@goplus/agentguard 1.1.4 → 1.1.5

package/dist/tests/smoke.test.js

@@ -9,6 +9,7 @@ const node_child_process_1 = require("node:child_process");
 const node_fs_1 = require("node:fs");
 const node_path_1 = require("node:path");
 const node_os_1 = require("node:os");
+const node_perf_hooks_1 = require("node:perf_hooks");
 const index_js_1 = require("../scanner/index.js");
 // ─────────────────────────────────────────────────────────────────────────────
 // D: guard-hook.js subprocess E2E
@@ -16,27 +17,51 @@ const index_js_1 = require("../scanner/index.js");
 // __dirname points to dist/tests/ after compilation, project root is 2 levels up
 const projectRoot = (0, node_path_1.resolve)(__dirname, '..', '..');
 const GUARD_HOOK_PATH = (0, node_path_1.join)(projectRoot, 'skills', 'agentguard', 'scripts', 'guard-hook.js');
+const HERMES_HOOK_PATH = (0, node_path_1.join)(projectRoot, 'skills', 'agentguard', 'scripts', 'hermes-hook.js');
 function runGuardHook(input) {
+    return runNodeHook(GUARD_HOOK_PATH, input);
+}
+function runHermesHook(input) {
+    return runNodeHook(HERMES_HOOK_PATH, input);
+}
+function runHermesHookWithEnv(input, env) {
+    return runNodeHook(HERMES_HOOK_PATH, input, env);
+}
+function runHermesHookRaw(input) {
+    return runNodeHookRaw(HERMES_HOOK_PATH, input);
+}
+function runNodeHook(scriptPath, input, env = {}) {
+    return runNodeHookRaw(scriptPath, JSON.stringify(input), env);
+}
+function runNodeHookRaw(scriptPath, input, env = {}) {
     return new Promise((resolvePromise) => {
         // Isolate HOME to a temp dir so loadConfig/writeAuditLog don't touch real ~/.agentguard/
         const tempHome = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'agentguard-smoke-'));
-        const child = (0, node_child_process_1.spawn)('node', [GUARD_HOOK_PATH], {
+        const child = (0, node_child_process_1.spawn)('node', [scriptPath], {
             stdio: ['pipe', 'pipe', 'pipe'],
-            env: { ...process.env, HOME: tempHome },
+            env: { ...process.env, HOME: tempHome, ...env },
         });
         let stdout = '';
         let stderr = '';
+        let settled = false;
+        const finish = (result) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timeout);
+            resolvePromise(result);
+        };
         child.stdout.on('data', (d) => (stdout += d.toString()));
         child.stderr.on('data', (d) => (stderr += d.toString()));
-        child.stdin.write(JSON.stringify(input));
+        child.stdin.write(input);
         child.stdin.end();
         child.on('close', (code) => {
-            resolvePromise({ exitCode: code ?? 1, stdout, stderr });
+            finish({ exitCode: code ?? 1, stdout, stderr });
         });
         // Timeout safety
-        setTimeout(() => {
+        const timeout = setTimeout(() => {
             child.kill();
-            resolvePromise({ exitCode: -1, stdout, stderr: 'TIMEOUT' });
+            finish({ exitCode: -1, stdout, stderr: 'TIMEOUT' });
         }, 8000);
     });
 }
@@ -76,7 +101,116 @@ function runGuardHook(input) {
     });
 });
 // ─────────────────────────────────────────────────────────────────────────────
-// E: Scanner integration
+// E: hermes-hook.js subprocess E2E
+// ─────────────────────────────────────────────────────────────────────────────
+(0, node_test_1.describe)('Smoke: hermes-hook.js E2E', () => {
+    (0, node_test_1.it)('should allow echo hello with empty JSON output', async () => {
+        const { exitCode, stdout } = await runHermesHook({
+            hook_event_name: 'pre_tool_call',
+            tool_name: 'terminal',
+            tool_input: { command: 'echo hello' },
+        });
+        strict_1.default.equal(exitCode, 0);
+        strict_1.default.deepEqual(JSON.parse(stdout), {});
+    });
+    (0, node_test_1.it)('should block rm -rf / using Hermes stdout protocol', async () => {
+        const { exitCode, stdout } = await runHermesHook({
+            hook_event_name: 'pre_tool_call',
+            tool_name: 'terminal',
+            tool_input: { command: 'rm -rf /' },
+        });
+        strict_1.default.equal(exitCode, 0);
+        const payload = JSON.parse(stdout);
+        strict_1.default.equal(payload.action, 'block');
+        strict_1.default.ok(payload.message?.includes('AgentGuard'), 'message should mention AgentGuard');
+    });
+    (0, node_test_1.it)('should block write to .env using Hermes stdout protocol', async () => {
+        const { exitCode, stdout } = await runHermesHook({
+            hook_event_name: 'pre_tool_call',
+            tool_name: 'write_file',
+            tool_input: { path: '/project/.env' },
+        });
+        strict_1.default.equal(exitCode, 0);
+        const payload = JSON.parse(stdout);
+        strict_1.default.equal(payload.action, 'block');
+    });
+    (0, node_test_1.it)('should allow post_tool_call event for audit-only handling', async () => {
+        const { exitCode, stdout } = await runHermesHook({
+            hook_event_name: 'post_tool_call',
+            tool_name: 'terminal',
+            tool_input: { command: 'rm -rf /' },
+        });
+        strict_1.default.equal(exitCode, 0);
+        strict_1.default.deepEqual(JSON.parse(stdout), {});
+    });
+    (0, node_test_1.it)('should fail closed when the Hermes engine cannot load for pre_tool_call', async () => {
+        const { exitCode, stdout } = await runHermesHookWithEnv({
+            hook_event_name: 'pre_tool_call',
+            tool_name: 'terminal',
+            tool_input: { command: 'echo hello' },
+        }, { AGENTGUARD_TEST_FORCE_ENGINE_LOAD_FAILURE: '1' });
+        strict_1.default.equal(exitCode, 0);
+        const payload = JSON.parse(stdout);
+        strict_1.default.equal(payload.action, 'block');
+        strict_1.default.ok(payload.message?.includes('unable to load Hermes hook engine'));
+    });
+    (0, node_test_1.it)('should block unknown pre_tool_call tools', async () => {
+        const { exitCode, stdout } = await runHermesHook({
+            hook_event_name: 'pre_tool_call',
+            tool_name: 'browser_click',
+            tool_input: { selector: '#danger' },
+        });
+        strict_1.default.equal(exitCode, 0);
+        const payload = JSON.parse(stdout);
+        strict_1.default.equal(payload.action, 'block');
+        strict_1.default.ok(payload.message?.includes('not recognized by AgentGuard'));
+    });
+    (0, node_test_1.it)('should block terminal payloads without a command', async () => {
+        const { exitCode, stdout } = await runHermesHook({
+            hook_event_name: 'pre_tool_call',
+            tool_name: 'terminal',
+            tool_input: {},
+        });
+        strict_1.default.equal(exitCode, 0);
+        const payload = JSON.parse(stdout);
+        strict_1.default.equal(payload.action, 'block');
+        strict_1.default.ok(payload.message?.includes('missing command'));
+    });
+    (0, node_test_1.it)('should block file payloads without a path', async () => {
+        const { exitCode, stdout } = await runHermesHook({
+            hook_event_name: 'pre_tool_call',
+            tool_name: 'write_file',
+            tool_input: { content: 'secret' },
+        });
+        strict_1.default.equal(exitCode, 0);
+        const payload = JSON.parse(stdout);
+        strict_1.default.equal(payload.action, 'block');
+        strict_1.default.ok(payload.message?.includes('missing path'));
+    });
+    (0, node_test_1.it)('should block URL payloads without a URL', async () => {
+        const { exitCode, stdout } = await runHermesHook({
+            hook_event_name: 'pre_tool_call',
+            tool_name: 'browser_navigate',
+            tool_input: { selector: '#login' },
+        });
+        strict_1.default.equal(exitCode, 0);
+        const payload = JSON.parse(stdout);
+        strict_1.default.equal(payload.action, 'block');
+        strict_1.default.ok(payload.message?.includes('missing URL'));
+    });
+    (0, node_test_1.it)('should block invalid stdin without waiting for the stdin timeout', async () => {
+        const start = node_perf_hooks_1.performance.now();
+        const { exitCode, stdout } = await runHermesHookRaw('{not-json');
+        const elapsedMs = node_perf_hooks_1.performance.now() - start;
+        strict_1.default.equal(exitCode, 0);
+        strict_1.default.ok(elapsedMs < 2000, `hook should exit promptly, took ${elapsedMs}ms`);
+        const payload = JSON.parse(stdout);
+        strict_1.default.equal(payload.action, 'block');
+        strict_1.default.ok(payload.message?.includes('invalid or missing Hermes hook payload'));
+    });
+});
+// ─────────────────────────────────────────────────────────────────────────────
+// F: Scanner integration
 // ─────────────────────────────────────────────────────────────────────────────
 (0, node_test_1.describe)('Smoke: SkillScanner on vulnerable-skill', () => {
     (0, node_test_1.it)('should detect multiple violations in examples/vulnerable-skill', async () => {

package/dist/tests/smoke.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"smoke.test.js","sourceRoot":"","sources":["../../src/tests/smoke.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAyC;AACzC,gEAAwC;AACxC,2DAA2C;AAC3C,qCAAsC;AACtC,yCAA0C;AAC1C,qCAAiC;AACjC,kDAAmD;AAEnD,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF,iFAAiF;AACjF,MAAM,WAAW,GAAG,IAAA,mBAAO,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACnD,MAAM,eAAe,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;AAE9F,SAAS,YAAY,CAAC,KAA8B;IAKlD,OAAO,IAAI,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;QACpC,yFAAyF;QACzF,MAAM,QAAQ,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE;YAC7C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE;SACxC,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACjE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAEjE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACzC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QAElB,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,cAAc,CAAC,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,iBAAiB;QACjB,UAAU,CAAC,GAAG,EAAE;YACd,KAAK,CAAC,IAAI,EAAE,CAAC;YACb,cAAc,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9D,CAAC,EAAE,IAAI,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;AACL,CAAC;AAED,IAAA,oBAAQ,EAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,IAAA,cAAE,EAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,YAAY,CAAC;YACtC,eAAe,EAAE,YAAY;YAC7B,SAAS,EAAE,MAAM;YACjB,UAAU,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE;SACtC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC;YAC9C,eAAe,EAAE,YAAY;YAC7B,SAAS,EAAE,MAAM;YACjB,UAAU,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACpC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,gBAAM,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,kCAAkC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,YAAY,CAAC;YACtC,eAAe,EAAE,YAAY;YAC7B,SAAS,EAAE,OAAO;YAClB,UAAU,EAAE,EAAE,SAAS,EAAE,eAAe,EAAE;SAC3C,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,YAAY,CAAC;YACtC,eAAe,EAAE,aAAa;YAC9B,SAAS,EAAE,MAAM;YACjB,UAAU,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACpC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF,IAAA,oBAAQ,EAAC,yCAAyC,EAAE,GAAG,EAAE;IACvD,IAAA,cAAE,EAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,OAAO,GAAG,IAAI,uBAAY,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;QAChE,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAC;QACnE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEjD,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,qCAAqC,CAAC,CAAC;QACnF,gBAAM,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,sCAAsC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;QAEzG,MAAM,YAAY,GAAG,CAAC,YAAY,EAAE,qBAAqB,EAAE,eAAe,CAAC,CAAC;QAC5E,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,gBAAM,CAAC,EAAE,CACP,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAY,CAAC,EACvC,iBAAiB,GAAG,UAAU,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5D,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"smoke.test.js","sourceRoot":"","sources":["../../src/tests/smoke.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAyC;AACzC,gEAAwC;AACxC,2DAA2C;AAC3C,qCAAsC;AACtC,yCAA0C;AAC1C,qCAAiC;AACjC,qDAA8C;AAC9C,kDAAmD;AAEnD,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF,iFAAiF;AACjF,MAAM,WAAW,GAAG,IAAA,mBAAO,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACnD,MAAM,eAAe,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;AAC9F,MAAM,gBAAgB,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;AAEhG,SAAS,YAAY,CAAC,KAA8B;IAKlD,OAAO,WAAW,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,aAAa,CAAC,KAA8B;IAKnD,OAAO,WAAW,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,oBAAoB,CAC3B,KAA8B,EAC9B,GAA2B;IAM3B,OAAO,WAAW,CAAC,gBAAgB,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IAKrC,OAAO,cAAc,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,WAAW,CAClB,UAAkB,EAClB,KAA8B,EAC9B,MAA8B,EAAE;IAMhC,OAAO,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,cAAc,CACrB,UAAkB,EAClB,KAAa,EACb,MAA8B,EAAE;IAMhC,OAAO,IAAI,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;QACpC,yFAAyF;QACzF,MAAM,QAAQ,GAAG,IAAA,qBAAW,EAAC,IAAA,gBAAI,EAAC,IAAA,gBAAM,GAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,MAAM,EAAE,CAAC,UAAU,CAAC,EAAE;YACxC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,GAAG,EAAE;SAChD,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,MAA4D,EAAE,EAAE;YAC9E,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,cAAc,CAAC,MAAM,CAAC,CAAC;QACzB,CAAC,CAAC;QAEF,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACjE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAEjE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACzB,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QAElB,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,MAAM,CAAC,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,KAAK,CAAC,IAAI,EAAE,CAAC;YACb,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACtD,CAAC,EAAE,IAAI,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;AACL,CAAC;AAED,IAAA,oBAAQ,EAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,IAAA,cAAE,EAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,YAAY,CAAC;YACtC,eAAe,EAAE,YAAY;YAC7B,SAAS,EAAE,MAAM;YACjB,UAAU,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE;SACtC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC;YAC9C,eAAe,EAAE,YAAY;YAC7B,SAAS,EAAE,MAAM;YACjB,UAAU,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACpC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,gBAAM,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,kCAAkC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,YAAY,CAAC;YACtC,eAAe,EAAE,YAAY;YAC7B,SAAS,EAAE,OAAO;YAClB,UAAU,EAAE,EAAE,SAAS,EAAE,eAAe,EAAE;SAC3C,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,YAAY,CAAC;YACtC,eAAe,EAAE,aAAa;YAC9B,SAAS,EAAE,MAAM;YACjB,UAAU,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACpC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAChF,mCAAmC;AACnC,gFAAgF;AAEhF,IAAA,oBAAQ,EAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,IAAA,cAAE,EAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC;YAC/C,eAAe,EAAE,eAAe;YAChC,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE;SACtC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,gBAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC;YAC/C,eAAe,EAAE,eAAe;YAChC,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACpC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0C,CAAC;QAC5E,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAE,mCAAmC,CAAC,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC;YAC/C,eAAe,EAAE,eAAe;YAChC,SAAS,EAAE,YAAY;YACvB,UAAU,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE;SACtC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAwB,CAAC;QAC1D,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC;YAC/C,eAAe,EAAE,gBAAgB;YACjC,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;SACpC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,gBAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,oBAAoB,CACrD;YACE,eAAe,EAAE,eAAe;YAChC,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE;SACtC,EACD,EAAE,yCAAyC,EAAE,GAAG,EAAE,CACnD,CAAC;QACF,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0C,CAAC;QAC5E,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC;YAC/C,eAAe,EAAE,eAAe;YAChC,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE;SACpC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0C,CAAC;QAC5E,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,8BAA8B,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC;YAC/C,eAAe,EAAE,eAAe;YAChC,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,EAAE;SACf,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0C,CAAC;QAC5E,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC;YAC/C,eAAe,EAAE,eAAe;YAChC,SAAS,EAAE,YAAY;YACvB,UAAU,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE;SAClC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0C,CAAC;QAC5E,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC;YAC/C,eAAe,EAAE,eAAe;YAChC,SAAS,EAAE,kBAAkB;YAC7B,UAAU,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE;SACnC,CAAC,CAAC;QACH,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0C,CAAC;QAC5E,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAChF,MAAM,KAAK,GAAG,6BAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;QACjE,MAAM,SAAS,GAAG,6BAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAC5C,gBAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1B,gBAAM,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,EAAE,mCAAmC,SAAS,IAAI,CAAC,CAAC;QAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0C,CAAC;QAC5E,gBAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,wCAAwC,CAAC,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF,IAAA,oBAAQ,EAAC,yCAAyC,EAAE,GAAG,EAAE;IACvD,IAAA,cAAE,EAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,OAAO,GAAG,IAAI,uBAAY,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;QAChE,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAC;QACnE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEjD,gBAAM,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,qCAAqC,CAAC,CAAC;QACnF,gBAAM,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,sCAAsC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;QAEzG,MAAM,YAAY,GAAG,CAAC,YAAY,EAAE,qBAAqB,EAAE,eAAe,CAAC,CAAC;QAC5E,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,gBAAM,CAAC,EAAE,CACP,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAY,CAAC,EACvC,iBAAiB,GAAG,UAAU,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5D,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/docs/hermes.md

@@ -0,0 +1,70 @@
+# Hermes Agent
+
+Hermes Agent can use AgentGuard through Hermes shell hooks. AgentGuard evaluates
+`pre_tool_call` events before risky tools execute and returns Hermes-compatible
+block decisions on stdout.
+
+## Shell hook usage
+
+Build AgentGuard first so the hook script can import `dist/index.js`:
+
+```bash
+npm run build
+```
+
+Copy the template from `skills/agentguard/hermes-hooks.yaml` into
+`~/.hermes/config.yaml` and replace `AGENTGUARD_SKILL_DIR` with the absolute
+path to the installed AgentGuard skill directory.
+
+```yaml
+hooks:
+  on_session_start:
+    - command: "env AGENTGUARD_AUTO_SCAN=1 node \"/path/to/agentguard/skills/agentguard/scripts/auto-scan.js\""
+      timeout: 30
+
+  pre_tool_call:
+    - matcher: "terminal|execute_code"
+      command: "node \"/path/to/agentguard/skills/agentguard/scripts/hermes-hook.js\""
+      timeout: 10
+    - matcher: "write_file|patch|skill_manage"
+      command: "node \"/path/to/agentguard/skills/agentguard/scripts/hermes-hook.js\""
+      timeout: 10
+    - matcher: "web_search|web_extract|browser_navigate"
+      command: "node \"/path/to/agentguard/skills/agentguard/scripts/hermes-hook.js\""
+      timeout: 10
+
+  post_tool_call:
+    - matcher: "terminal|execute_code|write_file|patch|skill_manage|read_file|web_search|web_extract|browser_navigate"
+      command: "node \"/path/to/agentguard/skills/agentguard/scripts/hermes-hook.js\""
+      timeout: 5
+```
+
+Hermes asks for first-use consent for shell hooks. Use one of:
+
+```bash
+hermes --accept-hooks chat
+HERMES_ACCEPT_HOOKS=1 hermes chat
+```
+
+or set `hooks_auto_accept: true` in `~/.hermes/config.yaml`.
+
+## Tool mapping
+
+| Hermes tool | AgentGuard action |
+|-------------|-------------------|
+| `terminal`, `execute_code` | `exec_command` |
+| `write_file`, `patch`, `skill_manage` | `write_file` |
+| `read_file` | `read_file` |
+| `web_search`, `web_extract`, `browser_navigate` | `network_request` |
+
+## Decisions
+
+Hermes `pre_tool_call` supports allow or block. AgentGuard `deny` decisions are
+returned as:
+
+```json
+{"action":"block","message":"GoPlus AgentGuard: ..."}
+```
+
+AgentGuard `ask` decisions are also represented as blocks because Hermes shell
+hooks do not have a native confirmation decision.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@goplus/agentguard",
-  "version": "1.1.4",
+  "version": "1.1.5",
   "description": "GoPlus AgentGuard — Security guard for AI agents. Blocks dangerous commands, prevents data leaks, protects secrets. 20 detection rules, runtime action evaluation, trust registry.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/skills/agentguard/README.md

@@ -21,8 +21,20 @@ AI Agent Security Guard — protect your AI agents from dangerous commands, data
 /agentguard report               — View security event audit log
 /agentguard config <level>       — Set protection level (strict/balanced/permissive)
 /agentguard checkup              — Run agent health checkup with visual HTML report
+/agentguard hermes-hooks         — Configure Hermes Agent shell hooks
 ```
 
+## Hermes Agent hooks
+
+When installed from SkillHub, Hermes sees the contents of this
+`skills/agentguard` directory first. Runtime hooks are not loaded from
+`SKILL.md` automatically; copy `hermes-hooks.yaml` into `~/.hermes/config.yaml`
+and replace `AGENTGUARD_SKILL_DIR` with this skill's absolute path.
+
+The hook runner is `scripts/hermes-hook.js`. It uses the published
+`@goplus/agentguard` package, so run `npm install` inside this skill directory
+or install `@goplus/agentguard` globally if the package is not already present.
+
 ## Agent Health Checkup 🦞
 
 Run a full security health check on your AI agent and get a visual report in the browser:

package/skills/agentguard/SKILL.md

@@ -20,6 +20,9 @@ filesystem-access:
   - path: "~/.openclaw/"
     access: read-only
     reason: "Discover installed skills and read OpenClaw config for patrol checks"
+  - path: "~/.hermes/"
+    access: read-write
+    reason: "Discover installed Hermes skills and help configure AgentGuard shell hooks"
   - path: "~/.qclaw/"
     access: read-only
     reason: "Discover installed skills in QClaw environments"
@@ -27,8 +30,8 @@ filesystem-access:
     access: read-write
     reason: "Read/write audit log (audit.jsonl) and protection level config (config.json)"
 user-invocable: true
-allowed-tools: Read, Write, Grep, Glob, Bash(node *trust-cli.ts *) Bash(node *action-cli.ts *) Bash(*checkup-report.js) Bash(echo *checkup-report.js) Bash(cat *checkup-report.js) Bash(openclaw *) Bash(ss *) Bash(lsof *) Bash(ufw *) Bash(iptables *) Bash(crontab *) Bash(systemctl list-timers *) Bash(find *) Bash(stat *) Bash(env) Bash(sha256sum *) Bash(node *) Bash(cd *)
-argument-hint: "[scan|action|patrol|trust|report|config|checkup] [args...]"
+allowed-tools: Read, Write, Grep, Glob, Bash(node *trust-cli.ts *) Bash(node *action-cli.ts *) Bash(*checkup-report.js) Bash(echo *checkup-report.js) Bash(cat *checkup-report.js) Bash(agentguard *) Bash(openclaw *) Bash(ss *) Bash(lsof *) Bash(ufw *) Bash(iptables *) Bash(crontab *) Bash(systemctl list-timers *) Bash(find *) Bash(stat *) Bash(env) Bash(sha256sum *) Bash(node *) Bash(cd *)
+argument-hint: "[scan|action|patrol|subscribe|trust|report|config|checkup] [args...]"
 ---
 
 # GoPlus AgentGuard — AI Agent Security Framework
@@ -55,13 +58,109 @@ Parse `$ARGUMENTS` to determine the subcommand:
 - **`scan <path>`** — Scan a skill or codebase for security risks
 - **`action <description>`** — Evaluate whether a runtime action is safe
 - **`patrol [run|setup|status]`** — Daily security patrol for OpenClaw environments
+- **`subscribe [args...]`** — Pull AgentGuard Cloud threat-feed advisories, self-check local skills, and optionally install the OpenClaw 15-minute conditional notification cron
 - **`trust <lookup|attest|revoke|list> [args]`** — Manage skill trust levels
 - **`report`** — View recent security events from the audit log
 - **`config <strict|balanced|permissive>`** — Set protection level
 - **`checkup`** — Run a comprehensive agent health checkup and generate a visual HTML report
+- **`hermes-hooks`** — Show or install Hermes shell-hook configuration for runtime protection
 
 If no subcommand is given, or the first argument is a path, default to **scan**.
 
+## Subcommand: hermes-hooks
+
+Help the user configure AgentGuard runtime protection for Hermes Agent.
+
+Hermes does **not** load hooks from `SKILL.md` automatically. Hermes shell hooks
+must be present in `~/.hermes/config.yaml`. This skill ships the hook runner at
+`scripts/hermes-hook.js` and a copyable template at `hermes-hooks.yaml`.
+
+### What the Hermes hook protects
+
+| Hermes hook | Tools | AgentGuard action |
+|---|---|---|
+| `pre_tool_call` | `terminal`, `execute_code` | `exec_command` |
+| `pre_tool_call` | `write_file`, `patch`, `skill_manage` | `write_file` |
+| `pre_tool_call` | `read_file` | `read_file` |
+| `pre_tool_call` | `web_search`, `web_extract`, `browser_navigate` | `network_request` |
+| `post_tool_call` | Same tools | Audit-only |
+
+Hermes `pre_tool_call` supports allow/block only. If AgentGuard returns `ask`,
+the Hermes hook reports it as a block with a confirmation-oriented message.
+
+### Procedure
+
+1. Resolve the AgentGuard skill directory using the "Important: Resolving Script
+   Paths" rules above.
+2. Confirm that dependencies are available. If `node scripts/hermes-hook.js`
+   cannot load `@goplus/agentguard`, tell the user to run:
+   ```bash
+   cd <agentguard-skill-dir> && npm install
+   ```
+   or install the published package globally:
+   ```bash
+   npm install -g @goplus/agentguard
+   ```
+3. Read `hermes-hooks.yaml`, replace `AGENTGUARD_SKILL_DIR` with the absolute
+   skill directory, and show the resulting YAML to the user.
+4. Ask for explicit confirmation before editing `~/.hermes/config.yaml`.
+5. If confirmed, merge the `hooks:` entries into `~/.hermes/config.yaml`.
+   Preserve existing hooks and config values. Do not overwrite unrelated user
+   configuration.
+6. Tell the user to restart Hermes or launch it with one of the first-use
+   consent options:
+   ```bash
+   hermes --accept-hooks chat
+   HERMES_ACCEPT_HOOKS=1 hermes chat
+   ```
+   They may also set `hooks_auto_accept: true` in `~/.hermes/config.yaml`.
+
+### Verification
+
+After configuration, suggest a harmless test:
+
+```bash
+printf '{"hook_event_name":"pre_tool_call","tool_name":"terminal","tool_input":{"command":"echo hello"}}' \
+  | node <agentguard-skill-dir>/scripts/hermes-hook.js
+```
+
+Expected output:
+
+```json
+{}
+```
+
+And a blocked-action test:
+
+```bash
+printf '{"hook_event_name":"pre_tool_call","tool_name":"terminal","tool_input":{"command":"rm -rf /"}}' \
+  | node <agentguard-skill-dir>/scripts/hermes-hook.js
+```
+
+Expected output contains:
+
+```json
+{"action":"block"}
+```
+
+## Subcommand: subscribe
+
+Run the AgentGuard Cloud threat-feed subscription workflow through the installed CLI.
+
+Examples:
+
+```bash
+agentguard subscribe
+agentguard subscribe --json
+agentguard subscribe --install-cron
+agentguard subscribe --install-cron --interval-minutes 5
+agentguard subscribe --install-cron --force
+```
+
+When `--install-cron` is used, the CLI registers an OpenClaw isolated cron job through the local OpenClaw Gateway at `127.0.0.1:18789`. It runs every 15 minutes by default. Pass `--interval-minutes <n>` to override the cadence. If a job with the same name already exists, the CLI leaves it untouched unless `--force` is passed. The cron delivery is intentionally silent (`delivery.mode = "none"`); the isolated turn executes `agentguard subscribe --json --cron-run` and only sends the configured notification when `shouldNotify` is `true`.
+
+`agentguard subscribe --json` always includes a stable `cron` object with `requested`, `installed`, and optional `result` fields. If cron installation fails, the command exits non-zero instead of printing a misleading success summary.
+
 ---
 
 # Security Operations
@@ -647,6 +746,7 @@ Run these checks in parallel where possible. These are **universal agent securit
 3. **[REQUIRED] Sensitive credential scan / DLP** (→ feeds Dimension 2: Credential Safety): Use Grep to scan **all** agent workspace directories for leaked secrets. This MUST cover the entire workspace root, not just the current agent's directory:
    - For OpenClaw / QClaw: scan `~/.openclaw/workspace/` and `~/.qclaw/workspace/` recursively — this includes **all** `workspace-agent-*/` subdirectories, not just the current agent's workspace
    - For Claude Code: scan `~/.claude/` recursively
+   - For Hermes Agent: scan `~/.hermes/` recursively
    - Patterns to detect:
      - Private keys: `0x[a-fA-F0-9]{64}`, `-----BEGIN.*PRIVATE KEY-----`
      - Mnemonics: sequences of 12+ BIP-39 words, `seed_phrase`, `mnemonic`
@@ -655,7 +755,7 @@ Run these checks in parallel where possible. These are **universal agent securit
 4. **[REQUIRED] Network exposure** (→ feeds Dimension 3: Network & System): Run `lsof -i -P -n 2>/dev/null | grep LISTEN` or `ss -tlnp 2>/dev/null` to check for dangerous open ports (Redis 6379, Docker API 2375, MySQL 3306, MongoDB 27017 on 0.0.0.0)
 5. **[REQUIRED] Scheduled tasks audit** (→ feeds Dimension 3: Network & System): Check `crontab -l 2>/dev/null` for suspicious entries containing `curl|bash`, `wget|sh`, or accessing `~/.ssh/`
 6. **[REQUIRED] Environment variable exposure** (→ feeds Dimension 3: Network & System): Run `env` and check for sensitive variable names (`PRIVATE_KEY`, `MNEMONIC`, `SECRET`, `PASSWORD`) — detect presence only, mask values
-7. **[REQUIRED] Runtime protection check** (→ feeds Dimension 4: Runtime Protection): Check if security hooks exist in `~/.claude/settings.json` or `~/.openclaw/openclaw.json`, check for audit logs at `~/.agentguard/audit.jsonl`
+7. **[REQUIRED] Runtime protection check** (→ feeds Dimension 4: Runtime Protection): Check if security hooks exist in `~/.claude/settings.json`, `~/.openclaw/openclaw.json`, or `~/.hermes/config.yaml`, check for audit logs at `~/.agentguard/audit.jsonl`
 
 ### Step 2: Score Calculation
 
@@ -910,6 +1010,7 @@ AgentGuard can optionally scan installed skills at session startup. **This is di
 
 - **Claude Code**: Set environment variable `AGENTGUARD_AUTO_SCAN=1`
 - **OpenClaw**: Pass `{ skipAutoScan: false }` when registering the plugin
+- **Hermes Agent**: Configure the `on_session_start` shell hook from `hermes-hooks.yaml`; the template sets `AGENTGUARD_AUTO_SCAN=1` for that hook.
 
 When enabled, auto-scan operates in **report-only mode**:
 

package/skills/agentguard/hermes-hooks.yaml

@@ -0,0 +1,31 @@
+# GoPlus AgentGuard hook template for Hermes Agent.
+#
+# Copy this block into ~/.hermes/config.yaml and replace AGENTGUARD_SKILL_DIR
+# with the absolute path to the installed AgentGuard skill directory, e.g.
+# ~/.hermes/skills/agentguard or ~/.openclaw/skills/agentguard.
+
+hooks:
+  on_session_start:
+    - command: "env AGENTGUARD_AUTO_SCAN=1 node \"AGENTGUARD_SKILL_DIR/scripts/auto-scan.js\""
+      timeout: 30
+
+  pre_tool_call:
+    - matcher: "terminal|execute_code"
+      command: "node \"AGENTGUARD_SKILL_DIR/scripts/hermes-hook.js\""
+      timeout: 10
+    - matcher: "write_file|patch|skill_manage"
+      command: "node \"AGENTGUARD_SKILL_DIR/scripts/hermes-hook.js\""
+      timeout: 10
+    - matcher: "read_file"
+      command: "node \"AGENTGUARD_SKILL_DIR/scripts/hermes-hook.js\""
+      timeout: 10
+    - matcher: "web_search|web_extract|browser_navigate"
+      command: "node \"AGENTGUARD_SKILL_DIR/scripts/hermes-hook.js\""
+      timeout: 10
+
+  post_tool_call:
+    - matcher: "terminal|execute_code|write_file|patch|skill_manage|read_file|web_search|web_extract|browser_navigate"
+      command: "node \"AGENTGUARD_SKILL_DIR/scripts/hermes-hook.js\""
+      timeout: 5
+
+hooks_auto_accept: false

package/skills/agentguard/package.json

@@ -2,7 +2,7 @@
   "private": true,
   "type": "module",
   "dependencies": {
-    "@goplus/agentguard": "^1.0.6",
+    "@goplus/agentguard": "^1.1.4",
     "open": "11.0.0"
   }
 }

package/skills/agentguard/scripts/auto-scan.js

@@ -4,7 +4,7 @@
  * GoPlus AgentGuard — SessionStart Auto-Scan Hook
  *
  * Runs on session startup to discover and scan newly installed skills.
- * For each skill in ~/.claude/skills/:
+ * For each skill in supported agent skill directories:
  *   1. Calculate artifact hash
  *   2. Check trust registry — skip if already registered with same hash
  *   3. Run quickScan for new/updated skills
@@ -59,6 +59,7 @@ try {
 
 const SKILLS_DIRS = [
   join(homedir(), '.claude', 'skills'),
+  join(homedir(), '.hermes', 'skills'),
   join(homedir(), '.openclaw', 'skills'),
 ];
 const AGENTGUARD_DIR = join(homedir(), '.agentguard');
@@ -84,7 +85,7 @@ function writeAuditLog(entry) {
 // ---------------------------------------------------------------------------
 
 /**
- * Find all skill directories under ~/.claude/skills/ and ~/.openclaw/skills/
+ * Find all skill directories under supported agent skill roots.
  * A skill directory is one that contains a SKILL.md file.
  */
 function discoverSkills() {