PL j{t UdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl ZddlmZejeZdZdedZdZded ed efd Zded ed efd Zd efd Zdaedzezed<dZ da!eed<e j"Z#da$e j%dzed<e&Z'e&eed<e j"Z(deded dfdZ)d;dZ*dZ+d efdZ,d efdZ-d edzfdZ.d efdZ/dd8Z?d9ed efd:Z@dS)>uTirith pre-exec security scanning wrapper. Runs the tirith binary as a subprocess to scan commands for content-level threats (homograph URLs, pipe-to-interpreter, terminal injection, etc.). Exit code is the verdict source of truth: 0 = allow, 1 = block, 2 = warn JSON stdout enriches findings/summary but never overrides the verdict. Operational failures (spawn error, timeout, unknown exit code) respect the fail_open config setting. Programming errors propagate. Auto-install: if tirith is not found on PATH or at the configured path, it is automatically downloaded from GitHub releases to $HERMES_HOME/bin/tirith. The download always verifies SHA-256 checksums. When cosign is available on PATH, provenance verification (GitHub Actions workflow signature) is also performed. If cosign is not installed, the download proceeds with SHA-256 verification only — still secure via HTTPS + checksum, just without supply chain provenance proof. Installation runs in a background thread so startup never blocks. N)get_hermes_homezsheeki03/tirithz^https://github.com/z,/\.github/workflows/release\.yml@refs/tags/vz+https://token.actions.githubusercontent.comkeydefaultreturnc^tj|}||S|dvS)N>1yestrue)osgetenvlowerrrvals 9/home/kuhnn/.hermes/hermes-agent/tools/tirith_security.py _env_boolr3s- )C..C { 99;;. ..cvtj|}||S t|S#t$r|cYSwxYw)N)r r int ValueErrorrs r_env_intr:sM )C..C {3xx s ) 88c ddddd} ddlm}|dipi}n#t$ri}YnwxYwt d|d |d t jd |d |d td |d |d t d|d|ddS)z@Load security settings from config.yaml, with env var overrides.Ttirith)tirith_enabled tirith_pathtirith_timeouttirith_fail_openr) load_configsecurityTIRITH_ENABLEDr TIRITH_BINrTIRITH_TIMEOUTrTIRITH_FAIL_OPENr)hermes_cli.configrget Exceptionrr r r)defaultsrcfgs r_load_security_configr)Ds H 111111kmm B//52 $$4cgg>NPXYiPj6k6kllysww}h}F]/^/^__"#3SWW=MxXhOi5j5jkk%&8#''BTV^_qVr:s:stt   s &0 ??_resolved_pathF_install_failure_reason_install_thread_warned_messagesmessagect5|tvr ddddSt|dddn #1swxYwYtj|g|RdS)z``logger.warning`` but at-most-once per ``key`` for the process lifetime. Used to avoid drowning the log when a fail-open tirith misconfiguration fires on every command.N) _warned_lockr.addloggerwarning)rr/argss r _warn_oncer6qs "" " " " """""""" S!!!""""""""""""""" N7"T""""""s AAA  A cxt5tddddS#1swxYwYdS)uClear the warn-once dedupe set. Called when tirith is freshly (re)installed so a subsequent failure surfaces again — e.g. user deletes the binary mid-session. N)r1r.clearrr_reset_spawn_warning_stater:|s !!   !!!!!!!!!!!!!!!!!!s /33iQc8ttS)zAReturn the Hermes home directory, respecting HERMES_HOME env var.)strrr9rr_get_hermes_homer=s   ! !!rcZtjtdS)z3Return the path to the install-failure marker file.z.tirith-install-failed)r pathjoinr=r9rr_failure_marker_pathrAs 7<<(**,D E EErcf t}tj|}t j|z t krdSt |dd5}|cdddS#1swxYwYdS#t$rYdSwxYw)zRead the failure reason from the disk marker. Returns the reason string, or None if the marker doesn't exist or is older than _MARKER_TTL. Nrutf-8encoding) rAr r?getmtimetime _MARKER_TTLopenreadstripOSError)pmtimefs r_read_failure_reasonrQs  " "  ## IKK% K / /4 !S7 + + + $q6688>>## $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ tts<A B"B""&B B"BB"BB"" B0/B0c~t}|dS|dkr$tjdrtdSdS)zCheck if a recent install failure was persisted to disk. Returns False (allowing retry) when: - No marker exists - Marker is older than _MARKER_TTL (24h) - Marker reason is 'cosign_missing' and cosign is now on PATH NFcosign_missingcosignT)rQshutilwhich_clear_install_failed)reasons r_is_install_failed_on_diskrYsJ" # #F ~u !!!fl8&<&<!u 4rrXc, t}tjtj|dt |dd5}||ddddS#1swxYwYdS#t$rYdSwxYw)aPersist install failure to disk to avoid retry on next process. Args: reason: Short tag identifying the failure cause. Use "cosign_missing" when cosign is not on PATH so the marker can be auto-cleared once cosign becomes available. Texist_okwrDrEN)rAr makedirsr?dirnamerJwriterM)rXrNrPs r_mark_install_failedras " " BGOOA&&6666 !S7 + + + q GGFOOO                        s6ABA8+ B8A<<B?A<B BBct tjtdS#t$rYdSwxYw)z3Remove the failure marker after successful install.N)r:r unlinkrArMr9rrrWrWsT      &(()))))      s 2 AActjtd}tj|d|S)z/Return $HERMES_HOME/bin, creating it if needed.binTr[)r r?r@r=r^)ds r_hermes_bin_dirrgs8  %''//AKD!!!! Hrctj}tj}|dkrd}n |dvrd}ndS|dvrd}n |dvrd }ndS|d |S) uReturn the Rust target triple for the current platform, or None. Windows is intentionally unsupported — tirith does not ship a Windows build. Callers should treat `None` as "this platform will never have tirith" and silently fall back to pattern-matching guards. Darwinz apple-darwin>LinuxAndroidzunknown-linux-gnuN>amd64x86_64rm>arm64aarch64ro-)platformsystemmachiner )rrrsplatarchs r_detect_targetrvs_  F  &&((G ' ' '"t%%% ( ( (t  T  rc"tduS)uTrue when tirith ships a prebuilt binary for this OS+arch. Used by callers (CLI banner, etc.) to distinguish "tirith failed to install" from "tirith was never going to install here" — the latter is silent because there is nothing the user can do about it. N)rvr9rris_platform_supportedrxs   4 ''r urldesttimeoutctj|}tjd}|r|dd|tj||5}t|d5}tj ||dddn #1swxYwYddddS#1swxYwYdS)zDownload a URL to a local file. GITHUB_TOKEN Authorizationztoken )r|wbN) urllibrequestRequestr r add_headerurlopenrJrU copyfileobj)rzr{r|reqtokenresprPs r_download_filers< .  % %C In % %E : (8(8(8999   W  5 5$tD$?O?O$ST4###$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$s60B;B# B;#B' 'B;*B' +B;;B?B?checksums_pathsig_path cert_pathc tjd}|stddS t j|dd|d|dt dt|g d d d }|jd krtd d St d|j|j dS#ttj f$r&}t d|Yd}~dSd}~wwxYw)ukVerify cosign provenance signature on checksums.txt. Returns: True — cosign verified successfully False — cosign found but verification failed None — cosign not available (not on PATH, or execution failed) The caller treats both False and None as "abort auto-install" — only True allows the install to proceed. rTzcosign not found on PATHNz verify-blobz --certificatez --signaturez--certificate-identity-regexpz--certificate-oidc-issuerTcapture_outputtextr|rz%cosign provenance verification passedz(cosign verification failed (exit %d): %sFzcosign execution failed: %s)rUrVr3info subprocessrun_COSIGN_IDENTITY_REGEXP_COSIGN_ISSUER returncoder4stderrrLrMTimeoutExpired)rrrrTresultexcs r_verify_cosignrs#\( # #F  .///t ] i H ,.E (.            ! ! KK? @ @ @4 NNE +V]-@-@-B-B D D D5 Z. /4c:::tttttsAC8CC>C99C> archive_path archive_namec d}t|d5 D]S}|dd}t|dkr|d|kr |d}nTdddn #1swxYwY|std|d St j}t|d 5 t fd d D]}| | dddn #1swxYwY| }||krtd ||d SdS)z4Verify SHA-256 of the archive against checksums.txt.NrDrEz rzNo checksum entry for %sFrbc.dS)Ni )rK)rPsrz"_verify_checksum..@s!&&,,rrz&Checksum mismatch: expected %s, got %sT) rJrLsplitlenr3r4hashlibsha256iterupdate hexdigest) rrrexpectedlinepartsshachunkactualrPs @r_verify_checksumr0sH nw / / /1  DJJLL&&tQ//E5zzQ58|#;#; 8  1<@@@u .  C lD ! !Q....44  E JJu     ]]__F ?6RRRu 4s$AA88A<?A<,C>>DDT log_failuresrc |r tjn tj}t}|s@tdt jt jdSd|d}dtd}tj d} tj ||}tj |d }tj |d }tj |d } td | t|d ||t|d|n:#t$r-} |d| Yd} ~ t!j|ddSd} ~ wwxYwd} t!jdr t|d|t|d| t'||| } | durd} n| dur$|d t!j|ddStdnL#t$r%} td| Yd} ~ n"d} ~ wwxYwtdt)|||s t!j|ddSt+j|d5} | D]P}|jdks|jd r)d!|jvr1d|_| ||n0Q|d" dddt!j|dd#S dddn #1swxYwYtj |d}tj t7d} t!j||nu#t:$rh t!j||nN#t:$rA tj|n#t:$rYnwxYwYYt!j|dd$SwxYwYnwxYwtj |tj!|j"tBj#ztBj$ztBj%z| rd%nd&}td'|||d(ft!j|dS#t!j|dwxYw))a^Download and install tirith to $HERMES_HOME/bin/tirith. Verifies provenance via cosign and SHA-256 checksum. Returns (installed_path, failure_reason). On success failure_reason is "". failure_reason is a short tag used by the disk marker to decide if the failure is retryable (e.g. "cosign_missing" clears when cosign appears). z/tirith auto-install: unsupported platform %s/%s)Nunsupported_platformztirith-z.tar.gzzhttps://github.com/z/releases/latest/downloadztirith-install-)prefixz checksums.txtzchecksums.txt.sigzchecksums.txt.pemu9tirith not found — downloading latest release for %s.../z/checksums.txtztirith download failed: %sNT) ignore_errors)Ndownload_failedFrTz/checksums.txt.sigz/checksums.txt.pemz=tirith install aborted: cosign provenance verification failed)Ncosign_verification_failedz5cosign execution failed, proceeding with SHA-256 onlyz?cosign artifacts unavailable (%s), proceeding with SHA-256 onlyu{cosign not on PATH — installing tirith with SHA-256 verification only (install cosign for full supply chain verification))Nchecksum_failedzr:gzrz/tirithz..z"tirith binary not found in archive)Nbinary_not_in_archive)Ncross_device_copy_failedzcosign + SHA-256z SHA-256 onlyztirith installed to %s (%s)r+)&r3r4debugrvrrqrrrs_REPOtempfilemkdtempr r?r@rr&rUrmtreerVrrtarfilerJ getmembersnameendswithextractrgmoverMcopyrcchmodstatst_modeS_IXUSRS_IXGRPS_IXOTH)rlogtargetrbase_urltmpdirrrrrrcosign_verified cosign_resulttarmembersrcr{ verifications r_install_tirithrIs) :&..flC   F , E_&&(8(:(: < < <++,V,,,LEUEEEH  %6 7 7 7FT2w||FL99 fo>>7<<(;<<GLL)<==  OQWXXX + h7777 F F F h666 G G G G + + + C,c 2 2 2****N  fD111111S +  < ! ! O Y(>>>III(>>> JJJ!/~x S S  D((&*OO"e++CWXXX=b  fD111111[KK WXXXX d d d ]_bcccccccc d KKN O O O nlKK +*N  fD111111K\, / / 53..** 5 5;(**fk.B.B9.M.M*v{** "*FKKK///E +89994 5 5 5 5 5 5J  fD111111; 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5gll68,,w||O--x88 8 KT " " " " 8 8 8 8 C&&&& 8 8 8IdOOOOD77  fD111111 8'& 8 rwt}},t|;dlJT\YZZZ-<P)).  14FFFRx  fD11111 fD11111s BS.(ES F! F -S FS(&H)'SS) I3ISI.SS4A2M& S SMSMAS.OS P6O%$P6% P00PP0 PP0PP0P6S/P00P63S5P66A;SS configured_pathc|dkS)zHReturn True if the user explicitly configured a non-default tirith path.rr9)rs r_is_explicit_pathrs h &&rcttturtStj|}t |}ttu}|st s tada|S|rtj|r#tj |tj r|a|Stj |}|r|a|Std|tada|Stj d}|r|adat|Stjt#d}tj|r3tj |tj r|adat|S|r6tdkr)tj drdadatd }n|St$t$r|St)}|t+r ta|a|St-\}}|r|adat|Sta|at/||S) u@Resolve the tirith binary path, auto-installing if necessary. If the user explicitly set a path (anything other than the bare "tirith" default), that path is authoritative — we never fall through to auto-download a different binary. For the default "tirith": 1. PATH lookup via shutil.which 2. $HERMES_HOME/bin/tirith (previously auto-installed) 3. Auto-install from GitHub releases → $HERMES_HOME/bin/tirith Failed installs are cached for the process lifetime (and persisted to disk for 24h) to avoid repeated network attempts. Nrz6Configured tirith path %r not found; scanning disabledexplicit_path_missingrr+rSrTF)r*_INSTALL_FAILEDr r? expanduserrrxr,isfileaccessX_OKrUrVr3r4rWr@rgr-is_aliverQrYrra) rexpandedexplicitinstall_failedfound hermes_bin disk_reason installedrXs r_resolve_tirith_pathrsv$!nO&K&Kw!!/22H 11H#6N 133("8  7>>( # #  (BG(D(D %NO X&&  "NLOQ`aaa("9 L " "E "$ o//::J w~~j!!bi BG&D&D#"$  "&6 6 66<;Q;Q 6!N&( # ! # # #"NNO "'?'?'A'A" '((K#=#?#?("-'))Iv""$%N$   Orc8t5t ddddStjd}|r|ada ddddSt jtd}t j |r1t j |t j r|ada ddddSt|\}}|r|adatnta|at|ddddS#1swxYwYdS)z6Background thread target: download and install tirith.Nrr+r) _install_lockr*rUrVr,r r?r@rgrrrrrWrra)rrrrrXs r_background_installr%s ))  % ))))))))  X&&  "N&( # ))))))))W\\/"3"3X>> 7>>* % % ")J*H*H 'N&( # !))))))))$,FFF 6  )&N&( # ! # # # #,N&, #  ( ( (5))))))))))))))))))s$ DDA/DADDDc6t}|dsdStWtturIt}tj|r!tj|tjr|SdSts tada dS|d}t|}tj |}|rgtj|r#tj|tjr|a|Stj |}|r|a|Stada dStj d}|r|ada t|Stjt!d}tj|r3tj|tjr|ada t|Sttur4tdkr'tj d rdada tndSt#}|t%r ta|a dSt&t&s7t+jt.d |id at&dS) aEnsure tirith is available, downloading in background if needed. Quick PATH/local checks are synchronous; network download runs in a daemon thread so startup never blocks. Safe to call multiple times. Returns the resolved path immediately if available, or None. rNrrrrr+rSrTrT)rkwargsdaemon)r)r*rr r?rrrrxr,rrrUrVrWr@rgrQrYr-r threadingThreadrstart) rr(r?rrrrrrs rensure_installedrEs ! !C  t!nO&K&K 7>>$   BIdBG$<$< Kt ! " "("8t-(O 11Hw!!/22H  7>>( # #  (BG(D(D %NO X&&  "NL("9t L " "E "$ o//::J w~~j!!bi BG&D&D#"$(( "&6 6 66<;Q;Q 6!N&( # ! # # # #4 '((K#=#?#?("-to&>&>&@&@#*&"L1     4r2icommandc t}|dsdgddStsdgddSt|d}|d}|d}|td d |rdgd dSd gd dS t j|dddddd|gdd|}n#t $r]}dt|jdt|dd}t|d||rdgd|dcYd}~Sd gd|dcYd}~Sd}~wtj $r+td|d||r dgd|ddcYSd gd dcYSwxYw|j }|d!krd} nC|d"krd } n:|d#krd$} n1t d%||r dgd&|d'dSd gd&|d(dSg} d} |jrt!j|jni} | d)g} | dt&} | d*dpddt(} nG#t jt,f$r.td+| d krd,} n| d$krd-} YnwxYw| | | dS).a@Run tirith security scan on a command. Exit code determines action (0=allow, 1=block, 2=warn). JSON enriches findings/summary. Spawn failures and timeouts respect fail_open config. Programming errors propagate. Returns: {"action": "allow"|"warn"|"block", "findings": [...], "summary": str} rallowr+)actionfindingssummaryrrrNtirith_path_nonez/tirith path resolved to None; scanning disabledztirith path unavailableblockz%tirith path unavailable (fail-closed)checkz--jsonz--non-interactivez--shellposixz--Trztirith_spawn_failed::errnoztirith spawn failed: %sztirith unavailable: z#tirith spawn failed (fail-closed): ztirith_timeout:ztirith timed out after %dsztirith timed out (zs)ztirith timed out (fail-closed)rrrwarnz'tirith returned unexpected exit code %dztirith exit code z (fail-open)z (fail-closed)rrz.tirith JSON parse failed, using exit code onlyz-security issue detected (details unavailable)z/security warning detected (details unavailable))r)rxrr6rrrMtype__name__getattrrrr3r4stdoutrLjsonloadsr% _MAX_FINDINGS_MAX_SUMMARY_LENJSONDecodeErrorAttributeErrorr)rr(rr| fail_openrr spawn_key exit_coderrrdata raw_findingss rcheck_command_securityrs ! !C  B!rbAAA ! " "B!rbAAA&s='9::K"#G&'I  =     ]%2B[\\ \!r>efff` '8-@ w 0      k k k\499+=[[WVX@Y@Y[[ 97===  `%2B^Y\B^B^__ _ _ _ _ _ _!r>idg>i>ijjjjjjjj  $``` 'g ' ' (     d%2BbW^BbBbBbcc c c c!r>^_____`!IA~~ a a @)LLL  o%2BmV_BmBmBmnn n!r>kR[>k>k>klllHG H,2M,?,?,A,AItz&-(((rxx B// /88Ir**0b2C3C2CD  . 1HHH EFFF W  EGG v  GG H(w G GGsK7 B D7"AC:&D7,C:4D7:2D7.D76D7A>HAII)rN)r+)ry)A__doc__rr loggingr rqrUrrrrrrHurllib.requestrhermes_constantsr getLoggerr r3rrrr<boolrrrdictr)r*__annotations__rr,Lockrr-rsetr.r1r6r:rIr=rArQrYrarWrgrvrxrrrtuplerrrrrrrrr9rrr#s,    ,,,,,,  8 $ $gfff> /3//$////#t8%)d T!(((!!!!   +/!D(///!SUU#c("""y~ #C#######!!!! "#"""" FcFFFF cDj"D"      "         d 8(t(((($$$3$$$$$%3%#%#%$QU+%%%%P33SW2-1h2h2h2Th2U3:s?5Kh2h2h2h2V's't'''' i#i#iiiiX15)))))))@.2WWWdWWWW| _HC_HD_H_H_H_H_H_Hr