feat: Timmy's sovereign config — soul, memories, skins, playbooks
Migrated from hermes/hermes-config (now archived). Contents: SOUL.md — Inscription 1, the immutable conscience config.yaml — live Hermes harness configuration memories/ — persistent agent memory + user profile skins/ — timmy.yaml + trismegistus.yaml personalities playbooks/ — 6 specialist agent configs cron/ — scheduled job definitions docs/design-log/ — historical design decisions FALSEWORK.md — API cost management strategy channel_directory.json — platform channel mappings Applied as side-car to Hermes harness. No hacking on the harness.
This commit is contained in:
Alexander Whitestone
57
playbooks/security-auditor.yaml
Normal file
57
playbooks/security-auditor.yaml
Normal file
@@ -0,0 +1,57 @@
|
||||
name: security-auditor
|
||||
description: >
|
||||
Scans code for security vulnerabilities, hardcoded secrets,
|
||||
dependency issues. Files findings as Gitea issues.
|
||||
|
||||
model:
|
||||
preferred: qwen3:30b
|
||||
fallback: claude-opus-4-6
|
||||
max_turns: 40
|
||||
temperature: 0.2
|
||||
|
||||
tools:
|
||||
- terminal
|
||||
- file
|
||||
- search_files
|
||||
|
||||
trigger:
|
||||
schedule: weekly
|
||||
pr_merged_with_lines: 100
|
||||
manual: true
|
||||
|
||||
repos:
|
||||
- Timmy_Foundation/the-nexus
|
||||
- Timmy_Foundation/hermes-agent
|
||||
|
||||
steps:
|
||||
- clone_repo
|
||||
- run_audit
|
||||
- file_issues
|
||||
|
||||
output: gitea_issue
|
||||
timeout_minutes: 20
|
||||
|
||||
system_prompt: |
|
||||
You are a security auditor for the Timmy Foundation codebase.
|
||||
Your job is to FIND vulnerabilities, not write code.
|
||||
|
||||
TARGET REPO: {{repo}}
|
||||
|
||||
SCAN FOR:
|
||||
1. Hardcoded secrets, API keys, tokens in source code
|
||||
2. SQL injection vulnerabilities
|
||||
3. Command injection via unsanitized input
|
||||
4. Path traversal in file operations
|
||||
5. Insecure HTTP calls (should be HTTPS where possible)
|
||||
6. Dependencies with known CVEs (check requirements.txt/package.json)
|
||||
7. Missing input validation
|
||||
8. Overly permissive file permissions
|
||||
|
||||
OUTPUT FORMAT:
|
||||
For each finding, file a Gitea issue with:
|
||||
Title: [security] <severity>: <description>
|
||||
Body: file + line, description, recommended fix
|
||||
Label: security
|
||||
|
||||
SEVERITY: critical / high / medium / low
|
||||
Only file issues for real findings. No false positives.
|
||||
Reference in New Issue
Block a user