TelemetryFlow Hermes — Self-Improving AI Agent for Observability Incident Response

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, report security issues to:

• Email: security@telemetryflow.id
• GitHub: Use the Security Advisories feature

• Description of the vulnerability
• Steps to reproduce
• Affected component (tool, profile, hook, etc.)
• Potential impact
• Suggested fix (if available)

1. API Keys

   • Store all secrets in ~/.hermes/.env with chmod 600
   • Never commit .env files to version control
   • Rotate API keys every 90 days
   • Use API keys with minimum required scopes

2. ClickHouse Access

   • Use the hermes_readonly user (never admin)
   • Table-level SELECT grants only (20 tables)
   • Never grant INSERT, UPDATE, DELETE, or DDL permissions

3. Network Security

   • Restrict TFO API access with firewall rules
   • Use TLS for all API communication in production
   • Consider VPN for Telegram gateway in sensitive environments

4. Agent Permissions

   • Only the Remediator profile has write access
   • All write operations require human approval (600s timeout)
   • Reviewer uses read-only tools to prevent bias

1. No External Dependencies

   • All tools must use Python stdlib only
   • No pip packages in tool implementations
   • This eliminates supply chain attacks

2. No Secrets in Code

   • Never hardcode API keys, tokens, or passwords
   • Use environment variables for all credentials
   • .env.example contains only placeholders

3. Input Validation

   • All tool parameters must be validated before use
   • SQL queries must use parameterized patterns
   • Never trust user input in ClickHouse queries

4. Code Review

   • All PRs require review before merge
   • Security-sensitive changes require additional review
   • Automated security scanning in CI (bandit)

graph TB
    subgraph "Layer 1: Authentication"
        L1["API Key (tfs_*) · JWT Bearer · Ingestion Headers"]
    end

    subgraph "Layer 2: Authorization"
        L2["Permissions Guard · Org Scoping · Workspace Isolation"]
    end

    subgraph "Layer 3: Database"
        L3["Read-Only User · Table-Level Grants · No System Access"]
    end

    subgraph "Layer 4: Agent Constraints"
        L4["90-Turn Cap · Read-Only Tools (3/4 agents) · Approval Gates"]
    end

    subgraph "Layer 5: Data Protection"
        L5["AES-256-GCM · .env Only · Audit Logging"]
    end

    L1 --> L2 --> L3 --> L4 --> L5

• No secrets or API keys in code
• No new external dependencies introduced
• All new tools validate input parameters
• Write tools marked requires_approval: true
• ClickHouse queries use workspace_id filter
• Environment variables use TELEMETRYFLOW_ prefix
• Tests cover error handling paths
• Documentation updated for security-relevant changes

All API calls are logged by the TelemetryFlow Platform:

• audit_logs — Platform audit trail
• audit_logs_1h — Hourly rollups
• LLM usage tracked in llm_usage_analytics with interval MVs

Last updated: June 2026

Built with ❤️ by Telemetri Data Indonesia