Commit 352b7d1
committed
docs(hermes): operator+author guide + cross-doc updates (H.4 + H.5)
Closes the Hermes slice. Adds the canonical Hermes operator
guide and updates every cross-cutting v1.0 doc to reflect the
new Stable surface.
docs/HERMES_AGENT.md (NEW):
Complete operator + agent-author guide. 9 sections:
1. Two access modes — TCL + HTTP API.
2. The 18-tool curated default registry with capability +
side-effect tags.
3. Security model — what Hermes IS / IS NOT, deployment
recommendations per scenario.
4. CLI introspection — `hermes tools|inspect|invoke`.
5. Authoring custom tools — register on HermesCore directly.
6. Anthropic Tool Use quickstart + cross-API note.
7. Compatibility-policy contract (Stable tier).
8. Audit trail — every invocation appends to
mythic/events.jsonl.
9. Reference — file map + test files.
docs/security/threat_model.md:
New asset A6 — Hermes Agent surface (HTTP + in-process).
New 8-row threat matrix block (A6.1 → A6.8) covering remote
attacker, brute-force token, DoS via Content-Length,
path-escape attempt, unaudited invocation, custom-tool
destructive operation, validation bypass, CSRF.
docs/INDEX.md:
HERMES_AGENT.md added to operator docs.
docs/compatibility_policy.md:
§3 Public-surface table gains the Hermes Agent surface as a
Stable tier — 18 tool names, HTTP endpoints, Python class
names, dataclass shapes all SemVer-stable from v1.0.0.
README.md:
"What's new in v1.0.0" gains Hermes bullet.
Command overview gains `hermes tools|inspect|invoke` and
`surface hermes` entries.
Documentation map adds HERMES_AGENT at row 15.
RELEASE_v1_0_0_2026-05-03.md:
v1.0.0 scope updated to include Hermes (32 slices total,
+633 tests). Phase table extended. Verification numbers
bumped (2298 / 156 source files).
New "Hermes Agent" subsection under "What v1.0.0 is".
tools/contract_audit.py + tests/test_contract_audit.py:
hermes baseline allowlist entry REMOVED (no longer needed —
docs/HERMES_AGENT.md exists). Both gates clean without the
allowlist crutch.
Verification:
pytest -q -> 2298 passed, 1 skipped, 109 subtests passed
python tools/contract_audit.py --strict -> clean
ruff check . -> clean
mypy mythic_vibe_cli -> 156 source files, no issues
This commit closes the Hermes slice. v1.0.0 is now ready to
tag with Hermes included (Path A from the operator scope
question).1 parent 23e34d9 commit 352b7d1
8 files changed
Lines changed: 345 additions & 17 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
64 | 64 | | |
65 | 65 | | |
66 | 66 | | |
| 67 | + | |
67 | 68 | | |
68 | 69 | | |
69 | 70 | | |
| |||
676 | 677 | | |
677 | 678 | | |
678 | 679 | | |
| 680 | + | |
| 681 | + | |
679 | 682 | | |
680 | 683 | | |
681 | 684 | | |
| |||
759 | 762 | | |
760 | 763 | | |
761 | 764 | | |
762 | | - | |
| 765 | + | |
| 766 | + | |
763 | 767 | | |
764 | 768 | | |
765 | 769 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
13 | | - | |
14 | | - | |
15 | | - | |
16 | | - | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
17 | 18 | | |
18 | 19 | | |
19 | 20 | | |
20 | 21 | | |
21 | 22 | | |
22 | 23 | | |
23 | 24 | | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
24 | 49 | | |
25 | 50 | | |
26 | 51 | | |
| |||
29 | 54 | | |
30 | 55 | | |
31 | 56 | | |
32 | | - | |
| 57 | + | |
| 58 | + | |
33 | 59 | | |
34 | 60 | | |
35 | 61 | | |
| |||
46 | 72 | | |
47 | 73 | | |
48 | 74 | | |
49 | | - | |
| 75 | + | |
50 | 76 | | |
51 | | - | |
52 | | - | |
| 77 | + | |
| 78 | + | |
53 | 79 | | |
54 | 80 | | |
55 | 81 | | |
| |||
0 commit comments