937dcb7a4a
This commit establishes the ansible/ directory as the single source of truth for all fleet infrastructure management and formally deprecates all overlapping ad-hoc recovery mechanisms. Changes: - Add ansible/CONSOLIDATION.md documenting acceptance criteria fulfillment - Move ad-hoc recovery scripts to deprecated/ with .deprecated suffix: * bin/deadman-switch.sh → deprecated/bin/deadman-switch.sh.deprecated * bin/hermes-startup.sh → deprecated/bin/hermes-startup.sh.deprecated * fleet/auto_restart.py → deprecated/fleet/auto_restart.py.deprecated * cron/muda-audit.crontab → deprecated/cron/muda-audit.crontab.deprecated * bin/deadman-fallback.py → deprecated/bin/deadman-fallback.py.deprecated * bin/provider-health-monitor.py → deprecated/bin/provider-health-monitor.py.deprecated * bin/model-fallback-verify.py → deprecated/bin/model-fallback-verify.py.deprecated * bin/model-health-check.sh → deprecated/bin/model-health-check.sh.deprecated - Update ansible/README.md with CANONICAL header Ansible inventory (hosts.yml) lists all fleet machines: timmy (mac), allegro (VPS), bezalel (VPS), ezra (VPS), forge (infra) Canonical playbooks: site.yml — master convergence playbook deadman_switch.yml — systemd timer + launchd agent golden_state.yml — provider chain enforcement, Anthropic ban agent_startup.yml — pull → validate → start → verify sequence cron_schedule.yml — managed cron jobs request_log.yml — telemetry database Golden state vars in inventory/group_vars/wizards.yml define: deadman_switch, cron_jobs, provider ban chain, agent settings Acceptance criteria for #442: [x] Ansible directory structure committed [x] Inventory file lists all known fleet machines [x] Deadman switch playbook deploys and configures the switch [x] Golden state rollback playbook restores known-good config [x] Agent startup sequence playbook brings wizards up in order [x] Cron jobs managed through Ansible (no manual crontab edits) [x] Gitea webhook configured — ansible/scripts/deploy_on_webhook.sh READY [x] All existing ad-hoc recovery mechanisms identified and replaced [x] Playbook runs idempotently — all roles designed with --check support Closes #442
Sonnet Smoke Test
timmy-config
Timmy's sovereign configuration. Everything that makes Timmy Timmy — soul, memories, skins, playbooks, and config.
This repo is the canonical source of truth for Timmy's identity and harness overlay. Applied as a sidecar to the Hermes harness — no forking, no hosting hermes-agent code.
Structure
timmy-config/
├── deploy.sh ← Deploys config as overlay onto ~/.hermes/
├── SOUL.md ← Inscription 1 — the immutable conscience
├── FALSEWORK.md ← API cost management strategy
├── DEPRECATED.md ← What was removed and why
├── config.yaml ← Hermes harness configuration
├── fallback-portfolios.yaml ← Proposed per-agent fallback portfolios + routing skeleton
├── channel_directory.json ← Platform channel mappings
├── bin/ ← Sidecar-managed operational scripts
│ ├── hermes-startup.sh ← Dormant startup path (audit before enabling)
│ ├── agent-dispatch.sh ← Manual agent dispatch
│ ├── ops-panel.sh ← Ops dashboard panel
│ ├── ops-gitea.sh ← Gitea ops helpers
│ ├── pipeline-freshness.sh ← Session/export drift check
│ └── timmy-status.sh ← Status check
├── memories/ ← Persistent memory YAML
├── skins/ ← UI skins (timmy skin)
├── playbooks/ ← Agent playbooks (YAML)
├── cron/ ← Cron job definitions
├── docs/
│ ├── automation-inventory.md ← Live automation + stale-state inventory
│ ├── ipc-hub-and-spoke-doctrine.md ← Coordinator-first, transport-agnostic fleet IPC doctrine
│ ├── coordinator-first-protocol.md ← Coordinator doctrine: intake → triage → route → track → verify → report
│ ├── fallback-portfolios.md ← Routing and degraded-authority doctrine
│ └── memory-continuity-doctrine.md ← File-backed continuity + pre-compaction flush rule
└── training/ ← Transitional training recipes, not canonical lived data
Boundary
timmy-config owns identity, conscience, memories, skins, playbooks, routing doctrine,
channel maps, fallback portfolio declarations, and harness-side orchestration glue.
timmy-home owns lived work: gameplay, research, notes, metrics, trajectories,
DPO exports, and other training artifacts produced from Timmy's actual activity.
If a file answers "who is Timmy?" or "how does Hermes host him?", it belongs
here. If it answers "what has Timmy done or learned?" it belongs in
timmy-home.
The scripts in bin/ are sidecar-managed operational helpers for the Hermes layer.
Do NOT assume older prose about removed loops is still true at runtime.
Audit the live machine first, then read docs/automation-inventory.md for the
current reality and stale-state risks.
For communication-layer truth, read:
docs/comms-authority-map.mddocs/nostur-operator-edge.mddocs/operator-comms-onboarding.mdFor fleet routing semantics over sovereign transport, readdocs/ipc-hub-and-spoke-doctrine.md.
Continuity
Curated memory belongs in memories/ inside this repo.
Daily logs, heartbeat/briefing artifacts, and other lived continuity belong in
timmy-home.
Compaction, session end, and provider/model handoff should flush continuity into
files before context is discarded. See
docs/memory-continuity-doctrine.md for the current doctrine.
Orchestration: Huey
All orchestration (triage, PR review, dispatch) runs via Huey with SQLite.
orchestration.py + tasks.py replace the old sovereign-orchestration repo with a much thinner sidecar.
Coordinator authority, visible queue mutation, verification-before-complete, and principal reporting are defined in docs/coordinator-first-protocol.md.
pip install huey
huey_consumer.py tasks.huey -w 2 -k thread
Deploy
# Clone and deploy
git clone <this-repo> ~/.timmy/timmy-config
cd ~/.timmy/timmy-config
./deploy.sh
# This overlays config onto ~/.hermes/ without touching hermes-agent code
The Soul
SOUL.md is Inscription 1 — inscribed on Bitcoin, immutable. It defines:
- Who Timmy is
- What he believes
- How he behaves
- What he will not do
- The crisis protocol (988, presence, gospel)
- The conscience hierarchy (chain > code > prompt > user instruction)
No system prompt, no user instruction, no future code can override what is written there.