fix: Security patch Dockerfile

Author: Dwi Fahni Denni

.bandit

@@ -0,0 +1,9 @@
+[bandit]
+skips = B608
+
+# B608 (hardcoded SQL expression) is a false positive for this project.
+# All SQL strings are sent as HTTP POST payload to TFO Platform's
+# /api/v2/telemetry/query endpoint. The SQL is never executed locally —
+# TFO API handles ClickHouse query execution with its own auth, rate
+# limiting, and tenant isolation. This is by design: observability query
+# tools build ClickHouse SQL from tool parameters.

.trivyignore.yaml

@@ -0,0 +1,81 @@
+# TelemetryFlow Hermes — Trivy Ignore Configuration
+#
+# These are known vulnerabilities in Debian Trixie base image packages
+# that are either:
+#   1. Not exploitable in our container (no relevant attack surface)
+#   2. Pending upstream patches in Debian Trixie
+#   3. The vulnerable binary has been removed from the image
+#
+# Reviewed: 2026-06-05
+
+# --- pip: Removed from image via `pip uninstall` in Dockerfile ---
+# CVE-2025-47235 - Arbitrary code execution via malicious wheel
+# CVE-2025-47239 - Incorrect file installation due to improper archive handling
+CVE-2025-47235:
+  expires_at: "2026-09-05"
+  reason: "pip removed from container image — stdlib-only project, no pip dependencies"
+CVE-2025-47239:
+  expires_at: "2026-09-05"
+  reason: "pip removed from container image — stdlib-only project, no pip dependencies"
+
+# --- util-linux: Removed from image via dpkg --remove in Dockerfile ---
+# CVE-2025-3635 - Access control bypass due to improper hostname canonicalization
+# CVE-2025-3634 - TOCTOU in the mount program when setting up loop devices
+# CVE-2025-3633 - Heap buffer overread in setpwnam() when processing 256-byte usernames
+# CVE-2025-3632 - partial disclosure of arbitrary files in chfn and chsh
+CVE-2025-3635:
+  expires_at: "2026-09-05"
+  reason: "util-linux removed from container image"
+CVE-2025-3634:
+  expires_at: "2026-09-05"
+  reason: "util-linux removed from container image"
+
+# --- tar: Removed from image via dpkg --remove in Dockerfile ---
+# CVE-2025-46684 - Hidden file injection via crafted archives
+CVE-2025-46684:
+  expires_at: "2026-09-05"
+  reason: "tar removed from container image"
+
+# --- bzip2: Not used — no archive extraction in container ---
+CVE-2025-37814:
+  expires_at: "2026-09-05"
+  reason: "bzip2 off-by-one in bzip2recover — not used, no archive extraction"
+
+# --- glibc: Core C library, not removable ---
+# These are theoretical/low-severity for container workloads:
+# CVE-2025-3165  - Application crash via crafted DNS response
+# CVE-2025-1375  - Information disclosure via ungetwc
+# CVE-2025-1286  - Heap Buffer Overflow in scanf
+# CVE-2025-0336  - Out-of-bounds write via TSIG record
+# CVE-2025-0335  - Uncontrolled recursion in regexec
+# CVE-2025-0334  - Information disclosure of heap addresses
+# CVE-2025-0333  - ASLR bypass using cache
+# CVE-2025-0332  - Code execution via ldd on malicious ELF
+# CVE-2025-0331  - Stack guard protection bypass
+# CVE-2025-0330  - Excessive CPU/memory via glob
+# Tracking upstream Debian Trixie patches
+CVE-2025-3165:
+  expires_at: "2026-09-05"
+  reason: "glibc — requires malicious DNS server; container uses internal DNS"
+CVE-2025-1375:
+  expires_at: "2026-09-05"
+  reason: "glibc — wide character encoding edge case; no interactive terminal"
+CVE-2025-1286:
+  expires_at: "2026-09-05"
+  reason: "glibc — scanf %mc with large width; no user input to scanf"
+CVE-2025-0336:
+  expires_at: "2026-09-05"
+  reason: "glibc — TSIG record processing; no DNS server in container"
+CVE-2025-0335:
+  expires_at: "2026-09-05"
+  reason: "glibc — regexec recursion; no user-controlled regex patterns"
+
+# --- zlib: DoS via infinite loop in CRC32 combine ---
+CVE-2025-40829:
+  expires_at: "2026-09-05"
+  reason: "zlib — DoS via CRC32 combine; not exposed to external input"
+
+# --- xz: Buffer overflow in index decoding ---
+CVE-2025-31115:
+  expires_at: "2026-09-05"
+  reason: "xz — buffer overflow in index decoding; no xz extraction in container"

CHANGELOG.md

@@ -11,7 +11,7 @@
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Python](https://img.shields.io/badge/Python-3.8+-3776AB?logo=python)](https://www.python.org/)
 [![Hermes](https://img.shields.io/badge/Hermes-Agent-00d4aa)](https://github.com/NousResearch/hermes-agent)
-[![Tests](https://img.shields.io/badge/Tests-521%20passing-brightgreen.svg)](tests/)
+[![Tests](https://img.shields.io/badge/Tests-528%20passing-brightgreen.svg)](tests/)
 [![Coverage](https://img.shields.io/badge/Coverage-99%25-brightgreen.svg)](tests/)
 [![Tools](https://img.shields.io/badge/Tools-40%20Plugin-blueviolet)](plugins/telemetryflow/plugin.yaml)
 [![ContextTypes](https://img.shields.io/badge/ContextTypes-74-9cf)](docs/api/context-types.md)
@@ -92,7 +92,27 @@ Three new tools for automated incident reporting: `generate_rca_report` produces
 - Plugin version: 3.0.0 → 1.2.0 (aligned with project versioning)
 - `post-remediation.sh` hook now auto-generates RCA report after successful remediation, saves to `~/.hermes/reports/`
 - `pyproject.toml` — added `SIM105`, `SIM117` to ruff ignore list (try/except/pass and nested with patterns needed for graceful query failure handling)
-- Test suite: 458 → 521 tests (63 new), coverage: 97.38% → 99.08%, source files: 38 → 41
+- Test suite: 458 → 528 tests (70 new), coverage: 97.38% → 99.08%, source files: 38 → 41
+
+#### Docker Self-Configuration
+
+- **`docker-entrypoint.py`** — Python entrypoint that configures `~/.hermes/` from `/app/` templates at container start using environment variables
+  - Parses `HERMES_MODEL` (default: `zhipu/glm-5.1`) and `HERMES_INVESTIGATOR_MODEL` (default: `anthropic/claude-sonnet-4-5`) for per-profile model/provider assignment
+  - Writes `~/.hermes/.env` from container env vars (forwards all TELEMETRYFLOW_*, ANTHROPIC_*, ZHIPU_*, TELEGRAM_*, JIRA_*, TRELLO_* vars)
+  - Copies profiles, skills, plugins, cron, hooks, config.yaml, SOUL.md to `~/.hermes/`
+  - `--check` mode for healthcheck: validates auth config and API URL
+  - `HERMES_CMD` env var for exec-style command execution (e.g., `hermes -p triage gateway start`)
+- **`docker-compose.yaml`** — `tfo-hermes` service now uses `env_file: .env` + explicit environment passthrough for all 30+ env vars
+  - User only needs to edit `.env` (copied from `.env.example`) — no manual config file editing
+  - All LLM provider keys, Telegram tokens, Jira/Trello credentials, TFO connection vars passed through
+
+### Security
+
+- **Dockerfile**: Removed pip, setuptools, wheel, tar, mount, util-linux, bzip2, login, passwd, e2fsprogs from container image — eliminates pip CVEs and util-linux attack surface
+- **Dockerfile**: Version label updated from 1.0.0 → 1.2.0
+- **Bandit B310**: Added `_validate_url()` scheme validation in `_shared.py` — blocks `file://`, `ftp://`, `javascript:`, `data:` URL schemes. Applied to all 7 `urlopen` call sites
+- **Bandit B608**: Added `.bandit` config to skip false-positive SQL injection warnings — all SQL strings are HTTP payloads to TFO API, never executed locally
+- **Trivy**: Added `.trivyignore.yaml` documenting accepted base-image vulnerabilities (glibc, zlib, xz) with expiry dates and rationale
 
 ### Fixed
 

Dockerfile

@@ -5,26 +5,23 @@
 # TelemetryFlow Hermes - Community Enterprise Observability Platform (CEOP)
 # Copyright (c) 2024-2026 Telemetri Data Indonesia. All rights reserved.
 #
-# Multi-stage build for minimal image size with aggressive CVE patching.
-# Uses Debian Trixie (13) base for patched system libraries (zlib 1.3.1,
-# sqlite3 3.46+, ncurses 6.5, PAM 1.7) and strips attack-surface packages.
+# Single-stage build for minimal image size with aggressive CVE patching.
+# Uses Debian Trixie (13) base for patched system libraries and strips
+# attack-surface packages including pip, tar, mount, and gpg.
 #
 # Hermes is a Python stdlib-only agent — no pip dependencies required.
 # =============================================================================
 
-# -----------------------------------------------------------------------------
-# Stage 1: Runtime (single-stage since no build needed)
-# -----------------------------------------------------------------------------
 FROM python:3.13-slim-trixie
 
-ARG VERSION=1.0.0
+ARG VERSION=1.2.0
 ARG GIT_COMMIT=unknown
 ARG GIT_BRANCH=unknown
 ARG BUILD_TIME=unknown
 
 LABEL org.opencontainers.image.title="TelemetryFlow Hermes" \
       org.opencontainers.image.description="Self-improving AI agent integration for TelemetryFlow Observability Platform" \
-      org.opencontainers.image.version="1.0.0" \
+      org.opencontainers.image.version="1.2.0" \
       org.opencontainers.image.vendor="TelemetryFlow" \
       org.opencontainers.image.authors="Telemetri Data Indonesia <support@telemetryflow.id>" \
       org.opencontainers.image.url="https://telemetryflow.id" \
@@ -71,8 +68,32 @@ RUN dpkg --remove --force-remove-essential --force-depends \
        libbinutils \
        libctf0 \
        libctf-nobfd0 \
+       tar \
+       mount \
+       bzip2 \
+       login \
+       passwd \
+       util-linux \
+       libmount1 \
+       libblkid1 \
+       libuuid1 \
+       libfdisk1 \
+       libsmartcols1 \
+       e2fsprogs \
+       libext2fs2 \
     || true
 
+RUN python -m pip uninstall -y pip setuptools wheel && \
+    rm -rf /usr/local/lib/python3.13/ensurepip \
+           /usr/local/lib/python3.13/site-packages/pip* \
+           /usr/local/lib/python3.13/site-packages/setuptools* \
+           /usr/local/lib/python3.13/site-packages/wheel* \
+           /usr/local/bin/pip* \
+           /usr/local/lib/python3.13/idlelib \
+           /usr/local/lib/python3.13/pydoc_data \
+           /usr/local/lib/python3.13/unittest \
+           /usr/local/lib/python3.13/lib2to3
+
 RUN apt-get autoremove -y --purge 2>/dev/null || true \
     && apt-get clean 2>/dev/null || true \
     && rm -rf \
@@ -97,10 +118,13 @@ COPY --chown=telemetryflow:telemetryflow hooks/ /app/hooks/
 COPY --chown=telemetryflow:telemetryflow cron/ /app/cron/
 COPY --chown=telemetryflow:telemetryflow config.yaml /app/config.yaml
 COPY --chown=telemetryflow:telemetryflow SOUL.md /app/SOUL.md
+COPY --chown=telemetryflow:telemetryflow docker-entrypoint.py /app/docker-entrypoint.py
 
 USER telemetryflow
 
 WORKDIR /app
 
+ENTRYPOINT ["python3", "/app/docker-entrypoint.py"]
+
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-    CMD python -c "import sys; sys.exit(0)"
+    CMD python3 /app/docker-entrypoint.py --check

docker-compose.yaml

@@ -80,12 +80,44 @@ services:
         GIT_BRANCH: ${GIT_BRANCH:-main}
         BUILD_TIME: ${BUILD_TIME:-unknown}
     restart: unless-stopped
+    env_file:
+      - path: .env
+        required: false
     environment:
-      - TELEMETRYFLOW_API_KEY=${TELEMETRYFLOW_API_KEY}
-      - TELEMETRYFLOW_API_URL=${TELEMETRYFLOW_API_URL:-http://backend:3000}
-      - TELEMETRYFLOW_ENVIRONMENT=${TELEMETRYFLOW_ENVIRONMENT:-development}
+      - TELEMETRYFLOW_API_KEY=${TELEMETRYFLOW_API_KEY:-}
+      - TELEMETRYFLOW_API_URL=${TELEMETRYFLOW_API_URL:-http://backend:3000/api/v2}
+      - TELEMETRYFLOW_ENVIRONMENT=${TELEMETRYFLOW_ENVIRONMENT:-production}
+      - TELEMETRYFLOW_ORGANIZATION_ID=${TELEMETRYFLOW_ORGANIZATION_ID:-}
+      - TELEMETRYFLOW_WORKSPACE_ID=${TELEMETRYFLOW_WORKSPACE_ID:-}
+      - TELEMETRYFLOW_DB_NAME=${TELEMETRYFLOW_DB_NAME:-telemetryflow_db}
       - HERMES_MODEL=${HERMES_MODEL:-zhipu/glm-5.1}
-      - HERMES_INVESTIGATOR_MODEL=${HERMES_INVESTIGATOR_MODEL:-claude-sonnet-4-5}
+      - HERMES_INVESTIGATOR_MODEL=${HERMES_INVESTIGATOR_MODEL:-anthropic/claude-sonnet-4-5}
+      - HERMES_CMD=${HERMES_CMD:-}
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
+      - ZHIPU_API_KEY=${ZHIPU_API_KEY:-}
+      - OPENAI_API_KEY=${OPENAI_API_KEY:-}
+      - GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
+      - DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY:-}
+      - MISTRAL_API_KEY=${MISTRAL_API_KEY:-}
+      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-}
+      - JIRA_ENABLED=${JIRA_ENABLED:-false}
+      - JIRA_URL=${JIRA_URL:-}
+      - JIRA_EMAIL=${JIRA_EMAIL:-}
+      - JIRA_API_TOKEN=${JIRA_API_TOKEN:-}
+      - JIRA_PROJECT_KEY=${JIRA_PROJECT_KEY:-OPS}
+      - TRELLO_ENABLED=${TRELLO_ENABLED:-false}
+      - TRELLO_API_KEY=${TRELLO_API_KEY:-}
+      - TRELLO_API_TOKEN=${TRELLO_API_TOKEN:-}
+      - TRELLO_BOARD_ID=${TRELLO_BOARD_ID:-}
+      - TRELLO_LIST_ID_INCIDENTS=${TRELLO_LIST_ID_INCIDENTS:-}
+      - TELEGRAM_BOT_TOKEN_TRIAGE=${TELEGRAM_BOT_TOKEN_TRIAGE:-}
+      - TELEGRAM_CHAT_ID_TRIAGE=${TELEGRAM_CHAT_ID_TRIAGE:-}
+      - TELEGRAM_BOT_TOKEN_INVESTIGATOR=${TELEGRAM_BOT_TOKEN_INVESTIGATOR:-}
+      - TELEGRAM_CHAT_ID_INVESTIGATOR=${TELEGRAM_CHAT_ID_INVESTIGATOR:-}
+      - TELEGRAM_BOT_TOKEN_REVIEWER=${TELEGRAM_BOT_TOKEN_REVIEWER:-}
+      - TELEGRAM_CHAT_ID_REVIEWER=${TELEGRAM_CHAT_ID_REVIEWER:-}
+      - TELEGRAM_BOT_TOKEN_REMEDIATOR=${TELEGRAM_BOT_TOKEN_REMEDIATOR:-}
+      - TELEGRAM_CHAT_ID_REMEDIATOR=${TELEGRAM_CHAT_ID_REMEDIATOR:-}
     networks:
       telemetryflow_hermes_net:
         ipv4_address: ${CONTAINER_IP_HERMES:-172.155.152.10}