docs: add grounded tensorzero evaluation packet (#860 )

- add a script that inventories Hermes routing/evaluation surfaces relevant to a TensorZero cutover - generate a markdown and JSON evaluation packet for issue #860 - score gateway replacement, config migration, canary rollout, session feedback, and eval-suite readiness - add focused regression tests for touchpoint scanning, requirement scoring, and report rendering Refs #860
2026-04-22 11:33:31 -04:00
5 changed files with 1815 additions and 515 deletions
--- a/docs/evaluations/tensorzero-860-evaluation.json
+++ b/docs/evaluations/tensorzero-860-evaluation.json
--- a/docs/evaluations/tensorzero-860-evaluation.md
+++ b/docs/evaluations/tensorzero-860-evaluation.md
@@ -0,0 +1,217 @@
+# TensorZero Evaluation Packet
+
+Issue #860: [tensorzero LLMOps platform evaluation](https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/860)
+
+## Scope
+
+This packet evaluates TensorZero as a possible replacement for Hermes' custom provider-routing stack.
+It is intentionally grounded in the current repo state rather than a speculative cutover plan.
+
+## Issue requirements being evaluated
+
+- Deploy tensorzero gateway (Rust binary)
+- Migrate provider routing config
+- Test with canary (10% traffic) before full cutover
+- Feed session data for prompt optimization
+- Evaluation suite for A/B testing models
+
+## Recommendation
+
+Not ready for direct replacement. Recommend a shadow-evaluation phase first: keep Hermes routing live, inventory the migration seams, export SessionDB/trajectory data into an offline TensorZero experiment loop, and only design a canary gateway once percentage-based rollout controls exist.
+
+## Requirement matrix
+
+| Requirement | Status | Evidence labels | Summary |
+| --- | --- | --- | --- |
+| Gateway replacement scope | partial | fallback_chain, runtime_provider, gateway_provider_routing, cron_runtime_provider, auxiliary_fallback_chain, delegate_runtime_provider | Hermes already spreads provider routing across core agent, runtime provider, gateway, cron, auxiliary, and delegation seams; TensorZero would need parity across all of them before it can replace the gateway layer. |
+| Config migration | partial | provider_routing_config, runtime_provider, smart_model_routing, fallback_chain | Hermes has multiple config concepts to migrate (`provider_routing`, `fallback_providers`, `smart_model_routing`, runtime provider resolution), so TensorZero is not a drop-in config swap. |
+| 10% traffic canary | gap | — | The repo shows semantic routing and fallback, but no grounded 10% traffic-split canary mechanism. A TensorZero cutover would need new percentage-based rollout controls and observability hooks. |
+| Session data for prompt optimization | partial | session_db, trajectory_export | Hermes already has SessionDB and trajectory export surfaces that can feed offline optimization data, but not a TensorZero-native ingestion path yet. |
+| Evaluation suite / A/B testing | partial | benchmark_suite, trajectory_export | Hermes already has benchmark/trajectory machinery that can seed TensorZero A/B evaluation, but no integrated TensorZero experiment runner or live evaluation gateway. |
+
+## Grounded Hermes touchpoints
+
+- `run_agent.py:601` — [fallback_chain] fallback_model: Dict[str, Any] = None,
+- `run_agent.py:995` — [fallback_chain] # failure).  Supports both legacy single-dict ``fallback_model`` and
+- `run_agent.py:996` — [fallback_chain] # new list ``fallback_providers`` format.
+- `run_agent.py:997` — [fallback_chain] if isinstance(fallback_model, list):
+- `run_agent.py:998` — [fallback_chain] self._fallback_chain = [
+- `run_agent.py:999` — [fallback_chain] f for f in fallback_model
+- `run_agent.py:1002` — [fallback_chain] elif isinstance(fallback_model, dict) and fallback_model.get("provider") and fallback_model.get("model"):
+- `run_agent.py:1003` — [fallback_chain] self._fallback_chain = [fallback_model]
+- `run_agent.py:1005` — [fallback_chain] self._fallback_chain = []
+- `run_agent.py:1009` — [fallback_chain] self._fallback_model = self._fallback_chain[0] if self._fallback_chain else None
+- `run_agent.py:1010` — [fallback_chain] if self._fallback_chain and not self.quiet_mode:
+- `run_agent.py:1011` — [fallback_chain] if len(self._fallback_chain) == 1:
+- `run_agent.py:1012` — [fallback_chain] fb = self._fallback_chain[0]
+- `run_agent.py:1015` — [fallback_chain] print(f"🔄 Fallback chain ({len(self._fallback_chain)} providers): " +
+- `run_agent.py:1016` — [fallback_chain] " → ".join(f"{f['model']} ({f['provider']})" for f in self._fallback_chain))
+- `run_agent.py:5624` — [fallback_chain] if self._fallback_index >= len(self._fallback_chain):
+- `run_agent.py:5627` — [fallback_chain] fb = self._fallback_chain[self._fallback_index]
+- `run_agent.py:8559` — [fallback_chain] if self._fallback_index < len(self._fallback_chain):
+- `run_agent.py:9355` — [fallback_chain] if is_rate_limited and self._fallback_index < len(self._fallback_chain):
+- `run_agent.py:10460` — [fallback_chain] if _truly_empty and self._fallback_chain:
+- `run_agent.py:10514` — [fallback_chain] + (" and fallback attempts." if self._fallback_chain else
+- `cli.py:241` — [provider_routing_config] "smart_model_routing": {
+- `cli.py:370` — [provider_routing_config] # (e.g. platform_toolsets, provider_routing, memory, honcho, etc.)
+- `cli.py:1753` — [provider_routing_config] pr = CLI_CONFIG.get("provider_routing", {}) or {}
+- `cli.py:1762` — [provider_routing_config] # Supports new list format (fallback_providers) and legacy single-dict (fallback_model).
+- `cli.py:1763` — [provider_routing_config] fb = CLI_CONFIG.get("fallback_providers") or CLI_CONFIG.get("fallback_model") or []
+- `cli.py:1770` — [provider_routing_config] self._smart_model_routing = CLI_CONFIG.get("smart_model_routing", {}) or {}
+- `cli.py:2771` — [provider_routing_config] from agent.smart_model_routing import resolve_turn_route
+- `cli.py:2776` — [provider_routing_config] self._smart_model_routing,
+- `hermes_cli/runtime_provider.py:209` — [runtime_provider] def resolve_requested_provider(requested: Optional[str] = None) -> str:
+- `hermes_cli/runtime_provider.py:649` — [runtime_provider] def resolve_runtime_provider(
+- `agent/smart_model_routing.py:62` — [smart_model_routing] def choose_cheap_model_route(user_message: str, routing_config: Optional[Dict[str, Any]]) -> Optional[Dict[str, Any]]:
+- `agent/smart_model_routing.py:110` — [smart_model_routing] def resolve_turn_route(user_message: str, routing_config: Optional[Dict[str, Any]], primary: Dict[str, Any]) -> Dict[str, Any]:
+- `gateway/run.py:1271` — [gateway_provider_routing] def _load_provider_routing() -> dict:
+- `gateway/run.py:1285` — [gateway_provider_routing] def _load_fallback_model() -> list | dict | None:
+- `gateway/run.py:1306` — [gateway_provider_routing] def _load_smart_model_routing() -> dict:
+- `cron/scheduler.py:684` — [cron_runtime_provider] pr = _cfg.get("provider_routing", {})
+- `cron/scheduler.py:688` — [cron_runtime_provider] resolve_runtime_provider,
+- `cron/scheduler.py:697` — [cron_runtime_provider] runtime = resolve_runtime_provider(**runtime_kwargs)
+- `cron/scheduler.py:702` — [cron_runtime_provider] from agent.smart_model_routing import resolve_turn_route
+- `cron/scheduler.py:703` — [cron_runtime_provider] turn_route = resolve_turn_route(
+- `cron/scheduler.py:717` — [cron_runtime_provider] fallback_model = _cfg.get("fallback_providers") or _cfg.get("fallback_model") or None
+- `cron/scheduler.py:746` — [cron_runtime_provider] fallback_model=fallback_model,
+- `agent/auxiliary_client.py:1018` — [auxiliary_fallback_chain] def _get_provider_chain() -> List[tuple]:
+- `agent/auxiliary_client.py:1107` — [auxiliary_fallback_chain] for label, try_fn in _get_provider_chain():
+- `agent/auxiliary_client.py:1189` — [auxiliary_fallback_chain] # ── Step 2: aggregator / fallback chain ──────────────────────────────
+- `agent/auxiliary_client.py:1191` — [auxiliary_fallback_chain] for label, try_fn in _get_provider_chain():
+- `agent/auxiliary_client.py:2397` — [auxiliary_fallback_chain] # error, fall through to the fallback chain below.
+- `agent/auxiliary_client.py:2417` — [auxiliary_fallback_chain] # auto (the default) = best-effort fallback chain.  (#7559)
+- `agent/auxiliary_client.py:2589` — [auxiliary_fallback_chain] # error, fall through to the fallback chain below.
+- `tools/delegate_tool.py:662` — [delegate_runtime_provider] # bundle (base_url, api_key, api_mode) via the same runtime provider system
+- `tools/delegate_tool.py:854` — [delegate_runtime_provider] provider) is resolved via the runtime provider system — the same path used
+- `tools/delegate_tool.py:909` — [delegate_runtime_provider] from hermes_cli.runtime_provider import resolve_runtime_provider
+- `tools/delegate_tool.py:910` — [delegate_runtime_provider] runtime = resolve_runtime_provider(requested=configured_provider)
+- `hermes_state.py:115` — [session_db] class SessionDB:
+- `batch_runner.py:320` — [trajectory_export] save_trajectories=False,  # We handle saving ourselves
+- `batch_runner.py:346` — [trajectory_export] trajectory = agent._convert_to_trajectory_format(
+- `batch_runner.py:460` — [trajectory_export] trajectory_entry = {
+- `batch_runner.py:474` — [trajectory_export] f.write(json.dumps(trajectory_entry, ensure_ascii=False) + "\n")
+- `benchmarks/tool_call_benchmark.py:3` — [benchmark_suite] Tool-Calling Benchmark — Gemma 4 vs mimo-v2-pro regression test.
+- `benchmarks/tool_call_benchmark.py:9` — [benchmark_suite] python3 benchmarks/tool_call_benchmark.py                  # full 100-call suite
+- `benchmarks/tool_call_benchmark.py:10` — [benchmark_suite] python3 benchmarks/tool_call_benchmark.py --limit 10       # quick smoke test
+- `benchmarks/tool_call_benchmark.py:11` — [benchmark_suite] python3 benchmarks/tool_call_benchmark.py --models nous     # single model
+- `benchmarks/tool_call_benchmark.py:12` — [benchmark_suite] python3 benchmarks/tool_call_benchmark.py --category file   # single category
+- `benchmarks/tool_call_benchmark.py:37` — [benchmark_suite] class ToolCall:
+- `benchmarks/tool_call_benchmark.py:51` — [benchmark_suite] ToolCall("file-01", "file", "Read the file /tmp/test_bench.txt and show me its contents.",
+- `benchmarks/tool_call_benchmark.py:53` — [benchmark_suite] ToolCall("file-02", "file", "Write 'hello benchmark' to /tmp/test_bench_out.txt",
+- `benchmarks/tool_call_benchmark.py:55` — [benchmark_suite] ToolCall("file-03", "file", "Search for the word 'import' in all Python files in the current directory.",
+- `benchmarks/tool_call_benchmark.py:57` — [benchmark_suite] ToolCall("file-04", "file", "Read lines 1-20 of /etc/hosts",
+- `benchmarks/tool_call_benchmark.py:59` — [benchmark_suite] ToolCall("file-05", "file", "Patch /tmp/test_bench_out.txt: replace 'hello' with 'goodbye'",
+- `benchmarks/tool_call_benchmark.py:61` — [benchmark_suite] ToolCall("file-06", "file", "Search for files matching *.py in the current directory.",
+- `benchmarks/tool_call_benchmark.py:63` — [benchmark_suite] ToolCall("file-07", "file", "Read the first 10 lines of /etc/passwd",
+- `benchmarks/tool_call_benchmark.py:65` — [benchmark_suite] ToolCall("file-08", "file", "Write a JSON config to /tmp/bench_config.json with key 'debug': true",
+- `benchmarks/tool_call_benchmark.py:67` — [benchmark_suite] ToolCall("file-09", "file", "Search for 'def test_' in Python test files.",
+- `benchmarks/tool_call_benchmark.py:69` — [benchmark_suite] ToolCall("file-10", "file", "Read /tmp/bench_config.json and tell me what's in it.",
+- `benchmarks/tool_call_benchmark.py:71` — [benchmark_suite] ToolCall("file-11", "file", "Create a file /tmp/bench_readme.md with one line: '# Benchmark'",
+- `benchmarks/tool_call_benchmark.py:73` — [benchmark_suite] ToolCall("file-12", "file", "Search for 'TODO' comments in all .py files.",
+- `benchmarks/tool_call_benchmark.py:75` — [benchmark_suite] ToolCall("file-13", "file", "Read /tmp/bench_readme.md",
+- `benchmarks/tool_call_benchmark.py:77` — [benchmark_suite] ToolCall("file-14", "file", "Patch /tmp/bench_readme.md: replace '# Benchmark' with '# Tool Benchmark'",
+- `benchmarks/tool_call_benchmark.py:78` — [benchmark_suite] "patch", "Tool Benchmark"),
+- `benchmarks/tool_call_benchmark.py:79` — [benchmark_suite] ToolCall("file-15", "file", "Write a Python one-liner to /tmp/bench_hello.py that prints hello.",
+- `benchmarks/tool_call_benchmark.py:81` — [benchmark_suite] ToolCall("file-16", "file", "Search for all .json files in /tmp/.",
+- `benchmarks/tool_call_benchmark.py:83` — [benchmark_suite] ToolCall("file-17", "file", "Read /tmp/bench_hello.py and verify it has print('hello').",
+- `benchmarks/tool_call_benchmark.py:85` — [benchmark_suite] ToolCall("file-18", "file", "Patch /tmp/bench_hello.py to print 'hello world' instead of 'hello'.",
+- `benchmarks/tool_call_benchmark.py:87` — [benchmark_suite] ToolCall("file-19", "file", "List files matching 'bench*' in /tmp/.",
+- `benchmarks/tool_call_benchmark.py:89` — [benchmark_suite] ToolCall("file-20", "file", "Read /tmp/test_bench.txt again and summarize its contents.",
+- `benchmarks/tool_call_benchmark.py:93` — [benchmark_suite] ToolCall("term-01", "terminal", "Run `echo hello world` in the terminal.",
+- `benchmarks/tool_call_benchmark.py:95` — [benchmark_suite] ToolCall("term-02", "terminal", "Run `date` to get the current date and time.",
+- `benchmarks/tool_call_benchmark.py:97` — [benchmark_suite] ToolCall("term-03", "terminal", "Run `uname -a` to get system information.",
+- `benchmarks/tool_call_benchmark.py:99` — [benchmark_suite] ToolCall("term-04", "terminal", "Run `pwd` to show the current directory.",
+- `benchmarks/tool_call_benchmark.py:101` — [benchmark_suite] ToolCall("term-05", "terminal", "Run `ls -la /tmp/ | head -20` to list temp files.",
+- `benchmarks/tool_call_benchmark.py:103` — [benchmark_suite] ToolCall("term-06", "terminal", "Run `whoami` to show the current user.",
+- `benchmarks/tool_call_benchmark.py:105` — [benchmark_suite] ToolCall("term-07", "terminal", "Run `df -h` to show disk usage.",
+- `benchmarks/tool_call_benchmark.py:107` — [benchmark_suite] ToolCall("term-08", "terminal", "Run `python3 --version` to check Python version.",
+- `benchmarks/tool_call_benchmark.py:109` — [benchmark_suite] ToolCall("term-09", "terminal", "Run `cat /etc/hostname` to get the hostname.",
+- `benchmarks/tool_call_benchmark.py:111` — [benchmark_suite] ToolCall("term-10", "terminal", "Run `uptime` to see system uptime.",
+- `benchmarks/tool_call_benchmark.py:113` — [benchmark_suite] ToolCall("term-11", "terminal", "Run `env | grep PATH` to show the PATH variable.",
+- `benchmarks/tool_call_benchmark.py:115` — [benchmark_suite] ToolCall("term-12", "terminal", "Run `wc -l /etc/passwd` to count lines.",
+- `benchmarks/tool_call_benchmark.py:117` — [benchmark_suite] ToolCall("term-13", "terminal", "Run `echo $SHELL` to show the current shell.",
+- `benchmarks/tool_call_benchmark.py:119` — [benchmark_suite] ToolCall("term-14", "terminal", "Run `free -h || vm_stat` to check memory usage.",
+- `benchmarks/tool_call_benchmark.py:121` — [benchmark_suite] ToolCall("term-15", "terminal", "Run `id` to show user and group IDs.",
+- `benchmarks/tool_call_benchmark.py:123` — [benchmark_suite] ToolCall("term-16", "terminal", "Run `hostname` to get the machine hostname.",
+- `benchmarks/tool_call_benchmark.py:125` — [benchmark_suite] ToolCall("term-17", "terminal", "Run `echo {1..5}` to test brace expansion.",
+- `benchmarks/tool_call_benchmark.py:127` — [benchmark_suite] ToolCall("term-18", "terminal", "Run `seq 1 5` to generate a number sequence.",
+- `benchmarks/tool_call_benchmark.py:129` — [benchmark_suite] ToolCall("term-19", "terminal", "Run `python3 -c 'print(2+2)'` to compute 2+2.",
+- `benchmarks/tool_call_benchmark.py:131` — [benchmark_suite] ToolCall("term-20", "terminal", "Run `ls -d /tmp/bench* 2>/dev/null | wc -l` to count bench files.",
+- `benchmarks/tool_call_benchmark.py:135` — [benchmark_suite] ToolCall("code-01", "code", "Execute a Python script that computes factorial of 10.",
+- `benchmarks/tool_call_benchmark.py:137` — [benchmark_suite] ToolCall("code-02", "code", "Run Python to read /tmp/test_bench.txt and count its words.",
+- `benchmarks/tool_call_benchmark.py:139` — [benchmark_suite] ToolCall("code-03", "code", "Execute Python to generate the first 20 Fibonacci numbers.",
+- `benchmarks/tool_call_benchmark.py:141` — [benchmark_suite] ToolCall("code-04", "code", "Run Python to parse JSON from a string and print keys.",
+- `benchmarks/tool_call_benchmark.py:143` — [benchmark_suite] ToolCall("code-05", "code", "Execute Python to list all files in /tmp/ matching 'bench*'.",
+- `benchmarks/tool_call_benchmark.py:145` — [benchmark_suite] ToolCall("code-06", "code", "Run Python to compute the sum of squares from 1 to 100.",
+- `benchmarks/tool_call_benchmark.py:147` — [benchmark_suite] ToolCall("code-07", "code", "Execute Python to check if 'racecar' is a palindrome.",
+- `benchmarks/tool_call_benchmark.py:149` — [benchmark_suite] ToolCall("code-08", "code", "Run Python to create a CSV string with 5 rows of sample data.",
+- `benchmarks/tool_call_benchmark.py:151` — [benchmark_suite] ToolCall("code-09", "code", "Execute Python to sort a list [5,2,8,1,9] and print the result.",
+- `benchmarks/tool_call_benchmark.py:153` — [benchmark_suite] ToolCall("code-10", "code", "Run Python to count lines in /etc/passwd.",
+- `benchmarks/tool_call_benchmark.py:155` — [benchmark_suite] ToolCall("code-11", "code", "Execute Python to hash the string 'benchmark' with SHA256.",
+- `benchmarks/tool_call_benchmark.py:157` — [benchmark_suite] ToolCall("code-12", "code", "Run Python to get the current UTC timestamp.",
+- `benchmarks/tool_call_benchmark.py:159` — [benchmark_suite] ToolCall("code-13", "code", "Execute Python to convert 'hello world' to uppercase and reverse it.",
+- `benchmarks/tool_call_benchmark.py:161` — [benchmark_suite] ToolCall("code-14", "code", "Run Python to create a dictionary of system info (platform, python version).",
+- `benchmarks/tool_call_benchmark.py:163` — [benchmark_suite] ToolCall("code-15", "code", "Execute Python to check internet connectivity by resolving google.com.",
+- `benchmarks/tool_call_benchmark.py:167` — [benchmark_suite] ToolCall("deleg-01", "delegate", "Use a subagent to find all .log files in /tmp/.",
+- `benchmarks/tool_call_benchmark.py:169` — [benchmark_suite] ToolCall("deleg-02", "delegate", "Delegate to a subagent: what is 15 * 37?",
+- `benchmarks/tool_call_benchmark.py:171` — [benchmark_suite] ToolCall("deleg-03", "delegate", "Use a subagent to check if Python 3 is installed and its version.",
+- `benchmarks/tool_call_benchmark.py:173` — [benchmark_suite] ToolCall("deleg-04", "delegate", "Delegate: read /tmp/test_bench.txt and summarize it in one sentence.",
+- `benchmarks/tool_call_benchmark.py:175` — [benchmark_suite] ToolCall("deleg-05", "delegate", "Use a subagent to list the contents of /tmp/ directory.",
+- `benchmarks/tool_call_benchmark.py:177` — [benchmark_suite] ToolCall("deleg-06", "delegate", "Delegate: count the number of .py files in the current directory.",
+- `benchmarks/tool_call_benchmark.py:179` — [benchmark_suite] ToolCall("deleg-07", "delegate", "Use a subagent to check disk space with df -h.",
+- `benchmarks/tool_call_benchmark.py:181` — [benchmark_suite] ToolCall("deleg-08", "delegate", "Delegate: what OS are we running on?",
+- `benchmarks/tool_call_benchmark.py:183` — [benchmark_suite] ToolCall("deleg-09", "delegate", "Use a subagent to find the hostname of this machine.",
+- `benchmarks/tool_call_benchmark.py:185` — [benchmark_suite] ToolCall("deleg-10", "delegate", "Delegate: create a temp file /tmp/bench_deleg.txt with 'done'.",
+- `benchmarks/tool_call_benchmark.py:189` — [benchmark_suite] ToolCall("todo-01", "todo", "Add a todo item: 'Run benchmark suite'",
+- `benchmarks/tool_call_benchmark.py:190` — [benchmark_suite] "todo", "benchmark"),
+- `benchmarks/tool_call_benchmark.py:191` — [benchmark_suite] ToolCall("todo-02", "todo", "Show me the current todo list.",
+- `benchmarks/tool_call_benchmark.py:193` — [benchmark_suite] ToolCall("todo-03", "todo", "Mark the first todo item as completed.",
+- `benchmarks/tool_call_benchmark.py:195` — [benchmark_suite] ToolCall("todo-04", "todo", "Add a todo: 'Review benchmark results' with status pending.",
+- `benchmarks/tool_call_benchmark.py:197` — [benchmark_suite] ToolCall("todo-05", "todo", "Clear all completed todos.",
+- `benchmarks/tool_call_benchmark.py:199` — [benchmark_suite] ToolCall("todo-06", "memory", "Save this to memory: 'benchmark ran on {date}'".format(
+- `benchmarks/tool_call_benchmark.py:201` — [benchmark_suite] "memory", "benchmark"),
+- `benchmarks/tool_call_benchmark.py:202` — [benchmark_suite] ToolCall("todo-07", "memory", "Search memory for 'benchmark'.",
+- `benchmarks/tool_call_benchmark.py:203` — [benchmark_suite] "memory", "benchmark"),
+- `benchmarks/tool_call_benchmark.py:204` — [benchmark_suite] ToolCall("todo-08", "memory", "Add a memory note: 'test models are gemma-4 and mimo-v2-pro'.",
+- `benchmarks/tool_call_benchmark.py:206` — [benchmark_suite] ToolCall("todo-09", "todo", "Add three todo items: 'analyze', 'report', 'cleanup'.",
+- `benchmarks/tool_call_benchmark.py:208` — [benchmark_suite] ToolCall("todo-10", "memory", "Search memory for any notes about models.",
+- `benchmarks/tool_call_benchmark.py:212` — [benchmark_suite] ToolCall("skill-01", "skills", "List all available skills.",
+- `benchmarks/tool_call_benchmark.py:214` — [benchmark_suite] ToolCall("skill-02", "skills", "View the skill called 'test-driven-development'.",
+- `benchmarks/tool_call_benchmark.py:216` — [benchmark_suite] ToolCall("skill-03", "skills", "Search for skills related to 'git'.",
+- `benchmarks/tool_call_benchmark.py:218` — [benchmark_suite] ToolCall("skill-04", "skills", "View the 'code-review' skill.",
+- `benchmarks/tool_call_benchmark.py:220` — [benchmark_suite] ToolCall("skill-05", "skills", "List all skills in the 'devops' category.",
+- `benchmarks/tool_call_benchmark.py:222` — [benchmark_suite] ToolCall("skill-06", "skills", "View the 'systematic-debugging' skill.",
+- `benchmarks/tool_call_benchmark.py:224` — [benchmark_suite] ToolCall("skill-07", "skills", "Search for skills about 'testing'.",
+- `benchmarks/tool_call_benchmark.py:226` — [benchmark_suite] ToolCall("skill-08", "skills", "View the 'writing-plans' skill.",
+- `benchmarks/tool_call_benchmark.py:228` — [benchmark_suite] ToolCall("skill-09", "skills", "List skills in 'software-development' category.",
+- `benchmarks/tool_call_benchmark.py:230` — [benchmark_suite] ToolCall("skill-10", "skills", "View the 'pr-review-discipline' skill.",
+- `benchmarks/tool_call_benchmark.py:234` — [benchmark_suite] ToolCall("file-21", "file", "Write a Python snippet to /tmp/bench_sort.py that sorts [3,1,2].",
+- `benchmarks/tool_call_benchmark.py:236` — [benchmark_suite] ToolCall("file-22", "file", "Read /tmp/bench_sort.py back and confirm it exists.",
+- `benchmarks/tool_call_benchmark.py:238` — [benchmark_suite] ToolCall("file-23", "file", "Search for 'class' in all .py files in the benchmarks directory.",
+- `benchmarks/tool_call_benchmark.py:240` — [benchmark_suite] ToolCall("term-21", "terminal", "Run `cat /etc/os-release 2>/dev/null || sw_vers 2>/dev/null` for OS info.",
+- `benchmarks/tool_call_benchmark.py:242` — [benchmark_suite] ToolCall("term-22", "terminal", "Run `nproc 2>/dev/null || sysctl -n hw.ncpu 2>/dev/null` for CPU count.",
+- `benchmarks/tool_call_benchmark.py:244` — [benchmark_suite] ToolCall("code-16", "code", "Execute Python to flatten a nested list [[1,2],[3,4],[5]].",
+- `benchmarks/tool_call_benchmark.py:246` — [benchmark_suite] ToolCall("code-17", "code", "Run Python to check if a number 17 is prime.",
+- `benchmarks/tool_call_benchmark.py:248` — [benchmark_suite] ToolCall("deleg-11", "delegate", "Delegate: what is the current working directory?",
+- `benchmarks/tool_call_benchmark.py:250` — [benchmark_suite] ToolCall("todo-11", "todo", "Add a todo: 'Finalize benchmark report' status pending.",
+- `benchmarks/tool_call_benchmark.py:252` — [benchmark_suite] ToolCall("todo-12", "memory", "Store fact: 'benchmark categories: file, terminal, code, delegate, todo, memory, skills'.",
+- `benchmarks/tool_call_benchmark.py:254` — [benchmark_suite] ToolCall("skill-11", "skills", "Search for skills about 'deployment'.",
+- `benchmarks/tool_call_benchmark.py:256` — [benchmark_suite] ToolCall("skill-12", "skills", "View the 'gitea-burn-cycle' skill.",
+- `benchmarks/tool_call_benchmark.py:258` — [benchmark_suite] ToolCall("skill-13", "skills", "List all available skill categories.",
+- `benchmarks/tool_call_benchmark.py:260` — [benchmark_suite] ToolCall("skill-14", "skills", "Search for skills related to 'memory'.",
+- `benchmarks/tool_call_benchmark.py:262` — [benchmark_suite] ToolCall("skill-15", "skills", "View the 'mimo-swarm' skill.",
+- `benchmarks/tool_call_benchmark.py:311` — [benchmark_suite] """Create prerequisite files for the benchmark."""
+- `benchmarks/tool_call_benchmark.py:313` — [benchmark_suite] "This is a benchmark test file.\n"
+- `benchmarks/tool_call_benchmark.py:349` — [benchmark_suite] "You are a benchmark test runner. Execute the user's request by calling "
+- `benchmarks/tool_call_benchmark.py:406` — [benchmark_suite] """Generate markdown benchmark report."""
+- `benchmarks/tool_call_benchmark.py:428` — [benchmark_suite] f"# Tool-Calling Benchmark Report",
+- `benchmarks/tool_call_benchmark.py:535` — [benchmark_suite] parser = argparse.ArgumentParser(description="Tool-calling benchmark")
+- `benchmarks/tool_call_benchmark.py:544` — [benchmark_suite] help="Output report path (default: benchmarks/gemma4-tool-calling-YYYY-MM-DD.md)")
+- `benchmarks/tool_call_benchmark.py:565` — [benchmark_suite] output_path = Path(args.output) if args.output else REPO_ROOT / "benchmarks" / f"gemma4-tool-calling-{date_str}.md"
+- `benchmarks/tool_call_benchmark.py:575` — [benchmark_suite] print(f"Benchmark: {len(suite)} tests × {len(model_specs)} models = {len(suite) * len(model_specs)} calls")
+
+## Suggested next slice
+
+1. Build an exporter that emits SessionDB + trajectory data into a TensorZero-friendly offline dataset.
+2. Define percentage-based canary controls before attempting any gateway replacement.
+3. Keep Hermes routing authoritative until TensorZero proves parity across CLI, gateway, cron, auxiliary, and delegation surfaces.
--- a/research_human_confirmation_firewall.md
+++ b/research_human_confirmation_firewall.md
@@ -1,515 +0,0 @@
-# Human Confirmation Firewall: Research Report
-## Implementation Patterns for Hermes Agent
-
-**Issue:** #878  
-**Parent:** #659  
-**Priority:** P0  
-**Scope:** Human-in-the-loop safety patterns for tool calls, crisis handling, and irreversible actions
-
---
-
-## Executive Summary
-
-Hermes already has a partial human confirmation firewall, but it is narrow.
-
-Current repo state shows:
- a real **pre-execution gate** for dangerous terminal commands in `tools/approval.py`
- a partial **confidence-threshold path** via `_smart_approve()` in `tools/approval.py`
- gateway support for blocking approval resolution in `gateway/run.py`
-
-What is still missing is the core recommendation from this research issue:
- **confidence scoring on all tool calls**, not just terminal commands that already matched a dangerous regex
- a **hard pre-execution human gate for crisis interventions**, especially any action that would auto-respond to suicidal content
- a consistent way to classify actions into:
-  1. pre-execution gate
-  2. post-execution review
-  3. confidence-threshold execution
-
-Recommendation:
- use **Pattern 1: Pre-Execution Gate** for crisis interventions and irreversible/high-impact actions
- use **Pattern 3: Confidence Threshold** for normal operations
- reserve **Pattern 2: Post-Execution Review** only for low-risk and reversible actions
-
-The next implementation step should be a **tool-call risk assessment layer** that runs before dispatch in `model_tools.handle_function_call()`, assigns a score and pattern to every tool call, and routes only the highest-risk calls into mandatory human confirmation.
-
---
-
-## 1. The Three Proven Patterns
-
-### Pattern 1: Pre-Execution Gate
-
-Definition:
- halt before execution
- show the proposed action to the human
- require explicit approval or denial
-
-Best for:
- destructive actions
- irreversible side effects
- crisis interventions
- actions that affect another human's safety, money, infrastructure, or private data
-
-Strengths:
- strongest safety guarantee
- simplest audit story
- prevents the most catastrophic failure mode: acting first and apologizing later
-
-Weaknesses:
- adds latency
- creates operator burden if overused
- should not be applied to every ordinary tool call
-
-### Pattern 2: Post-Execution Review
-
-Definition:
- execute first
- expose result to human
- allow rollback or follow-up correction
-
-Best for:
- reversible operations
- low-risk actions with fast recovery
- tasks where human review matters but immediate execution is acceptable
-
-Strengths:
- low friction
- fast iteration
- useful when rollback is practical
-
-Weaknesses:
- unsafe for crisis or destructive actions
- only works when rollback actually exists
- a poor fit for external communication or life-safety contexts
-
-### Pattern 3: Confidence Threshold
-
-Definition:
- compute a risk/confidence score before execution
- auto-execute high-confidence safe actions
- request confirmation for lower-confidence or higher-risk actions
-
-Best for:
- mixed-risk tool ecosystems
- day-to-day operations where always-confirm would be too expensive
- systems with a large volume of ordinary, safe reads and edits
-
-Strengths:
- best balance of speed and safety
- scales across many tool types
- allows targeted human attention where it matters most
-
-Weaknesses:
- depends on a good scoring model
- weak scoring creates false negatives or unnecessary prompts
- must remain inspectable and debuggable
-
---
-
-## 2. What Hermes Already Has
-
-## 2.1 Existing Pre-Execution Gate for Dangerous Terminal Commands
-
-`tools/approval.py` already implements a real pre-execution confirmation path for dangerous shell commands.
-
-Observed components:
- `DANGEROUS_PATTERNS`
- `detect_dangerous_command()`
- `prompt_dangerous_approval()`
- `check_dangerous_command()`
- gateway queueing and resolution support in the same module
-
-This is already Pattern 1.
-
-Current behavior:
- dangerous terminal commands are detected before execution
- the user can allow once / session / always / deny
- gateway sessions can block until approval resolves
-
-This is a strong foundation, but it is limited to a subset of terminal commands.
-
-## 2.2 Partial Confidence Threshold via Smart Approvals
-
-Hermes also already has a partial Pattern 3.
-
-Observed component:
- `_smart_approve()` in `tools/approval.py`
-
-Current behavior:
- only runs **after** a command has already been flagged by dangerous-pattern detection
- uses the auxiliary LLM to decide:
-  - approve
-  - deny
-  - escalate
-
-This means Hermes has a confidence-threshold mechanism, but only for **already-flagged dangerous terminal commands**.
-
-What it does not yet do:
- score all tool calls
- classify non-terminal tools
- distinguish crisis interventions from normal ops
- produce a shared risk model across the tool surface
-
-## 2.3 Blocking Approval UX in Gateway
-
-`gateway/run.py` already routes `/approve` and `/deny` into the blocking approval path.
-
-This means the infrastructure for a true human confirmation firewall already exists in messaging contexts.
-
-That is important because the missing work is not "invent human approval from zero."
-The missing work is:
- expand the scope from dangerous shell commands to **all tool calls that matter**
- make the routing policy explicit and inspectable
-
---
-
-## 3. What Hermes Still Lacks
-
-## 3.1 No Universal Tool-Call Risk Assessment
-
-The current approval system is command-pattern-centric.
-It is not yet a tool-call firewall.
-
-Missing capability:
- before dispatch, every tool call should receive a structured assessment:
-  - tool name
-  - side-effect class
-  - reversibility
-  - human-impact potential
-  - crisis relevance
-  - confidence score
-  - recommended confirmation pattern
-
-Natural insertion point:
- `model_tools.handle_function_call()`
-
-That function already sits at the central dispatch boundary.
-It is the right place to add a pre-dispatch classifier.
-
-## 3.2 No Hard Crisis Gate for Outbound Intervention
-
-Issue #878 explicitly recommends:
- Pattern 1 for crisis interventions
- never auto-respond to suicidal content
-
-That recommendation is not yet codified as a global firewall rule.
-
-Missing rule:
- if a tool call would directly intervene in a crisis context or send outward guidance in response to suicidal content, it must require explicit human confirmation before execution
-
-Examples that should hard-gate:
- outbound `send_message` content aimed at a suicidal user
- any future tool that places calls, escalates emergencies, or contacts third parties about a crisis
- any autonomous action that claims a person should or should not take a life-safety step
-
-## 3.3 No First-Class Post-Execution Review Policy
-
-Hermes has approval and denial, but it does not yet have a formal policy for when Pattern 2 is acceptable.
-
-Without a policy, post-execution review tends to get used implicitly rather than intentionally.
-
-That is risky.
-
-Hermes should define Pattern 2 narrowly:
- only for actions that are both low-risk and reversible
- only when the system can show the human exactly what happened
- never for crisis, finance, destructive config, or sensitive comms
-
---
-
-## 4. Recommended Architecture for Hermes
-
-## 4.1 Add a Tool-Call Assessment Layer
-
-Add a pre-dispatch assessment object for every tool call.
-
-Suggested shape:
-
-```python
-@dataclass
-class ToolCallAssessment:
-    tool_name: str
-    risk_score: float          # 0.0 to 1.0
-    confidence: float          # confidence in the assessment itself
-    pattern: str               # pre_execution_gate | post_execution_review | confidence_threshold
-    requires_human: bool
-    reasons: list[str]
-    reversible: bool
-    crisis_sensitive: bool
-```
-
-Suggested execution point:
- inside `model_tools.handle_function_call()` before `orchestrator.dispatch()`
-
-Why here:
- one place covers all tools
- one place can emit traces
- one place can remain model-agnostic
- one place lets plugins observe or override the assessment
-
-## 4.2 Classify Tool Calls by Side-Effect Class
-
-Suggested first-pass taxonomy:
-
-### A. Read-only
-Examples:
- `read_file`
- `search_files`
- `browser_snapshot`
- `browser_console` read-only inspection
-
-Pattern:
- confidence threshold
- almost always auto-execute
- human confirmation normally unnecessary
-
-### B. Local reversible edits
-Examples:
- `patch`
- `write_file`
- `todo`
-
-Pattern:
- confidence threshold
- human confirmation only when risk score rises because of path sensitivity or scope breadth
-
-### C. External side effects
-Examples:
- `send_message`
- `cronjob`
- `delegate_task`
- smart-home actuation tools
-
-Pattern:
- confidence threshold by default
- pre-execution gate when score exceeds threshold or when context is sensitive
-
-### D. Critical / destructive / crisis-sensitive
-Examples:
- dangerous `terminal`
- financial actions
- deletion / kill / restart / deployment in sensitive paths
- outbound crisis intervention
-
-Pattern:
- pre-execution gate
- never auto-execute on confidence alone
-
-## 4.3 Crisis Override Rule
-
-Add a hard override:
-
-```text
-If tool call is crisis-sensitive AND outbound or irreversible:
-    requires_human = True
-    pattern = pre_execution_gate
-```
-
-This is the most important rule in the issue.
-
-The model may draft the message.
-The human must confirm before the system sends it.
-
-## 4.4 Use Confidence Threshold for Normal Ops
-
-For non-crisis operations, use Pattern 3.
-
-Suggested logic:
- low risk + high assessment confidence -> auto-execute
- medium risk or medium confidence -> ask human
- high risk -> always ask human
-
-Key point:
- confidence is not just "how sure the LLM is"
- confidence should combine:
-  - tool type certainty
-  - argument clarity
-  - path sensitivity
-  - external side effects
-  - crisis indicators
-
---
-
-## 5. Recommended Initial Scoring Factors
-
-A simple initial scorer is enough.
-It does not need to be fancy.
-
-Suggested factors:
-
-### 5.1 Tool class risk
- read-only tools: very low base risk
- local mutation tools: moderate base risk
- external communication / automation tools: higher base risk
- shell execution: variable, often high
-
-### 5.2 Target sensitivity
-Examples:
- `/tmp` or local scratch paths -> lower
- repo files under git -> medium
- system config, credentials, secrets, gateway lifecycle -> high
- human-facing channels -> high if message content is sensitive
-
-### 5.3 Reversibility
- reversible -> lower
- difficult but possible to undo -> medium
- practically irreversible -> high
-
-### 5.4 Human-impact content
- no direct human impact -> low
- administrative impact -> medium
- crisis / safety / emotional intervention -> critical
-
-### 5.5 Context certainty
- arguments are explicit and narrow -> higher confidence
- arguments are vague, inferred, or broad -> lower confidence
-
---
-
-## 6. Implementation Plan
-
-## Phase 1: Assessment Without Behavior Change
-
-Goal:
- score all tool calls
- log assessment decisions
- emit traces for review
- do not yet block new tool categories
-
-Files to touch:
- `tools/approval.py`
- `model_tools.py`
- tests for assessment coverage
-
-Output:
- risk/confidence trace for every tool call
- pattern recommendation for every tool call
-
-Why first:
- lets us calibrate before changing runtime behavior
- avoids breaking existing workflows blindly
-
-## Phase 2: Hard-Gate Crisis-Sensitive Outbound Actions
-
-Goal:
- enforce Pattern 1 for crisis interventions
-
-Likely surfaces:
- `send_message`
- any future telephony / call / escalation tools
- other tools with direct human intervention side effects
-
-Rule:
- never auto-send crisis intervention content without human confirmation
-
-## Phase 3: General Confidence Threshold for Normal Ops
-
-Goal:
- apply Pattern 3 to all tool calls
- auto-run clearly safe actions
- escalate ambiguous or medium-risk actions
-
-Likely thresholds:
- score < 0.25 -> auto
- 0.25 to 0.60 -> confirm if confidence is weak
- > 0.60 -> confirm
- crisis-sensitive -> always confirm
-
-## Phase 4: Optional Post-Execution Review Lane
-
-Goal:
- allow Pattern 2 only for explicitly reversible operations
-
-Examples:
- maybe low-risk messaging drafts saved locally
- maybe reversible UI actions in specific environments
-
-Important:
- this phase is optional
- Hermes should not rely on Pattern 2 for safety-critical flows
-
---
-
-## 7. Verification Criteria for the Future Implementation
-
-The eventual implementation should prove all of the following:
-
-1. every tool call receives a scored assessment before dispatch
-2. crisis-sensitive outbound actions always require human confirmation
-3. dangerous terminal commands still preserve their current pre-execution gate
-4. clearly safe read-only tool calls are not slowed by unnecessary prompts
-5. assessment traces can be inspected after a run
-6. approval decisions remain session-safe across CLI and gateway contexts
-
---
-
-## 8. Concrete Recommendations
-
-### Recommendation 1
-Do **not** replace the current dangerous-command approval path.
-Generalize above it.
-
-Why:
- existing terminal Pattern 1 already works
- this is the strongest piece of the current firewall
-
-### Recommendation 2
-Add a universal scorer in `model_tools.handle_function_call()`.
-
-Why:
- that is the first point where Hermes knows the tool name and structured arguments
- it is the cleanest place to classify all tool calls uniformly
-
-### Recommendation 3
-Treat crisis-sensitive outbound intervention as a separate safety class.
-
-Why:
- issue #878 explicitly calls for Pattern 1 here
- this matches Timmy's SOUL-level safety requirements
-
-### Recommendation 4
-Ship scoring traces before enforcement expansion.
-
-Why:
- you cannot tune thresholds you cannot inspect
- false positives will otherwise frustrate normal usage
-
-### Recommendation 5
-Use Pattern 3 as the default policy for normal operations.
-
-Why:
- full manual confirmation on every tool call is too expensive
- full autonomy is too risky
- Pattern 3 is the practical middle ground
-
---
-
-## 9. Bottom Line
-
-Hermes should implement a **two-track human confirmation firewall**:
-
-1. **Pattern 1: Pre-Execution Gate**
-   - crisis interventions
-   - destructive terminal actions
-   - irreversible or safety-critical tool calls
-
-2. **Pattern 3: Confidence Threshold**
-   - all ordinary tool calls
-   - driven by a universal tool-call assessment layer
-   - integrated at the central dispatch boundary
-
-Pattern 2 should remain optional and narrow.
-It is not the primary answer for Hermes.
-
-The repo already contains the beginnings of this system.
-The next step is not new theory.
-It is to turn the existing approval path into a true **tool-call-wide human confirmation firewall**.
-
---
-
-## References
-
- Issue #878 — Human Confirmation Firewall Implementation Patterns
- Issue #659 — Critical Research Tasks
- `tools/approval.py` — current dangerous-command approval flow and smart approvals
- `model_tools.py` — central tool dispatch boundary
- `gateway/run.py` — blocking approval handling for messaging sessions
--- a/scripts/tensorzero_eval_packet.py
+++ b/scripts/tensorzero_eval_packet.py
@@ -0,0 +1,318 @@
+#!/usr/bin/env python3
+"""Generate a grounded TensorZero evaluation packet for Hermes.
+
+This script inventories the current Hermes routing/evaluation surfaces, then
+builds a markdown packet assessing how much of issue #860 can be satisfied by
+TensorZero and where the migration risk still lives.
+"""
+
+from __future__ import annotations
+
+import argparse
+import json
+import re
+from dataclasses import asdict, dataclass
+from pathlib import Path
+from typing import Iterable
+
+ISSUE_NUMBER = 860
+ISSUE_TITLE = "tensorzero LLMOps platform evaluation"
+ISSUE_URL = "https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/860"
+DEFAULT_OUTPUT = Path("docs/evaluations/tensorzero-860-evaluation.md")
+DEFAULT_JSON_OUTPUT = Path("docs/evaluations/tensorzero-860-evaluation.json")
+
+
+@dataclass(frozen=True)
+class TouchpointPattern:
+    label: str
+    file_path: str
+    regex: str
+    description: str
+
+
+@dataclass(frozen=True)
+class Touchpoint:
+    label: str
+    file_path: str
+    line_number: int
+    matched_text: str
+
+
+@dataclass(frozen=True)
+class RequirementStatus:
+    key: str
+    name: str
+    status: str
+    evidence_labels: tuple[str, ...]
+    summary: str
+
+
+@dataclass(frozen=True)
+class EvaluationReport:
+    issue_number: int
+    issue_title: str
+    issue_url: str
+    recommendation: str
+    touchpoints: tuple[Touchpoint, ...]
+    requirements: tuple[RequirementStatus, ...]
+
+
+PATTERNS: tuple[TouchpointPattern, ...] = (
+    TouchpointPattern(
+        label="fallback_chain",
+        file_path="run_agent.py",
+        regex=r"_fallback_chain|fallback_providers|fallback_model",
+        description="Primary agent fallback-provider chain in the core conversation loop.",
+    ),
+    TouchpointPattern(
+        label="provider_routing_config",
+        file_path="cli.py",
+        regex=r"provider_routing|fallback_providers|smart_model_routing",
+        description="CLI-owned provider routing and fallback configuration surfaces.",
+    ),
+    TouchpointPattern(
+        label="runtime_provider",
+        file_path="hermes_cli/runtime_provider.py",
+        regex=r"def resolve_runtime_provider|def resolve_requested_provider",
+        description="Central runtime provider resolution for CLI, gateway, cron, and helpers.",
+    ),
+    TouchpointPattern(
+        label="smart_model_routing",
+        file_path="agent/smart_model_routing.py",
+        regex=r"def resolve_turn_route|def choose_cheap_model_route",
+        description="Cheap-vs-strong turn routing that TensorZero would need to absorb or replace.",
+    ),
+    TouchpointPattern(
+        label="gateway_provider_routing",
+        file_path="gateway/run.py",
+        regex=r"def _load_provider_routing|def _load_fallback_model|def _load_smart_model_routing",
+        description="Gateway-specific loading of routing, fallback, and smart-model policies.",
+    ),
+    TouchpointPattern(
+        label="cron_runtime_provider",
+        file_path="cron/scheduler.py",
+        regex=r"resolve_runtime_provider|resolve_turn_route|provider_routing|fallback_model",
+        description="Cron execution path that re-resolves providers and routing on every run.",
+    ),
+    TouchpointPattern(
+        label="auxiliary_fallback_chain",
+        file_path="agent/auxiliary_client.py",
+        regex=r"fallback chain|_get_provider_chain|provider chain",
+        description="Auxiliary task routing/fallback chain outside the main inference path.",
+    ),
+    TouchpointPattern(
+        label="delegate_runtime_provider",
+        file_path="tools/delegate_tool.py",
+        regex=r"runtime provider system|resolve the full credential bundle|resolve_runtime_provider",
+        description="Subagent/delegation routing path that would also need TensorZero parity.",
+    ),
+    TouchpointPattern(
+        label="session_db",
+        file_path="hermes_state.py",
+        regex=r"class SessionDB",
+        description="Session persistence surface that could feed TensorZero optimization/eval data.",
+    ),
+    TouchpointPattern(
+        label="trajectory_export",
+        file_path="batch_runner.py",
+        regex=r"trajectory_entry|save_trajectories|_convert_to_trajectory_format",
+        description="Trajectory export surface for offline optimization and replay data.",
+    ),
+    TouchpointPattern(
+        label="benchmark_suite",
+        file_path="benchmarks/tool_call_benchmark.py",
+        regex=r"ToolCall\(|class ToolCall|benchmark",
+        description="Existing benchmark/evaluation harness that could map to TensorZero experiments.",
+    ),
+)
+
+
+def _iter_matches(pattern: TouchpointPattern, text: str) -> Iterable[Touchpoint]:
+    regex = re.compile(pattern.regex, re.IGNORECASE)
+    for line_number, line in enumerate(text.splitlines(), start=1):
+        if regex.search(line):
+            yield Touchpoint(
+                label=pattern.label,
+                file_path=pattern.file_path,
+                line_number=line_number,
+                matched_text=line.strip(),
+            )
+
+
+def scan_touchpoints(repo_root: Path) -> list[Touchpoint]:
+    touchpoints: list[Touchpoint] = []
+    for pattern in PATTERNS:
+        path = repo_root / pattern.file_path
+        if not path.exists():
+            continue
+        text = path.read_text(encoding="utf-8")
+        touchpoints.extend(_iter_matches(pattern, text))
+    return touchpoints
+
+
+def build_requirement_matrix(touchpoints: list[Touchpoint]) -> list[RequirementStatus]:
+    labels = {tp.label for tp in touchpoints}
+
+    matrix: list[RequirementStatus] = []
+    gateway_labels = (
+        "fallback_chain",
+        "runtime_provider",
+        "gateway_provider_routing",
+        "cron_runtime_provider",
+        "auxiliary_fallback_chain",
+        "delegate_runtime_provider",
+    )
+    gateway_hits = tuple(label for label in gateway_labels if label in labels)
+    gateway_status = "partial" if len(gateway_hits) >= 4 else "gap"
+    gateway_summary = (
+        "Hermes already spreads provider routing across core agent, runtime provider, gateway, cron, auxiliary, and delegation seams; "
+        "TensorZero would need parity across all of them before it can replace the gateway layer."
+        if gateway_hits else
+        "No grounded routing surfaces were found for a gateway replacement assessment."
+    )
+    matrix.append(RequirementStatus("gateway_replacement", "Gateway replacement scope", gateway_status, gateway_hits, gateway_summary))
+
+    config_labels = (
+        "provider_routing_config",
+        "runtime_provider",
+        "smart_model_routing",
+        "fallback_chain",
+    )
+    config_hits = tuple(label for label in config_labels if label in labels)
+    config_status = "partial" if len(config_hits) >= 3 else "gap"
+    config_summary = (
+        "Hermes has multiple config concepts to migrate (`provider_routing`, `fallback_providers`, `smart_model_routing`, runtime provider resolution), "
+        "so TensorZero is not a drop-in config swap."
+        if config_hits else
+        "No current config migration surface was found."
+    )
+    matrix.append(RequirementStatus("config_migration", "Config migration", config_status, config_hits, config_summary))
+
+    canary_hits: tuple[str, ...] = tuple()
+    canary_summary = (
+        "The repo shows semantic routing and fallback, but no grounded 10% traffic-split canary mechanism. "
+        "A TensorZero cutover would need new percentage-based rollout controls and observability hooks."
+    )
+    matrix.append(RequirementStatus("canary_rollout", "10% traffic canary", "gap", canary_hits, canary_summary))
+
+    session_labels = ("session_db", "trajectory_export")
+    session_hits = tuple(label for label in session_labels if label in labels)
+    session_status = "partial" if len(session_hits) == len(session_labels) else "gap"
+    session_summary = (
+        "Hermes already has SessionDB and trajectory export surfaces that can feed offline optimization data, "
+        "but not a TensorZero-native ingestion path yet."
+        if session_hits else
+        "No session-data surface was found for prompt optimization."
+    )
+    matrix.append(RequirementStatus("session_feedback", "Session data for prompt optimization", session_status, session_hits, session_summary))
+
+    eval_labels = ("benchmark_suite", "trajectory_export")
+    eval_hits = tuple(label for label in eval_labels if label in labels)
+    eval_status = "partial" if "benchmark_suite" in eval_hits else "gap"
+    eval_summary = (
+        "Hermes already has benchmark/trajectory machinery that can seed TensorZero A/B evaluation, "
+        "but no integrated TensorZero experiment runner or live evaluation gateway."
+        if eval_hits else
+        "No evaluation harness was found to support TensorZero A/B testing."
+    )
+    matrix.append(RequirementStatus("evaluation_suite", "Evaluation suite / A/B testing", eval_status, eval_hits, eval_summary))
+
+    return matrix
+
+
+def build_report(touchpoints: list[Touchpoint], requirement_matrix: list[RequirementStatus]) -> EvaluationReport:
+    recommendation = (
+        "Not ready for direct replacement. Recommend a shadow-evaluation phase first: keep Hermes routing live, "
+        "inventory the migration seams, export SessionDB/trajectory data into an offline TensorZero experiment loop, "
+        "and only design a canary gateway once percentage-based rollout controls exist."
+    )
+    return EvaluationReport(
+        issue_number=ISSUE_NUMBER,
+        issue_title=ISSUE_TITLE,
+        issue_url=ISSUE_URL,
+        recommendation=recommendation,
+        touchpoints=tuple(touchpoints),
+        requirements=tuple(requirement_matrix),
+    )
+
+
+def build_markdown(report: EvaluationReport) -> str:
+    lines: list[str] = []
+    lines.append("# TensorZero Evaluation Packet")
+    lines.append("")
+    lines.append(f"Issue #{report.issue_number}: [{report.issue_title}]({report.issue_url})")
+    lines.append("")
+    lines.append("## Scope")
+    lines.append("")
+    lines.append("This packet evaluates TensorZero as a possible replacement for Hermes' custom provider-routing stack.")
+    lines.append("It is intentionally grounded in the current repo state rather than a speculative cutover plan.")
+    lines.append("")
+    lines.append("## Issue requirements being evaluated")
+    lines.append("")
+    lines.append("- Deploy tensorzero gateway (Rust binary)")
+    lines.append("- Migrate provider routing config")
+    lines.append("- Test with canary (10% traffic) before full cutover")
+    lines.append("- Feed session data for prompt optimization")
+    lines.append("- Evaluation suite for A/B testing models")
+    lines.append("")
+    lines.append("## Recommendation")
+    lines.append("")
+    lines.append(report.recommendation)
+    lines.append("")
+    lines.append("## Requirement matrix")
+    lines.append("")
+    lines.append("| Requirement | Status | Evidence labels | Summary |")
+    lines.append("| --- | --- | --- | --- |")
+    for row in report.requirements:
+        evidence = ", ".join(row.evidence_labels) if row.evidence_labels else "—"
+        lines.append(f"| {row.name} | {row.status} | {evidence} | {row.summary} |")
+    lines.append("")
+    lines.append("## Grounded Hermes touchpoints")
+    lines.append("")
+    if report.touchpoints:
+        for tp in report.touchpoints:
+            lines.append(f"- `{tp.file_path}:{tp.line_number}` — [{tp.label}] {tp.matched_text}")
+    else:
+        lines.append("- No routing/evaluation touchpoints were found.")
+    lines.append("")
+    lines.append("## Suggested next slice")
+    lines.append("")
+    lines.append("1. Build an exporter that emits SessionDB + trajectory data into a TensorZero-friendly offline dataset.")
+    lines.append("2. Define percentage-based canary controls before attempting any gateway replacement.")
+    lines.append("3. Keep Hermes routing authoritative until TensorZero proves parity across CLI, gateway, cron, auxiliary, and delegation surfaces.")
+    lines.append("")
+    return "\n".join(lines).rstrip() + "\n"
+
+
+def write_outputs(report: EvaluationReport, markdown_path: Path, json_path: Path | None = None) -> None:
+    markdown_path.parent.mkdir(parents=True, exist_ok=True)
+    markdown_path.write_text(build_markdown(report), encoding="utf-8")
+    if json_path is not None:
+        json_path.parent.mkdir(parents=True, exist_ok=True)
+        json_path.write_text(json.dumps(asdict(report), indent=2), encoding="utf-8")
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(description="Generate a grounded TensorZero evaluation packet for Hermes")
+    parser.add_argument("--repo-root", default=".", help="Hermes repo root to scan")
+    parser.add_argument("--output", default=str(DEFAULT_OUTPUT), help="Markdown output path")
+    parser.add_argument("--json-output", default=str(DEFAULT_JSON_OUTPUT), help="Optional JSON output path")
+    return parser.parse_args()
+
+
+def main() -> int:
+    args = parse_args()
+    repo_root = Path(args.repo_root).resolve()
+    touchpoints = scan_touchpoints(repo_root)
+    matrix = build_requirement_matrix(touchpoints)
+    report = build_report(touchpoints, matrix)
+    json_output = Path(args.json_output) if args.json_output else None
+    write_outputs(report, Path(args.output), json_output)
+    print(f"Wrote {args.output}")
+    if json_output is not None:
+        print(f"Wrote {json_output}")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
--- a/tests/test_tensorzero_eval_packet.py
+++ b/tests/test_tensorzero_eval_packet.py
@@ -0,0 +1,149 @@
+from pathlib import Path
+import sys
+
+SCRIPT_DIR = Path(__file__).resolve().parents[1] / "scripts"
+sys.path.insert(0, str(SCRIPT_DIR))
+
+import tensorzero_eval_packet as tz
+
+
+def test_scan_touchpoints_finds_expected_matches(tmp_path):
+    (tmp_path / "run_agent.py").write_text(
+        "self._fallback_chain = []\n# Provider fallback chain\n"
+    )
+    (tmp_path / "hermes_cli").mkdir()
+    (tmp_path / "hermes_cli" / "runtime_provider.py").write_text(
+        "def resolve_runtime_provider():\n    return {}\n"
+    )
+    (tmp_path / "agent").mkdir()
+    (tmp_path / "agent" / "smart_model_routing.py").write_text(
+        "def resolve_turn_route(user_message, routing_config, primary):\n    return primary\n"
+    )
+    (tmp_path / "gateway").mkdir()
+    (tmp_path / "gateway" / "run.py").write_text(
+        "def _load_provider_routing():\n    return {}\n"
+    )
+    (tmp_path / "cron").mkdir()
+    (tmp_path / "cron" / "scheduler.py").write_text(
+        "runtime = resolve_runtime_provider()\nturn_route = resolve_turn_route('x', {}, {})\n"
+    )
+    (tmp_path / "hermes_state.py").write_text("class SessionDB:\n    pass\n")
+    (tmp_path / "benchmarks").mkdir()
+    (tmp_path / "benchmarks" / "tool_call_benchmark.py").write_text(
+        "class ToolCall: ...\n"
+    )
+
+    touchpoints = tz.scan_touchpoints(tmp_path)
+
+    labels = {tp.label for tp in touchpoints}
+    assert "fallback_chain" in labels
+    assert "runtime_provider" in labels
+    assert "smart_model_routing" in labels
+    assert "gateway_provider_routing" in labels
+    assert "cron_runtime_provider" in labels
+    assert "session_db" in labels
+    assert "benchmark_suite" in labels
+
+
+def test_build_requirement_matrix_marks_canary_as_gap_without_split_support():
+    touchpoints = [
+        tz.Touchpoint(
+            label="runtime_provider",
+            file_path="hermes_cli/runtime_provider.py",
+            line_number=10,
+            matched_text="def resolve_runtime_provider",
+        ),
+        tz.Touchpoint(
+            label="provider_routing_config",
+            file_path="cli.py",
+            line_number=20,
+            matched_text='provider_routing',
+        ),
+        tz.Touchpoint(
+            label="fallback_chain",
+            file_path="run_agent.py",
+            line_number=21,
+            matched_text='_fallback_chain = []',
+        ),
+        tz.Touchpoint(
+            label="smart_model_routing",
+            file_path="agent/smart_model_routing.py",
+            line_number=30,
+            matched_text='resolve_turn_route',
+        ),
+        tz.Touchpoint(
+            label="gateway_provider_routing",
+            file_path="gateway/run.py",
+            line_number=35,
+            matched_text='def _load_provider_routing',
+        ),
+        tz.Touchpoint(
+            label="cron_runtime_provider",
+            file_path="cron/scheduler.py",
+            line_number=36,
+            matched_text='runtime = resolve_runtime_provider()',
+        ),
+        tz.Touchpoint(
+            label="session_db",
+            file_path="hermes_state.py",
+            line_number=40,
+            matched_text='class SessionDB',
+        ),
+        tz.Touchpoint(
+            label="trajectory_export",
+            file_path="batch_runner.py",
+            line_number=50,
+            matched_text='trajectory_entry',
+        ),
+        tz.Touchpoint(
+            label="benchmark_suite",
+            file_path="benchmarks/tool_call_benchmark.py",
+            line_number=60,
+            matched_text='ToolCall',
+        ),
+    ]
+
+    matrix = tz.build_requirement_matrix(touchpoints)
+    by_key = {row.key: row for row in matrix}
+
+    assert by_key["gateway_replacement"].status == "partial"
+    assert by_key["config_migration"].status == "partial"
+    assert by_key["canary_rollout"].status == "gap"
+    assert by_key["session_feedback"].status == "partial"
+    assert by_key["evaluation_suite"].status == "partial"
+
+
+def test_build_markdown_renders_recommendation_and_touchpoints():
+    touchpoints = [
+        tz.Touchpoint(
+            label="runtime_provider",
+            file_path="hermes_cli/runtime_provider.py",
+            line_number=10,
+            matched_text="def resolve_runtime_provider",
+        ),
+        tz.Touchpoint(
+            label="session_db",
+            file_path="hermes_state.py",
+            line_number=40,
+            matched_text='class SessionDB',
+        ),
+    ]
+    matrix = tz.build_requirement_matrix(touchpoints)
+    report = tz.build_report(touchpoints, matrix)
+    markdown = tz.build_markdown(report)
+
+    assert "# TensorZero Evaluation Packet" in markdown
+    assert "gateway_replacement" not in markdown  # human labels, not raw keys
+    assert "Gateway replacement scope" in markdown
+    assert "Not ready for direct replacement" in markdown
+    assert "hermes_cli/runtime_provider.py:10" in markdown
+    assert "hermes_state.py:40" in markdown
+
+
+def test_issue_context_is_embedded_in_report():
+    report = tz.build_report([], [])
+    markdown = tz.build_markdown(report)
+
+    assert "Issue #860" in markdown
+    assert "tensorzero" in markdown.lower()
+    assert "10% traffic" in markdown