From e0aaacdb96e9a19d4a588df07d2f3f813ad35669 Mon Sep 17 00:00:00 2001
From: Stephen Chin <steveonjava@gmail.com>
Date: Sat, 2 May 2026 08:09:00 -0700
Subject: [PATCH] fix(hermes-agent): restrict /proc access in systemd services

Hermes strips sensitive env vars from tool subprocesses, but child
processes can recover them by reading /proc/<parent_pid>/environ. Add
ProtectProc=invisible and ProcSubset=pid to both systemd services to
hide other processes' /proc entries and limit /proc to the service's
own PID namespace.

Ref: https://github.com/NousResearch/hermes-agent/issues/4427
---
 install/hermes-agent-install.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/install/hermes-agent-install.sh b/install/hermes-agent-install.sh
index 43be60ec..781ad0d5 100644
--- a/install/hermes-agent-install.sh
+++ b/install/hermes-agent-install.sh
@@ -76,6 +76,8 @@ Environment="HERMES_HOME=/home/hermes/.hermes"
 Environment="HOME=/home/hermes"
 Restart=on-failure
 RestartSec=5
+ProtectProc=invisible
+ProcSubset=pid
 
 [Install]
 WantedBy=multi-user.target
@@ -103,6 +105,8 @@ Environment="PATH=/home/hermes/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sb
 Environment="NODE_OPTIONS=--max-old-space-size=3072"
 Restart=on-failure
 RestartSec=5
+ProtectProc=invisible
+ProcSubset=pid
 
 [Install]
 WantedBy=multi-user.target