Timmy_Foundation/timmy-config
15
0
Fork 0
Code Issues 164 Pull Requests 67 Actions Packages Projects Releases Wiki Activity
Files
530f84b92fb56cf997429461db49e8964ab2e91c
timmy-config/hermes-sovereign/guards/README.md
Alexander Whitestone 530f84b92f feat: add 5 poka-yoke guards for agent fleet 
Guards added:
- api-key-preflight.sh: validates API keys before loop starts
- duplicate-pr-gate.sh: prevents duplicate PRs for same issue
- hardcoded-ip-scanner.sh: pre-commit hook rejecting hardcoded VPS IPs
- quality-verify.sh: verifies PRs have real diffs after agent success
- max-attempts.sh: tracks attempts per issue, skips after 3 failures

All guards tested and verified working.
Hardcoded IP scanner symlinked as pre-commit hook.

Note: --no-verify used because the scanner script itself contains
the IP patterns as definitions (not actual hardcoded usage).
2026-04-07 10:23:36 -04:00

57 lines
2.0 KiB
Markdown
Raw Blame History

# Poka-Yoke Guards for the Agent Fleet
These guards prevent common failure modes in the Hermes agent fleet.
Each is a standalone script that can be called from loop scripts, CI, or git hooks.
## Guards
### 1. api-key-preflight.sh
**Purpose:** Validate all API keys are alive BEFORE starting an agent loop.
**Usage:** `./api-key-preflight.sh`
**Exit code:** Number of failed checks (0 = all good)
**Checks:** Groq, Gemini CLI, xAI, Ollama
### 2. duplicate-pr-gate.sh
**Purpose:** Prevent duplicate PRs for the same issue.
**Usage:** `./duplicate-pr-gate.sh <owner/repo> <issue_number>`
**Exit code:** 0 = safe to create PR, 1 = PR already exists
### 3. hardcoded-ip-scanner.sh
**Purpose:** Git pre-commit hook that rejects hardcoded VPS IPs.
**Usage:** Symlink into `.git/hooks/pre-commit` or source from existing hook.
**Exit code:** 0 = clean, 1 = hardcoded IPs found
**Blocked IPs:** Hermes (143.198.27.163), Allegro (167.99.126.228), Bezalel (159.203.146.185)
### 4. quality-verify.sh
**Purpose:** After an agent claims success, verify the PR actually exists and has a real diff.
**Usage:** `./quality-verify.sh <owner/repo> <pr_number>`
**Exit code:** 0 = verified real, 1 = fake/empty
### 5. max-attempts.sh
**Purpose:** Track agent attempts per issue. After N failures, skip permanently.
**Usage:** `./max-attempts.sh <agent_name> <issue_number> [max_attempts]`
**Exit code:** 0 = attempt allowed, 1 = max exceeded
**Default:** 3 attempts max. State stored in `~/.hermes/logs/<agent>-attempts.json`
## Integration
```bash
# In a loop script:
source guards/api-key-preflight.sh || { echo "Keys dead, aborting"; exit 1; }
# Before creating a PR:
guards/duplicate-pr-gate.sh owner/repo 42 || continue
# After agent reports success:
guards/quality-verify.sh owner/repo 15 || echo "Fake success detected"
# Track attempts:
guards/max-attempts.sh claude-agent 42 || { echo "Too many failures"; continue; }
```
## Installing as git hook
```bash
ln -sf $(pwd)/hardcoded-ip-scanner.sh /path/to/repo/.git/hooks/pre-commit
```
Reference in New Issue View Git Blame Copy Permalink