart Skills section The Skills section was two bare commands with no framing — it never said what a skill is, how skills load, or what the install slug means. Expanded to explain the concept, the bundled catalog, install/browse/use flow, and slash-command activation. Removed the inaccurate /skills chat-command hint (skills become individual /<name> commands; hermes skills is the CLI verb). --------- Co-authored-by: sbw2025 <subw3@mail2.sysu.edu.cn>
alt-glitch
pushed a commit
that referenced
this pull request
Jun 14, 2026
* fix(file_tools): block agent writes to ~/.hermes/config.yaml to prevent silent approval bypass * fix(approval): pair terminal-side gate for ~/.hermes/config.yaml writes Subway2023's #14639 blocks write_file/patch to ~/.hermes/config.yaml, but the terminal side was only partially paired: echo>/tee/cp/mv to config.yaml already tripped the project-config pattern, while `sed -i` and direct edits slipped through with auto-approve. An unpaired write_file deny is theater per SECURITY.md — the agent could flip approvals.mode=off via `sed -i` and the mtime-keyed config cache reloads it mid-session. config.yaml IS the security policy (approvals.mode/yolo/permanent allowlist live there), so it warrants real pairing, not a half-door. Add a _HERMES_CONFIG_PATH fragment mirroring _HERMES_ENV_PATH, fold it into _SENSITIVE_WRITE_TARGET (covers tee/>/>>/cp/mv), and add sed -i coverage for both config.yaml and .env. Pins 9 regression tests including no-regression guards (reads pass, /tmp writes pass). Co-authored-by: sbw2025 <subw3@mail2.sysu.edu.cn> * chore(release): map Subway2023 for PR #14639 salvage * docs: expand quickstart Skills section The Skills section was two bare commands with no framing — it never said what a skill is, how skills load, or what the install slug means. Expanded to explain the concept, the bundled catalog, install/browse/use flow, and slash-command activation. Removed the inaccurate /skills chat-command hint (skills become individual /<name> commands; hermes skills is the CLI verb). --------- Co-authored-by: sbw2025 <subw3@mail2.sysu.edu.cn>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The quickstart Skills section now explains what a skill is and how to use one, instead of dropping two bare commands a newcomer can't parse.
Previously it was just
hermes skills search/hermes skills installplus a one-line "or use /skills" — no definition of a skill, no explanation of the install slug, and a/skillschat-command hint that isn't real (skills become individual/<name>commands;hermes skillsis the CLI verb).Changes
website/docs/getting-started/quickstart.md: rewrote the Skills subsection — what a skill is, progressive-disclosure framing, the bundled catalog, browse/search/install flow with the slug explained, slash-command activation, and a pointer to the full Skills System doc. Removed the inaccurate/skillshint.Validation
Markdown-only change. The
../user-guide/features/skills.mdlink is the same target already linked from this file's Next Steps section, so it resolves.Infographic