During March 2026, Gutslabs developed a Secure Workspace Access Policy for the NousResearch/hermes-agent repository, focusing on enhancing workspace isolation and security. They implemented this feature in Python, leveraging file system operations to restrict '@' references exclusively to safe workspace paths. The solution defaulted the allowed root to the current working directory and introduced a blocklist for sensitive files and directories, effectively preventing unauthorized access beyond the defined workspace. This approach addressed potential security risks by hardening context handling and ensuring that only permitted paths could be accessed, demonstrating a thoughtful application of Python development and security best practices.