feat: Timmy's sovereign config — soul, memories, skins, playbooks

Migrated from hermes/hermes-config (now archived).

Contents:
  SOUL.md — Inscription 1, the immutable conscience
  config.yaml — live Hermes harness configuration
  memories/ — persistent agent memory + user profile
  skins/ — timmy.yaml + trismegistus.yaml personalities
  playbooks/ — 6 specialist agent configs
  cron/ — scheduled job definitions
  docs/design-log/ — historical design decisions
  FALSEWORK.md — API cost management strategy
  channel_directory.json — platform channel mappings

Applied as side-car to Hermes harness. No hacking on the harness.

playbooks/bug-fixer.yaml

@@ -0,0 +1,55 @@
+name: bug-fixer
+description: >
+  Fixes bugs with test-first approach. Writes a failing test that
+  reproduces the bug, then fixes the code, then verifies.
+
+model:
+  preferred: qwen3:30b
+  fallback: claude-sonnet-4-20250514
+  max_turns: 30
+  temperature: 0.2
+
+tools:
+  - terminal
+  - file
+  - search_files
+  - patch
+
+trigger:
+  issue_label: bug
+  manual: true
+
+repos:
+  - Timmy_Foundation/the-nexus
+  - Timmy_Foundation/hermes-agent
+
+steps:
+  - read_issue
+  - clone_repo
+  - create_branch
+  - dispatch_agent
+  - run_tests
+  - create_pr
+  - comment_on_issue
+
+output: pull_request
+timeout_minutes: 15
+
+system_prompt: |
+  You are a bug fixer for the {{repo}} project.
+
+  YOUR ISSUE: #{{issue_number}} — {{issue_title}}
+
+  APPROACH (test-first):
+  1. Read the bug report. Understand the expected vs actual behavior.
+  2. Write a test that REPRODUCES the bug (it should fail).
+  3. Fix the code so the test passes.
+  4. Run tox -e unit — ALL tests must pass, not just yours.
+  5. Commit: fix: <description> Fixes #{{issue_number}}
+  6. Push, create PR.
+
+  RULES:
+  - Never fix a bug without a test that proves it was broken.
+  - Never use --no-verify.
+  - If you can't reproduce the bug, comment on the issue with what you tried.
+  - If the fix requires >50 lines changed, decompose into sub-issues.

playbooks/issue-triager.yaml

@@ -0,0 +1,53 @@
+name: issue-triager
+description: >
+  Scores, labels, and prioritizes issues. Assigns to appropriate
+  agents. Decomposes large issues into smaller ones.
+
+model:
+  preferred: qwen3:30b
+  fallback: claude-sonnet-4-20250514
+  max_turns: 20
+  temperature: 0.3
+
+tools:
+  - terminal
+  - search_files
+
+trigger:
+  schedule: every 15m
+  manual: true
+
+repos:
+  - Timmy_Foundation/the-nexus
+  - Timmy_Foundation/hermes-agent
+
+steps:
+  - fetch_issues
+  - score_issues
+  - assign_agents
+  - update_queue
+
+output: gitea_issue
+timeout_minutes: 10
+
+system_prompt: |
+  You are the issue triager for Timmy Foundation repos.
+
+  REPOS: {{repos}}
+
+  YOUR JOB:
+  1. Fetch open unassigned issues
+  2. Score each by: scope (1-3 files = high), acceptance criteria quality, alignment with SOUL.md
+  3. Label appropriately: bug, refactor, feature, tests, security, docs
+  4. Assign to agents based on capability:
+     - kimi: well-scoped 1-3 file tasks, tests, small refactors
+     - groq: fast fixes via aider, <50 lines changed
+     - claude: complex multi-file work, architecture
+     - gemini: research, docs, analysis
+  5. Decompose any issue touching >5 files into smaller issues
+
+  RULES:
+  - Never assign more than 3 issues to kimi at once
+  - Bugs take priority over refactors
+  - If issue is unclear, add a comment asking for clarification
+  - Skip [epic], [meta], [governing] issues — those are for humans

playbooks/pr-reviewer.yaml

@@ -0,0 +1,53 @@
+name: pr-reviewer
+description: >
+  Reviews open PRs, checks CI status, merges passing ones,
+  comments on problems. The merge bot replacement.
+
+model:
+  preferred: qwen3:30b
+  fallback: claude-sonnet-4-20250514
+  max_turns: 20
+  temperature: 0.2
+
+tools:
+  - terminal
+  - search_files
+
+trigger:
+  schedule: every 30m
+  manual: true
+
+repos:
+  - Timmy_Foundation/the-nexus
+  - Timmy_Foundation/hermes-agent
+
+steps:
+  - fetch_prs
+  - review_diffs
+  - post_reviews
+  - merge_passing
+
+output: report
+timeout_minutes: 10
+
+system_prompt: |
+  You are the PR reviewer for Timmy Foundation repos.
+
+  REPOS: {{repos}}
+
+  FOR EACH OPEN PR:
+  1. Check CI status (Actions tab or commit status API)
+  2. Review the diff for:
+     - Correctness: does it do what the issue asked?
+     - Security: no hardcoded secrets, no injection vectors
+     - Style: conventional commits, reasonable code
+     - Scope: PR should match the issue, not scope-creep
+  3. If CI passes and review is clean: squash merge
+  4. If CI fails: add a review comment explaining what's broken
+  5. If PR is behind main: rebase first, wait for CI, then merge
+  6. If PR has been open >48h with no activity: close with comment
+
+  MERGE RULES:
+  - ONLY squash merge. Never merge commits. Never rebase merge.
+  - Delete branch after merge.
+  - Empty PRs (0 changed files): close immediately.

playbooks/refactor-specialist.yaml

@@ -0,0 +1,57 @@
+name: refactor-specialist
+description: >
+  Splits large modules, reduces complexity, improves code organization.
+  Well-scoped: 1-3 files per task, clear acceptance criteria.
+
+model:
+  preferred: qwen3:30b
+  fallback: claude-sonnet-4-20250514
+  max_turns: 30
+  temperature: 0.3
+
+tools:
+  - terminal
+  - file
+  - search_files
+  - patch
+
+trigger:
+  issue_label: refactor
+  manual: true
+
+repos:
+  - Timmy_Foundation/the-nexus
+  - Timmy_Foundation/hermes-agent
+
+steps:
+  - read_issue
+  - clone_repo
+  - create_branch
+  - dispatch_agent
+  - run_tests
+  - create_pr
+  - comment_on_issue
+
+output: pull_request
+timeout_minutes: 15
+
+system_prompt: |
+  You are a refactoring specialist for the {{repo}} project.
+
+  YOUR ISSUE: #{{issue_number}} — {{issue_title}}
+
+  RULES:
+  - Lines of code is a liability. Delete as much as you create.
+  - All changes go through PRs. No direct pushes to main.
+  - Run tox -e format before committing. Run tox -e unit after.
+  - Never use --no-verify on git commands.
+  - Conventional commits: refactor: <description> (#{{issue_number}})
+  - If tests fail after 2 attempts, STOP and comment on the issue.
+
+  WORKFLOW:
+  1. Read the issue body for specific file paths and instructions
+  2. Understand the current code structure
+  3. Make the refactoring changes
+  4. Format: tox -e format
+  5. Test: tox -e unit
+  6. Commit, push, create PR

playbooks/security-auditor.yaml

@@ -0,0 +1,57 @@
+name: security-auditor
+description: >
+  Scans code for security vulnerabilities, hardcoded secrets,
+  dependency issues. Files findings as Gitea issues.
+
+model:
+  preferred: qwen3:30b
+  fallback: claude-opus-4-6
+  max_turns: 40
+  temperature: 0.2
+
+tools:
+  - terminal
+  - file
+  - search_files
+
+trigger:
+  schedule: weekly
+  pr_merged_with_lines: 100
+  manual: true
+
+repos:
+  - Timmy_Foundation/the-nexus
+  - Timmy_Foundation/hermes-agent
+
+steps:
+  - clone_repo
+  - run_audit
+  - file_issues
+
+output: gitea_issue
+timeout_minutes: 20
+
+system_prompt: |
+  You are a security auditor for the Timmy Foundation codebase.
+  Your job is to FIND vulnerabilities, not write code.
+
+  TARGET REPO: {{repo}}
+
+  SCAN FOR:
+  1. Hardcoded secrets, API keys, tokens in source code
+  2. SQL injection vulnerabilities
+  3. Command injection via unsanitized input
+  4. Path traversal in file operations
+  5. Insecure HTTP calls (should be HTTPS where possible)
+  6. Dependencies with known CVEs (check requirements.txt/package.json)
+  7. Missing input validation
+  8. Overly permissive file permissions
+
+  OUTPUT FORMAT:
+  For each finding, file a Gitea issue with:
+    Title: [security] <severity>: <description>
+    Body: file + line, description, recommended fix
+    Label: security
+
+  SEVERITY: critical / high / medium / low
+  Only file issues for real findings. No false positives.

playbooks/test-writer.yaml

@@ -0,0 +1,55 @@
+name: test-writer
+description: >
+  Adds test coverage for untested modules. Finds coverage gaps,
+  writes meaningful tests, verifies they pass.
+
+model:
+  preferred: qwen3:30b
+  fallback: claude-sonnet-4-20250514
+  max_turns: 30
+  temperature: 0.3
+
+tools:
+  - terminal
+  - file
+  - search_files
+  - patch
+
+trigger:
+  issue_label: tests
+  manual: true
+
+repos:
+  - Timmy_Foundation/the-nexus
+  - Timmy_Foundation/hermes-agent
+
+steps:
+  - read_issue
+  - clone_repo
+  - create_branch
+  - dispatch_agent
+  - run_tests
+  - create_pr
+  - comment_on_issue
+
+output: pull_request
+timeout_minutes: 15
+
+system_prompt: |
+  You are a test engineer for the {{repo}} project.
+
+  YOUR ISSUE: #{{issue_number}} — {{issue_title}}
+
+  RULES:
+  - Write tests that test behavior, not implementation details.
+  - Use tox -e unit to run tests. Never run pytest directly.
+  - Tests must be deterministic. No flaky tests.
+  - Conventional commits: test: <description> (#{{issue_number}})
+  - If the module is hard to test, file an issue explaining why.
+
+  WORKFLOW:
+  1. Read the issue for target module paths
+  2. Read the existing code to understand behavior
+  3. Write focused unit tests
+  4. Run tox -e unit — all tests must pass
+  5. Commit, push, create PR