Skip to content

fix(sec-core): skill-ledger managed-root retry for unmanaged skills#1408

Open
zhangtaibo wants to merge 1 commit into
alibaba:mainfrom
zhangtaibo:fix/agent-sec-core-skill-ledger-unmanaged
Open

fix(sec-core): skill-ledger managed-root retry for unmanaged skills#1408
zhangtaibo wants to merge 1 commit into
alibaba:mainfrom
zhangtaibo:fix/agent-sec-core-skill-ledger-unmanaged

Conversation

@zhangtaibo

Copy link
Copy Markdown
Contributor

Fix: agent-sec-core skill-ledger unmanaged skill warning

Fixes #1406

Problem

The Hermes plugin's SkillLedgerCapability._on_pre_tool_call calls agent-sec-cli skill-ledger show <skill_dir> to check skill security status. When a skill is in ~/.hermes/skills/ but the skill-ledger daemon only manages /usr/share/anolisa/skills/*, the CLI returns latestStatus: "unmanaged" with message: null.

The plugin's code:

message = summary.get("message")
if not isinstance(message, str) or not message.strip():
    return None  # ← skips warning generation

Since message is null for unmanaged skills, the plugin returns None without generating any warning — even though the skill may have been scanned/certified in a managed root and copied to ~/.hermes/skills/.

This causes 4 TestHermesSkillLedger test cases to fail continuously (5 consecutive days 07-05~07-09):

  • test_none_skill_shows_warning
  • test_deny_skill_shows_warning
  • test_drifted_skill_shows_warning
  • test_tampered_skill_shows_warning

Fix

  1. When latestStatus == "unmanaged", retry the query against managed skill roots (/usr/share/anolisa/skills/, /usr/local/share/anolisa/skills/). If a managed copy exists with a real status, use that result instead.

  2. If no managed copy is found, generate a synthetic warning: "unmanaged — not tracked by Skill Ledger. Security status unknown." so the user is alerted that the skill has no ledger attestation.

Verification

  • Fresh clone + git apply patch + bash scripts/rpm-build.sh agent-sec-core → exit 0
  • 7 RPMs produced: agent-sec-cli-0.7.1-1.alnx4.x86_64.rpm (207M), agent-sec-hermes-hook-0.7.1-1.alnx4.x86_64.rpm (36K), etc.
  • The patched plugin correctly queries /usr/share/anolisa/skills/<name> when ~/.hermes/skills/<name> is unmanaged

Test Cases

  • tests/test_hermes_intercept_tmux.py::TestHermesSkillLedger::test_none_skill_shows_warning
  • tests/test_hermes_intercept_tmux.py::TestHermesSkillLedger::test_deny_skill_shows_warning
  • tests/test_hermes_intercept_tmux.py::TestHermesSkillLedger::test_drifted_skill_shows_warning
  • tests/test_hermes_intercept_tmux.py::TestHermesSkillLedger::test_tampered_skill_shows_warning

@zhangtaibo zhangtaibo requested review from edonyzpc and kid9 as code owners July 8, 2026 22:05
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.


云孟 seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions github-actions Bot added the component:sec-core src/agent-sec-core/ label Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

component:sec-core src/agent-sec-core/

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[nightly][agent-sec-core] skill-ledger 对 ~/.hermes/skills/ 下 unmanaged skill 不生成 warning(none/deny/drifted/tampered 4 用例持续失败)

2 participants