From 57ef5411a4d068b57236c06c719048d3d3c1492d Mon Sep 17 00:00:00 2001 From: Svrnty Date: Sun, 24 May 2026 17:20:11 -0400 Subject: [PATCH] =?UTF-8?q?feat(install):=20Wave=207.5=20=E2=80=94=20steev?= =?UTF-8?q?=20F2b=20enable=20builtin=20allowlist=20via=20additive=20extern?= =?UTF-8?q?al=5Fdirs=20=E2=80=94=20sprint=202026-05-25?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) --- install.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/install.sh b/install.sh index 4680120..b85e67a 100755 --- a/install.sh +++ b/install.sh @@ -147,6 +147,33 @@ else echo " WARN: F2 hermes/yq missing — skipping denylist" fi +# F2b — enable builtin allowlist via additive external_dirs +# Hermes 0.14 uses additive external_dirs model (not pure denylist) — to enable +# a builtin skill, add its hermes-agent/skills// path here. +HERMES_AGENT_SKILLS="$HERMES_WORKSPACE/hermes-agent/skills" +if [ "$DRY" = 1 ]; then + echo "DRY: F2b enable builtin allowlist via additive external_dirs → $PROFILE_CFG" +elif command -v yq >/dev/null 2>&1; then + BUILTIN_PATHS=$(yq -r '.disclosure.skills[]? | select(.source=="builtin") | .path' "$REPO/manifest.yaml" 2>/dev/null || true) + BUILTIN_ENABLED=0 + for p in $BUILTIN_PATHS; do + full="$HERMES_AGENT_SKILLS/$p" + if [ -d "$full" ]; then + if ! yq -r '.skills.external_dirs[]?' "$PROFILE_CFG" 2>/dev/null | grep -qF "$full"; then + mkdir -p "$(dirname "$PROFILE_CFG")" + full="$full" yq -i '.skills.external_dirs += [env(full)]' "$PROFILE_CFG" \ + || echo " WARN: F2b yq write to $PROFILE_CFG failed for $full" + BUILTIN_ENABLED=$((BUILTIN_ENABLED + 1)) + fi + else + echo " ⚠ F2b: builtin path missing — $full (skipped)" >&2 + fi + done + [ "$BUILTIN_ENABLED" -gt 0 ] && echo " F2b enabled $BUILTIN_ENABLED builtin allowlist path(s) in external_dirs" +else + echo " WARN: F2b yq not on PATH — skipping builtin allowlist" +fi + # F3 — propagate disclosure.inherit_mcp_toolsets to per-profile config.yaml if [ "$DRY" = 1 ]; then echo "DRY: F3 write agent.inherit_mcp_toolsets → $PROFILE_CFG"