Skip to content

Commit 352b7d1

Browse files
docs(hermes): operator+author guide + cross-doc updates (H.4 + H.5)
Closes the Hermes slice. Adds the canonical Hermes operator guide and updates every cross-cutting v1.0 doc to reflect the new Stable surface. docs/HERMES_AGENT.md (NEW): Complete operator + agent-author guide. 9 sections: 1. Two access modes — TCL + HTTP API. 2. The 18-tool curated default registry with capability + side-effect tags. 3. Security model — what Hermes IS / IS NOT, deployment recommendations per scenario. 4. CLI introspection — `hermes tools|inspect|invoke`. 5. Authoring custom tools — register on HermesCore directly. 6. Anthropic Tool Use quickstart + cross-API note. 7. Compatibility-policy contract (Stable tier). 8. Audit trail — every invocation appends to mythic/events.jsonl. 9. Reference — file map + test files. docs/security/threat_model.md: New asset A6 — Hermes Agent surface (HTTP + in-process). New 8-row threat matrix block (A6.1 → A6.8) covering remote attacker, brute-force token, DoS via Content-Length, path-escape attempt, unaudited invocation, custom-tool destructive operation, validation bypass, CSRF. docs/INDEX.md: HERMES_AGENT.md added to operator docs. docs/compatibility_policy.md: §3 Public-surface table gains the Hermes Agent surface as a Stable tier — 18 tool names, HTTP endpoints, Python class names, dataclass shapes all SemVer-stable from v1.0.0. README.md: "What's new in v1.0.0" gains Hermes bullet. Command overview gains `hermes tools|inspect|invoke` and `surface hermes` entries. Documentation map adds HERMES_AGENT at row 15. RELEASE_v1_0_0_2026-05-03.md: v1.0.0 scope updated to include Hermes (32 slices total, +633 tests). Phase table extended. Verification numbers bumped (2298 / 156 source files). New "Hermes Agent" subsection under "What v1.0.0 is". tools/contract_audit.py + tests/test_contract_audit.py: hermes baseline allowlist entry REMOVED (no longer needed — docs/HERMES_AGENT.md exists). Both gates clean without the allowlist crutch. Verification: pytest -q -> 2298 passed, 1 skipped, 109 subtests passed python tools/contract_audit.py --strict -> clean ruff check . -> clean mypy mythic_vibe_cli -> 156 source files, no issues This commit closes the Hermes slice. v1.0.0 is now ready to tag with Hermes included (Path A from the operator scope question).
1 parent 23e34d9 commit 352b7d1

8 files changed

Lines changed: 345 additions & 17 deletions

File tree

README.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ Highlights of the v1.0 launch (full detail in `CHANGELOG.md`):
6464
- **Governance commands**`mythic-vibe review architecture` produces a quarterly-review checklist. `mythic-vibe drift dashboard` rolls up scan findings as a category × severity scorecard. `mythic-vibe doctor --fix` auto-remediates safe scaffolding gaps (mythic/ subdirs, missing CHANGELOG `[Unreleased]`) and never touches user-authored content.
6565
- **Provenance**`mythic-vibe provenance verify` checks SHA-256 against recorded plunder source SHAs. `mythic-vibe provenance attest` computes per-line attestation between a local file and an explicit upstream original.
6666
- **Quality of life** — opt-in `init --interactive` wizard, `packet lint` heuristic linter, `ai recommend` pure-policy model picker, `persona apply` solo / team-lead / auditor presets, opt-in TUI `--panels heatmap,risk` panels, conventional-commit `scripts/check_changelog.py --classify`.
67+
- **Hermes Agent** — programmatic control plane for any external AI agent. Two access modes (TCL Python in-process + HTTP API) share one core (`mythic_vibe_cli/agent_api/`). 18 curated tools cover status, doctor, drift, packet creation/lint, verify, reflect, ai recommend, provenance verify, workflow lineage, persona, plugin doctor, artifact read/list, recent events. Every invocation audited via the existing event-log primitive. See [`docs/HERMES_AGENT.md`](docs/HERMES_AGENT.md).
6768
- **Distribution** — three channels via `.github/workflows/release.yml`: PyPI (OIDC trusted publishing), Homebrew tap, Scoop bucket, plus an offline-install wheelhouse for air-gapped operators.
6869
- **Hardening** — CI matrix expanded to 3 OS × 3 Python + Linux aarch64 row, hypothesis property tests for state migrations, CycloneDX SBOM at `docs/security/sbom.json`, threat model at `docs/security/threat_model.md`.
6970

@@ -676,6 +677,8 @@ Mythic Vibe CLI exposes the following command families. Run `mythic-vibe <comman
676677
- `ai providers|test|run|stream|ingest-response|models|telemetry|route|recommend` — optional AI provider integrations. PH-20: `recommend` is a pure-policy model picker against the static catalog
677678
- `persona apply|show` — PH-20: opt-in operator presets (`solo` / `team-lead` / `auditor`) writing `mythic/persona.json`
678679
- `slash list|inspect` — inspect + introspect the slash-command catalog (built-in + plugin-contributed)
680+
- `hermes tools|inspect|invoke` — v1.0 / Hermes: list + inspect + invoke the curated agent-tool surface from the CLI without HTTP. See [`docs/HERMES_AGENT.md`](docs/HERMES_AGENT.md).
681+
- `surface hermes [--bind ADDR --port N --token TOKEN]` — v1.0 / Hermes: launch the token-protected HTTP API for external agents.
679682

680683
### Operator helpers
681684
- `examples` — copy-paste command examples
@@ -759,7 +762,8 @@ If you do not know where to stand, begin here and follow the stones in order:
759762
12. `docs/security/threat_model.md` — assets, attackers, mitigations (with file:line anchors)
760763
13. `docs/security/sbom.json` — CycloneDX v1.6 dependency manifest
761764
14. `docs/governance/quarterly_review.md` — architecture-review cadence + agenda
762-
15. `docs/RELEASE_CHECKLIST.md` — pre-tag manual gates + tag-driven distribution flow
765+
15. `docs/HERMES_AGENT.md` — v1.0 agent control plane (TCL + HTTP API)
766+
16. `docs/RELEASE_CHECKLIST.md` — pre-tag manual gates + tag-driven distribution flow
763767
16. `packaging/README.md` — PyPI / Homebrew / Scoop / wheelhouse channel inventory
764768
17. `packaging/WHEELHOUSE.md` — offline-install recipe
765769
18. `DEVLOG.md` — chronological continuity record

RELEASE_v1_0_0_2026-05-03.md

Lines changed: 34 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -10,17 +10,42 @@
1010

1111
The first stable release of Mythic Vibe CLI. Closes both
1212
PH-19 (Distribution + Hardening, 9 slices) and PH-20
13-
(Polish + v1.0.0 Launch, 17 slices). The audit-remediation
14-
cycle that began on 2026-05-02 with a 7-phase fake/temp/pseudo
15-
sweep ends here, having delivered the full v1.0 launch gate
16-
without leaving any dangling deferrals inside the v1.0 scope.
13+
(Polish + v1.0.0 Launch, 17 slices), plus the post-PH-20
14+
**Hermes Agent control plane** (6 slices: H.0 → H.5). The
15+
audit-remediation cycle that began on 2026-05-02 ends here,
16+
having delivered the full v1.0 launch gate without leaving any
17+
dangling deferrals inside the v1.0 scope.
1718

1819
Compatibility-policy v1.0 (`docs/compatibility_policy.md`) is
1920
now binding: SemVer rules apply from this release onward;
2021
deprecations follow the documented announce → wait one minor
2122
→ remove cadence; the public surface tier table in §3 is the
2223
authoritative answer to "is X stable?"
2324

25+
### Hermes Agent (added post-PH-20, in v1.0 scope)
26+
27+
A complete programmatic control plane that lets any external AI
28+
agent see and do everything Mythic Vibe CLI exposes. Two access
29+
modes share one core (`mythic_vibe_cli/agent_api/`):
30+
31+
- **TCL** (Tool Calling Library) — in-process Python:
32+
`from mythic_vibe_cli.agent_api import HermesAgent`.
33+
- **HTTP API** — token-protected JSON endpoints over a stdlib
34+
HTTP server: `mythic-vibe surface hermes`.
35+
36+
18 curated tools cover status / doctor / drift / state / checkin
37+
/ packet create+lint / verify / reflect / review architecture /
38+
ai recommend / provenance verify / workflow lineage / persona /
39+
plugin doctor / artifact read+list / recent events. Every tool
40+
declares capabilities (PH-20.3 vocabulary) + side-effect tags.
41+
Every invocation appends an audit line to `mythic/events.jsonl`.
42+
43+
Hermes adds **+74 tests** (2224 → **2298 passing**). Stable
44+
surface under the binding compatibility-policy from this
45+
release. See `docs/HERMES_AGENT.md` for the operator + agent-
46+
author guide and `docs/security/threat_model.md` §A6 for the
47+
8-row threat matrix specific to Hermes.
48+
2449
---
2550

2651
## How v1.0.0 was built
@@ -29,7 +54,8 @@ authoritative answer to "is X stable?"
2954
|-------|-------|--------|------------|
3055
| PH-19 | Distribution + Hardening | 9 (19.0 → 19.8) | 1665 → 1987 (+322) |
3156
| PH-20 | Polish + v1.0.0 Launch | 17 (20.0 → 20.7 + 20.A → 20.I) | 1987 → 2224 (+237) |
32-
| **Total** | **26 slices** | **+559 tests** |
57+
| Hermes | Agent control plane | 6 (H.0 → H.5) | 2224 → 2298 (+74) |
58+
| **Total** | **32 slices** | **+633 tests** |
3359

3460
The work was driven by two chained Volmarr directives:
3561

@@ -46,10 +72,10 @@ Every commit independently green; no batching.
4672

4773
## Verification at the v1.0.0 cut
4874

49-
- **Tests:** `python -m pytest -q`**2224 passed, 1 skipped, 109 subtests passed**.
75+
- **Tests:** `python -m pytest -q`**2298 passed, 1 skipped, 109 subtests passed**.
5076
- **Lint:** `ruff check mythic_vibe_cli tests scripts tools` → clean.
51-
- **Types:** `mypy mythic_vibe_cli` → no issues found in **152 source files**.
52-
- **Contract audit:** `python tools/contract_audit.py` → clean.
77+
- **Types:** `mypy mythic_vibe_cli` → no issues found in **156 source files**.
78+
- **Contract audit:** `python tools/contract_audit.py --strict` → clean (no baseline allowlist needed for Hermes — `docs/HERMES_AGENT.md` is the documentation of record).
5379
- **SBOM:** `docs/security/sbom.json` regenerable via `python scripts/regenerate_sbom.py`.
5480
- **Coverage:** ≥ 82% (consistent with the post-19.0 baseline).
5581

0 commit comments

Comments
 (0)