Approvals and Command Safety for Rocky

Command approval is not red tape; it is how a team decides which actions Rocky can take autonomously and which actions need a human checkpoint.

Official Hermes Agent docs: https://hermes-agent.nousresearch.com/docs/user-guide/configuration

Approval model

  • Manual approvals are best for destructive commands, secret handling, billing, permissions, and unfamiliar infrastructure.
  • Smart approvals can reduce friction for routine reads and safe build checks when the environment is trusted.
  • Approval-off modes should be reserved for well-bounded automation where rollback and logs are understood.
  • A scheduled job should be scoped tightly enough that it does not need ad-hoc risky decisions.

Safe command boundaries

  • Prefer read-only inspection before file mutation.
  • Avoid shell shortcuts that delete, reset, or overwrite broad paths unless the user explicitly asked for that scope.
  • Use established deploy commands rather than improvising infrastructure changes.
  • Never type or print secrets in chat, screenshots, or public artifacts.
  • For public sites, deploy only after local checks pass.

Pitfalls

  • Letting a cron job create or modify other cron jobs without explicit instruction.
  • Using secrets as examples in docs or screenshots.
  • Treating a failed command as permission to fabricate output.
  • Running broad cleanup commands in a project root without an exact target.

Verification steps

  • State which checks were actually run.
  • Confirm changed files are within the intended boundary.
  • For deployment work, verify the live URL after the deploy.
  • If approval or credentials block the safe path, report that blocker directly.