Hermes Platform

Security Overview

Implemented safeguards, known limits and the route for responsible security reports.

Effective 10 July 2026 · Policy 2026-07-10.v1 · Draft pending counsel review

Tenant runtime

Each active tenant uses a separate non-privileged container without Docker socket access. Tenant state is isolated under its own persistent data path and attachments first enter a bounded noexec tmpfs quarantine.

Content safeguards

The managed image uses versioned narrow detectors at inbound text, model-request, tool-call and state-database boundaries. Supported PDFs, images and office documents receive bounded local extraction. Basic beta malware checks are not a replacement for the shared ClamAV service required before public production.

Secrets

Platform integration credentials are encrypted and are not written to Hermes memory or workspace. Model-provider credentials required by the agent follow the documented managed runtime flow.

Limitations

No detector guarantees perfect identification. Terminal or generated-file paths, unsupported encodings, external-provider retention and unverified backup deletion remain documented residual risks.

Report a vulnerability

Security reports may be sent to security@links.academy. Response targets, safe-harbor language and the complete disclosure policy remain release-blocking items.