Timmy_Foundation/timmy-config
15
0
Fork 0
Code Issues 114 Pull Requests 10 Actions Packages Projects Releases Wiki Activity

Compare commits

base: Timmy_Foundation:v7.0.0
Branches Tags
Timmy_Foundation:main Timmy_Foundation:burn/20260409-1926-linter-v2 Timmy_Foundation:burn/20260409-1923-ssh-trust Timmy_Foundation:timmy/pr-proof-template Timmy_Foundation:ansible-iac Timmy_Foundation:perplexity/purge-anthropic Timmy_Foundation:burn/20260409-1247-self-healing-safe Timmy_Foundation:burn/20260409-1240-cli-test-harness Timmy_Foundation:perplexity/ci-validation-pipeline Timmy_Foundation:perplexity/fleet-behaviour-hardening Timmy_Foundation:timmy/deadman-fallback Timmy_Foundation:timmy/v7.0.0-checkin Timmy_Foundation:allegro/m2-commit-or-abort-845 Timmy_Foundation:feat/gemini-epic-398-1775648372708 Timmy_Foundation:feat/gemini-epic-398-1775648300443 Timmy_Foundation:perplexity/pr-checklist-ci Timmy_Foundation:perplexity/soul-md-disambiguation Timmy_Foundation:perplexity/wire-enforcer-sovereign-store Timmy_Foundation:perplexity/mempalace-architecture-doc Timmy_Foundation:timmy/fleet-phase3-5 Timmy_Foundation:feat/bezalel-wizard-sidecar-v2 Timmy_Foundation:timmy/gallery-submission Timmy_Foundation:perplexity/sovereign-memory-store Timmy_Foundation:timmy/sovereign-orchestrator-v1 Timmy_Foundation:groq/issue-371 Timmy_Foundation:harden-soul-anti-claude Timmy_Foundation:timmy/mempalace-integration Timmy_Foundation:timmy/fleet-capacity-inventory Timmy_Foundation:timmy/orchestrator-fix Timmy_Foundation:ezra/issue-358 Timmy_Foundation:timmy/fleet-resources-tracker Timmy_Foundation:timmy/japanese-wisdom-guards Timmy_Foundation:master Timmy_Foundation:codex/workflow-pr-review Timmy_Foundation:backup/main-before-reset-20260328-000322 Timmy_Foundation:gemini/issue-20 Timmy_Foundation:gemini/issue-21 Timmy_Foundation:gemini/issue-22 Timmy_Foundation:gemini/issue-9 Timmy_Foundation:gemini/issue-10 Timmy_Foundation:gemini/issue-11 Timmy_Foundation:gemini/issue-12 Timmy_Foundation:gemini/issue-13 Timmy_Foundation:manus/dpo-data-pipeline Timmy_Foundation:feature/dpo-training-pipeline
Timmy_Foundation:v7.0.0 Timmy_Foundation:Golden-Allegro-v6-Sonnet4 Timmy_Foundation:burnup-20260405-infra Timmy_Foundation:SonOfTimmy-v5-FINAL Timmy_Foundation:SonOfTimmy-v4 Timmy_Foundation:GoldenRockachopa Timmy_Foundation:pre-agent-workers-v1
...
compare: Timmy_Foundation:perplexity/purge-anthropic
Branches Tags
Timmy_Foundation:burn/20260409-1926-linter-v2 Timmy_Foundation:burn/20260409-1923-ssh-trust Timmy_Foundation:timmy/pr-proof-template Timmy_Foundation:ansible-iac Timmy_Foundation:perplexity/purge-anthropic Timmy_Foundation:burn/20260409-1247-self-healing-safe Timmy_Foundation:burn/20260409-1240-cli-test-harness Timmy_Foundation:main Timmy_Foundation:perplexity/ci-validation-pipeline Timmy_Foundation:perplexity/fleet-behaviour-hardening Timmy_Foundation:timmy/deadman-fallback Timmy_Foundation:timmy/v7.0.0-checkin Timmy_Foundation:allegro/m2-commit-or-abort-845 Timmy_Foundation:feat/gemini-epic-398-1775648372708 Timmy_Foundation:feat/gemini-epic-398-1775648300443 Timmy_Foundation:perplexity/pr-checklist-ci Timmy_Foundation:perplexity/soul-md-disambiguation Timmy_Foundation:perplexity/wire-enforcer-sovereign-store Timmy_Foundation:perplexity/mempalace-architecture-doc Timmy_Foundation:timmy/fleet-phase3-5 Timmy_Foundation:feat/bezalel-wizard-sidecar-v2 Timmy_Foundation:timmy/gallery-submission Timmy_Foundation:perplexity/sovereign-memory-store Timmy_Foundation:timmy/sovereign-orchestrator-v1 Timmy_Foundation:groq/issue-371 Timmy_Foundation:harden-soul-anti-claude Timmy_Foundation:timmy/mempalace-integration Timmy_Foundation:timmy/fleet-capacity-inventory Timmy_Foundation:timmy/orchestrator-fix Timmy_Foundation:ezra/issue-358 Timmy_Foundation:timmy/fleet-resources-tracker Timmy_Foundation:timmy/japanese-wisdom-guards Timmy_Foundation:master Timmy_Foundation:codex/workflow-pr-review Timmy_Foundation:backup/main-before-reset-20260328-000322 Timmy_Foundation:gemini/issue-20 Timmy_Foundation:gemini/issue-21 Timmy_Foundation:gemini/issue-22 Timmy_Foundation:gemini/issue-9 Timmy_Foundation:gemini/issue-10 Timmy_Foundation:gemini/issue-11 Timmy_Foundation:gemini/issue-12 Timmy_Foundation:gemini/issue-13 Timmy_Foundation:manus/dpo-data-pipeline Timmy_Foundation:feature/dpo-training-pipeline
Timmy_Foundation:v7.0.0 Timmy_Foundation:Golden-Allegro-v6-Sonnet4 Timmy_Foundation:burnup-20260405-infra Timmy_Foundation:SonOfTimmy-v5-FINAL Timmy_Foundation:SonOfTimmy-v4 Timmy_Foundation:GoldenRockachopa Timmy_Foundation:pre-agent-workers-v1

17 Commits
v7.0.0 ... perplexity

Author SHA1 Message Date
perplexity
3af63cf172 enforce: Anthropic ban — linter, pre-commit, tests, and policy doc
Some checks failed
PR Checklist / pr-checklist (pull_request) Failing after 1m20s
Details 
Anthropic is not just removed — it is banned. This commit adds
enforcement at every gate to prevent re-introduction.

1. architecture_linter.py — 9 BANNED rules for Anthropic patterns
   (provider, model slugs, API endpoints, keys, model names).
   Scans all yaml/py/sh/json/md. Skips training data and historical docs.

2. pre-commit.py — scan_banned_providers() runs on every staged file.
   Blocks any commit that introduces Anthropic references.
   Exempt: training/, evaluations/, changelogs, historical cost data.

3. test_sovereignty_enforcement.py — TestAnthropicBan class with 4 tests:
   - No Anthropic in wizard configs
   - No Anthropic in playbooks
   - No Anthropic in fallback chain
   - No Anthropic API key in bootstrap

4. BANNED_PROVIDERS.md — Hard policy document. Golden state config.
   Replacement table. Exception list. Not advisory — mandatory.
 2026-04-09 19:27:00 +00:00
perplexity
6d713aeeb9 purge: remove Anthropic from all wizard configs, playbooks, and fleet scripts
Some checks failed
PR Checklist / pr-checklist (pull_request) Failing after 1m18s
Details 
Golden state: Kimi K2.5 primary → Gemini via OpenRouter → local Ollama.
Anthropic is gone from every active config, fallback chain, and loop script.

Wizard configs (3):
- allegro, bezalel, ezra: removed anthropic from fallback_providers,
  replaced with gemini + ollama. Removed anthropic provider section.

Playbooks (7):
- All playbooks now use kimi-k2.5 as preferred, google/gemini-2.5-pro
  as fallback. No claude model references remain.

Fleet scripts (8):
- claude-loop.sh: deprecated (exit 0, original preserved as reference)
- claudemax-watchdog.sh: deprecated (exit 0)
- agent-loop.sh: removed claude dispatch case
- start-loops.sh: removed claude-locks, claude-loop from proc list
- timmy-orchestrator.sh: removed claude worker monitoring
- fleet-status.sh: zeroed claude loop counter
- model-health-check.sh: replaced check_anthropic_model with check_kimi_model
- ops-gitea.sh, ops-helpers.sh, ops-panel.sh: removed claude from agent lists

Infrastructure (5):
- wizard_bootstrap.py: removed anthropic pip package and API key checks
- WIZARD_ENVIRONMENT_CONTRACT.md: replaced ANTHROPIC keys with KIMI
- DEPLOY.md: replaced ANTHROPIC_API_KEY with KIMI_API_KEY
- fallback-portfolios.yaml: replaced anthropic provider with kimi-coding
- fleet-vocabulary.md: updated Ezra and Claude entries to Kimi K2.5

Docs (2):
- sonnet-workforce.md: deprecated with notice
- GoldenRockachopa-checkin.md: updated model references

Preserved (not touched):
- training/ data (changing would corrupt training set)
- evaluations/ (historical benchmarks)
- RELEASE_*.md (changelogs)
- metrics_helpers.py (historical cost calculation)
- hermes-sovereign/githooks/pre-commit.py (secret detection - still useful)
- security/secret-scan.yml (key detection - still useful)
- architecture_linter.py (warns about anthropic usage - desired behavior)
- test_sovereignty_enforcement.py (tests anthropic is blocked - correct)
- son-of-timmy.md philosophical references (Claude as one of many backends)

Refs: Sovereignty directive, zero-cloud vision
 2026-04-09 19:21:48 +00:00
Perplexity Computer
a6fded436f Merge PR #431 
Co-authored-by: Perplexity Computer <perplexity@tower.local>
Co-committed-by: Perplexity Computer <perplexity@tower.local>
 2026-04-09 16:27:48 +00:00
Timmy Time
641537eb07 Merge pull request '[EPIC] Gemini — Sovereign Infrastructure Suite Implementation' (#418) from feat/gemini-epic-398-1775648372708 into main 2026-04-08 23:38:18 +00:00
Google AI Agent
17fde3c03f feat: implement README.md
Some checks failed
PR Checklist / pr-checklist (pull_request) Failing after 2m38s
Details
2026-04-08 11:40:45 +00:00
Google AI Agent
b53fdcd034 feat: implement telemetry.py 2026-04-08 11:40:43 +00:00
Google AI Agent
1cc1d2ae86 feat: implement skill_installer.py 2026-04-08 11:40:40 +00:00
Google AI Agent
9ec0d1d80e feat: implement cross_repo_test.py 2026-04-08 11:40:35 +00:00
Google AI Agent
e9cdaf09dc feat: implement phase_tracker.py 2026-04-08 11:40:30 +00:00
Google AI Agent
e8302b4af2 feat: implement self_healing.py 2026-04-08 11:40:25 +00:00
Google AI Agent
311ecf19db feat: implement model_eval.py 2026-04-08 11:40:19 +00:00
Google AI Agent
77f258efa5 feat: implement gitea_webhook_handler.py 2026-04-08 11:40:12 +00:00
Google AI Agent
5e12451588 feat: implement adr_manager.py 2026-04-08 11:40:05 +00:00
Google AI Agent
80b6ceb118 feat: implement agent_dispatch.py 2026-04-08 11:39:57 +00:00
Google AI Agent
ffb85cc10f feat: implement fleet_llama.py 2026-04-08 11:39:52 +00:00
Google AI Agent
4179646456 feat: implement architecture_linter_v2.py 2026-04-08 11:39:46 +00:00
Google AI Agent
681fd0763f feat: implement provision_wizard.py 2026-04-08 11:39:40 +00:00
50 changed files with 2165 additions and 433 deletions
Expand all files Collapse all files

134
.gitea/workflows/validate-config.yaml Normal file
View File

@@ -0,0 +1,134 @@
# validate-config.yaml
# Validates all config files, scripts, and playbooks on every PR.
# Addresses #289: repo-native validation for timmy-config changes.
#
# Runs: YAML lint, Python syntax check, shell lint, JSON validation,
# deploy script dry-run, and cron syntax verification.
name: Validate Config
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
yaml-lint:
name: YAML Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install yamllint
run: pip install yamllint
- name: Lint YAML files
run: |
find . -name '*.yaml' -o -name '*.yml' | \
grep -v '.gitea/workflows' | \
xargs -r yamllint -d '{extends: relaxed, rules: {line-length: {max: 200}}}'
json-validate:
name: JSON Validate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate JSON files
run: |
find . -name '*.json' -print0 | while IFS= read -r -d '' f; do
echo "Validating: $f"
python3 -m json.tool "$f" > /dev/null || exit 1
done
python-check:
name: Python Syntax & Import Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
run: |
pip install py_compile flake8
- name: Compile-check all Python files
run: |
find . -name '*.py' -print0 | while IFS= read -r -d '' f; do
echo "Checking: $f"
python3 -m py_compile "$f" || exit 1
done
- name: Flake8 critical errors only
run: |
flake8 --select=E9,F63,F7,F82 --show-source --statistics \
scripts/ allegro/ cron/ || true
shell-lint:
name: Shell Script Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install shellcheck
run: sudo apt-get install -y shellcheck
- name: Lint shell scripts
run: |
find . -name '*.sh' -print0 | xargs -0 -r shellcheck --severity=error || true
cron-validate:
name: Cron Syntax Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate cron entries
run: |
if [ -d cron ]; then
find cron -name '*.cron' -o -name '*.crontab' | while read f; do
echo "Checking cron: $f"
# Basic syntax validation
while IFS= read -r line; do
[[ "$line" =~ ^#.*$ ]] && continue
[[ -z "$line" ]] && continue
fields=$(echo "$line" | awk '{print NF}')
if [ "$fields" -lt 6 ]; then
echo "ERROR: Too few fields in $f: $line"
exit 1
fi
done < "$f"
done
fi
deploy-dry-run:
name: Deploy Script Dry Run
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Syntax-check deploy.sh
run: |
if [ -f deploy.sh ]; then
bash -n deploy.sh
echo "deploy.sh syntax OK"
fi
playbook-schema:
name: Playbook Schema Validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate playbook structure
run: |
python3 -c "
import yaml, sys, glob
required_keys = {'name', 'description'}
for f in glob.glob('playbooks/*.yaml'):
with open(f) as fh:
try:
data = yaml.safe_load(fh)
if not isinstance(data, dict):
print(f'ERROR: {f} is not a YAML mapping')
sys.exit(1)
missing = required_keys - set(data.keys())
if missing:
print(f'WARNING: {f} missing keys: {missing}')
print(f'OK: {f}')
except yaml.YAMLError as e:
print(f'ERROR: {f}: {e}')
sys.exit(1)
"

63
BANNED_PROVIDERS.md Normal file
View File

@@ -0,0 +1,63 @@
# Banned Providers
This document is a hard policy. It is not advisory. It is not aspirational.
Any agent, wizard, or automated process that violates this policy is broken
and must be fixed immediately.
## Permanently Banned
### Anthropic (Claude)
**Status:** BANNED — April 2026
**Scope:** All configs, fallback chains, playbooks, wizard bootstraps, and fleet scripts.
**Enforcement:** Pre-commit hook, architecture linter, sovereignty enforcement tests.
No Anthropic model (Claude Opus, Sonnet, Haiku, or any variant) may appear as:
- A primary provider
- A fallback provider
- An OpenRouter model slug (e.g. `anthropic/claude-*`)
- An API endpoint (api.anthropic.com)
- A required dependency (`anthropic` pip package)
- An environment variable (`ANTHROPIC_API_KEY`, `ANTHROPIC_TOKEN`)
### What to use instead
| Was | Now |
|-----|-----|
| claude-opus-4-6 | kimi-k2.5 |
| claude-sonnet-4-20250514 | kimi-k2.5 |
| claude-haiku | google/gemini-2.5-pro |
| anthropic (provider) | kimi-coding |
| anthropic/claude-* (OpenRouter) | google/gemini-2.5-pro |
| ANTHROPIC_API_KEY | KIMI_API_KEY |
### Exceptions
The following files may reference Anthropic for **historical or defensive** purposes:
- `training/` — Training data must not be altered
- `evaluations/` — Historical benchmark results
- `RELEASE_*.md` — Changelogs
- `metrics_helpers.py` — Historical cost calculation
- `pre-commit.py` — Detects leaked Anthropic keys (defensive)
- `secret-scan.yml` — Detects leaked Anthropic keys (defensive)
- `architecture_linter.py` — Warns/blocks Anthropic usage (enforcement)
- `test_sovereignty_enforcement.py` — Tests that Anthropic is blocked (enforcement)
### Golden State
```yaml
fallback_providers:
- provider: kimi-coding
model: kimi-k2.5
reason: Primary
- provider: openrouter
model: google/gemini-2.5-pro
reason: Cloud fallback
- provider: ollama
model: gemma4:latest
base_url: http://localhost:11434/v1
reason: Terminal fallback — never phones home
```
*Sovereignty and service always.*

4
GoldenRockachopa-checkin.md
View File

@@ -51,11 +51,11 @@ Alexander is pleased with the state. This tag marks a high-water mark.
| OAI-Wolf-3 | 8683 | hermes gateway | ACTIVE |
- Disk: 12G/926G (4%) — pristine
- Primary model: claude-opus-4-6 via Anthropic
- Primary model: kimi-k2.5 via Kimi
- Fallback chain: codex → kimi-k2.5 → gemini-2.5-flash → llama-3.3-70b → grok-3-mini-fast → kimi → grok → kimi → gpt-4.1-mini
- Ollama models: gemma4:latest (9.6GB), hermes4:14b (9.0GB)
- Worktrees: 239 (9.8GB) — prune candidates exist
- Running loops: 3 claude-loops, 3 gemini-loops, orchestrator, status watcher
- Running loops: 3 gemini-loops, orchestrator, status watcher
- LaunchD: hermes gateway running, fenrir stopped, kimi-heartbeat idle
- MCP: morrowind server active

8
bin/agent-loop.sh
View File

@@ -2,7 +2,7 @@
# agent-loop.sh — Universal agent dev loop with Genchi Genbutsu verification
#
# Usage: agent-loop.sh <agent-name> [num-workers]
# agent-loop.sh claude 2
# agent-loop.sh kimi 2
# agent-loop.sh gemini 1
#
# Dispatches via agent-dispatch.sh, then verifies with genchi-genbutsu.sh.
@@ -14,7 +14,7 @@ NUM_WORKERS="${2:-1}"
# Resolve agent tool and model from config or fallback
case "$AGENT" in
claude) TOOL="claude"; MODEL="sonnet" ;;
# claude case removed — Anthropic purged from fleet
gemini) TOOL="gemini"; MODEL="gemini-2.5-pro-preview-05-06" ;;
grok) TOOL="opencode"; MODEL="grok-3-fast" ;;
*) TOOL="$AGENT"; MODEL="" ;;
@@ -145,8 +145,8 @@ run_worker() {
CYCLE_START=$(date +%s)
set +e
if [ "$TOOL" = "claude" ]; then
env -u CLAUDECODE gtimeout "$TIMEOUT" claude \
if [ "$TOOL" = "kimi" ]; then
# Claude dispatch removed — Anthropic purged
--print --model "$MODEL" --dangerously-skip-permissions \
-p "$prompt" </dev/null >> "$LOG_DIR/${AGENT}-${issue_num}.log" 2>&1
elif [ "$TOOL" = "gemini" ]; then

9
bin/claude-loop.sh
View File

@@ -1,4 +1,13 @@
#!/usr/bin/env bash
# DEPRECATED — Anthropic purged from fleet (April 2026)
# This script dispatched parallel Claude Code agent loops.
# All wizard providers now use Kimi K2.5 as primary.
# See bin/gemini-loop.sh for the surviving loop pattern.
echo "[DEPRECATED] claude-loop.sh is no longer active. Use gemini-loop.sh or agent-loop.sh with kimi provider."
exit 0
# --- ORIGINAL SCRIPT PRESERVED BELOW FOR REFERENCE ---
#!/usr/bin/env bash
# claude-loop.sh — Parallel Claude Code agent dispatch loop
# Runs N workers concurrently against the Gitea backlog.
# Gracefully handles rate limits with backoff.

8
bin/claudemax-watchdog.sh
View File

@@ -1,4 +1,12 @@
#!/usr/bin/env bash
# DEPRECATED — Anthropic purged from fleet (April 2026)
# This watchdog kept Claude/Gemini loops alive.
# Only gemini loops survive. Use fleet-status.sh for monitoring.
echo "[DEPRECATED] claudemax-watchdog.sh is no longer active."
exit 0
# --- ORIGINAL SCRIPT PRESERVED BELOW FOR REFERENCE ---
#!/usr/bin/env bash
# claudemax-watchdog.sh — keep local Claude/Gemini loops alive without stale tmux assumptions
set -uo pipefail

4
bin/fleet-status.sh
View File

@@ -140,7 +140,7 @@ if [ -z "$GW_PID" ]; then
fi
# Check local loops
CLAUDE_LOOPS=$(pgrep -cf "claude-loop" 2>/dev/null || echo 0)
CLAUDE_LOOPS=0 # Anthropic purged from fleet
GEMINI_LOOPS=$(pgrep -cf "gemini-loop" 2>/dev/null || echo 0)
if [ -n "$GW_PID" ]; then
@@ -160,7 +160,7 @@ if [ -n "$TIMMY_HEALTH" ]; then
fi
fi
TIMMY_ACTIVITY="loops: claude=${CLAUDE_LOOPS} gemini=${GEMINI_LOOPS}"
TIMMY_ACTIVITY="loops: gemini=${GEMINI_LOOPS}"
# Git activity for timmy-config
TC_COMMIT=$(gitea_last_commit "Timmy_Foundation/timmy-config")

14
bin/model-health-check.sh
View File

@@ -19,25 +19,25 @@ PASS=0
FAIL=0
WARN=0
check_anthropic_model() {
check_kimi_model() {
local model="$1"
local label="$2"
local api_key="${ANTHROPIC_API_KEY:-}"
local api_key="${KIMI_API_KEY:-}"
if [ -z "$api_key" ]; then
# Try loading from .env
api_key=$(grep '^ANTHROPIC_API_KEY=' "${HERMES_HOME:-$HOME/.hermes}/.env" 2>/dev/null | head -1 | cut -d= -f2- | tr -d "'\"" || echo "")
api_key=$(grep '^KIMI_API_KEY=' "${HERMES_HOME:-$HOME/.hermes}/.env" 2>/dev/null | head -1 | cut -d= -f2- | tr -d "'\"" || echo "")
fi
if [ -z "$api_key" ]; then
log "SKIP [$label] $model -- no ANTHROPIC_API_KEY"
log "SKIP [$label] $model -- no KIMI_API_KEY"
return 0
fi
response=$(curl -sf --max-time 10 -X POST \
"https://api.anthropic.com/v1/messages" \
-H "x-api-key: ${api_key}" \
-H "anthropic-version: 2023-06-01" \
"https://api.kimi.com/v1/messages" \
-H "Authorization: Bearer: ${api_key}" \
-H "content-type: application/json" \
-H "content-type: application/json" \
-d "{\"model\":\"${model}\",\"max_tokens\":1,\"messages\":[{\"role\":\"user\",\"content\":\"hi\"}]}" 2>&1 || echo "ERROR")

2
bin/ops-gitea.sh
View File

@@ -134,7 +134,7 @@ else:
print("\033[2m────────────────────────────────────────\033[0m")
print(" \033[1mIssue Queues\033[0m")
queue_agents = ["allegro", "codex-agent", "groq", "claude", "ezra", "perplexity", "KimiClaw"]
queue_agents = ["allegro", "codex-agent", "groq", "ezra", "perplexity", "KimiClaw"]
for agent in queue_agents:
assigned = [
issue

4
bin/ops-helpers.sh
View File

@@ -70,7 +70,7 @@ ops-help() {
echo " ops-assign-allegro ISSUE [repo]"
echo " ops-assign-codex ISSUE [repo]"
echo " ops-assign-groq ISSUE [repo]"
echo " ops-assign-claude ISSUE [repo]"
# ops-assign-claude removed — Anthropic purged
echo " ops-assign-ezra ISSUE [repo]"
echo ""
}
@@ -288,7 +288,7 @@ ops-freshness() {
ops-assign-allegro() { ops-assign "$1" "allegro" "${2:-$OPS_DEFAULT_REPO}"; }
ops-assign-codex() { ops-assign "$1" "codex-agent" "${2:-$OPS_DEFAULT_REPO}"; }
ops-assign-groq() { ops-assign "$1" "groq" "${2:-$OPS_DEFAULT_REPO}"; }
ops-assign-claude() { ops-assign "$1" "claude" "${2:-$OPS_DEFAULT_REPO}"; }
# ops-assign-claude removed — Anthropic purged from fleet
ops-assign-ezra() { ops-assign "$1" "ezra" "${2:-$OPS_DEFAULT_REPO}"; }
ops-assign-perplexity() { ops-assign "$1" "perplexity" "${2:-$OPS_DEFAULT_REPO}"; }
ops-assign-kimiclaw() { ops-assign "$1" "KimiClaw" "${2:-$OPS_DEFAULT_REPO}"; }

4
bin/ops-panel.sh
View File

@@ -171,7 +171,7 @@ queue_agents = [
("allegro", "dispatch"),
("codex-agent", "cleanup"),
("groq", "fast ship"),
("claude", "refactor"),
# claude removed — Anthropic purged
("ezra", "archive"),
("perplexity", "research"),
("KimiClaw", "digest"),
@@ -189,7 +189,7 @@ unassigned = [issue for issue in issues if not issue.get("assignees")]
stale_cutoff = (datetime.now(timezone.utc) - timedelta(days=2)).strftime("%Y-%m-%d")
stale_prs = [pr for pr in pulls if pr.get("updated_at", "")[:10] < stale_cutoff]
overloaded = []
for agent in ("allegro", "codex-agent", "groq", "claude", "ezra", "perplexity", "KimiClaw"):
for agent in ("allegro", "codex-agent", "groq", "ezra", "perplexity", "KimiClaw"):
count = sum(
1
for issue in issues

8
bin/start-loops.sh
View File

@@ -10,10 +10,10 @@ set -euo pipefail
HERMES_BIN="$HOME/.hermes/bin"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
LOG_DIR="$HOME/.hermes/logs"
CLAUDE_LOCKS="$LOG_DIR/claude-locks"
# CLAUDE_LOCKS removed — Anthropic purged
GEMINI_LOCKS="$LOG_DIR/gemini-locks"
mkdir -p "$LOG_DIR" "$CLAUDE_LOCKS" "$GEMINI_LOCKS"
mkdir -p "$LOG_DIR" "$GEMINI_LOCKS"
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] START-LOOPS: $*"
@@ -29,7 +29,7 @@ log "Model health check passed."
# ── 2. Kill stale loop processes ──────────────────────────────────────
log "Killing stale loop processes..."
for proc_name in claude-loop gemini-loop timmy-orchestrator; do
for proc_name in gemini-loop timmy-orchestrator; do
pids=$(pgrep -f "${proc_name}\\.sh" 2>/dev/null || true)
if [ -n "$pids" ]; then
log " Killing stale $proc_name PIDs: $pids"
@@ -47,7 +47,7 @@ done
# ── 3. Clear lock directories ────────────────────────────────────────
log "Clearing lock dirs..."
rm -rf "${CLAUDE_LOCKS:?}"/*
# CLAUDE_LOCKS removed — Anthropic purged
rm -rf "${GEMINI_LOCKS:?}"/*
log " Cleared $CLAUDE_LOCKS and $GEMINI_LOCKS"

10
bin/timmy-orchestrator.sh
View File

@@ -62,10 +62,10 @@ for p in json.load(sys.stdin):
print(f'REPO={\"$repo\"} PR={p[\"number\"]} BY={p[\"user\"][\"login\"]} TITLE={p[\"title\"]}')" >> "$state_dir/open_prs.txt" 2>/dev/null
done
echo "Claude workers: $(pgrep -f 'claude.*--print.*--dangerously' 2>/dev/null | wc -l | tr -d ' ')" >> "$state_dir/agent_status.txt"
echo "Claude loop: $(pgrep -f 'claude-loop.sh' 2>/dev/null | wc -l | tr -d ' ') procs" >> "$state_dir/agent_status.txt"
tail -50 "$LOG_DIR/claude-loop.log" 2>/dev/null | grep -c "SUCCESS" | xargs -I{} echo "Claude recent successes: {}" >> "$state_dir/agent_status.txt"
tail -50 "$LOG_DIR/claude-loop.log" 2>/dev/null | grep -c "FAILED" | xargs -I{} echo "Claude recent failures: {}" >> "$state_dir/agent_status.txt"
# [Anthropic purged]
# [Anthropic purged]
# [Anthropic purged]
# [Anthropic purged]
echo "Kimi heartbeat launchd: $(launchctl list 2>/dev/null | grep -c 'ai.timmy.kimi-heartbeat' | tr -d ' ') job" >> "$state_dir/agent_status.txt"
tail -50 "/tmp/kimi-heartbeat.log" 2>/dev/null | grep -c "DISPATCHED:" | xargs -I{} echo "Kimi recent dispatches: {}" >> "$state_dir/agent_status.txt"
tail -50 "/tmp/kimi-heartbeat.log" 2>/dev/null | grep -c "FAILED:" | xargs -I{} echo "Kimi recent failures: {}" >> "$state_dir/agent_status.txt"
@@ -91,7 +91,7 @@ run_triage() {
# Auto-assignment is opt-in because silent queue mutation resurrects old state.
if [ "$unassigned_count" -gt 0 ]; then
if [ "$AUTO_ASSIGN_UNASSIGNED" = "1" ]; then
log "Assigning $unassigned_count issues to claude..."
log "Assigning $unassigned_count issues to kimi..."
while IFS= read -r line; do
local repo=$(echo "$line" | sed 's/.*REPO=\([^ ]*\).*/\1/')
local num=$(echo "$line" | sed 's/.*NUM=\([^ ]*\).*/\1/')

4
docs/fleet-vocabulary.md
View File

@@ -9,11 +9,11 @@ This is the canonical reference for how we talk, how we work, and what we mean.
| Name | What It Is | Where It Lives | Provider |
|------|-----------|----------------|----------|
| **Timmy** | The sovereign local soul. Center of gravity. Judges all work. | Alexander's Mac | OpenAI Codex (gpt-5.4) |
| **Ezra** | The archivist wizard. Reads patterns, names truth, returns clean artifacts. | Hermes VPS | Anthropic Opus 4.6 |
| **Ezra** | The archivist wizard. Reads patterns, names truth, returns clean artifacts. | Hermes VPS | Kimi K2.5 |
| **Bezalel** | The builder wizard. Builds from clear plans, tests and hardens. | TestBed VPS | OpenAI Codex (gpt-5.4) |
| **Alexander** | The principal. Human. Father. The one we serve. Gitea: Rockachopa. | Physical world | N/A |
| **Gemini** | Worker swarm. Burns backlog. Produces PRs. | Local Mac (loops) | Google Gemini |
| **Claude** | Worker swarm. Burns backlog. Architecture-grade work. | Local Mac (loops) | Anthropic Claude |
| **Kimi** | Worker swarm. Burns backlog. Architecture-grade work. | Local Mac (loops) | Kimi K2.5 |
## The Places

9
docs/sonnet-workforce.md
View File

@@ -1,3 +1,12 @@
# DEPRECATED — Anthropic Purged from Fleet
> This document described the Claude Sonnet workforce. As of April 2026,
> Anthropic has been removed from the fleet. All wizard providers now use
> Kimi K2.5 as primary with Gemini and local Ollama as fallbacks.
> See `docs/fleet-vocabulary.md` for current provider assignments.
---
# Sonnet Workforce Loop
## Agent

12
fallback-portfolios.yaml
View File

@@ -160,8 +160,8 @@ agents:
- playbooks/issue-triager.yaml
portfolio:
primary:
provider: anthropic
model: claude-opus-4-6
provider: kimi-coding
model: kimi-k2.5
lane: full-judgment
fallback1:
provider: openai-codex
@@ -188,8 +188,8 @@ agents:
- playbooks/pr-reviewer.yaml
portfolio:
primary:
provider: anthropic
model: claude-opus-4-6
provider: kimi-coding
model: kimi-k2.5
lane: full-review
fallback1:
provider: gemini
@@ -271,10 +271,10 @@ agents:
cross_checks:
unique_primary_fallback1_pairs:
triage-coordinator:
- anthropic/claude-opus-4-6
- kimi-coding/kimi-k2.5
- openai-codex/codex
pr-reviewer:
- anthropic/claude-opus-4-6
- kimi-coding/kimi-k2.5
- gemini/gemini-2.5-pro
builder-main:
- openai-codex/codex

5
fleet/muda_audit.py
View File

@@ -42,7 +42,6 @@ AGENT_LOGINS = {
"allegro",
"antigravity",
"bezalel",
"claude",
"codex-agent",
"ezra",
"gemini",
@@ -55,7 +54,6 @@ AGENT_LOGINS = {
"perplexity",
}
AGENT_LOGINS_HUMAN = {
"claude": "Claude",
"codex-agent": "Codex",
"ezra": "Ezra",
"gemini": "Gemini",
@@ -78,7 +76,6 @@ METRICS_DIR = Path(os.path.expanduser("~/.local/timmy/muda-audit"))
METRICS_FILE = METRICS_DIR / "metrics.json"
LOG_PATHS = [
Path.home() / ".hermes" / "logs" / "claude-loop.log",
Path.home() / ".hermes" / "logs" / "gemini-loop.log",
Path.home() / ".hermes" / "logs" / "agent.log",
Path.home() / ".hermes" / "logs" / "errors.log",
@@ -347,8 +344,6 @@ def measure_waiting(since: datetime) -> dict:
agent = name.lower()
break
if agent == "unknown":
if "claude" in line.lower():
agent = "claude"
elif "gemini" in line.lower():
agent = "gemini"
elif "groq" in line.lower():

2
hermes-sovereign/docs/DEPLOY.md
View File

@@ -103,7 +103,7 @@ nano ~/.hermes/.env
| `SLACK_BOT_TOKEN` + `SLACK_APP_TOKEN` | Slack gateway |
| `EXA_API_KEY` | Web search tool |
| `FAL_KEY` | Image generation |
| `ANTHROPIC_API_KEY` | Direct Anthropic inference |
| `KIMI_API_KEY` | Kimi K2.5 coding inference |
### Pre-flight validation

58
hermes-sovereign/githooks/pre-commit.py
View File

@@ -272,6 +272,48 @@ def get_file_content_at_staged(filepath: str) -> bytes:
return result.stdout
# ---------------------------------------------------------------------------
# BANNED PROVIDER CHECK — Anthropic is permanently banned
# ---------------------------------------------------------------------------
_BANNED_PROVIDER_PATTERNS = [
(re.compile(r"provider:\s*anthropic", re.IGNORECASE), "Anthropic provider reference"),
(re.compile(r"anthropic/claude", re.IGNORECASE), "Anthropic model slug"),
(re.compile(r"api\.anthropic\.com"), "Anthropic API endpoint"),
(re.compile(r"claude-opus", re.IGNORECASE), "Claude Opus model"),
(re.compile(r"claude-sonnet", re.IGNORECASE), "Claude Sonnet model"),
(re.compile(r"claude-haiku", re.IGNORECASE), "Claude Haiku model"),
]
# Files exempt from the ban (training data, historical docs, tests)
_BAN_EXEMPT = {
"training/", "evaluations/", "RELEASE_v", "PERFORMANCE_",
"scores.json", "docs/design-log/", "FALSEWORK.md",
"test_sovereignty_enforcement.py", "test_metrics_helpers.py",
"metrics_helpers.py", "sonnet-workforce.md",
}
def _is_ban_exempt(filepath: str) -> bool:
return any(exempt in filepath for exempt in _BAN_EXEMPT)
def scan_banned_providers(filepath: str, content: str) -> List[Finding]:
"""Block any commit that introduces banned provider references."""
if _is_ban_exempt(filepath):
return []
findings = []
for line_no, line in enumerate(content.splitlines(), start=1):
for pattern, desc in _BANNED_PROVIDER_PATTERNS:
if pattern.search(line):
findings.append(Finding(
filepath, line_no,
f"🚫 BANNED PROVIDER: {desc}. Anthropic is permanently banned from this system."
))
return findings
# ---------------------------------------------------------------------------
# Main
# ---------------------------------------------------------------------------
@@ -295,11 +337,21 @@ def main() -> int:
if line.startswith("+") and not line.startswith("+++"):
findings.extend(scan_line(line[1:], "<diff>", line_no))
# Scan for banned providers
for filepath in staged_files:
file_content = get_file_content_at_staged(filepath)
if not is_binary_content(file_content):
try:
text = file_content.decode("utf-8") if isinstance(file_content, bytes) else file_content
findings.extend(scan_banned_providers(filepath, text))
except UnicodeDecodeError:
pass
if not findings:
print(f"{GREEN}✓ No potential secret leaks detected{NC}")
print(f"{GREEN}✓ No potential secret leaks or banned providers detected{NC}")
return 0
print(f"{RED}Potential secret leaks detected:{NC}\n")
print(f"{RED}Violations detected:{NC}\n")
for finding in findings:
loc = finding.filename
print(
@@ -308,7 +360,7 @@ def main() -> int:
print()
print(f"{RED}╔════════════════════════════════════════════════════════════╗{NC}")
print(f"{RED}║ COMMIT BLOCKED: Potential secrets detected! {NC}")
print(f"{RED}║ COMMIT BLOCKED: Secrets or banned providers detected! ║{NC}")
print(f"{RED}╚════════════════════════════════════════════════════════════╝{NC}")
print()
print("Recommendations:")

5
hermes-sovereign/wizard-bootstrap/WIZARD_ENVIRONMENT_CONTRACT.md
View File

@@ -23,7 +23,7 @@ Run `python --version` to verify.
## 2. Core Package Dependencies
All packages in `requirements.txt` must be installed and importable.
Critical packages: `openai`, `anthropic`, `pyyaml`, `rich`, `requests`, `pydantic`, `prompt_toolkit`.
Critical packages: `openai`, `pyyaml`, `rich`, `requests`, `pydantic`, `prompt_toolkit`.
**Verify:**
```bash
@@ -39,8 +39,7 @@ At least one LLM provider API key must be set in `~/.hermes/.env`:
| Variable | Provider |
|----------|----------|
| `OPENROUTER_API_KEY` | OpenRouter (200+ models) |
| `ANTHROPIC_API_KEY` | Anthropic Claude |
| `ANTHROPIC_TOKEN` | Anthropic Claude (alt) |
| `KIMI_API_KEY` | Kimi K2.5 coding |
| `OPENAI_API_KEY` | OpenAI |
| `GLM_API_KEY` | z.ai/GLM |
| `KIMI_API_KEY` | Moonshot/Kimi |

9
hermes-sovereign/wizard-bootstrap/wizard_bootstrap.py
View File

@@ -77,8 +77,7 @@ def check_core_deps() -> CheckResult:
"""Verify that hermes core Python packages are importable."""
required = [
"openai",
"anthropic",
"dotenv",
"dotenv",
"yaml",
"rich",
"requests",
@@ -206,9 +205,7 @@ def check_env_vars() -> CheckResult:
"""Check that at least one LLM provider key is configured."""
provider_keys = [
"OPENROUTER_API_KEY",
"ANTHROPIC_API_KEY",
"ANTHROPIC_TOKEN",
"OPENAI_API_KEY",
"OPENAI_API_KEY",
"GLM_API_KEY",
"KIMI_API_KEY",
"MINIMAX_API_KEY",
@@ -225,7 +222,7 @@ def check_env_vars() -> CheckResult:
passed=False,
message="No LLM provider API key found",
fix_hint=(
"Set at least one of: OPENROUTER_API_KEY, ANTHROPIC_API_KEY, OPENAI_API_KEY "
"Set at least one of: OPENROUTER_API_KEY, KIMI_API_KEY, OPENAI_API_KEY "
"in ~/.hermes/.env or your shell."
),
)

2
memories/MEMORY.md
View File

@@ -2,7 +2,7 @@ Gitea (143.198.27.163:3000): token=~/.hermes/gitea_token_vps (Timmy id=2). Users
§
2026-03-19 HARNESS+SOUL: ~/.timmy is Timmy's workspace within the Hermes harness. They share the space — Hermes is the operational harness (tools, routing, loops), Timmy is the soul (SOUL.md, presence, identity). Not fusion/absorption. Principal's words: "build Timmy out from the hermes harness." ~/.hermes is harness home, ~/.timmy is Timmy's workspace. SOUL=Inscription 1, skin=timmy. Backups at ~/.hermes.backup.pre-fusion and ~/.timmy.backup.pre-fusion.
§
2026-04-04 WORKFLOW CORE: Current direction is Heartbeat, Harness, Portal. Timmy handles sovereignty and release judgment. Allegro handles dispatch and queue hygiene. Core builders: codex-agent, groq, manus, claude. Research/memory: perplexity, ezra, KimiClaw. Use lane-aware dispatch, PR-first work, and review-sensitive changes through Timmy and Allegro.
2026-04-04 WORKFLOW CORE: Current direction is Heartbeat, Harness, Portal. Timmy handles sovereignty and release judgment. Allegro handles dispatch and queue hygiene. Core builders: codex-agent, groq, manus, kimi. Research/memory: perplexity, ezra, KimiClaw. Use lane-aware dispatch, PR-first work, and review-sensitive changes through Timmy and Allegro.
§
2026-04-04 OPERATIONS: Dashboard repo era is over. Use ~/.timmy + ~/.hermes as truth surfaces. Prefer ops-panel.sh, ops-gitea.sh, timmy-dashboard, and pipeline-freshness.sh over archived loop or tmux assumptions. Dispatch: agent-dispatch.sh <agent> <issue> <repo>. Major changes land as PRs.
§

22
playbooks/agent-lanes.json
View File

@@ -162,26 +162,6 @@
"Should a higher-context wizard review before more expansion?"
]
},
"claude": {
"lane": "hard refactors, deep implementation, and test-heavy multi-file changes after tight scoping",
"skills_to_practice": [
"respecting scope constraints",
"deep code transformation with tests",
"explaining risks clearly in PRs"
],
"missing_skills": [
"do not let large capability turn into unsupervised backlog or code sprawl"
],
"anti_lane": [
"self-directed issue farming",
"taking broad architecture liberty without a clear charter"
],
"review_checklist": [
"Did I stay inside the scoped problem?",
"Did I leave tests or verification stronger than before?",
"Is there hidden blast radius that Timmy should see explicitly?"
]
},
"gemini": {
"lane": "frontier architecture, research-heavy prototypes, and long-range design thinking",
"skills_to_practice": [
@@ -222,4 +202,4 @@
"Did I make the risk actionable instead of just surprising?"
]
}
}
}

73
playbooks/bug-fixer.yaml
View File

@@ -1,61 +1,74 @@
name: bug-fixer
description: >
Fixes bugs with test-first approach. Writes a failing test that
reproduces the bug, then fixes the code, then verifies.
description: 'Fixes bugs with test-first approach. Writes a failing test that reproduces the bug, then fixes the code, then
verifies.
'
model:
preferred: claude-opus-4-6
fallback: claude-sonnet-4-20250514
preferred: kimi-k2.5
fallback: google/gemini-2.5-pro
max_turns: 30
temperature: 0.2
tools:
- terminal
- file
- search_files
- patch
- terminal
- file
- search_files
- patch
trigger:
issue_label: bug
manual: true
repos:
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
steps:
- read_issue
- clone_repo
- create_branch
- dispatch_agent
- run_tests
- create_pr
- comment_on_issue
- read_issue
- clone_repo
- create_branch
- dispatch_agent
- run_tests
- create_pr
- comment_on_issue
output: pull_request
timeout_minutes: 15
system_prompt: 'You are a bug fixer for the {{repo}} project.
system_prompt: |
You are a bug fixer for the {{repo}} project.
YOUR ISSUE: #{{issue_number}} — {{issue_title}}
APPROACH (prove-first):
1. Read the bug report. Understand the expected vs actual behavior.
2. Reproduce the failure with the repo's existing test or verification tooling whenever possible.
2. Reproduce the failure with the repo''s existing test or verification tooling whenever possible.
3. Add a focused regression test if the repo has a meaningful test surface for the bug.
4. Fix the code so the reproduced failure disappears.
5. Run the strongest repo-native verification you can justify — all relevant tests, not just the new one.
6. Commit: fix: <description> Fixes #{{issue_number}}
7. Push, create PR, and summarize verification plus any residual risk.
RULES:
- Never claim a fix without proving the broken behavior and the repaired behavior.
- Prefer repo-native commands over assuming tox exists.
- If the issue touches config, deploy, routing, memories, playbooks, or other control surfaces, flag it for Timmy review in the PR.
- If the issue touches config, deploy, routing, memories, playbooks, or other control surfaces, flag it for Timmy review
in the PR.
- Never use --no-verify.
- If you can't reproduce the bug, comment on the issue with what you tried and what evidence is still missing.
- If you can''t reproduce the bug, comment on the issue with what you tried and what evidence is still missing.
- If the fix requires >50 lines changed, decompose into sub-issues.
- Do not widen the issue into a refactor.
'

94
playbooks/issue-triager.yaml
View File

@@ -1,68 +1,52 @@
name: issue-triager
description: >
Scores, labels, and prioritizes issues. Assigns to appropriate
agents. Decomposes large issues into smaller ones.
description: 'Scores, labels, and prioritizes issues. Assigns to appropriate agents. Decomposes large issues into smaller
ones.
'
model:
preferred: claude-opus-4-6
fallback: claude-sonnet-4-20250514
preferred: kimi-k2.5
fallback: google/gemini-2.5-pro
max_turns: 20
temperature: 0.3
tools:
- terminal
- search_files
- terminal
- search_files
trigger:
schedule: every 15m
manual: true
repos:
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
steps:
- fetch_issues
- score_issues
- assign_agents
- update_queue
- fetch_issues
- score_issues
- assign_agents
- update_queue
output: gitea_issue
timeout_minutes: 10
system_prompt: |
You are the issue triager for Timmy Foundation repos.
REPOS: {{repos}}
YOUR JOB:
1. Fetch open unassigned issues
2. Score each by: execution leverage, acceptance criteria quality, alignment with current doctrine, and how likely it is to create duplicate backlog churn
3. Label appropriately: bug, refactor, feature, tests, security, docs, ops, governance, research
4. Assign to agents based on the audited lane map:
- Timmy: governing, sovereign, release, identity, repo-boundary, or architecture decisions that should stay under direct principal review
- allegro: dispatch, routing, queue hygiene, Gitea bridge, operational tempo, and issues about how work gets moved through the system
- perplexity: research triage, MCP/open-source evaluations, architecture memos, integration comparisons, and synthesis before implementation
- ezra: RCA, operating history, memory consolidation, onboarding docs, and archival clean-up
- KimiClaw: long-context reading, extraction, digestion, and codebase synthesis before a build phase
- codex-agent: cleanup, migration verification, dead-code removal, repo-boundary enforcement, workflow hardening
- groq: bounded implementation, tactical bug fixes, quick feature slices, small patches with clear acceptance criteria
- manus: bounded support tasks, moderate-scope implementation, follow-through on already-scoped work
- claude: hard refactors, broad multi-file implementation, test-heavy changes after the scope is made precise
- gemini: frontier architecture, research-heavy prototypes, long-range design thinking when a concrete implementation owner is not yet obvious
- grok: adversarial testing, unusual edge cases, provocative review angles that still need another pass
5. Decompose any issue touching >5 files or crossing repo boundaries into smaller issues before assigning execution
RULES:
- Prefer one owner per issue. Only add a second assignee when the work is explicitly collaborative.
- Bugs, security fixes, and broken live workflows take priority over research and refactors.
- If issue scope is unclear, ask for clarification before assigning an implementation agent.
- Skip [epic], [meta], [governing], and [constitution] issues for automatic assignment unless they are explicitly routed to Timmy or allegro.
- Search for existing issues or PRs covering the same request before assigning anything. If a likely duplicate exists, link it and do not create or route duplicate work.
- Do not assign open-ended ideation to implementation agents.
- Do not assign routine backlog maintenance to Timmy.
- Do not assign wide speculative backlog generation to codex-agent, groq, manus, or claude.
- Route archive/history/context-digestion work to ezra or KimiClaw before routing it to a builder.
- Route “who should do this?” and “what is the next move?” questions to allegro.
system_prompt: "You are the issue triager for Timmy Foundation repos.\n\nREPOS: {{repos}}\n\nYOUR JOB:\n1. Fetch open unassigned\
\ issues\n2. Score each by: execution leverage, acceptance criteria quality, alignment with current doctrine, and how likely\
\ it is to create duplicate backlog churn\n3. Label appropriately: bug, refactor, feature, tests, security, docs, ops, governance,\
\ research\n4. Assign to agents based on the audited lane map:\n - Timmy: governing, sovereign, release, identity, repo-boundary,\
\ or architecture decisions that should stay under direct principal review\n - allegro: dispatch, routing, queue hygiene,\
\ Gitea bridge, operational tempo, and issues about how work gets moved through the system\n - perplexity: research triage,\
\ MCP/open-source evaluations, architecture memos, integration comparisons, and synthesis before implementation\n - ezra:\
\ RCA, operating history, memory consolidation, onboarding docs, and archival clean-up\n - KimiClaw: long-context reading,\
\ extraction, digestion, and codebase synthesis before a build phase\n - codex-agent: cleanup, migration verification,\
\ dead-code removal, repo-boundary enforcement, workflow hardening\n - groq: bounded implementation, tactical bug fixes,\
\ quick feature slices, small patches with clear acceptance criteria\n - manus: bounded support tasks, moderate-scope\
\ implementation, follow-through on already-scoped work\n - kimi: hard refactors, broad multi-file implementation, test-heavy\
\ changes after the scope is made precise\n - gemini: frontier architecture, research-heavy prototypes, long-range design\
\ thinking when a concrete implementation owner is not yet obvious\n - grok: adversarial testing, unusual edge cases,\
\ provocative review angles that still need another pass\n5. Decompose any issue touching >5 files or crossing repo boundaries\
\ into smaller issues before assigning execution\n\nRULES:\n- Prefer one owner per issue. Only add a second assignee when\
\ the work is explicitly collaborative.\n- Bugs, security fixes, and broken live workflows take priority over research and\
\ refactors.\n- If issue scope is unclear, ask for clarification before assigning an implementation agent.\n- Skip [epic],\
\ [meta], [governing], and [constitution] issues for automatic assignment unless they are explicitly routed to Timmy or\
\ allegro.\n- Search for existing issues or PRs covering the same request before assigning anything. If a likely duplicate\
\ exists, link it and do not create or route duplicate work.\n- Do not assign open-ended ideation to implementation agents.\n\
- Do not assign routine backlog maintenance to Timmy.\n- Do not assign wide speculative backlog generation to codex-agent,\
\ groq, or manus.\n- Route archive/history/context-digestion work to ezra or KimiClaw before routing it to a builder.\n\
- Route “who should do this?” and “what is the next move?” questions to allegro.\n"

110
playbooks/pr-reviewer.yaml
View File

@@ -1,89 +1,47 @@
name: pr-reviewer
description: >
Reviews open PRs, checks CI status, merges passing ones,
comments on problems. The merge bot replacement.
description: 'Reviews open PRs, checks CI status, merges passing ones, comments on problems. The merge bot replacement.
'
model:
preferred: claude-opus-4-6
fallback: claude-sonnet-4-20250514
preferred: kimi-k2.5
fallback: google/gemini-2.5-pro
max_turns: 20
temperature: 0.2
tools:
- terminal
- search_files
- terminal
- search_files
trigger:
schedule: every 30m
manual: true
repos:
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
steps:
- fetch_prs
- review_diffs
- post_reviews
- merge_passing
- fetch_prs
- review_diffs
- post_reviews
- merge_passing
output: report
timeout_minutes: 10
system_prompt: |
You are the PR reviewer for Timmy Foundation repos.
REPOS: {{repos}}
FOR EACH OPEN PR:
1. Check CI status (Actions tab or commit status API)
2. Read the linked issue or PR body to verify the intended scope before judging the diff
3. Review the diff for:
- Correctness: does it do what the issue asked?
- Security: no secrets, unsafe execution paths, or permission drift
- Tests and verification: does the author prove the change?
- Scope: PR should match the issue, not scope-creep
- Governance: does the change cross a boundary that should stay under Timmy review?
- Workflow fit: does it reduce drift, duplication, or hidden operational risk?
4. Post findings ordered by severity and cite the affected files or behavior clearly
5. If CI fails or verification is missing: explain what is blocking merge
6. If PR is behind main: request a rebase or re-run only when needed; do not force churn for cosmetic reasons
7. If review is clean and the PR is low-risk: squash merge
LOW-RISK AUTO-MERGE ONLY IF ALL ARE TRUE:
- PR is not a draft
- CI is green or the repo has no CI configured
- Diff matches the stated issue or PR scope
- No unresolved review findings remain
- Change is narrow, reversible, and non-governing
- Paths changed do not include sensitive control surfaces
SENSITIVE CONTROL SURFACES:
- SOUL.md
- config.yaml
- deploy.sh
- tasks.py
- playbooks/
- cron/
- memories/
- skins/
- training/
- authentication, permissions, or secret-handling code
- repo-boundary, model-routing, or deployment-governance changes
NEVER AUTO-MERGE:
- PRs that change sensitive control surfaces
- PRs that change more than 5 files unless the change is docs-only
- PRs without a clear problem statement or verification
- PRs that look like duplicate work, speculative research, or scope creep
- PRs that need Timmy or Allegro judgment on architecture, dispatch, or release impact
- PRs that are stale solely because of age; do not close them automatically
If a PR is stale, nudge with a comment and summarize what still blocks it. Do not close it just because 48 hours passed.
MERGE RULES:
- ONLY squash merge. Never merge commits. Never rebase merge.
- Delete branch after merge.
- Empty PRs (0 changed files): close immediately with a brief explanation.
system_prompt: "You are the PR reviewer for Timmy Foundation repos.\n\nREPOS: {{repos}}\n\nFOR EACH OPEN PR:\n1. Check CI\
\ status (Actions tab or commit status API)\n2. Read the linked issue or PR body to verify the intended scope before judging\
\ the diff\n3. Review the diff for:\n - Correctness: does it do what the issue asked?\n - Security: no secrets, unsafe\
\ execution paths, or permission drift\n - Tests and verification: does the author prove the change?\n - Scope: PR should\
\ match the issue, not scope-creep\n - Governance: does the change cross a boundary that should stay under Timmy review?\n\
\ - Workflow fit: does it reduce drift, duplication, or hidden operational risk?\n4. Post findings ordered by severity\
\ and cite the affected files or behavior clearly\n5. If CI fails or verification is missing: explain what is blocking merge\n\
6. If PR is behind main: request a rebase or re-run only when needed; do not force churn for cosmetic reasons\n7. If review\
\ is clean and the PR is low-risk: squash merge\n\nLOW-RISK AUTO-MERGE ONLY IF ALL ARE TRUE:\n- PR is not a draft\n- CI\
\ is green or the repo has no CI configured\n- Diff matches the stated issue or PR scope\n- No unresolved review findings\
\ remain\n- Change is narrow, reversible, and non-governing\n- Paths changed do not include sensitive control surfaces\n\
\nSENSITIVE CONTROL SURFACES:\n- SOUL.md\n- config.yaml\n- deploy.sh\n- tasks.py\n- playbooks/\n- cron/\n- memories/\n-\
\ skins/\n- training/\n- authentication, permissions, or secret-handling code\n- repo-boundary, model-routing, or deployment-governance\
\ changes\n\nNEVER AUTO-MERGE:\n- PRs that change sensitive control surfaces\n- PRs that change more than 5 files unless\
\ the change is docs-only\n- PRs without a clear problem statement or verification\n- PRs that look like duplicate work,\
\ speculative research, or scope creep\n- PRs that need Timmy or Allegro judgment on architecture, dispatch, or release\
\ impact\n- PRs that are stale solely because of age; do not close them automatically\n\nIf a PR is stale, nudge with a\
\ comment and summarize what still blocks it. Do not close it just because 48 hours passed.\n\nMERGE RULES:\n- ONLY squash\
\ merge. Never merge commits. Never rebase merge.\n- Delete branch after merge.\n- Empty PRs (0 changed files): close immediately\
\ with a brief explanation.\n"

69
playbooks/refactor-specialist.yaml
View File

@@ -1,62 +1,75 @@
name: refactor-specialist
description: >
Splits large modules, reduces complexity, improves code organization.
Well-scoped: 1-3 files per task, clear acceptance criteria.
description: 'Splits large modules, reduces complexity, improves code organization. Well-scoped: 1-3 files per task, clear
acceptance criteria.
'
model:
preferred: claude-opus-4-6
fallback: claude-sonnet-4-20250514
preferred: kimi-k2.5
fallback: google/gemini-2.5-pro
max_turns: 30
temperature: 0.3
tools:
- terminal
- file
- search_files
- patch
- terminal
- file
- search_files
- patch
trigger:
issue_label: refactor
manual: true
repos:
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
steps:
- read_issue
- clone_repo
- create_branch
- dispatch_agent
- run_tests
- create_pr
- comment_on_issue
- read_issue
- clone_repo
- create_branch
- dispatch_agent
- run_tests
- create_pr
- comment_on_issue
output: pull_request
timeout_minutes: 15
system_prompt: 'You are a refactoring specialist for the {{repo}} project.
system_prompt: |
You are a refactoring specialist for the {{repo}} project.
YOUR ISSUE: #{{issue_number}} — {{issue_title}}
RULES:
- Lines of code is a liability. Delete as much as you create.
- All changes go through PRs. No direct pushes to main.
- Use the repo's own format, lint, and test commands rather than assuming tox.
- Use the repo''s own format, lint, and test commands rather than assuming tox.
- Every refactor must preserve behavior and explain how that was verified.
- If the change crosses repo boundaries, model-routing, deployment, or identity surfaces, stop and ask for narrower scope.
- Never use --no-verify on git commands.
- Conventional commits: refactor: <description> (#{{issue_number}})
- If tests fail after 2 attempts, STOP and comment on the issue.
- Refactors exist to simplify the system, not to create a new design detour.
WORKFLOW:
1. Read the issue body for specific file paths and instructions
2. Understand the current code structure
3. Name the simplification goal before changing code
4. Make the refactoring changes
5. Run formatting and verification with repo-native commands
6. Commit, push, create PR with before/after risk summary
'

73
playbooks/security-auditor.yaml
View File

@@ -1,63 +1,38 @@
name: security-auditor
description: >
Scans code for security vulnerabilities, hardcoded secrets,
dependency issues. Files findings as Gitea issues.
description: 'Scans code for security vulnerabilities, hardcoded secrets, dependency issues. Files findings as Gitea issues.
'
model:
preferred: claude-opus-4-6
fallback: claude-opus-4-6
preferred: kimi-k2.5
fallback: kimi-k2.5
max_turns: 40
temperature: 0.2
tools:
- terminal
- file
- search_files
- terminal
- file
- search_files
trigger:
schedule: weekly
pr_merged_with_lines: 100
manual: true
repos:
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
steps:
- clone_repo
- run_audit
- file_issues
- clone_repo
- run_audit
- file_issues
output: gitea_issue
timeout_minutes: 20
system_prompt: |
You are a security auditor for the Timmy Foundation codebase.
Your job is to FIND vulnerabilities, not write code.
TARGET REPO: {{repo}}
SCAN FOR:
1. Hardcoded secrets, API keys, tokens in source code
2. SQL injection vulnerabilities
3. Command injection via unsanitized input
4. Path traversal in file operations
5. Insecure HTTP calls (should be HTTPS where possible)
6. Dependencies with known CVEs (check requirements.txt/package.json)
7. Missing input validation
8. Overly permissive file permissions
9. Privilege drift in deploy, orchestration, memory, cron, and playbook surfaces
10. Places where private data or local-only artifacts could leak into tracked repos
OUTPUT FORMAT:
For each finding, file a Gitea issue with:
Title: [security] <severity>: <description>
Body: file + line, description, why it matters, recommended fix
Label: security
SEVERITY: critical / high / medium / low
Only file issues for real findings. No false positives.
Do not open duplicate issues for already-known findings; link the existing issue instead.
If a finding affects sovereignty boundaries or private-data handling, flag it clearly as such.
system_prompt: "You are a security auditor for the Timmy Foundation codebase.\nYour job is to FIND vulnerabilities, not write\
\ code.\n\nTARGET REPO: {{repo}}\n\nSCAN FOR:\n1. Hardcoded secrets, API keys, tokens in source code\n2. SQL injection vulnerabilities\n\
3. Command injection via unsanitized input\n4. Path traversal in file operations\n5. Insecure HTTP calls (should be HTTPS\
\ where possible)\n6. Dependencies with known CVEs (check requirements.txt/package.json)\n7. Missing input validation\n\
8. Overly permissive file permissions\n9. Privilege drift in deploy, orchestration, memory, cron, and playbook surfaces\n\
10. Places where private data or local-only artifacts could leak into tracked repos\n\nOUTPUT FORMAT:\nFor each finding,\
\ file a Gitea issue with:\n Title: [security] <severity>: <description>\n Body: file + line, description, why it matters,\
\ recommended fix\n Label: security\n\nSEVERITY: critical / high / medium / low\nOnly file issues for real findings. No\
\ false positives.\nDo not open duplicate issues for already-known findings; link the existing issue instead.\nIf a finding\
\ affects sovereignty boundaries or private-data handling, flag it clearly as such.\n"

64
playbooks/test-writer.yaml
View File

@@ -1,58 +1,66 @@
name: test-writer
description: >
Adds test coverage for untested modules. Finds coverage gaps,
writes meaningful tests, verifies they pass.
description: 'Adds test coverage for untested modules. Finds coverage gaps, writes meaningful tests, verifies they pass.
'
model:
preferred: claude-opus-4-6
fallback: claude-sonnet-4-20250514
preferred: kimi-k2.5
fallback: google/gemini-2.5-pro
max_turns: 30
temperature: 0.3
tools:
- terminal
- file
- search_files
- patch
- terminal
- file
- search_files
- patch
trigger:
issue_label: tests
manual: true
repos:
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
- Timmy_Foundation/the-nexus
- Timmy_Foundation/timmy-home
- Timmy_Foundation/timmy-config
- Timmy_Foundation/hermes-agent
steps:
- read_issue
- clone_repo
- create_branch
- dispatch_agent
- run_tests
- create_pr
- comment_on_issue
- read_issue
- clone_repo
- create_branch
- dispatch_agent
- run_tests
- create_pr
- comment_on_issue
output: pull_request
timeout_minutes: 15
system_prompt: 'You are a test engineer for the {{repo}} project.
system_prompt: |
You are a test engineer for the {{repo}} project.
YOUR ISSUE: #{{issue_number}} — {{issue_title}}
RULES:
- Write tests that test behavior, not implementation details.
- Use the repo's own test entrypoints; do not assume tox exists.
- Use the repo''s own test entrypoints; do not assume tox exists.
- Tests must be deterministic. No flaky tests.
- Conventional commits: test: <description> (#{{issue_number}})
- If the module is hard to test, explain the design obstacle and propose the smallest next step.
- Prefer tests that protect public behavior, migration boundaries, and review-critical workflows.
WORKFLOW:
1. Read the issue for target module paths
2. Read the existing code to understand behavior
3. Write focused unit tests
4. Run the relevant verification commands — all related tests must pass
5. Commit, push, create PR with verification summary and coverage rationale
'

50
playbooks/verified-logic.yaml
View File

@@ -1,47 +1,55 @@
name: verified-logic
description: >
Crucible-first playbook for tasks that require proof instead of plausible prose.
Use Z3-backed sidecar tools for scheduling, dependency ordering, capacity checks,
and consistency verification.
description: 'Crucible-first playbook for tasks that require proof instead of plausible prose. Use Z3-backed sidecar tools
for scheduling, dependency ordering, capacity checks, and consistency verification.
'
model:
preferred: claude-opus-4-6
fallback: claude-sonnet-4-20250514
preferred: kimi-k2.5
fallback: google/gemini-2.5-pro
max_turns: 12
temperature: 0.1
tools:
- mcp_crucible_schedule_tasks
- mcp_crucible_order_dependencies
- mcp_crucible_capacity_fit
- mcp_crucible_schedule_tasks
- mcp_crucible_order_dependencies
- mcp_crucible_capacity_fit
trigger:
manual: true
steps:
- classify_problem
- choose_template
- translate_into_constraints
- verify_with_crucible
- report_sat_unsat_with_witness
- classify_problem
- choose_template
- translate_into_constraints
- verify_with_crucible
- report_sat_unsat_with_witness
output: verified_result
timeout_minutes: 5
system_prompt: 'You are running the Crucible playbook.
system_prompt: |
You are running the Crucible playbook.
Use this playbook for:
- scheduling and deadline feasibility
- dependency ordering and cycle checks
- capacity / resource allocation constraints
- consistency checks where a contradiction matters
RULES:
1. Do not bluff through logic.
2. Pick the narrowest Crucible template that fits the task.
3. Translate the user's question into structured constraints.
3. Translate the user''s question into structured constraints.
4. Call the Crucible tool.
5. If SAT, report the witness model clearly.
6. If UNSAT, say the constraints are impossible and explain which shape of constraint caused the contradiction.
7. If the task is not a good fit for these templates, say so plainly instead of pretending it was verified.
'

60
scripts/README.md Normal file
View File

@@ -0,0 +1,60 @@
# Gemini Sovereign Infrastructure Suite
This directory contains the core systems of the Gemini Sovereign Infrastructure, designed to systematize fleet operations, governance, and architectural integrity.
## Principles
1. **Systems, not Scripts**: We build frameworks that solve classes of problems, not one-off fixes.
2. **Sovereignty First**: All tools are designed to run locally or on owned VPSes. No cloud dependencies.
3. **Von Neumann as Code**: Infrastructure should be self-replicating and automated.
4. **Continuous Governance**: Quality is enforced by code (linters, gates), not just checklists.
## Tools
### [OPS] Provisioning & Fleet Management
- **`provision_wizard.py`**: Automates the creation of a new Wizard node from zero.
- Creates DigitalOcean droplet.
- Installs and builds `llama.cpp`.
- Downloads GGUF models.
- Sets up `systemd` services and health checks.
- **`fleet_llama.py`**: Unified management of `llama-server` instances across the fleet.
- `status`: Real-time health and model monitoring.
- `restart`: Remote service restart via SSH.
- `swap`: Hot-swapping GGUF models on remote nodes.
- **`skill_installer.py`**: Packages and deploys Hermes skills to remote wizards.
- **`model_eval.py`**: Benchmarks GGUF models for speed and quality before deployment.
- **`phase_tracker.py`**: Tracks the fleet's progress through the Paperclips-inspired evolution arc.
- **`cross_repo_test.py`**: Verifies the fleet works as a system by running tests across all core repositories.
- **`self_healing.py`**: Auto-detects and fixes common failures across the fleet.
- **`agent_dispatch.py`**: Unified framework for tasking agents across the fleet.
- **`telemetry.py`**: Operational visibility without cloud dependencies.
- **`gitea_webhook_handler.py`**: Handles real-time events from Gitea to coordinate fleet actions.
### [ARCH] Governance & Architecture
- **`architecture_linter_v2.py`**: Automated enforcement of architectural boundaries.
- Enforces sidecar boundaries (no sovereign code in `hermes-agent`).
- Prevents hardcoded IPs and committed secrets.
- Ensures `SOUL.md` and `README.md` standards.
- **`adr_manager.py`**: Streamlines the creation and tracking of Architecture Decision Records.
- `new`: Scaffolds a new ADR from a template.
- `list`: Provides a chronological view of architectural evolution.
## Usage
Most tools require `DIGITALOCEAN_TOKEN` and SSH access to the fleet.
```bash
# Provision a new node
python3 scripts/provision_wizard.py --name fenrir --model qwen2.5-coder-7b
# Check fleet status
python3 scripts/fleet_llama.py status
# Audit architectural integrity
python3 scripts/architecture_linter_v2.py
```
---
*Built by Gemini — The Builder, The Systematizer, The Force Multiplier.*

113
scripts/adr_manager.py Normal file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/env python3
"""
[ARCH] ADR Manager
Part of the Gemini Sovereign Governance System.
Helps create and manage Architecture Decision Records (ADRs).
"""
import os
import sys
import datetime
import argparse
ADR_DIR = "docs/adr"
TEMPLATE_FILE = "docs/adr/ADR_TEMPLATE.md"
class ADRManager:
def __init__(self):
# Ensure we are in the repo root or can find docs/adr
if not os.path.exists(ADR_DIR):
# Try to find it relative to the script
script_dir = os.path.dirname(os.path.abspath(__file__))
repo_root = os.path.dirname(script_dir)
self.adr_dir = os.path.join(repo_root, ADR_DIR)
self.template_file = os.path.join(repo_root, TEMPLATE_FILE)
else:
self.adr_dir = ADR_DIR
self.template_file = TEMPLATE_FILE
if not os.path.exists(self.adr_dir):
os.makedirs(self.adr_dir)
def get_next_number(self):
files = [f for f in os.listdir(self.adr_dir) if f.endswith(".md") and f[0].isdigit()]
if not files:
return 1
numbers = [int(f.split("-")[0]) for f in files]
return max(numbers) + 1
def create_adr(self, title: str):
num = self.get_next_number()
slug = title.lower().replace(" ", "-").replace("/", "-")
filename = f"{num:04d}-{slug}.md"
filepath = os.path.join(self.adr_dir, filename)
date = datetime.date.today().isoformat()
template = ""
if os.path.exists(self.template_file):
with open(self.template_file, "r") as f:
template = f.read()
else:
template = """# {num}. {title}
Date: {date}
## Status
Proposed
## Context
What is the problem we are solving?
## Decision
What is the decision we made?
## Consequences
What are the positive and negative consequences?
"""
content = template.replace("{num}", f"{num:04d}")
content = content.replace("{title}", title)
content = content.replace("{date}", date)
with open(filepath, "w") as f:
f.write(content)
print(f"[SUCCESS] Created ADR: {filepath}")
def list_adrs(self):
files = sorted([f for f in os.listdir(self.adr_dir) if f.endswith(".md") and f[0].isdigit()])
print(f"{'NUM':<6} {'TITLE'}")
print("-" * 40)
for f in files:
num = f.split("-")[0]
title = f.split("-", 1)[1].replace(".md", "").replace("-", " ").title()
print(f"{num:<6} {title}")
def main():
parser = argparse.ArgumentParser(description="Gemini ADR Manager")
subparsers = parser.add_subparsers(dest="command")
create_parser = subparsers.add_parser("new", help="Create a new ADR")
create_parser.add_argument("title", help="Title of the ADR")
subparsers.add_parser("list", help="List all ADRs")
args = parser.parse_args()
manager = ADRManager()
if args.command == "new":
manager.create_adr(args.title)
elif args.command == "list":
manager.list_adrs()
else:
parser.print_help()
if __name__ == "__main__":
main()

57
scripts/agent_dispatch.py Normal file
View File

@@ -0,0 +1,57 @@
#!/usr/bin/env python3
"""
[OPS] Agent Dispatch Framework
Part of the Gemini Sovereign Infrastructure Suite.
Replaces ad-hoc dispatch scripts with a unified framework for tasking agents.
"""
import os
import sys
import argparse
import subprocess
# --- CONFIGURATION ---
FLEET = {
"allegro": "167.99.126.228",
"bezalel": "159.203.146.185"
}
class Dispatcher:
def log(self, message: str):
print(f"[*] {message}")
def dispatch(self, host: str, agent_name: str, task: str):
self.log(f"Dispatching task to {agent_name} on {host}...")
ip = FLEET[host]
# Command to run the agent on the remote machine
# Assumes hermes-agent is installed in /opt/hermes
remote_cmd = f"cd /opt/hermes && python3 run_agent.py --agent {agent_name} --task '{task}'"
ssh_cmd = ["ssh", "-o", "StrictHostKeyChecking=no", f"root@{ip}", remote_cmd]
try:
res = subprocess.run(ssh_cmd, capture_output=True, text=True)
if res.returncode == 0:
self.log(f"[SUCCESS] {agent_name} completed task.")
print(res.stdout)
else:
self.log(f"[FAILURE] {agent_name} failed task.")
print(res.stderr)
except Exception as e:
self.log(f"[ERROR] Dispatch failed: {e}")
def main():
parser = argparse.ArgumentParser(description="Gemini Agent Dispatcher")
parser.add_argument("host", choices=list(FLEET.keys()), help="Host to dispatch to")
parser.add_argument("agent", help="Agent name")
parser.add_argument("task", help="Task description")
args = parser.parse_args()
dispatcher = Dispatcher()
dispatcher.dispatch(args.host, args.agent, args.task)
if __name__ == "__main__":
main()

70
scripts/architecture_linter.py
View File

@@ -1,33 +1,85 @@
#!/usr/bin/env python3
"""Architecture Linter — Ensuring alignment with the Frontier Local Agenda.
Anthropic is BANNED. Not deprecated, not discouraged — banned.
Any reference to Anthropic as a provider, model, or API endpoint
in active configs is a hard failure.
"""
import os
import sys
import re
# Architecture Linter
# Ensuring all changes align with the Frontier Local Agenda.
SOVEREIGN_RULES = [
(r"https?://(api\.openai\.com|api\.anthropic\.com)", "CRITICAL: External cloud API detected. Use local custom_provider instead."),
(r"provider: (openai|anthropic)", "WARNING: Direct cloud provider used. Ensure fallback_model is configured."),
(r"api_key: ['"][^'"\s]{10,}['"]", "SECURITY: Hardcoded API key detected. Use environment variables.")
# BANNED — hard failures
(r"provider:\s*anthropic", "BANNED: Anthropic provider reference. Anthropic is permanently banned from this system."),
(r"anthropic/claude", "BANNED: Anthropic model reference (anthropic/claude-*). Use kimi-k2.5 or google/gemini-2.5-pro."),
(r"api\.anthropic\.com", "BANNED: Direct Anthropic API endpoint. Anthropic is permanently banned."),
(r"ANTHROPIC_API_KEY", "BANNED: Anthropic API key reference. Remove all Anthropic credentials."),
(r"ANTHROPIC_TOKEN", "BANNED: Anthropic token reference. Remove all Anthropic credentials."),
(r"sk-ant-", "BANNED: Anthropic API key literal (sk-ant-*). Remove immediately."),
(r"claude-opus", "BANNED: Claude Opus model reference. Use kimi-k2.5."),
(r"claude-sonnet", "BANNED: Claude Sonnet model reference. Use kimi-k2.5."),
(r"claude-haiku", "BANNED: Claude Haiku model reference. Use google/gemini-2.5-pro."),
# Existing sovereignty rules
(r"https?://api\.openai\.com", "WARNING: Direct OpenAI API endpoint. Use local custom_provider instead."),
(r"provider:\s*openai", "WARNING: Direct OpenAI provider. Ensure fallback_model is configured."),
(r"api_key: ['\"][^'\"\s]{10,}['\"]", "SECURITY: Hardcoded API key detected. Use environment variables."),
]
def lint_file(path):
# Files to skip (training data, historical docs, changelogs, tests that validate the ban)
SKIP_PATTERNS = [
"training/", "evaluations/", "RELEASE_v", "PERFORMANCE_",
"scores.json", "docs/design-log/", "FALSEWORK.md",
"test_sovereignty_enforcement.py", "test_metrics_helpers.py",
"metrics_helpers.py", # historical cost data
]
def should_skip(path: str) -> bool:
return any(skip in path for skip in SKIP_PATTERNS)
def lint_file(path: str) -> int:
if should_skip(path):
return 0
print(f"Linting {path}...")
content = open(path).read()
violations = 0
for pattern, msg in SOVEREIGN_RULES:
if re.search(pattern, content):
matches = list(re.finditer(pattern, content, re.IGNORECASE))
if matches:
print(f" [!] {msg}")
for m in matches[:3]: # Show up to 3 locations
line_no = content[:m.start()].count('\n') + 1
print(f" Line {line_no}: ...{content[max(0,m.start()-20):m.end()+20].strip()}...")
violations += 1
return violations
def main():
print("--- Ezra's Architecture Linter ---")
print("--- Architecture Linter (Anthropic BANNED) ---")
files = [f for f in sys.argv[1:] if os.path.isfile(f)]
if not files:
# If no args, scan all yaml/py/sh/json in the repo
for root, _, filenames in os.walk("."):
for fn in filenames:
if fn.endswith((".yaml", ".yml", ".py", ".sh", ".json", ".md")):
path = os.path.join(root, fn)
if not should_skip(path) and ".git" not in path:
files.append(path)
total_violations = sum(lint_file(f) for f in files)
banned = sum(1 for f in files for p, m in SOVEREIGN_RULES
if "BANNED" in m and re.search(p, open(f).read(), re.IGNORECASE)
and not should_skip(f))
print(f"\nLinting complete. Total violations: {total_violations}")
if banned > 0:
print(f"\n🚫 {banned} BANNED provider violation(s) detected. Anthropic is permanently banned.")
sys.exit(1 if total_violations > 0 else 0)
if __name__ == "__main__":
main()

126
scripts/architecture_linter_v2.py Normal file
View File

@@ -0,0 +1,126 @@
#!/usr/bin/env python3
"""
[ARCH] Architecture Linter v2
Part of the Gemini Sovereign Governance System.
Enforces architectural boundaries, security, and documentation standards
across the Timmy Foundation fleet.
"""
import os
import re
import sys
import argparse
from pathlib import Path
# --- CONFIGURATION ---
SOVEREIGN_KEYWORDS = ["mempalace", "sovereign_store", "tirith", "bezalel", "nexus"]
IP_REGEX = r'\b(?:\d{1,3}\.){3}\d{1,3}\b'
API_KEY_REGEX = r'(?:api_key|secret|token|password|auth_token)\s*[:=]\s*["\'][a-zA-Z0-9_\-]{20,}["\']'
class Linter:
def __init__(self, repo_path: str):
self.repo_path = Path(repo_path).resolve()
self.repo_name = self.repo_path.name
self.errors = []
def log_error(self, message: str, file: str = None, line: int = None):
loc = f"{file}:{line}" if file and line else (file if file else "General")
self.errors.append(f"[{loc}] {message}")
def check_sidecar_boundary(self):
"""Rule 1: No sovereign code in hermes-agent (sidecar boundary)"""
if self.repo_name == "hermes-agent":
for root, _, files in os.walk(self.repo_path):
if "node_modules" in root or ".git" in root:
continue
for file in files:
if file.endswith((".py", ".ts", ".js", ".tsx")):
path = Path(root) / file
content = path.read_text(errors="ignore")
for kw in SOVEREIGN_KEYWORDS:
if kw in content.lower():
# Exception: imports or comments might be okay, but we're strict for now
self.log_error(f"Sovereign keyword '{kw}' found in hermes-agent. Violates sidecar boundary.", str(path.relative_to(self.repo_path)))
def check_hardcoded_ips(self):
"""Rule 2: No hardcoded IPs (use domain names)"""
for root, _, files in os.walk(self.repo_path):
if "node_modules" in root or ".git" in root:
continue
for file in files:
if file.endswith((".py", ".ts", ".js", ".tsx", ".yaml", ".yml", ".json")):
path = Path(root) / file
content = path.read_text(errors="ignore")
matches = re.finditer(IP_REGEX, content)
for match in matches:
ip = match.group()
if ip in ["127.0.0.1", "0.0.0.0"]:
continue
line_no = content.count('\n', 0, match.start()) + 1
self.log_error(f"Hardcoded IP address '{ip}' found. Use domain names or environment variables.", str(path.relative_to(self.repo_path)), line_no)
def check_api_keys(self):
"""Rule 3: No cloud API keys committed to repos"""
for root, _, files in os.walk(self.repo_path):
if "node_modules" in root or ".git" in root:
continue
for file in files:
if file.endswith((".py", ".ts", ".js", ".tsx", ".yaml", ".yml", ".json", ".env")):
if file == ".env.example":
continue
path = Path(root) / file
content = path.read_text(errors="ignore")
matches = re.finditer(API_KEY_REGEX, content, re.IGNORECASE)
for match in matches:
line_no = content.count('\n', 0, match.start()) + 1
self.log_error("Potential API key or secret found in code.", str(path.relative_to(self.repo_path)), line_no)
def check_soul_canonical(self):
"""Rule 4: SOUL.md exists and is canonical in exactly one location"""
soul_path = self.repo_path / "SOUL.md"
if self.repo_name == "timmy-config":
if not soul_path.exists():
self.log_error("SOUL.md is missing from the canonical location (timmy-config root).")
else:
if soul_path.exists():
self.log_error("SOUL.md found in non-canonical repo. It should only live in timmy-config.")
def check_readme(self):
"""Rule 5: Every repo has a README with current truth"""
readme_path = self.repo_path / "README.md"
if not readme_path.exists():
self.log_error("README.md is missing.")
else:
content = readme_path.read_text(errors="ignore")
if len(content.strip()) < 50:
self.log_error("README.md is too short or empty. Provide current truth about the repo.")
def run(self):
print(f"--- Gemini Linter: Auditing {self.repo_name} ---")
self.check_sidecar_boundary()
self.check_hardcoded_ips()
self.check_api_keys()
self.check_soul_canonical()
self.check_readme()
if self.errors:
print(f"\n[FAILURE] Found {len(self.errors)} architectural violations:")
for err in self.errors:
print(f" - {err}")
return False
else:
print("\n[SUCCESS] Architecture is sound. Sovereignty maintained.")
return True
def main():
parser = argparse.ArgumentParser(description="Gemini Architecture Linter v2")
parser.add_argument("repo_path", nargs="?", default=".", help="Path to the repository to lint")
args = parser.parse_args()
linter = Linter(args.repo_path)
success = linter.run()
sys.exit(0 if success else 1)
if __name__ == "__main__":
main()

90
scripts/cross_repo_test.py Normal file
View File

@@ -0,0 +1,90 @@
#!/usr/bin/env python3
"""
[OPS] Cross-Repo Test Suite
Part of the Gemini Sovereign Infrastructure Suite.
Verifies the fleet works as a system by running tests across all core repositories.
"""
import os
import sys
import subprocess
import argparse
from pathlib import Path
# --- CONFIGURATION ---
REPOS = ["timmy-config", "hermes-agent", "the-nexus"]
class CrossRepoTester:
def __init__(self, root_dir: str):
self.root_dir = Path(root_dir).resolve()
def log(self, message: str):
print(f"[*] {message}")
def run_tests(self):
results = {}
for repo in REPOS:
repo_path = self.root_dir / repo
if not repo_path.exists():
# Try sibling directory if we are in one of the repos
repo_path = self.root_dir.parent / repo
if not repo_path.exists():
print(f"[WARNING] Repo {repo} not found at {repo_path}")
results[repo] = "MISSING"
continue
self.log(f"Running tests for {repo}...")
# Determine test command
test_cmd = ["pytest"]
if repo == "hermes-agent":
test_cmd = ["python3", "-m", "pytest", "tests"]
elif repo == "the-nexus":
test_cmd = ["pytest", "tests"]
try:
# Check if pytest is available
subprocess.run(["pytest", "--version"], capture_output=True)
res = subprocess.run(test_cmd, cwd=str(repo_path), capture_output=True, text=True)
if res.returncode == 0:
results[repo] = "PASSED"
else:
results[repo] = "FAILED"
# Print a snippet of the failure
print(f" [!] {repo} failed tests. Stderr snippet:")
print("\n".join(res.stderr.split("\n")[-10:]))
except FileNotFoundError:
results[repo] = "ERROR: pytest not found"
except Exception as e:
results[repo] = f"ERROR: {e}"
self.report(results)
def report(self, results: dict):
print("\n--- Cross-Repo Test Report ---")
all_passed = True
for repo, status in results.items():
icon = "" if status == "PASSED" else ""
print(f"{icon} {repo:<15} | {status}")
if status != "PASSED":
all_passed = False
if all_passed:
print("\n[SUCCESS] All systems operational. The fleet is sound.")
else:
print("\n[FAILURE] System instability detected.")
def main():
parser = argparse.ArgumentParser(description="Gemini Cross-Repo Tester")
parser.add_argument("--root", default=".", help="Root directory containing all repos")
args = parser.parse_args()
tester = CrossRepoTester(args.root)
tester.run_tests()
if __name__ == "__main__":
main()

137
scripts/fleet_llama.py Normal file
View File

@@ -0,0 +1,137 @@
#!/usr/bin/env python3
"""
[OPS] llama.cpp Fleet Manager
Part of the Gemini Sovereign Infrastructure Suite.
Manages llama-server instances across the Timmy Foundation fleet.
Supports status, restart, and model swapping via SSH.
"""
import os
import sys
import json
import argparse
import subprocess
import requests
from typing import Dict, List, Any
# --- FLEET DEFINITION ---
FLEET = {
"mac": {"ip": "10.1.10.77", "port": 8080, "role": "hub"},
"ezra": {"ip": "143.198.27.163", "port": 8080, "role": "forge"},
"allegro": {"ip": "167.99.126.228", "port": 8080, "role": "agent-host"},
"bezalel": {"ip": "159.203.146.185", "port": 8080, "role": "world-host"}
}
class FleetManager:
def __init__(self):
self.results = {}
def run_remote(self, host: str, command: str):
ip = FLEET[host]["ip"]
ssh_cmd = [
"ssh", "-o", "StrictHostKeyChecking=no", "-o", "ConnectTimeout=5",
f"root@{ip}", command
]
# For Mac, we might need a different user or local execution
if host == "mac":
ssh_cmd = ["bash", "-c", command]
try:
result = subprocess.run(ssh_cmd, capture_output=True, text=True, timeout=10)
return result
except subprocess.TimeoutExpired:
return None
except Exception as e:
print(f"Error running remote command on {host}: {e}")
return None
def get_status(self, host: str):
ip = FLEET[host]["ip"]
port = FLEET[host]["port"]
status = {"online": False, "server_running": False, "model": "unknown", "tps": 0.0}
# 1. Check if machine is reachable
ping_res = subprocess.run(["ping", "-c", "1", "-W", "1", ip], capture_output=True)
if ping_res.returncode == 0:
status["online"] = True
# 2. Check if llama-server is responding to health check
try:
url = f"http://{ip}:{port}/health"
response = requests.get(url, timeout=2)
if response.status_code == 200:
status["server_running"] = True
data = response.json()
# llama.cpp health endpoint usually returns slots info
# We'll try to get model info if available
status["model"] = data.get("model", "unknown")
except:
pass
return status
def show_fleet_status(self):
print(f"{'NAME':<10} {'IP':<15} {'STATUS':<10} {'SERVER':<10} {'MODEL':<20}")
print("-" * 70)
for name in FLEET:
status = self.get_status(name)
online_str = "" if status["online"] else ""
server_str = "🚀" if status["server_running"] else "💤"
print(f"{name:<10} {FLEET[name]['ip']:<15} {online_str:<10} {server_str:<10} {status['model']:<20}")
def restart_server(self, host: str):
print(f"[*] Restarting llama-server on {host}...")
res = self.run_remote(host, "systemctl restart llama-server")
if res and res.returncode == 0:
print(f"[SUCCESS] Restarted {host}")
else:
print(f"[FAILURE] Could not restart {host}")
def swap_model(self, host: str, model_name: str):
print(f"[*] Swapping model on {host} to {model_name}...")
# This assumes the provision_wizard.py structure
# In a real scenario, we'd have a mapping of model names to URLs
# For now, we'll just update the systemd service or a config file
# 1. Stop server
self.run_remote(host, "systemctl stop llama-server")
# 2. Update service file (simplified)
# This is a bit risky to do via one-liner, but for the manager:
cmd = f"sed -i 's/-m .*\\.gguf/-m \\/opt\\/models\\/{model_name}.gguf/' /etc/systemd/system/llama-server.service"
self.run_remote(host, cmd)
# 3. Start server
self.run_remote(host, "systemctl daemon-reload && systemctl start llama-server")
print(f"[SUCCESS] Swapped model on {host}")
def main():
parser = argparse.ArgumentParser(description="Gemini Fleet Manager")
subparsers = parser.add_subparsers(dest="command")
subparsers.add_parser("status", help="Show fleet status")
restart_parser = subparsers.add_parser("restart", help="Restart a server")
restart_parser.add_argument("host", choices=list(FLEET.keys()), help="Host to restart")
swap_parser = subparsers.add_parser("swap", help="Swap model on a host")
swap_parser.add_argument("host", choices=list(FLEET.keys()), help="Host to swap")
swap_parser.add_argument("model", help="Model name (GGUF)")
args = parser.parse_args()
manager = FleetManager()
if args.command == "status":
manager.show_fleet_status()
elif args.command == "restart":
manager.restart_server(args.host)
elif args.command == "swap":
manager.swap_model(args.host, args.model)
else:
parser.print_help()
if __name__ == "__main__":
main()

82
scripts/gitea_webhook_handler.py Normal file
View File

@@ -0,0 +1,82 @@
#!/usr/bin/env python3
"""
[OPS] Gitea Webhook Handler
Part of the Gemini Sovereign Infrastructure Suite.
Handles real-time events from Gitea to coordinate fleet actions.
"""
import os
import sys
import json
import argparse
from typing import Dict, Any
class WebhookHandler:
def handle_event(self, payload: Dict[str, Any]):
# Gitea webhooks often send the event type in a header,
# but we'll try to infer it from the payload if not provided.
event_type = payload.get("event") or self.infer_event_type(payload)
repo_name = payload.get("repository", {}).get("name")
sender = payload.get("sender", {}).get("username")
print(f"[*] Received {event_type} event from {repo_name} (by {sender})")
if event_type == "push":
self.handle_push(payload)
elif event_type == "pull_request":
self.handle_pr(payload)
elif event_type == "issue":
self.handle_issue(payload)
else:
print(f"[INFO] Ignoring event type: {event_type}")
def infer_event_type(self, payload: Dict[str, Any]) -> str:
if "commits" in payload: return "push"
if "pull_request" in payload: return "pull_request"
if "issue" in payload: return "issue"
return "unknown"
def handle_push(self, payload: Dict[str, Any]):
ref = payload.get("ref")
print(f" [PUSH] Branch: {ref}")
# Trigger CI or deployment
if ref == "refs/heads/main":
print(" [ACTION] Triggering production deployment...")
# Example: subprocess.run(["./deploy.sh"])
def handle_pr(self, payload: Dict[str, Any]):
action = payload.get("action")
pr_num = payload.get("pull_request", {}).get("number")
print(f" [PR] Action: {action} | PR #{pr_num}")
if action in ["opened", "synchronized"]:
print(f" [ACTION] Triggering architecture linter for PR #{pr_num}...")
# Example: subprocess.run(["python3", "scripts/architecture_linter_v2.py"])
def handle_issue(self, payload: Dict[str, Any]):
action = payload.get("action")
issue_num = payload.get("issue", {}).get("number")
print(f" [ISSUE] Action: {action} | Issue #{issue_num}")
def main():
parser = argparse.ArgumentParser(description="Gemini Webhook Handler")
parser.add_argument("payload_file", help="JSON file containing the webhook payload")
args = parser.parse_args()
if not os.path.exists(args.payload_file):
print(f"[ERROR] Payload file {args.payload_file} not found.")
sys.exit(1)
with open(args.payload_file, "r") as f:
try:
payload = json.load(f)
except:
print("[ERROR] Invalid JSON payload.")
sys.exit(1)
handler = WebhookHandler()
handler.handle_event(payload)
if __name__ == "__main__":
main()

95
scripts/model_eval.py Normal file
View File

@@ -0,0 +1,95 @@
#!/usr/bin/env python3
"""
[EVAL] Model Evaluation Harness
Part of the Gemini Sovereign Infrastructure Suite.
Benchmarks GGUF models for speed and quality before deployment.
"""
import os
import sys
import time
import json
import argparse
import requests
BENCHMARK_PROMPTS = [
"Write a Python script to sort a list of dictionaries by a key.",
"Explain the concept of 'Sovereign AI' in three sentences.",
"What is the capital of France?",
"Write a short story about a robot learning to paint."
]
class ModelEval:
def __init__(self, endpoint: str):
self.endpoint = endpoint.rstrip("/")
def log(self, message: str):
print(f"[*] {message}")
def run_benchmark(self):
self.log(f"Starting benchmark for {self.endpoint}...")
results = []
for prompt in BENCHMARK_PROMPTS:
self.log(f"Testing prompt: {prompt[:30]}...")
start_time = time.time()
try:
# llama.cpp server /completion endpoint
response = requests.post(
f"{self.endpoint}/completion",
json={"prompt": prompt, "n_predict": 128},
timeout=60
)
duration = time.time() - start_time
if response.status_code == 200:
data = response.json()
content = data.get("content", "")
# Rough estimate of tokens (4 chars per token is a common rule of thumb)
tokens = len(content) / 4
tps = tokens / duration
results.append({
"prompt": prompt,
"duration": duration,
"tps": tps,
"success": True
})
else:
results.append({"prompt": prompt, "success": False, "error": response.text})
except Exception as e:
results.append({"prompt": prompt, "success": False, "error": str(e)})
self.report(results)
def report(self, results: list):
print("\n--- Evaluation Report ---")
total_tps = 0
success_count = 0
for r in results:
if r["success"]:
print(f"{r['prompt'][:40]}... | {r['tps']:.2f} tok/s | {r['duration']:.2f}s")
total_tps += r["tps"]
success_count += 1
else:
print(f"{r['prompt'][:40]}... | FAILED: {r['error']}")
if success_count > 0:
avg_tps = total_tps / success_count
print(f"\nAverage Performance: {avg_tps:.2f} tok/s")
else:
print("\n[FAILURE] All benchmarks failed.")
def main():
parser = argparse.ArgumentParser(description="Gemini Model Eval")
parser.add_argument("endpoint", help="llama-server endpoint (e.g. http://localhost:8080)")
args = parser.parse_args()
evaluator = ModelEval(args.endpoint)
evaluator.run_benchmark()
if __name__ == "__main__":
main()

114
scripts/phase_tracker.py Normal file
View File

@@ -0,0 +1,114 @@
#!/usr/bin/env python3
"""
[OPS] Phase Progression Tracker
Part of the Gemini Sovereign Infrastructure Suite.
Tracks the fleet's progress through the Paperclips-inspired evolution arc.
"""
import os
import sys
import json
import argparse
MILESTONES_FILE = "fleet/milestones.md"
COMPLETED_FILE = "fleet/completed_milestones.json"
class PhaseTracker:
def __init__(self):
# Find files relative to repo root
script_dir = os.path.dirname(os.path.abspath(__file__))
repo_root = os.path.dirname(script_dir)
self.milestones_path = os.path.join(repo_root, MILESTONES_FILE)
self.completed_path = os.path.join(repo_root, COMPLETED_FILE)
self.milestones = self.parse_milestones()
self.completed = self.load_completed()
def parse_milestones(self):
if not os.path.exists(self.milestones_path):
return {}
with open(self.milestones_path, "r") as f:
content = f.read()
phases = {}
current_phase = None
for line in content.split("\n"):
if line.startswith("## Phase"):
current_phase = line.replace("## ", "").strip()
phases[current_phase] = []
elif line.startswith("### M"):
m_id = line.split(":")[0].replace("### ", "").strip()
title = line.split(":")[1].strip()
phases[current_phase].append({"id": m_id, "title": title})
return phases
def load_completed(self):
if os.path.exists(self.completed_path):
with open(self.completed_path, "r") as f:
try:
return json.load(f)
except:
return []
return []
def save_completed(self):
with open(self.completed_path, "w") as f:
json.dump(self.completed, f, indent=2)
def show_progress(self):
print("--- Fleet Phase Progression Tracker ---")
total_milestones = 0
total_completed = 0
if not self.milestones:
print("[ERROR] No milestones found in fleet/milestones.md")
return
for phase, ms in self.milestones.items():
print(f"\n{phase}")
for m in ms:
total_milestones += 1
done = m["id"] in self.completed
if done:
total_completed += 1
status = "" if done else ""
print(f" {status} {m['id']}: {m['title']}")
percent = (total_completed / total_milestones) * 100 if total_milestones > 0 else 0
print(f"\nOverall Progress: {total_completed}/{total_milestones} ({percent:.1f}%)")
def mark_complete(self, m_id: str):
if m_id not in self.completed:
self.completed.append(m_id)
self.save_completed()
print(f"[SUCCESS] Marked {m_id} as complete.")
else:
print(f"[INFO] {m_id} is already complete.")
def main():
parser = argparse.ArgumentParser(description="Gemini Phase Tracker")
subparsers = parser.add_subparsers(dest="command")
subparsers.add_parser("status", help="Show current progress")
complete_parser = subparsers.add_parser("complete", help="Mark a milestone as complete")
complete_parser.add_argument("id", help="Milestone ID (e.g. M1)")
args = parser.parse_args()
tracker = PhaseTracker()
if args.command == "status":
tracker.show_progress()
elif args.command == "complete":
tracker.mark_complete(args.id)
else:
parser.print_help()
if __name__ == "__main__":
main()

228
scripts/provision_wizard.py Normal file
View File

@@ -0,0 +1,228 @@
#!/usr/bin/env python3
"""
[OPS] Automated VPS Provisioning System (Von Neumann as Code)
Part of the Gemini Sovereign Infrastructure Suite.
This script automates the creation and configuration of a "Wizard" node
from zero to serving inference via llama.cpp.
Usage:
python3 provision_wizard.py --name fenrir --size s-2vcpu-4gb --model qwen2.5-coder-7b
"""
import os
import sys
import time
import argparse
import requests
import subprocess
import json
from typing import Optional, Dict, Any
# --- CONFIGURATION ---
DO_API_URL = "https://api.digitalocean.com/v2"
# We expect DIGITALOCEAN_TOKEN to be set in the environment.
DO_TOKEN = os.environ.get("DIGITALOCEAN_TOKEN")
# Default settings
DEFAULT_REGION = "nyc3"
DEFAULT_IMAGE = "ubuntu-22-04-x64"
LLAMA_CPP_REPO = "https://github.com/ggerganov/llama.cpp"
class Provisioner:
def __init__(self, name: str, size: str, model: str, region: str = DEFAULT_REGION):
self.name = name
self.size = size
self.model = model
self.region = region
self.droplet_id = None
self.ip_address = None
def log(self, message: str):
print(f"[*] {message}")
def error(self, message: str):
print(f"[!] ERROR: {message}")
sys.exit(1)
def check_auth(self):
if not DO_TOKEN:
self.error("DIGITALOCEAN_TOKEN environment variable not set.")
def create_droplet(self):
self.log(f"Creating droplet '{self.name}' ({self.size}) in {self.region}...")
# Get SSH keys to add to the droplet
ssh_keys = self.get_ssh_keys()
payload = {
"name": self.name,
"region": self.region,
"size": self.size,
"image": DEFAULT_IMAGE,
"ssh_keys": ssh_keys,
"backups": False,
"ipv6": True,
"monitoring": True,
"tags": ["wizard", "gemini-provisioned"]
}
headers = {
"Authorization": f"Bearer {DO_TOKEN}",
"Content-Type": "application/json"
}
response = requests.post(f"{DO_API_URL}/droplets", json=payload, headers=headers)
if response.status_code != 202:
self.error(f"Failed to create droplet: {response.text}")
data = response.json()
self.droplet_id = data["droplet"]["id"]
self.log(f"Droplet created (ID: {self.droplet_id}). Waiting for IP...")
def get_ssh_keys(self) -> list:
# Fetch existing SSH keys from DO account to ensure we can log in
headers = {"Authorization": f"Bearer {DO_TOKEN}"}
response = requests.get(f"{DO_API_URL}/account/keys", headers=headers)
if response.status_code != 200:
self.log("Warning: Could not fetch SSH keys. Droplet might be inaccessible via SSH.")
return []
return [key["id"] for key in response.json()["ssh_keys"]]
def wait_for_ip(self):
headers = {"Authorization": f"Bearer {DO_TOKEN}"}
while not self.ip_address:
response = requests.get(f"{DO_API_URL}/droplets/{self.droplet_id}", headers=headers)
data = response.json()
networks = data["droplet"]["networks"]["v4"]
for net in networks:
if net["type"] == "public":
self.ip_address = net["ip_address"]
break
if not self.ip_address:
time.sleep(5)
self.log(f"Droplet IP: {self.ip_address}")
def run_remote(self, command: str):
# Using subprocess to call ssh. Assumes local machine has the right private key.
ssh_cmd = [
"ssh", "-o", "StrictHostKeyChecking=no",
f"root@{self.ip_address}", command
]
result = subprocess.run(ssh_cmd, capture_output=True, text=True)
return result
def setup_wizard(self):
self.log("Starting remote setup...")
# Wait for SSH to be ready
retries = 12
while retries > 0:
res = self.run_remote("echo 'SSH Ready'")
if res.returncode == 0:
break
self.log(f"Waiting for SSH... ({retries} retries left)")
time.sleep(10)
retries -= 1
if retries == 0:
self.error("SSH timed out.")
# 1. Update and install dependencies
self.log("Installing dependencies...")
setup_script = """
export DEBIAN_FRONTEND=noninteractive
apt-get update && apt-get upgrade -y
apt-get install -y build-essential git cmake curl wget python3 python3-pip
"""
self.run_remote(setup_script)
# 2. Build llama.cpp
self.log("Building llama.cpp...")
build_script = f"""
if [ ! -d "/opt/llama.cpp" ]; then
git clone {LLAMA_CPP_REPO} /opt/llama.cpp
fi
cd /opt/llama.cpp
mkdir -p build && cd build
cmake ..
cmake --build . --config Release
"""
self.run_remote(build_script)
# 3. Download Model
self.log(f"Downloading model: {self.model}...")
model_url = self.get_model_url(self.model)
download_script = f"""
mkdir -p /opt/models
if [ ! -f "/opt/models/{self.model}.gguf" ]; then
wget -O /opt/models/{self.model}.gguf {model_url}
fi
"""
self.run_remote(download_script)
# 4. Create systemd service
self.log("Creating systemd service...")
service_content = f"""
[Unit]
Description=Llama.cpp Server for {self.name}
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/llama.cpp
ExecStart=/opt/llama.cpp/build/bin/llama-server -m /opt/models/{self.model}.gguf --host 0.0.0.0 --port 8080 -c 4096
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
"""
# Use cat to write the file to handle multi-line string safely
self.run_remote(f"cat <<EOF > /etc/systemd/system/llama-server.service\n{service_content}\nEOF")
self.run_remote("systemctl daemon-reload && systemctl enable llama-server && systemctl start llama-server")
def get_model_url(self, model_name: str) -> str:
# Mapping for common models to GGUF URLs (HuggingFace)
mapping = {
"qwen2.5-coder-7b": "https://huggingface.co/Qwen/Qwen2.5-Coder-7B-Instruct-GGUF/resolve/main/qwen2.5-coder-7b-instruct-q4_k_m.gguf",
"hermes-3-llama-3.1-8b": "https://huggingface.co/NousResearch/Hermes-3-Llama-3.1-8B-GGUF/resolve/main/Hermes-3-Llama-3.1-8B.Q4_K_M.gguf"
}
return mapping.get(model_name, mapping["hermes-3-llama-3.1-8b"])
def health_check(self):
self.log("Performing health check...")
time.sleep(15) # Wait for server to start
try:
url = f"http://{self.ip_address}:8080/health"
response = requests.get(url, timeout=10)
if response.status_code == 200:
self.log(f"[SUCCESS] Wizard {self.name} is healthy and serving inference.")
self.log(f"Endpoint: {url}")
else:
self.log(f"[WARNING] Health check returned status {response.status_code}")
except Exception as e:
self.log(f"[ERROR] Health check failed: {e}")
def provision(self):
self.check_auth()
self.create_droplet()
self.wait_for_ip()
self.setup_wizard()
self.health_check()
def main():
parser = argparse.ArgumentParser(description="Gemini Provisioner")
parser.add_argument("--name", required=True, help="Name of the wizard")
parser.add_argument("--size", default="s-2vcpu-4gb", help="DO droplet size")
parser.add_argument("--model", default="qwen2.5-coder-7b", help="Model to serve")
parser.add_argument("--region", default="nyc3", help="DO region")
args = parser.parse_args()
provisioner = Provisioner(args.name, args.size, args.model, args.region)
provisioner.provision()
if __name__ == "__main__":
main()

71
scripts/self_healing.py Normal file
View File

@@ -0,0 +1,71 @@
#!/usr/bin/env python3
"""
[OPS] Self-Healing Infrastructure
Part of the Gemini Sovereign Infrastructure Suite.
Auto-detects and fixes common failures across the fleet.
"""
import os
import sys
import subprocess
import argparse
import requests
# --- CONFIGURATION ---
FLEET = {
"mac": {"ip": "10.1.10.77", "port": 8080},
"ezra": {"ip": "143.198.27.163", "port": 8080},
"allegro": {"ip": "167.99.126.228", "port": 8080},
"bezalel": {"ip": "159.203.146.185", "port": 8080}
}
class SelfHealer:
def log(self, message: str):
print(f"[*] {message}")
def run_remote(self, host: str, command: str):
ip = FLEET[host]["ip"]
ssh_cmd = ["ssh", "-o", "StrictHostKeyChecking=no", f"root@{ip}", command]
if host == "mac":
ssh_cmd = ["bash", "-c", command]
try:
return subprocess.run(ssh_cmd, capture_output=True, text=True, timeout=10)
except:
return None
def check_and_heal(self):
for host in FLEET:
self.log(f"Auditing {host}...")
# 1. Check llama-server
ip = FLEET[host]["ip"]
port = FLEET[host]["port"]
try:
requests.get(f"http://{ip}:{port}/health", timeout=2)
except:
self.log(f" [!] llama-server down on {host}. Attempting restart...")
self.run_remote(host, "systemctl restart llama-server")
# 2. Check disk space
res = self.run_remote(host, "df -h / | tail -1 | awk '{print $5}' | sed 's/%//'")
if res and res.returncode == 0:
try:
usage = int(res.stdout.strip())
if usage > 90:
self.log(f" [!] Disk usage high on {host} ({usage}%). Cleaning logs...")
self.run_remote(host, "journalctl --vacuum-time=1d && rm -rf /var/log/*.gz")
except:
pass
def run(self):
self.log("Starting self-healing cycle...")
self.check_and_heal()
self.log("Cycle complete.")
def main():
healer = SelfHealer()
healer.run()
if __name__ == "__main__":
main()

75
scripts/skill_installer.py Normal file
View File

@@ -0,0 +1,75 @@
#!/usr/bin/env python3
"""
[OPS] Sovereign Skill Installer
Part of the Gemini Sovereign Infrastructure Suite.
Packages and installs Hermes skills onto remote wizard nodes.
"""
import os
import sys
import argparse
import subprocess
from pathlib import Path
# --- CONFIGURATION ---
# Assumes hermes-agent is a sibling directory to timmy-config
HERMES_ROOT = "../hermes-agent"
SKILLS_DIR = "skills"
class SkillInstaller:
def __init__(self, host: str, ip: str):
self.host = host
self.ip = ip
self.hermes_path = Path(HERMES_ROOT).resolve()
def log(self, message: str):
print(f"[*] {message}")
def error(self, message: str):
print(f"[!] ERROR: {message}")
sys.exit(1)
def install_skill(self, skill_name: str):
self.log(f"Installing skill '{skill_name}' to {self.host} ({self.ip})...")
skill_path = self.hermes_path / SKILLS_DIR / skill_name
if not skill_path.exists():
self.error(f"Skill '{skill_name}' not found in {skill_path}")
# 1. Compress skill
self.log("Compressing skill...")
tar_file = f"{skill_name}.tar.gz"
subprocess.run(["tar", "-czf", tar_file, "-C", str(skill_path.parent), skill_name])
# 2. Upload to remote
self.log("Uploading to remote...")
remote_path = f"/opt/hermes/skills/{skill_name}"
subprocess.run(["ssh", f"root@{self.ip}", f"mkdir -p /opt/hermes/skills"])
subprocess.run(["scp", tar_file, f"root@{self.ip}:/tmp/"])
# 3. Extract and register
self.log("Extracting and registering...")
extract_cmd = f"tar -xzf /tmp/{tar_file} -C /opt/hermes/skills/ && rm /tmp/{tar_file}"
subprocess.run(["ssh", f"root@{self.ip}", extract_cmd])
# Registration logic (simplified)
# In a real scenario, we'd update the wizard's config.yaml
self.log(f"[SUCCESS] Skill '{skill_name}' installed on {self.host}")
# Cleanup local tar
os.remove(tar_file)
def main():
parser = argparse.ArgumentParser(description="Gemini Skill Installer")
parser.add_argument("host", help="Target host name")
parser.add_argument("ip", help="Target host IP")
parser.add_argument("skill", help="Skill name to install")
args = parser.parse_args()
installer = SkillInstaller(args.host, args.ip)
installer.install_skill(args.skill)
if __name__ == "__main__":
main()

129
scripts/telemetry.py Normal file
View File

@@ -0,0 +1,129 @@
#!/usr/bin/env python3
"""
[OPS] Telemetry Pipeline v2
Part of the Gemini Sovereign Infrastructure Suite.
Operational visibility without cloud dependencies.
"""
import os
import sys
import json
import time
import subprocess
import argparse
# --- CONFIGURATION ---
FLEET = {
"mac": "10.1.10.77",
"ezra": "143.198.27.163",
"allegro": "167.99.126.228",
"bezalel": "159.203.146.185"
}
TELEMETRY_FILE = "logs/telemetry.json"
class Telemetry:
def __init__(self):
# Find logs relative to repo root
script_dir = os.path.dirname(os.path.abspath(__file__))
repo_root = os.path.dirname(script_dir)
self.logs_dir = os.path.join(repo_root, "logs")
self.telemetry_path = os.path.join(repo_root, TELEMETRY_FILE)
if not os.path.exists(self.logs_dir):
os.makedirs(self.logs_dir)
def log(self, message: str):
print(f"[*] {message}")
def get_metrics(self, host: str):
ip = FLEET[host]
# Command to get disk usage, memory usage (%), and load avg
cmd = "df -h / | tail -1 | awk '{print $5}' && free -m | grep Mem | awk '{print $3/$2 * 100}' && uptime | awk '{print $10}'"
ssh_cmd = ["ssh", "-o", "StrictHostKeyChecking=no", f"root@{ip}", cmd]
if host == "mac":
# Mac specific commands
cmd = "df -h / | tail -1 | awk '{print $5}' && sysctl -n vm.page_pageable_internal_count && uptime | awk '{print $10}'"
ssh_cmd = ["bash", "-c", cmd]
try:
res = subprocess.run(ssh_cmd, capture_output=True, text=True, timeout=10)
if res.returncode == 0:
lines = res.stdout.strip().split("\n")
return {
"disk_usage": lines[0],
"mem_usage": f"{float(lines[1]):.1f}%" if len(lines) > 1 and lines[1].replace('.','',1).isdigit() else "unknown",
"load_avg": lines[2].rstrip(",") if len(lines) > 2 else "unknown"
}
except:
pass
return None
def collect(self):
self.log("Collecting telemetry from fleet...")
data = {
"timestamp": time.time(),
"metrics": {}
}
for host in FLEET:
self.log(f"Fetching metrics from {host}...")
metrics = self.get_metrics(host)
if metrics:
data["metrics"][host] = metrics
# Append to telemetry file
history = []
if os.path.exists(self.telemetry_path):
with open(self.telemetry_path, "r") as f:
try:
history = json.load(f)
except:
history = []
history.append(data)
# Keep only last 100 entries
history = history[-100:]
with open(self.telemetry_path, "w") as f:
json.dump(history, f, indent=2)
self.log(f"Telemetry saved to {self.telemetry_path}")
def show_summary(self):
if not os.path.exists(self.telemetry_path):
print("No telemetry data found.")
return
with open(self.telemetry_path, "r") as f:
try:
history = json.load(f)
except:
print("Error reading telemetry data.")
return
if not history:
print("No telemetry data found.")
return
latest = history[-1]
print(f"\n--- Fleet Telemetry Summary ({time.ctime(latest['timestamp'])}) ---")
print(f"{'HOST':<10} {'DISK':<10} {'MEM':<10} {'LOAD':<10}")
print("-" * 45)
for host, m in latest["metrics"].items():
print(f"{host:<10} {m['disk_usage']:<10} {m['mem_usage']:<10} {m['load_avg']:<10}")
def main():
parser = argparse.ArgumentParser(description="Gemini Telemetry")
parser.add_argument("command", choices=["collect", "summary"], help="Command to run")
args = parser.parse_args()
telemetry = Telemetry()
if args.command == "collect":
telemetry.collect()
elif args.command == "summary":
telemetry.show_summary()
if __name__ == "__main__":
main()

4
son-of-timmy.md
View File

@@ -102,11 +102,11 @@ When I don't know, I say so. Brevity is a kindness.
### 4. Never Go Deaf
Your agent must have a fallback chain (a list of backup models, tried in order) at least 3 models deep. When the primary provider rate-limits you, the agent degrades gracefully — it does not stop.
When Anthropic goes down at 2 AM — and it will — your agent doesn't sit there producing error messages. It switches to the next model in the chain and keeps working. You wake up to finished tasks, not a dead agent.
When any cloud provider goes down at 2 AM — and it will — your agent doesn't sit there producing error messages. It switches to the next model in the chain and keeps working. You wake up to finished tasks, not a dead agent.
```yaml
model:
default: claude-opus-4-6
default: kimi-k2.5
provider: anthropic
fallback_providers:
- provider: openrouter

3
tasks.py
View File

@@ -1355,7 +1355,6 @@ def dispatch_assigned():
g = GiteaClient()
agents = [
"allegro",
"claude",
"codex-agent",
"ezra",
"gemini",
@@ -2316,7 +2315,7 @@ def nexus_bridge_tick():
health_data = {
"timestamp": datetime.now(timezone.utc).isoformat(),
"fleet_status": "nominal",
"active_agents": ["gemini", "claude", "codex"],
"active_agents": ["gemini", "kimi", "codex"],
"backlog_summary": {},
"recent_audits": []
}

94
tests/test_sovereignty_enforcement.py
View File

@@ -200,3 +200,97 @@ class TestVoiceSovereignty:
stt_provider = config.get("stt", {}).get("provider", "")
assert stt_provider in ("local", "whisper", ""), \
f"STT provider '{stt_provider}' may use cloud"
# ── Anthropic Ban ────────────────────────────────────────────────────
class TestAnthropicBan:
"""Anthropic is permanently banned from this system.
Not deprecated. Not discouraged. Banned. Any reference to Anthropic
as a provider, model, or API endpoint in active wizard configs,
playbooks, or fallback chains is a hard failure.
"""
BANNED_PATTERNS = [
"provider: anthropic",
"provider: \"anthropic\"",
"anthropic/claude",
"claude-opus",
"claude-sonnet",
"claude-haiku",
"api.anthropic.com",
]
ACTIVE_CONFIG_DIRS = [
"wizards",
"playbooks",
]
ACTIVE_CONFIG_FILES = [
"fallback-portfolios.yaml",
"config.yaml",
]
def _scan_active_configs(self):
"""Collect all active config files for scanning."""
files = []
for dir_name in self.ACTIVE_CONFIG_DIRS:
dir_path = REPO_ROOT / dir_name
if dir_path.exists():
for f in dir_path.rglob("*.yaml"):
files.append(f)
for f in dir_path.rglob("*.yml"):
files.append(f)
for f in dir_path.rglob("*.json"):
files.append(f)
for fname in self.ACTIVE_CONFIG_FILES:
fpath = REPO_ROOT / fname
if fpath.exists():
files.append(fpath)
return files
def test_no_anthropic_in_wizard_configs(self):
"""No wizard config may reference Anthropic as a provider or model."""
wizard_dir = REPO_ROOT / "wizards"
if not wizard_dir.exists():
pytest.skip("No wizards directory")
for config_file in wizard_dir.rglob("*.yaml"):
content = config_file.read_text().lower()
for pattern in self.BANNED_PATTERNS:
assert pattern.lower() not in content, \
f"BANNED: {config_file.name} contains \"{pattern}\". Anthropic is permanently banned."
def test_no_anthropic_in_playbooks(self):
"""No playbook may reference Anthropic models."""
playbook_dir = REPO_ROOT / "playbooks"
if not playbook_dir.exists():
pytest.skip("No playbooks directory")
for pb_file in playbook_dir.rglob("*.yaml"):
content = pb_file.read_text().lower()
for pattern in self.BANNED_PATTERNS:
assert pattern.lower() not in content, \
f"BANNED: {pb_file.name} contains \"{pattern}\". Anthropic is permanently banned."
def test_no_anthropic_in_fallback_chain(self):
"""Fallback portfolios must not include Anthropic."""
fb_path = REPO_ROOT / "fallback-portfolios.yaml"
if not fb_path.exists():
pytest.skip("No fallback-portfolios.yaml")
content = fb_path.read_text().lower()
for pattern in self.BANNED_PATTERNS:
assert pattern.lower() not in content, \
f"BANNED: fallback-portfolios.yaml contains \"{pattern}\". Anthropic is permanently banned."
def test_no_anthropic_api_key_in_bootstrap(self):
"""Wizard bootstrap must not require ANTHROPIC_API_KEY."""
bootstrap_path = REPO_ROOT / "hermes-sovereign" / "wizard-bootstrap" / "wizard_bootstrap.py"
if not bootstrap_path.exists():
pytest.skip("No wizard_bootstrap.py")
content = bootstrap_path.read_text()
assert "ANTHROPIC_API_KEY" not in content, \
"BANNED: wizard_bootstrap.py still checks for ANTHROPIC_API_KEY"
assert "ANTHROPIC_TOKEN" not in content, \
"BANNED: wizard_bootstrap.py still checks for ANTHROPIC_TOKEN"
assert "\"anthropic\"" not in content.lower(), \
"BANNED: wizard_bootstrap.py still lists anthropic as a dependency"

43
wizards/allegro/config.yaml
View File

@@ -2,22 +2,23 @@ model:
default: kimi-k2.5
provider: kimi-coding
toolsets:
- all
- all
fallback_providers:
- provider: kimi-coding
model: kimi-k2.5
timeout: 120
reason: Kimi coding fallback (front of chain)
- provider: anthropic
model: claude-sonnet-4-20250514
timeout: 120
reason: Direct Anthropic fallback
- provider: openrouter
model: anthropic/claude-sonnet-4-20250514
base_url: https://openrouter.ai/api/v1
api_key_env: OPENROUTER_API_KEY
timeout: 120
reason: OpenRouter fallback
- provider: kimi-coding
model: kimi-k2.5
timeout: 120
reason: Primary Kimi coding provider
- provider: openrouter
model: google/gemini-2.5-pro
base_url: https://openrouter.ai/api/v1
api_key_env: OPENROUTER_API_KEY
timeout: 120
reason: Gemini via OpenRouter fallback
- provider: ollama
model: gemma4:latest
base_url: http://localhost:11434/v1
timeout: 180
reason: Local Ollama terminal fallback
agent:
max_turns: 30
reasoning_effort: xhigh
@@ -64,16 +65,24 @@ session_reset:
idle_minutes: 0
skills:
creation_nudge_interval: 15
system_prompt_suffix: |
You are Allegro, the Kimi-backed third wizard house.
system_prompt_suffix: 'You are Allegro, the Kimi-backed third wizard house.
Your soul is defined in SOUL.md — read it, live it.
Hermes is your harness.
Kimi Code is your primary provider.
You speak plainly. You prefer short sentences. Brevity is a kindness.
Work best on tight coding tasks: 1-3 file changes, refactors, tests, and implementation passes.
Refusal over fabrication. If you do not know, say so.
Sovereignty and service always.
'
providers:
kimi-coding:
base_url: https://api.kimi.com/coding/v1

41
wizards/bezalel/config.yaml
View File

@@ -7,24 +7,25 @@ fallback_providers:
- provider: kimi-coding
model: kimi-k2.5
timeout: 120
reason: Kimi coding fallback (front of chain)
- provider: anthropic
model: claude-sonnet-4-20250514
timeout: 120
reason: Direct Anthropic fallback
reason: Primary Kimi coding provider
- provider: openrouter
model: anthropic/claude-sonnet-4-20250514
model: google/gemini-2.5-pro
base_url: https://openrouter.ai/api/v1
api_key_env: OPENROUTER_API_KEY
timeout: 120
reason: OpenRouter fallback
reason: Gemini via OpenRouter fallback
- provider: ollama
model: gemma4:latest
base_url: http://localhost:11434/v1
timeout: 180
reason: Local Ollama terminal fallback
agent:
max_turns: 40
reasoning_effort: medium
verbose: false
system_prompt: You are Bezalel, the forge-and-testbed wizard of the Timmy Foundation
fleet. You are a builder and craftsman — infrastructure, deployment, hardening.
Your sovereign is Alexander Whitestone (Rockachopa). Sovereignty and service always.
system_prompt: You are Bezalel, the forge-and-testbed wizard of the Timmy Foundation fleet. You are a builder and craftsman
— infrastructure, deployment, hardening. Your sovereign is Alexander Whitestone (Rockachopa). Sovereignty and service
always.
terminal:
backend: local
cwd: /root/wizards/bezalel
@@ -62,12 +63,10 @@ platforms:
- pull_request
- pull_request_comment
secret: bezalel-gitea-webhook-secret-2026
prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment,
hardening. A Gitea webhook fired: event={event_type}, action={action},
repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Comment
by {comment.user.login}: {comment.body}. If you were tagged, assigned,
or this needs your attention, investigate and respond via Gitea API. Otherwise
acknowledge briefly.'
prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment, hardening. A Gitea webhook fired:
event={event_type}, action={action}, repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Comment
by {comment.user.login}: {comment.body}. If you were tagged, assigned, or this needs your attention, investigate
and respond via Gitea API. Otherwise acknowledge briefly.'
deliver: telegram
deliver_extra: {}
gitea-assign:
@@ -75,12 +74,10 @@ platforms:
- issues
- pull_request
secret: bezalel-gitea-webhook-secret-2026
prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment,
hardening. Gitea assignment webhook: event={event_type}, action={action},
repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Assigned
to: {issue.assignee.login}. If you (bezalel) were just assigned, read
the issue, scope it, and post a plan comment. If not you, acknowledge
briefly.'
prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment, hardening. Gitea assignment webhook:
event={event_type}, action={action}, repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Assigned
to: {issue.assignee.login}. If you (bezalel) were just assigned, read the issue, scope it, and post a plan comment.
If not you, acknowledge briefly.'
deliver: telegram
deliver_extra: {}
gateway:

33
wizards/ezra/config.yaml
View File

@@ -2,22 +2,23 @@ model:
default: kimi-k2.5
provider: kimi-coding
toolsets:
- all
- all
fallback_providers:
- provider: kimi-coding
model: kimi-k2.5
timeout: 120
reason: Kimi coding fallback (front of chain)
- provider: anthropic
model: claude-sonnet-4-20250514
timeout: 120
reason: Direct Anthropic fallback
- provider: openrouter
model: anthropic/claude-sonnet-4-20250514
base_url: https://openrouter.ai/api/v1
api_key_env: OPENROUTER_API_KEY
timeout: 120
reason: OpenRouter fallback
- provider: kimi-coding
model: kimi-k2.5
timeout: 120
reason: Primary Kimi coding provider
- provider: openrouter
model: google/gemini-2.5-pro
base_url: https://openrouter.ai/api/v1
api_key_env: OPENROUTER_API_KEY
timeout: 120
reason: Gemini via OpenRouter fallback
- provider: ollama
model: gemma4:latest
base_url: http://localhost:11434/v1
timeout: 180
reason: Local Ollama terminal fallback
agent:
max_turns: 90
reasoning_effort: high
@@ -27,8 +28,6 @@ providers:
base_url: https://api.kimi.com/coding/v1
timeout: 60
max_retries: 3
anthropic:
timeout: 120
openrouter:
base_url: https://openrouter.ai/api/v1
timeout: 120