diff --git a/gateway/platforms/base.py b/gateway/platforms/base.py index e1b677f12..08e3153ca 100644 --- a/gateway/platforms/base.py +++ b/gateway/platforms/base.py @@ -954,11 +954,13 @@ def _media_delivery_denied_paths() -> List[Path]: home = Path(os.path.expanduser("~")) for sub in _MEDIA_DELIVERY_DENIED_HOME_SUBPATHS: denied.append(home / sub) - # The Hermes home itself contains credentials (auth.json, .env) — only the - # cache subdirectories under it are explicitly allowlisted above. + # The Hermes home itself contains credentials (auth.json, .env) and + # configuration (config.yaml) — only the cache subdirectories under it + # are explicitly allowlisted above. denied.append(_HERMES_HOME / ".env") denied.append(_HERMES_HOME / "auth.json") denied.append(_HERMES_HOME / "credentials") + denied.append(_HERMES_HOME / "config.yaml") return denied diff --git a/hermes_cli/tips.py b/hermes_cli/tips.py index feebe4310..5c6fa9105 100644 --- a/hermes_cli/tips.py +++ b/hermes_cli/tips.py @@ -430,7 +430,7 @@ TIPS = [ 'hermes -z "" is the purest one-shot: final answer on stdout, nothing else — ideal for piping in scripts.', 'hermes chat --pass-session-id injects the session ID into the system prompt so the agent can self-reference it.', 'hermes chat --image path/to/pic.png attaches a local image to a single -q query without a separate upload step.', - 'hermes chat --ignore-user-config skips ~/.hermes/config.yaml — reproducible bug reports and CI runs.', + 'hermes chat --ignore-user-config skips user config entirely — reproducible bug reports and CI runs.', "hermes chat --source tool tags programmatic chats so they don't clutter hermes sessions list.", 'hermes dump --show-keys includes redacted API key fingerprints for deeper support debugging.', 'hermes sessions rename "new title" renames any past session; hermes sessions delete removes one.',