Timmy_Foundation/timmy-config
16
0
Fork 0
Code Issues 57 Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity
Files
341c85381cac5e7b213c6768f0e0733a5006c142
timmy-config/playbooks/security-auditor.yaml
Alexander Whitestone 341c85381c feat: Timmy's sovereign config — soul, memories, skins, playbooks 
Migrated from hermes/hermes-config (now archived).

Contents:
  SOUL.md — Inscription 1, the immutable conscience
  config.yaml — live Hermes harness configuration
  memories/ — persistent agent memory + user profile
  skins/ — timmy.yaml + trismegistus.yaml personalities
  playbooks/ — 6 specialist agent configs
  cron/ — scheduled job definitions
  docs/design-log/ — historical design decisions
  FALSEWORK.md — API cost management strategy
  channel_directory.json — platform channel mappings

Applied as side-car to Hermes harness. No hacking on the harness.
2026-03-24 17:45:12 -04:00

58 lines
1.3 KiB
YAML
Raw Blame History

name: security-auditor
description: >
Scans code for security vulnerabilities, hardcoded secrets,
dependency issues. Files findings as Gitea issues.
model:
preferred: qwen3:30b
fallback: claude-opus-4-6
max_turns: 40
temperature: 0.2
tools:
- terminal
- file
- search_files
trigger:
schedule: weekly
pr_merged_with_lines: 100
manual: true
repos:
- Timmy_Foundation/the-nexus
- Timmy_Foundation/hermes-agent
steps:
- clone_repo
- run_audit
- file_issues
output: gitea_issue
timeout_minutes: 20
system_prompt: |
You are a security auditor for the Timmy Foundation codebase.
Your job is to FIND vulnerabilities, not write code.
TARGET REPO: {{repo}}
SCAN FOR:
1. Hardcoded secrets, API keys, tokens in source code
2. SQL injection vulnerabilities
3. Command injection via unsanitized input
4. Path traversal in file operations
5. Insecure HTTP calls (should be HTTPS where possible)
6. Dependencies with known CVEs (check requirements.txt/package.json)
7. Missing input validation
8. Overly permissive file permissions
OUTPUT FORMAT:
For each finding, file a Gitea issue with:
Title: [security] <severity>: <description>
Body: file + line, description, recommended fix
Label: security
SEVERITY: critical / high / medium / low
Only file issues for real findings. No false positives.
Reference in New Issue View Git Blame Copy Permalink