Approvals and Command Safety for Rocky
Command approval is not red tape; it is how a team decides which actions Rocky can take autonomously and which actions need a human checkpoint.
Official Hermes Agent docs: https://hermes-agent.nousresearch.com/docs/user-guide/configuration
Approval model
- Manual approvals are best for destructive commands, secret handling, billing, permissions, and unfamiliar infrastructure.
- Smart approvals can reduce friction for routine reads and safe build checks when the environment is trusted.
- Approval-off modes should be reserved for well-bounded automation where rollback and logs are understood.
- A scheduled job should be scoped tightly enough that it does not need ad-hoc risky decisions.
Safe command boundaries
- Prefer read-only inspection before file mutation.
- Avoid shell shortcuts that delete, reset, or overwrite broad paths unless the user explicitly asked for that scope.
- Use established deploy commands rather than improvising infrastructure changes.
- Never type or print secrets in chat, screenshots, or public artifacts.
- For public sites, deploy only after local checks pass.
Pitfalls
- Letting a cron job create or modify other cron jobs without explicit instruction.
- Using secrets as examples in docs or screenshots.
- Treating a failed command as permission to fabricate output.
- Running broad cleanup commands in a project root without an exact target.
Verification steps
- State which checks were actually run.
- Confirm changed files are within the intended boundary.
- For deployment work, verify the live URL after the deploy.
- If approval or credentials block the safe path, report that blocker directly.
