i f UdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl ZddlmZejeZdZdedZdZded ed efd Zded ed efd Zd efd Zdaedzezed<dZ da!eed<e j"Z#da$e j%dzed<dZ&d efdZ'd efdZ(d edzfdZ)d efdZ*d6defdZ+dZ,d efdZ-d edzfdZ.d7deded efd!Z/d"ed#ed$ed edzfd%Z0d&ed"ed'ed efd(Z1d)d*d+ed e2edzeffd,Z3d-ed efd.Z4d-ed efd/Z5d)d*d+efd0Z6d)d*d+efd1Z7d2Z8d3Z9d4ed efd5Z:dS)8uTirith pre-exec security scanning wrapper. Runs the tirith binary as a subprocess to scan commands for content-level threats (homograph URLs, pipe-to-interpreter, terminal injection, etc.). Exit code is the verdict source of truth: 0 = allow, 1 = block, 2 = warn JSON stdout enriches findings/summary but never overrides the verdict. Operational failures (spawn error, timeout, unknown exit code) respect the fail_open config setting. Programming errors propagate. Auto-install: if tirith is not found on PATH or at the configured path, it is automatically downloaded from GitHub releases to $HERMES_HOME/bin/tirith. The download always verifies SHA-256 checksums. When cosign is available on PATH, provenance verification (GitHub Actions workflow signature) is also performed. If cosign is not installed, the download proceeds with SHA-256 verification only — still secure via HTTPS + checksum, just without supply chain provenance proof. Installation runs in a background thread so startup never blocks. N)get_hermes_homezsheeki03/tirithz^https://github.com/z,/\.github/workflows/release\.yml@refs/tags/vz+https://token.actions.githubusercontent.comkeydefaultreturnc^tj|}||S|dvS)N)1trueyes)osgetenvlowerrrvals :/home/ubuntu/.hermes/hermes-agent/tools/tirith_security.py _env_boolr3s- )C..C { 99;;. ..cvtj|}||S t|S#t$r|cYSwxYw)N)r r int ValueErrorrs r_env_intr:sM )C..C {3xx s ) 88c ddddd} ddlm}|dipi}n#t$ri}YnwxYwt d|d |d t jd |d |d td |d |d t d|d|ddS)z@Load security settings from config.yaml, with env var overrides.Ttirith)tirith_enabled tirith_pathtirith_timeouttirith_fail_openr) load_configsecurityTIRITH_ENABLEDr TIRITH_BINrTIRITH_TIMEOUTrTIRITH_FAIL_OPENr)hermes_cli.configrget Exceptionrr r r)defaultsrcfgs r_load_security_configr)Ds H 111111kmm B//52 $$4cgg>NPXYiPj6k6kllysww}h}F]/^/^__"#3SWW=MxXhOi5j5jkk%&8#''BTV^_qVr:s:stt   s &0 ??_resolved_pathF_install_failure_reason_install_threadiQc8ttS)zAReturn the Hermes home directory, respecting HERMES_HOME env var.)strrrr_get_hermes_homer1ls   ! !!rcZtjtdS)z3Return the path to the install-failure marker file.z.tirith-install-failed)r pathjoinr1r0rr_failure_marker_pathr5qs 7<<(**,D E EErcb t}tj|}t j|z t krdSt |d5}|cdddS#1swxYwYdS#t$rYdSwxYw)zRead the failure reason from the disk marker. Returns the reason string, or None if the marker doesn't exist or is older than _MARKER_TTL. Nr) r5r r3getmtimetime _MARKER_TTLopenreadstripOSError)pmtimefs r_read_failure_reasonrBvs  " "  ## IKK% K / /4 !S\\ $Q6688>>## $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ tts<A B B &B B BB BB B.-B.c~t}|dS|dkr$tjdrtdSdS)zCheck if a recent install failure was persisted to disk. Returns False (allowing retry) when: - No marker exists - Marker is older than _MARKER_TTL (24h) - Marker reason is 'cosign_missing' and cosign is now on PATH NFcosign_missingcosignT)rBshutilwhich_clear_install_failed)reasons r_is_install_failed_on_diskrJsJ" # #F ~u !!!fl8&<&<!u 4rrIc( t}tjtj|dt |d5}||ddddS#1swxYwYdS#t$rYdSwxYw)aPersist install failure to disk to avoid retry on next process. Args: reason: Short tag identifying the failure cause. Use "cosign_missing" when cosign is not on PATH so the marker can be auto-cleared once cosign becomes available. Texist_okwN)r5r makedirsr3dirnamer;writer>)rIr?rAs r_mark_install_failedrRs " " BGOOA&&6666 !S\\ Q GGFOOO                        s6ABA6) B6A::B=A:>B BBcj tjtdS#t$rYdSwxYw)z3Remove the failure marker after successful install.N)r unlinkr5r>r0rrrHrHsF  &(()))))      s $ 22ctjtd}tj|d|S)z/Return $HERMES_HOME/bin, creating it if needed.binTrL)r r3r4r1rO)ds r_hermes_bin_dirrXs8  %''//AKD!!!! Hrctj}tj}|dkrd}n |dvrd}ndS|dvrd}n |dvrd }ndS|d |S) z@Return the Rust target triple for the current platform, or None.Darwinz apple-darwin)LinuxAndroidzunknown-linux-gnuN)x86_64amd64r])aarch64arm64r_-)platformsystemmachiner )rcrdplatarchs r_detect_targetrgs _  F  &&((G ' ' '"t%%% ( ( (t  T  r urldesttimeoutctj|}tjd}|r|dd|tj||5}t|d5}tj ||dddn #1swxYwYddddS#1swxYwYdS)zDownload a URL to a local file. GITHUB_TOKEN Authorizationztoken )rkwbN) urllibrequestRequestr r add_headerurlopenr;rF copyfileobj)rirjrkreqtokenresprAs r_download_filerys< .  % %C In % %E : (8(8(8999   W  5 5$tD$?O?O$ST4###$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$s60B;B# B;#B' 'B;*B' +B;;B?B?checksums_pathsig_path cert_pathc tjd}|stddS t j|dd|d|dt dt|g d d d }|jd krtd d St d|j|j dS#ttj f$r&}t d|Yd}~dSd}~wwxYw)ukVerify cosign provenance signature on checksums.txt. Returns: True — cosign verified successfully False — cosign found but verification failed None — cosign not available (not on PATH, or execution failed) The caller treats both False and None as "abort auto-install" — only True allows the install to proceed. rEzcosign not found on PATHNz verify-blobz --certificatez --signaturez--certificate-identity-regexpz--certificate-oidc-issuerTcapture_outputtextrkrz%cosign provenance verification passedz(cosign verification failed (exit %d): %sFzcosign execution failed: %s)rFrGloggerinfo subprocessrun_COSIGN_IDENTITY_REGEXP_COSIGN_ISSUER returncodewarningstderrr=r>TimeoutExpired)rzr{r|rEresultexcs r_verify_cosignrs#\( # #F  .///t ] i H ,.E (.            ! ! KK? @ @ @4 NNE +V]-@-@-B-B D D D5 Z. /4c:::tttttsAC8CC>C99C> archive_path archive_namec d}t|5 D]S}|dd}t|dkr|d|kr |d}nTdddn #1swxYwY|std|dSt j}t|d5 t fd d D]}| | dddn #1swxYwY| }||krtd ||dSd S) z4Verify SHA-256 of the archive against checksums.txt.Nz rzNo checksum entry for %sFrbc.dS)Ni )r<)rAsrz"_verify_checksum..s!&&,,rrz&Checksum mismatch: expected %s, got %sT) r;r=splitlenrrhashlibsha256iterupdate hexdigest) rrzrexpectedlinepartsshachunkactualrAs @r_verify_checksumrsH n    DJJLL&&tQ//E5zzQ58|#;#; 8  1<@@@u .  C lD ! !Q....44  E JJu     ]]__F ?6RRRu 4s$AA66A:=A:,C<<DDT log_failuresrc |r tjn tj}t}|s@tdt jt jdSd|d}dtd}tj d} tj ||}tj |d }tj |d }tj |d } td | t|d ||t|d|n:#t$r-} |d| Yd} ~ t!j|ddSd} ~ wwxYwd} t!jdr t|d|t|d| t'||| } | durd} n| dur$|d t!j|ddStdnL#t$r%} td| Yd} ~ n"d} ~ wwxYwtdt)|||s t!j|ddSt+j|d5} | D]P}|jdks|jd r)d!|jvr1d|_| ||n0Q|d" dddt!j|dd#S dddn #1swxYwYtj |d}tj t7d} t!j||nu#t:$rh t!j||nN#t:$rA tj|n#t:$rYnwxYwYYt!j|dd$SwxYwYnwxYwtj |tj!|j"tBj#ztBj$ztBj%z| rd%nd&}td'|||d(ft!j|dS#t!j|dwxYw))a^Download and install tirith to $HERMES_HOME/bin/tirith. Verifies provenance via cosign and SHA-256 checksum. Returns (installed_path, failure_reason). On success failure_reason is "". failure_reason is a short tag used by the disk marker to decide if the failure is retryable (e.g. "cosign_missing" clears when cosign appears). z/tirith auto-install: unsupported platform %s/%s)Nunsupported_platformztirith-z.tar.gzzhttps://github.com/z/releases/latest/downloadztirith-install-)prefixz checksums.txtzchecksums.txt.sigzchecksums.txt.pemu9tirith not found — downloading latest release for %s.../z/checksums.txtztirith download failed: %sNT) ignore_errors)Ndownload_failedFrEz/checksums.txt.sigz/checksums.txt.pemz=tirith install aborted: cosign provenance verification failed)Ncosign_verification_failedz5cosign execution failed, proceeding with SHA-256 onlyz?cosign artifacts unavailable (%s), proceeding with SHA-256 onlyu{cosign not on PATH — installing tirith with SHA-256 verification only (install cosign for full supply chain verification))Nchecksum_failedzr:gzrz/tirithz..z"tirith binary not found in archive)Nbinary_not_in_archive)Ncross_device_copy_failedzcosign + SHA-256z SHA-256 onlyztirith installed to %s (%s)r+)&rrdebugrgrrbrcrd_REPOtempfilemkdtempr r3r4ryr&rFrmtreerGrrtarfiler; getmembersnameendswithextractrXmover>copyrTchmodstatst_modeS_IXUSRS_IXGRPS_IXOTH)rlogtargetrbase_urltmpdirrrzr{r|rcosign_verified cosign_resulttarmembersrcrj verifications r_install_tirithrs) :&..flC   F , E_&&(8(:(: < < <++,V,,,LEUEEEH  %6 7 7 7FT2w||FL99 fo>>7<<(;<<GLL)<==  OQWXXX + h7777 F F F h666 G G G G + + + C,c 2 2 2****N  fD111111S +  < ! ! O Y(>>>III(>>> JJJ!/~x S S  D((&*OO"e++CWXXX=b  fD111111[KK WXXXX d d d ]_bcccccccc d KKN O O O nlKK +*N  fD111111K\, / / 53..** 5 5;(**fk.B.B9.M.M*v{** "*FKKK///E +89994 5 5 5 5 5 5J  fD111111; 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5gll68,,w||O--x88 8 KT " " " " 8 8 8 8 C&&&& 8 8 8IdOOOOD77  fD111111 8'& 8 rwt}},t|;dlJT\YZZZ-<P)).  14FFFRx  fD11111 fD11111s BS.(ES F! F -S FS(&H)'SS) I3ISI.SS4A2M& S SMSMAS.OS P6O%$P6% P00PP0 PP0PP0P6S/P00P63S5P66A;SS configured_pathc|dkS)zHReturn True if the user explicitly configured a non-default tirith path.rr0)rs r_is_explicit_pathrs h &&rcttturtStj|}t |}ttu}|rtj|r#tj|tjr|a|Stj |}|r|a|St d|tada |Stj d}|r|ada t|Stjt!d}tj|r3tj|tjr|ada t|S|r6tdkr)tj drdada td}n|St"t"r|St'}|t)r ta|a |St+\}}|r|ada t|Sta|a t-||S) u@Resolve the tirith binary path, auto-installing if necessary. If the user explicitly set a path (anything other than the bare "tirith" default), that path is authoritative — we never fall through to auto-download a different binary. For the default "tirith": 1. PATH lookup via shutil.which 2. $HERMES_HOME/bin/tirith (previously auto-installed) 3. Auto-install from GitHub releases → $HERMES_HOME/bin/tirith Failed installs are cached for the process lifetime (and persisted to disk for 24h) to avoid repeated network attempts. Nz6Configured tirith path %r not found; scanning disabledexplicit_path_missingrr+rDrEF)r*_INSTALL_FAILEDr r3 expanduserrisfileaccessX_OKrFrGrrr,rHr4rXr-is_aliverBrJrrR) rexpandedexplicitinstall_failedfound hermes_bin disk_reason installedrIs r_resolve_tirith_pathrsN$!nO&K&Kw!!/22H 11H#6N  7>>( # #  (BG(D(D %NO X&&  "NLOQ`aaa("9 L " "E "$ o//::J w~~j!!bi BG&D&D#"$  "&6 6 66<;Q;Q 6!N&( # ! # # #"NNO "'?'?'A'A" '((K#=#?#?("-'))Iv""$%N$   Orc8t5t ddddStjd}|r|ada ddddSt jtd}t j |r1t j |t j r|ada ddddSt|\}}|r|adatnta|at|ddddS#1swxYwYdS)z6Background thread target: download and install tirith.Nrr+r) _install_lockr*rFrGr,r r3r4rXrrrrrHrrR)rrrrrIs r_background_installrs ))  % ))))))))  X&&  "N&( # ))))))))W\\/"3"3X>> 7>>* % % ")J*H*H 'N&( # !))))))))$,FFF 6  )&N&( # ! # # # #,N&, #  ( ( (5))))))))))))))))))s$ DDA/DADDDct}|dsdStWtturIt}tj|r!tj|tjr|SdS|d}t|}tj |}|rgtj|r#tj|tjr|a|Stj |}|r|a|Stada dStj d}|r|ada t|Stjtd}tj|r3tj|tjr|ada t|Sttur4tdkr'tj drdada tndSt!}|t#r ta|a dSt$t$s7t)jt,d |id at$dS) aEnsure tirith is available, downloading in background if needed. Quick PATH/local checks are synchronous; network download runs in a daemon thread so startup never blocks. Safe to call multiple times. Returns the resolved path immediately if available, or None. rNrrrr+rDrErT)rkwargsdaemon)r)r*rr r3rrrrrrFrGr,rHr4rXrBrJr-r threadingThreadrstart) rr(r3rrrrrrs rensure_installedr so ! !C  t!nO&K&K 7>>$   BIdBG$<$< Kt-(O 11Hw!!/22H  7>>( # #  (BG(D(D %NO X&&  "NL("9t L " "E "$ o//::J w~~j!!bi BG&D&D#"$(( "&6 6 66<;Q;Q 6!N&( # ! # # # #4 '((K#=#?#?("-to&>&>&@&@#*&"L1     4r2icommandc xt}|dsdgddSt|d}|d}|d}|(td |rdgd dSd gd dS t j|d ddddd|gdd|}n#t $r>}td||rdgd|dcYd}~Sd gd|dcYd}~Sd}~wtj$r2td||r dgd|ddcYSd gddcYSwxYw|j}|dkrd}nC|dkrd }n:|dkrd}n1td ||r dgd!|d"dSd gd!|d#dSg} d} |j rtj |j ni} | d$g} | dt} | d%dpddt} nG#tjt"f$r.td&|d krd'} n|dkrd(} YnwxYw|| | dS))a@Run tirith security scan on a command. Exit code determines action (0=allow, 1=block, 2=warn). JSON enriches findings/summary. Spawn failures and timeouts respect fail_open config. Programming errors propagate. Returns: {"action": "allow"|"warn"|"block", "findings": [...], "summary": str} rallowr+)actionfindingssummaryrrrNz/tirith path resolved to None; scanning disabledztirith path unavailableblockz%tirith path unavailable (fail-closed)checkz--jsonz--non-interactivez--shellposixz--Trztirith spawn failed: %sztirith unavailable: z#tirith spawn failed (fail-closed): ztirith timed out after %dsztirith timed out (zs)ztirith timed out (fail-closed)rrrwarnz'tirith returned unexpected exit code %dztirith exit code z (fail-open)z (fail-closed)rrz.tirith JSON parse failed, using exit code onlyz-security issue detected (details unavailable)z/security warning detected (details unavailable))r)rrrrrr>rrstdoutr=jsonloadsr% _MAX_FINDINGS_MAX_SUMMARY_LENJSONDecodeErrorAttributeErrorr) rr(rrk fail_openrr exit_coderrrdata raw_findingss rcheck_command_securityrgsd ! !C  B!rbAAA&s='9::K"#G&'IHIII  ]%2B[\\ \!r>efff` '8-@ w 0     kkk0#666  `%2B^Y\B^B^__ _ _ _ _ _ _!r>idg>i>ijjjjjjjj  $```3W===  d%2BbW^BbBbBbcc c c c!r>^_____ `!IA~~ a a @)LLL  o%2BmV_BmBmBmnn n!r>kR[>k>k>klllHG H,2M,?,?,A,AItz&-(((rxx B// /88Ir**0b2C3C2CD  . 1HHH EFFF W  EGG v  GG H(w G GGsJ- B D%C=DC D9D DD0A>G//AH32H3)r+)rh);__doc__rrloggingr rbrFrrrrrr9urllib.requestrphermes_constantsr getLogger__name__rrrrr/boolrrrdictr)r*__annotations__rr,Lockrr-rr:r1r5rBrJrRrHrXrgryrrtuplerrrrrrrrr0rrr sO,    ,,,,,,  8 $ $gfff> /3//$////#t8%)d T!(((!!!!   +/!D(/// "#"""" FcFFFF cDj"D"      "        d .$$$3$$$$$%3%#%#%$QU+%%%%P33SW2-1h2h2h2Th2U3:s?5Kh2h2h2h2V's't'''' `#`#````F15)))))))@.2OOOdOOOOl LHCLHDLHLHLHLHLHLHr