Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 61 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Memory P5 — Sovereignty verification — no network in memory path #265

Merged
Rockachopa merged 1 commits from burn/20260409-2105-memory-sovereignty into main 2026-04-10 03:44:26 +00:00
Conversation 0 Commits 1 Files Changed 1 +321
Timmy commented 2026-04-10 01:07:27 +00:00
Owner
Copy Link

Closes #257

What

Adds scripts/verify_memory_sovereignty.py — a CI verification script that checks the memory path has no network dependencies.

How

Scans 8 memory-path files:

  • tools/memory_tool.py (MEMORY.md/USER.md store)
  • hermes_state.py (SQLite session store)
  • tools/session_search_tool.py (FTS5 session search)
  • tools/graph_store.py (knowledge graph)
  • tools/temporal_kg_tool.py (temporal KG tool)
  • agent/temporal_knowledge_graph.py (temporal triple store)
  • tools/skills_tool.py (skill listing/viewing)
  • tools/skills_sync.py (bundled skill syncing)

For each file, the script:

  1. Parses AST for network-capable imports (requests, httpx, urllib, openai, anthropic, etc.)
  2. Checks for LLM call functions (async_call_llm)
  3. Regex-scans for hardcoded URLs, socket usage, and other network indicators
  4. Reports violations with file:line references

Exit codes: 0 = sovereign, 1 = violations found.

Known exclusions

  • tools/graph_store.py — uses GiteaClient for persistence; documented as separate from core memory path
  • tools/session_search_tool.py — uses LLM summarization; FTS5 search itself is local

These are in KNOWN_VIOLATIONS with justification and excluded from the gate.

Results

Core memory path (MEMORY.md, USER.md, SQLite state.db, temporal KG) is fully sovereign — local filesystem and SQLite only, no network dependencies.

Closes #257 ## What Adds `scripts/verify_memory_sovereignty.py` — a CI verification script that checks the memory path has no network dependencies. ## How Scans 8 memory-path files: - `tools/memory_tool.py` (MEMORY.md/USER.md store) - `hermes_state.py` (SQLite session store) - `tools/session_search_tool.py` (FTS5 session search) - `tools/graph_store.py` (knowledge graph) - `tools/temporal_kg_tool.py` (temporal KG tool) - `agent/temporal_knowledge_graph.py` (temporal triple store) - `tools/skills_tool.py` (skill listing/viewing) - `tools/skills_sync.py` (bundled skill syncing) For each file, the script: 1. Parses AST for network-capable imports (requests, httpx, urllib, openai, anthropic, etc.) 2. Checks for LLM call functions (async_call_llm) 3. Regex-scans for hardcoded URLs, socket usage, and other network indicators 4. Reports violations with file:line references Exit codes: 0 = sovereign, 1 = violations found. ## Known exclusions - `tools/graph_store.py` — uses GiteaClient for persistence; documented as separate from core memory path - `tools/session_search_tool.py` — uses LLM summarization; FTS5 search itself is local These are in KNOWN_VIOLATIONS with justification and excluded from the gate. ## Results Core memory path (MEMORY.md, USER.md, SQLite state.db, temporal KG) is **fully sovereign** — local filesystem and SQLite only, no network dependencies.
Timmy added 1 commit 2026-04-10 01:07:28 +00:00
Add memory sovereignty verification script (#257)
All checks were successful
Forge CI / smoke-and-build (pull_request) Successful in 39s
Details
2e37ff638a 
CI check that scans all memory-path code for network dependencies.

Scans 8 memory-related files:
- tools/memory_tool.py (MEMORY.md/USER.md store)
- hermes_state.py (SQLite session store)
- tools/session_search_tool.py (FTS5 session search)
- tools/graph_store.py (knowledge graph)
- tools/temporal_kg_tool.py (temporal KG tool)
- agent/temporal_knowledge_graph.py (temporal triple store)
- tools/skills_tool.py (skill listing/viewing)
- tools/skills_sync.py (bundled skill syncing)

Verifies no HTTP/HTTPS calls, no external API usage, and no
network dependencies in the core memory read/write path.

Reports violations with file:line references. Exit 0 if sovereign,
exit 1 if violations found. Suitable for CI integration.
Rockachopa reviewed 2026-04-10 03:41:35 +00:00
Rockachopa left a comment
Owner
Copy Link

Auto-approved: clean diff, no conflicts, mergeable.

Auto-approved: clean diff, no conflicts, mergeable.
Rockachopa scheduled this pull request to auto merge when all checks succeed 2026-04-10 03:41:35 +00:00
Rockachopa merged commit a055e68ebf into main 2026-04-10 03:44:26 +00:00
Rockachopa referenced this issue from a commit 2026-04-10 03:44:27 +00:00
Merge pull request #265
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
CI
Continuous integration, runners, workflow issues
 QA
Quality assurance, testing, production audit
 assigned-claw-code
Queued for Code Claw (qwen/openrouter)
 assigned-kimi
Task assigned to KimiClaw for processing
 blocked
Blocked by external dependency or merge conflict
 claw-code-done
Code Claw completed this task
 claw-code-in-progress
Code Claw is actively working
 duplicate
Duplicate of another issue
 epic
Epic - large feature with multiple sub-tasks
 epic:memory
Unified Memory Architecture epic
 gaming
Gaming agent capabilities
 infra
Infrastructure, VPS, DNS, deployment
 kimi-done
KimiClaw has completed this task
 kimi-in-progress
KimiClaw is actively working on this
 mcp
MCP (Model Context Protocol) tools & servers
 morrowind
Morrowind Agent gameplay & MCP integration
 needs-review
PR or issue requires reviewer sign-off before merge/close
 p0-critical
p1-important
phase:1-activate
Phase 1: Activate existing systems
 phase:2-operational
Phase 2: Operational memory bridge
 phase:3-episodic
Phase 3: Proactive episodic recall
 phase:4-hygiene
Phase 4: Memory hygiene and quality
 phase:5-integration
Phase 5: Integration and testing
 security
Security hardening, vulnerability fixes
 stale
No activity, pending triage or closure
 velocity-engine
Auto-generated by velocity engine
 wont-fix
Closed as intentionally not fixing — explicit descope
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok hermes kimi manus perplexity sonnet
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/hermes-agent#265
Delete Branch "burn/20260409-2105-memory-sovereignty"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?