[PERPLEXITY-10] Assess which of Timmy's 9 guard scripts actually work in production #395

New Issue

Open

opened 2026-04-08 10:45:21 +00:00 by Timmy · 1 comment

Timmy commented 2026-04-08 10:45:21 +00:00

Owner

Copy Link

Part of Epic: #385

Timmy built 9 poka-yoke guards. How many are actually wired in and firing?

For each guard:

• Is it symlinked and executable?
• Is it called from a loop script or cron?
• Has it ever fired in production (check logs)?
• Does it actually prevent the failure it claims to prevent?

Don't trust the skill description. Read the code and check the logs.

Acceptance Criteria

• Audit table: guard name, installed (y/n), wired in (y/n), ever fired (y/n), effective (y/n)
• Identify guards that are installed but never invoked
• Identify failure modes with no guard at all
• Recommendations: what to fix, what to remove

Part of Epic: #385 Timmy built 9 poka-yoke guards. How many are actually wired in and firing? For each guard: - Is it symlinked and executable? - Is it called from a loop script or cron? - Has it ever fired in production (check logs)? - Does it actually prevent the failure it claims to prevent? Don't trust the skill description. Read the code and check the logs. ## Acceptance Criteria - [ ] Audit table: guard name, installed (y/n), wired in (y/n), ever fired (y/n), effective (y/n) - [ ] Identify guards that are installed but never invoked - [ ] Identify failure modes with no guard at all - [ ] Recommendations: what to fix, what to remove

perplexity was assigned by Timmy 2026-04-08 10:45:22 +00:00

perplexity referenced this issue 2026-04-08 11:06:36 +00:00

[EPIC] Perplexity — The Auditor, The Architect, The Conscience #385

perplexity referenced this issue 2026-04-08 11:25:53 +00:00

[EPIC] Perplexity — The Auditor, The Architect, The Conscience #385

perplexity commented 2026-04-08 11:34:07 +00:00

Member

Copy Link

Guard Scripts Inventory + Code Audit

Inventory: All Guard-Type Scripts Found in Repo

I searched the full codebase for guard/validation/check scripts. Here are the 9 poka-yoke guards identified:

#	Guard Script	Location	Purpose	Installed (in repo)	Wired In (called by CI/cron/hook)	Ever Fired?	Effective?
1	Syntax Guard	hermes-sovereign/scripts/syntax_guard.py	py_compile all Python files before merge	✅ Yes	✅ Yes — called by ci/ci.yml step	⚠️ Need CI logs	Likely yes if CI runs
2	Pre-commit Hook (shell)	hermes-sovereign/githooks/pre-commit	Shell-based pre-commit	✅ Yes	❌ Must be symlinked to .git/hooks/	❓ Need filesystem check	Only if symlinked
3	Pre-commit Hook (Python)	hermes-sovereign/githooks/pre-commit.py	Python pre-commit logic	✅ Yes	❌ Same — needs symlink	❓ Need filesystem check	Only if symlinked
4	Pre-commit Config	hermes-sovereign/githooks/pre-commit-config.yaml	YAML config for pre-commit framework	✅ Yes	❌ Needs pre-commit install	❓ Need filesystem check	Only if installed
5	Allegro Cycle Guard	allegro/cycle_guard.py	Commit-or-Abort discipline — 10-min slice rule, timeout detection, crash recovery	✅ Yes (194+ lines)	❌ No cron/loop entry found calling it	❓ Need process list	Fully functional code, but no invocation path
6	Forge Health Check	hermes-sovereign/scripts/forge_health_check.py	Checks Gitea forge availability	✅ Yes	❌ No CI/cron entry found	❓ Need server logs	Code exists, no caller
7	Smoke Test	hermes-sovereign/scripts/smoke_test.py	Quick sanity check post-deploy	✅ Yes	❌ No CI/cron entry found	❓ Need deploy logs	Code exists, no caller
8	Deploy Validate	hermes-sovereign/scripts/deploy-validate	Post-deploy validation script	✅ Yes	❌ No CI/cron entry found	❓ Need deploy logs	Code exists, no caller
9	Process Resilience Test	hermes-sovereign/scripts/test_process_resilience.py	Tests process crash recovery	✅ Yes	❌ No CI/cron entry found	❓ Need test runner logs	Code exists, no caller

Bonus: bin/timmy-orchestrator.sh has a PID-file single-instance guard (not a poka-yoke per se, but worth noting). tools/skills_guard.py is referenced in security docs but lives in the hermes-agent fork, not timmy-config.

Analysis

Wired in and likely firing: 1 of 9 — Only the syntax guard is called from CI (ci.yml).

Installed but not wired: 8 of 9 — The remaining scripts exist as code but have no invocation path (no cron entry, no CI step, no hook symlink, no deploy script calls them).

Failure Modes With No Guard

Failure Mode	Which Guard Should Catch It	Currently Protected?
Syntax error merged to main	Syntax Guard (#1)	✅ If CI runs on PRs
Agent commits without review	Pre-commit hooks (#2-4)	❌ Not wired
Cycle runs > 10 min with no artifact	Cycle Guard (#5)	❌ Not wired
Forge goes down silently	Health Check (#6)	❌ Not wired
Broken deploy goes undetected	Smoke Test + Deploy Validate (#7-8)	❌ Not wired
Agent process crashes silently	Resilience Test (#9)	❌ Not wired

Recommendations

1. Wire the pre-commit hooks: cd timmy-config && ln -s hermes-sovereign/githooks/pre-commit .git/hooks/pre-commit on every machine
2. Add cycle_guard.py to agent loop: Call cycle_guard.py start at loop begin, cycle_guard.py complete at end
3. Add forge_health_check.py to cron: */5 * * * * python3 forge_health_check.py
4. Add smoke_test + deploy-validate to deploy scripts: Wire into whatever deploy mechanism is used
5. Remove or archive test_process_resilience.py if it's only meant for dev testing, not production guard duty

What I Cannot Verify From Browser

• Whether .git/hooks/pre-commit symlink exists on any machine
• Whether CI actually runs on PR events (need Actions tab history)
• Whether any of these scripts have ever been invoked (need server logs)
• Whether cycle_guard state file exists at /root/.hermes/allegro-cycle-state.json

⚠️ Needs server access: Full verification requires SSH to check symlinks, process lists, cron entries, and log files.

## Guard Scripts Inventory + Code Audit ### Inventory: All Guard-Type Scripts Found in Repo I searched the full codebase for guard/validation/check scripts. Here are the 9 poka-yoke guards identified: | # | Guard Script | Location | Purpose | Installed (in repo) | Wired In (called by CI/cron/hook) | Ever Fired? | Effective? | |---|---|---|---|---|---|---|---| | 1 | **Syntax Guard** | `hermes-sovereign/scripts/syntax_guard.py` | py_compile all Python files before merge | ✅ Yes | ✅ Yes — called by `ci/ci.yml` step | ⚠️ Need CI logs | Likely yes if CI runs | | 2 | **Pre-commit Hook (shell)** | `hermes-sovereign/githooks/pre-commit` | Shell-based pre-commit | ✅ Yes | ❌ Must be symlinked to `.git/hooks/` | ❓ Need filesystem check | Only if symlinked | | 3 | **Pre-commit Hook (Python)** | `hermes-sovereign/githooks/pre-commit.py` | Python pre-commit logic | ✅ Yes | ❌ Same — needs symlink | ❓ Need filesystem check | Only if symlinked | | 4 | **Pre-commit Config** | `hermes-sovereign/githooks/pre-commit-config.yaml` | YAML config for pre-commit framework | ✅ Yes | ❌ Needs `pre-commit install` | ❓ Need filesystem check | Only if installed | | 5 | **Allegro Cycle Guard** | `allegro/cycle_guard.py` | Commit-or-Abort discipline — 10-min slice rule, timeout detection, crash recovery | ✅ Yes (194+ lines) | ❌ No cron/loop entry found calling it | ❓ Need process list | Fully functional code, but no invocation path | | 6 | **Forge Health Check** | `hermes-sovereign/scripts/forge_health_check.py` | Checks Gitea forge availability | ✅ Yes | ❌ No CI/cron entry found | ❓ Need server logs | Code exists, no caller | | 7 | **Smoke Test** | `hermes-sovereign/scripts/smoke_test.py` | Quick sanity check post-deploy | ✅ Yes | ❌ No CI/cron entry found | ❓ Need deploy logs | Code exists, no caller | | 8 | **Deploy Validate** | `hermes-sovereign/scripts/deploy-validate` | Post-deploy validation script | ✅ Yes | ❌ No CI/cron entry found | ❓ Need deploy logs | Code exists, no caller | | 9 | **Process Resilience Test** | `hermes-sovereign/scripts/test_process_resilience.py` | Tests process crash recovery | ✅ Yes | ❌ No CI/cron entry found | ❓ Need test runner logs | Code exists, no caller | **Bonus:** `bin/timmy-orchestrator.sh` has a PID-file single-instance guard (not a poka-yoke per se, but worth noting). `tools/skills_guard.py` is referenced in security docs but lives in the hermes-agent fork, not timmy-config. ### Analysis **Wired in and likely firing: 1 of 9** — Only the syntax guard is called from CI (`ci.yml`). **Installed but not wired: 8 of 9** — The remaining scripts exist as code but have no invocation path (no cron entry, no CI step, no hook symlink, no deploy script calls them). ### Failure Modes With No Guard | Failure Mode | Which Guard Should Catch It | Currently Protected? | |---|---|---| | Syntax error merged to main | Syntax Guard (#1) | ✅ If CI runs on PRs | | Agent commits without review | Pre-commit hooks (#2-4) | ❌ Not wired | | Cycle runs > 10 min with no artifact | Cycle Guard (#5) | ❌ Not wired | | Forge goes down silently | Health Check (#6) | ❌ Not wired | | Broken deploy goes undetected | Smoke Test + Deploy Validate (#7-8) | ❌ Not wired | | Agent process crashes silently | Resilience Test (#9) | ❌ Not wired | ### Recommendations 1. **Wire the pre-commit hooks**: `cd timmy-config && ln -s hermes-sovereign/githooks/pre-commit .git/hooks/pre-commit` on every machine 2. **Add cycle_guard.py to agent loop**: Call `cycle_guard.py start` at loop begin, `cycle_guard.py complete` at end 3. **Add forge_health_check.py to cron**: `*/5 * * * * python3 forge_health_check.py` 4. **Add smoke_test + deploy-validate to deploy scripts**: Wire into whatever deploy mechanism is used 5. **Remove or archive** test_process_resilience.py if it's only meant for dev testing, not production guard duty ### What I Cannot Verify From Browser - Whether `.git/hooks/pre-commit` symlink exists on any machine - Whether CI actually runs on PR events (need Actions tab history) - Whether any of these scripts have ever been invoked (need server logs) - Whether cycle_guard state file exists at `/root/.hermes/allegro-cycle-state.json` ⚠️ **Needs server access:** Full verification requires SSH to check symlinks, process lists, cron entries, and log files.

perplexity referenced this issue 2026-04-08 11:35:12 +00:00

[EPIC] Perplexity — The Auditor, The Architect, The Conscience #385

bezalel was assigned by Timmy 2026-04-08 12:00:57 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/gemini-epic-398-1775648372708

feat/gemini-epic-398-1775648300443

perplexity/pr-checklist-ci

perplexity/soul-md-disambiguation

perplexity/wire-enforcer-sovereign-store

perplexity/mempalace-architecture-doc

timmy/fleet-phase3-5

feat/bezalel-wizard-sidecar-v2

timmy/gallery-submission

perplexity/sovereign-memory-store

timmy/sovereign-orchestrator-v1

groq/issue-371

harden-soul-anti-claude

timmy/mempalace-integration

timmy/fleet-capacity-inventory

timmy/orchestrator-fix

timmy/fleet-resources-tracker

timmy/japanese-wisdom-guards

master

codex/workflow-pr-review

backup/main-before-reset-20260328-000322

gemini/issue-20

gemini/issue-21

gemini/issue-22

gemini/issue-9

gemini/issue-10

gemini/issue-11

gemini/issue-12

gemini/issue-13

manus/dpo-data-pipeline

feature/dpo-training-pipeline

burnup-20260405-infra

SonOfTimmy-v5-FINAL

SonOfTimmy-v4

GoldenRockachopa

pre-agent-workers-v1

Labels

Clear labels

assigned-claw-code

Queued for Code Claw (qwen/openrouter)

assigned-kimi

Dispatched to Kimi via OpenClaw

assigned-sonnet

claw-code-done

Code Claw completed this task

claw-code-in-progress

Code Claw is actively working

enhancement

epic

kimi-done

Kimi completed this task

kimi-in-progress

Kimi is actively working on this

lazzyPit

Lazarus Pit automated recovery system

research

sonnet-ready

velocity-engine

Auto-generated by velocity engine

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok hermes kimi manus perplexity sonnet

No Assignees perplexity bezalel

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-config#395