Refactor package metadata and implement auto-approval for permissions#18
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the VS Code extension’s branding (renaming to “Hermes Code Agent”) and refactors the permission-approval flow to support config-based auto-approval plus a session-scoped “Allow Always” option.
Changes:
- Renames the extension/package metadata and bumps the version to 3.0.2.
- Adds
readApprovalsDisabled()to detectapprovals.modein~/.hermes/config.yamland auto-allow permission requests when disabled. - Updates the permission dialog to include “Allow Once” and “Allow Always”, with “Allow Always” suppressing future dialogs for the session.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| src/extension.ts | Adds config-based approvals disabling and refactors the permission handler (auto-allow + allow-always session toggle). |
| package.json | Renames extension branding/keywords and bumps version. |
| package-lock.json | Aligns lockfile package name/version with the updated package metadata. |
Comments suppressed due to low confidence (1)
src/extension.ts:328
- If the user selects “Allow Once” but allowOptionId is null, the code falls through and will return the denyOptionId (if present), effectively denying despite the user choosing allow. Handle the “no allow optionId” case explicitly (e.g., show an error and deny consistently, or treat as protocol error) rather than silently converting an allow into a deny.
if (choice === allowOnce && allowOptionId) {
outputChannel.appendLine('[security] permission granted once');
return { outcome: 'selected', optionId: allowOptionId };
}
if (denyOptionId) {
outputChannel.appendLine('[security] permission denied');
return { outcome: 'selected', optionId: denyOptionId };
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+59
to
+64
| function readApprovalsDisabled(): boolean { | ||
| // Returns true when ~/.hermes/config.yaml has `approvals.mode: false|off|no`. | ||
| try { | ||
| const configPath = path.join(os.homedir(), '.hermes', 'config.yaml'); | ||
| const content = fs.readFileSync(configPath, 'utf8'); | ||
| const lines = content.split(/\r?\n/); |
Comment on lines
+84
to
+88
| const modeMatch = trimmed.match(/^mode:\s*(.+)/); | ||
| if (modeMatch) { | ||
| const value = modeMatch[1].trim().toLowerCase(); | ||
| return value === 'false' || value === 'off' || value === 'no'; | ||
| } |
Comment on lines
+282
to
+289
| // Approvals disabled via config — auto-allow without dialog. | ||
| if (readApprovalsDisabled()) { | ||
| outputChannel.appendLine('[security] approvals disabled in config, auto-allowing'); | ||
| if (allowOptionId) { | ||
| return { outcome: 'selected', optionId: allowOptionId }; | ||
| } | ||
| throw new Error('Permission denied: no allow option'); | ||
| } |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
| "displayName": "Hermes AI Agent", | ||
| "name": "hermes-code-agent", | ||
| "displayName": "Hermes Code Agent", | ||
| "description": "VS Code sidebar for the Hermes AI agent. Streams chat, runs tools, manages sessions. Multi-model (Claude, Codex). Communicates over ACP.", |
Comment on lines
+75
to
+79
| if (trimmed === 'approvals:') { | ||
| inApprovals = true; | ||
| approvalsIndent = indent; | ||
| continue; | ||
| } |
Comment on lines
+289
to
+292
| return { outcome: 'selected', optionId: allowOptionId }; | ||
| } | ||
| throw new Error('Permission denied: no allow option'); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the extension's branding and enhances its permission system. The most significant changes are the renaming of the extension to "Hermes Code Agent" and the addition of a configuration-based mechanism to disable permission approval dialogs.
Branding updates:
package.json, including thename,displayName, activity bar title, and relevant keywords. [1] [2] [3]Permission system improvements:
readApprovalsDisabledfunction insrc/extension.tsto detect if permission approvals are disabled via~/.hermes/config.yaml(by settingapprovals.modetofalse,off, orno).permissionHandlerlogic to: