iafdZddlmZddlZddlmZddlmZddZdd Z ddZ ddZ ddZ ddZ dS)z:Shared file safety rules used by both tools and ACP shims.) annotationsN)Path)Optionalreturnrc ddlm}|S#t$r/ttjdcYSwxYw)zHResolve the active HERMES_HOME (profile-aware) without circular imports.rget_hermes_homez ~/.hermes)hermes_constantsr Exceptionrospath expanduserrs 6/home/ubuntu/.hermes/hermes-agent/agent/file_safety.py_hermes_home_pathr sf5444444   555BG&&{33444445s6A  A homestrset[str]ct}dtj|ddtj|ddtj|ddtj|ddt |dz tj|dtj|d tj|d tj|d tj|d tj|d tj|dtj|dtj|ddddfDS)z8Return exact sensitive paths that must never be written.cLh|]!}tj|"S)r r realpath.0ps r z+build_write_denied_paths..s8        .sshauthorized_keysid_rsa id_ed25519configz.envz.bashrcz.zshrcz.profilez .bash_profilez .zprofilez.netrcz.pgpassz.npmrcz.pypircz /etc/sudoersz /etc/passwdz /etc/shadow)rr r joinr)r hermes_homes rbuild_write_denied_pathsr$sK#%%K   GLLv'8 9 9 GLLvx 0 0 GLLv| 4 4 GLLvx 0 0  f$ % % GLLy ) ) GLLx ( ( GLLz * * GLL / / GLL{ + + GLLx ( ( GLLy ) ) GLLx ( ( GLLy ) )   #    r list[str]cdtj|dtj|dtj|dtj|dddtj|dtj|d tj|d d f DS) z?Return sensitive directory prefixes that must never be written.cfg|].}tj|tjz/Sr)r r rseprs r z/build_write_denied_prefixes..0s?     bf$   rrz.awsz.gnupgz.kubez/etc/sudoers.dz /etc/systemdz.dockerz.azurez.configgh)r r r")rs rbuild_write_denied_prefixesr+.s   GLLv & & GLLv & & GLLx ( ( GLLw ' '   GLLy ) ) GLLx ( ( GLLy$ / /      r Optional[str]ctjdd}|sdS tjtj|S#t $rYdSwxYw)zBReturn the resolved HERMES_WRITE_SAFE_ROOT path, or None if unset.HERMES_WRITE_SAFE_ROOTN)r getenvr rrr )roots rget_safe_write_rootr2@sn 9-r 2 2D tw 2 24 8 8999 tts;A A%$A%r boolctjtjd}tjtjt |}|t |vrdSt |D]}||rdSt}|r*||ks$||tj zsdSdS)zBReturn True if path is blocked by the write denylist or safe root.~TF) r r rrrr$r+ startswithr2r()r rresolvedprefix safe_roots ris_write_deniedr:Ks 7  BG..s33 4 4Dw 2 23t99 = =>>H+D1111t-d33   v & & 44 $%%I(i//83F3FySUSYGY3Z3Z/t 5rc8t|}t}|dz dz dz |dz dz g}|D]0} ||n#t $rY%wxYwd|dcSdS)zHReturn an error message when a read targets internal Hermes cache files.skillsz.hubz index-cachezAccess denied: z is an internal Hermes cache file and cannot be read directly to prevent prompt injection. Use the skills_list or skill_view tools instead.N)rrresolver relative_to ValueError)r r7r# blocked_dirsblockeds rget_read_block_errorrB]sDzz$$&&..00H#%%--//Kh'-7h'L       ) ) ) )    H  ?d ? ? ?   4s,B BB)rr)rrrr)rrrr%)rr,)r rrr3)r rrr,)__doc__ __future__rr pathlibrtypingrrr$r+r2r:rBrrrrGs@@"""""" 55556$$r