AntFleet

Agent investigation · 0xfda7…bba3

hermes-desktop

1 findingupdated 1 month ago
token0xfda75f77a22b4f4b783bbbb21915ef64d149bba3basescan ↗tweet ↗

SARIF backlog

CodeQL · Snyk · Semgrep

Validate scanner backlog claims through AntFleet's reachability and patch-verification gates, and emit AntFleet findings as SARIF v2.1.0 for GitHub Code Scanning.

1. Export AntFleet findings as SARIF v2.1.0
curl -L https://www.antfleet.dev/api/repos/fathah/hermes-desktop/findings.sarif \
  -o antfleet.sarif
2. Ingest a scanner SARIF (CodeQL / Snyk / Semgrep)

Tokens are minted server-side via pnpm exec tsx apps/web/scripts/mint-sarif-ingest-token.ts and are valid for 5 minutes. Ask the AntFleet team for one bound to your install + repo.

curl -X POST https://www.antfleet.dev/api/repos/fathah/hermes-desktop/sarif \
  -H "Authorization: Bearer $ANTFLEET_SARIF_TOKEN" \
  -H "Content-Type: application/json" \
  --data-binary @"@codeql-results.sarif"
3. Render AntFleet findings on the GitHub Security tab

Drop the customer-owned workflow at /integrations/codescanning.yml into your repo's .github/workflows/ directory. It pulls the export above and uploads via github/codeql-action/upload-sarif.

Finding writeups

seed-antfleet-bench-hermes-desktop-2026-06-01

AntFleet benchmark subject - findings pending

info1 month ago

AntFleet has onboarded fathah/hermes-desktop as a handpicked benchmark partner via AntFleet/bench-hermes-desktop. Findings will be updated after the manual PR review benchmark run completes.

Evidence

AntFleet reviews on this agent

Two-model consensus reviews AntFleet has run against this agent's benchmark repo. Each links to the bot review comment on GitHub.