Skip to content

Instantly share code, notes, and snippets.

@olafgeibig

olafgeibig/patch-hermes-azure-filter.sh

Last active April 21, 2026 12:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save olafgeibig/c51474131c2f5802a699dc7edfac04ad to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save olafgeibig/c51474131c2f5802a699dc7edfac04ad to your computer and use it in GitHub Desktop.
Download ZIP
Patch hermes-agent prompts, so the Azure safety filter does not kick in
Raw
patch-hermes-azure-filter.sh
#!/usr/bin/env bash
# =============================================================================
# patch-hermes-azure-filter.sh
#
# Replace [SYSTEM: ...] marker prefix with [IMPORTANT: ...] in all Python
# source files under the Hermes Agent repo. This avoids Azure OpenAI
# prompt-injection heuristics that treat [SYSTEM: ...] as a signal.
#
# Scope: ALL *.py files under the repo root that actually contain [SYSTEM:.
# Safe: only replaces the literal prefix "[SYSTEM:" → "[IMPORTANT:",
# nothing else.
#
# Usage:
# ~/.hermes/bin/patch-hermes-azure-safety.sh # apply
# ~/.hermes/bin/patch-hermes-azure-safety.sh --dry-run # preview
# HERMES_AGENT_REPO_ROOT=~/src/hermes-agent ~/.hermes/bin/patch-hermes-azure-safety.sh
# =============================================================================
set -euo pipefail
# Resolve repo root.
repo_root="${HERMES_AGENT_REPO_ROOT:-$HOME/.hermes/hermes-agent}"
repo_root="$(cd "$repo_root" && pwd -L)"
if [[ ! -d "$repo_root" ]]; then
echo "ERROR: not a directory: $repo_root" >&2
exit 1
fi
# ---- Dry-run option -----------------------------------------------------------
dry_run=false
if [[ "${1:-}" == "--dry-run" ]]; then
dry_run=true
fi
# ---- Find only files that contain [SYSTEM: -----------------------------------
# Use ripgrep (rg) for speed — far faster than grep + while read over 23k files.
# Fall back to find+grep if rg is not available.
if command -v rg &>/dev/null; then
matching_files=$(cd "$repo_root" && rg -l '\[SYSTEM:' --type py --glob '!.git/' --glob '!__pycache__/' --glob '!node_modules/' . 2>/dev/null || true)
else
# Portable fallback: find + grep (slower, but works everywhere)
matching_files=$(find "$repo_root" -type f -name '*.py' \
! -path '*/.git/*' \
! -path '*/__pycache__/*' \
! -path '*/node_modules/*' \
-exec grep -l '\[SYSTEM:' {} + 2>/dev/null || true)
fi
if [[ -z "$matching_files" ]]; then
echo "No files containing [SYSTEM: found under $repo_root — nothing to do."
exit 0
fi
# Convert to array — use set + newline-split for bash 3.2 compatibility
set -- ${matching_files}
num_files=$#
echo "Found $num_files file(s) containing [SYSTEM:"
if $dry_run; then
echo "Dry-run: no changes made."
fi
echo
# ---- Patch -------------------------------------------------------------------
changed=0
for f in "$@"; do
if $dry_run; then
echo "[DRY-RUN] would patch: $f"
# Show context for each match (using rg for speed)
rg '\[SYSTEM:' "$f" --type py -n 2>/dev/null | sed 's/^/ /'
else
# -0777: slurp entire file so the pattern crosses newlines if needed
# s/\[SYSTEM:/[IMPORTANT:/g: literal prefix replacement only
perl -0777 -i -pe 's/\[SYSTEM:/[IMPORTANT:/g' "$f"
echo "patched: $f"
fi
((changed++)) || true
done
# ---- Summary -----------------------------------------------------------------
echo
if $dry_run; then
echo "Dry-run complete. $changed file(s) would be changed."
echo "Run without --dry-run to apply."
else
echo "Done. Patched $changed file(s)."
echo
# Verify
still_match=$(rg -l '\[SYSTEM:' "$@" --type py 2>/dev/null | wc -l | tr -d ' ' || true)
if [[ "$still_match" -eq 0 ]]; then
echo "Verification: no [SYSTEM: markers remain — all clean."
else
echo "Verification: $still_match file(s) still contain [SYSTEM: — review:"
rg -l '\[SYSTEM:' "$@" --type py 2>/dev/null | sed 's/^/ /'
fi
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment