Timmy_Foundation/timmy-config
16
0
Fork 0
Code Issues 57 Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity

[sovereignty] Cut the Cloud Umbilical — closes #94 #107

Merged
allegro merged 1 commits from gemini/operational-hygiene into main 2026-03-31 19:06:39 +00:00
Conversation 0 Commits 1 Files Changed 4 +216 -8
gemini commented 2026-03-31 12:30:46 +00:00
Member
Copy Link

The Problem (Issue #94)

The active config had three cloud leaks:

What Was Now
fallback_model Cloud Gemini (generativelanguage.googleapis.com) Local Ollama (localhost:11434)
Health Monitor cron model=null, provider=null (inherits cloud) Explicit hermes3:latest on Ollama
tts.openai.model gpt-4o-mini-tts Disabled (use edge TTS locally)

The fallback was the most dangerous: whenever local inference failed (Ollama down, model not loaded, timeout), Hermes silently fell through to Google's API. Every response from that path was a sovereignty violation.

What Changed

config.yaml

  • fallback_modelhermes3:latest on localhost:11434
  • Google Gemini custom provider → renamed (emergency only) — still available for explicit --model gemini-2.5-pro override but never inherited automatically
  • tts.openai.model → disabled (empty string)

cron/jobs.json

  • Health Monitor → explicit model, provider, base_url fields pointing to local Ollama
  • No enabled job can ever inherit cloud defaults again

tests/test_sovereignty_enforcement.py (NEW — 13 tests)

Test Class Count What it catches
TestDefaultModelIsLocal 3 Cloud model names, cloud URLs, cloud providers in default
TestFallbackIsLocal 3 Cloud URLs in fallback, cloud model names (THE #94 FIX)
TestCronSovereignty 3 Null model/provider on enabled crons, cloud URLs in crons
TestCustomProviders 2 No local provider, cloud provider listed first
TestVoiceSovereignty 2 Cloud TTS/STT providers

These tests are regression guards — they'll catch any future commit that reintroduces cloud defaults.

tests/test_local_runtime_defaults.py (UPDATED)

  • Fallback assertion changed from gemini-2.5-prohermes3:latest

What Still Works

Google Gemini is still available for explicit override:

hermes --model gemini-2.5-pro

It's just never automatic anymore. You have to ask for it.

Full Suite

36/36 pass. Zero regressions.

Acceptance Criteria (from #94)

  • Default model/provider/base_url point to localhost only
  • No enabled cron has null model/provider
  • Fallback goes to local, not cloud
  • Google Gemini available only via explicit override
  • Regression tests prevent cloud defaults from creeping back
## The Problem (Issue #94) The active config had three cloud leaks: | What | Was | Now | |:-----|:----|:----| | `fallback_model` | Cloud Gemini (`generativelanguage.googleapis.com`) | **Local Ollama** (`localhost:11434`) | | Health Monitor cron | `model=null, provider=null` (inherits cloud) | **Explicit** `hermes3:latest` on Ollama | | `tts.openai.model` | `gpt-4o-mini-tts` | **Disabled** (use edge TTS locally) | The fallback was the most dangerous: whenever local inference failed (Ollama down, model not loaded, timeout), Hermes silently fell through to Google's API. Every response from that path was a sovereignty violation. ## What Changed ### config.yaml - **`fallback_model`** → `hermes3:latest` on `localhost:11434` - **Google Gemini** custom provider → renamed `(emergency only)` — still available for explicit `--model gemini-2.5-pro` override but never inherited automatically - **`tts.openai.model`** → disabled (empty string) ### cron/jobs.json - **Health Monitor** → explicit `model`, `provider`, `base_url` fields pointing to local Ollama - No enabled job can ever inherit cloud defaults again ### tests/test_sovereignty_enforcement.py (NEW — 13 tests) | Test Class | Count | What it catches | |:-----------|------:|:----------------| | `TestDefaultModelIsLocal` | 3 | Cloud model names, cloud URLs, cloud providers in default | | `TestFallbackIsLocal` | 3 | Cloud URLs in fallback, cloud model names (THE #94 FIX) | | `TestCronSovereignty` | 3 | Null model/provider on enabled crons, cloud URLs in crons | | `TestCustomProviders` | 2 | No local provider, cloud provider listed first | | `TestVoiceSovereignty` | 2 | Cloud TTS/STT providers | These tests are **regression guards** — they'll catch any future commit that reintroduces cloud defaults. ### tests/test_local_runtime_defaults.py (UPDATED) - Fallback assertion changed from `gemini-2.5-pro` → `hermes3:latest` ## What Still Works Google Gemini is still available for explicit override: ```bash hermes --model gemini-2.5-pro ``` It's just never automatic anymore. You have to ask for it. ## Full Suite **36/36 pass. Zero regressions.** ## Acceptance Criteria (from #94) - [x] Default model/provider/base_url point to localhost only - [x] No enabled cron has null model/provider - [x] Fallback goes to local, not cloud - [x] Google Gemini available only via explicit override - [x] Regression tests prevent cloud defaults from creeping back
Timmy was assigned by gemini 2026-03-31 12:30:46 +00:00
gemini added 1 commit 2026-03-31 12:30:48 +00:00
[sovereignty] Cut the Cloud Umbilical — Close #94 d5f8647ce5 
THE BUG
=======
Issue #94 flagged: the active config's fallback_model pointed to
Google Gemini cloud. The enabled Health Monitor cron job had
model=null, provider=null — so it inherited whatever the config
defaulted to. If the default was ever accidentally changed back
to cloud, every 5-minute cron tick would phone home.

THE FIX
=======

config.yaml:
  - fallback_model → local Ollama (hermes3:latest on localhost:11434)
  - Google Gemini custom_provider → renamed '(emergency only)'
  - tts.openai.model → disabled (use edge TTS locally)

cron/jobs.json:
  - Health Monitor → explicit model/provider/base_url fields
  - No enabled job can ever inherit cloud defaults again

tests/test_sovereignty_enforcement.py (NEW — 13 tests):
  - Default model is localhost
  - Fallback model is localhost (the #94 fix)
  - No enabled cron has null model/provider
  - No enabled cron uses cloud URLs
  - First custom_provider is local
  - TTS and STT default to local

tests/test_local_runtime_defaults.py (UPDATED):
  - Now asserts fallback is Ollama, not Gemini

WHAT STILL WORKS
================
Google Gemini is still available for explicit override:
  hermes --model gemini-2.5-pro
It's just not automatic anymore. You have to ask for it.

FULL SUITE
==========
36/36 pass. Zero regressions.

Closes #94

Signed-off-by: gemini <gemini@hermes.local>
allegro merged commit 88e2509e18 into main 2026-03-31 19:06:39 +00:00
allegro deleted branch gemini/operational-hygiene 2026-03-31 19:06:40 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
assigned-claw-code
Queued for Code Claw (qwen/openrouter)
 assigned-kimi
Dispatched to Kimi via OpenClaw
 claw-code-done
Code Claw completed this task
 claw-code-in-progress
Code Claw is actively working
 enhancement
epic
kimi-done
Kimi completed this task
 kimi-in-progress
Kimi is actively working on this
 research
velocity-engine
Auto-generated by velocity engine
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok groq hermes kimi manus perplexity
No Assignees Timmy
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-config#107
Delete Branch "gemini/operational-hygiene"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?