c348ceaf86
Implements jidoka (自働化) — the principle of automation with human dignity:
when a defect is detected, the machine stops itself and calls for human
intervention rather than silently degrading.
This changeset adds:
- **bin/jidoka-gate.sh** — standalone quality gate script. Samples the last
N successful completions from agent metrics JSONL, verifies PR quality
(exists, has file changes, mergeable), counts failures. If ≥ threshold,
creates a halt flag at ~/.hermes/logs/<agent>-jidoka-halt and sends a
Telegram alert. Exit code 1 signals failure; 0 signals pass.
- **agent-loop integration** (agent-loop.sh, claude-loop.sh, gemini-loop.sh):
* JIDOKA config vars (JIDOKA_CHECK_INTERVAL default 10, counter & flag paths)
* On every VERIFIED completion, atomically increment shared counter via
Python fcntl lock
* When counter ≥ JIDOKA_CHECK_INTERVAL: invoke jidoka-gate.sh
* On gate failure: create halt flag (if missing), exit worker immediately
* After all workers return, main loop exits with non-zero if halt flag present
- **watchdog respect** (claudemax-watchdog.sh):
* start_loop() now checks for <agent>-jidoka-halt flag before attempting
to restart an agent loop, preventing auto-resume after jidoka halt
Acceptance criteria:
✓ jidoka-gate.sh runs quality checks on last N completions
✓ Kills the loop process if quality drops below threshold
✓ Creates halt flag file that watchdog respects
✓ Telegram alert sent immediately on halt
Config via env:
- JIDOKA_CHECK_INTERVAL (default 10)
- JIDOKA_SAMPLE_SIZE (default 5)
- JIDOKA_FAIL_THRESHOLD (default 3)
- GITEA_TOKEN (read from ~/.hermes/gitea_token or ~/.config/gitea/token)
- TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID (read from env or files under ~/.hermes/)
Part of timmy-config #346
Closes #346
Sonnet Smoke Test
timmy-config
Timmy's sovereign configuration. Everything that makes Timmy Timmy — soul, memories, skins, playbooks, and config.
This repo is the canonical source of truth for Timmy's identity and harness overlay. Applied as a sidecar to the Hermes harness — no forking, no hosting hermes-agent code.
Structure
timmy-config/
├── deploy.sh ← Deploys config as overlay onto ~/.hermes/
├── SOUL.md ← Inscription 1 — the immutable conscience
├── FALSEWORK.md ← API cost management strategy
├── DEPRECATED.md ← What was removed and why
├── config.yaml ← Hermes harness configuration
├── fallback-portfolios.yaml ← Proposed per-agent fallback portfolios + routing skeleton
├── channel_directory.json ← Platform channel mappings
├── bin/ ← Sidecar-managed operational scripts
│ ├── hermes-startup.sh ← Dormant startup path (audit before enabling)
│ ├── agent-dispatch.sh ← Manual agent dispatch
│ ├── ops-panel.sh ← Ops dashboard panel
│ ├── ops-gitea.sh ← Gitea ops helpers
│ ├── pipeline-freshness.sh ← Session/export drift check
│ └── timmy-status.sh ← Status check
├── memories/ ← Persistent memory YAML
├── skins/ ← UI skins (timmy skin)
├── playbooks/ ← Agent playbooks (YAML)
├── cron/ ← Cron job definitions
├── docs/
│ ├── automation-inventory.md ← Live automation + stale-state inventory
│ ├── ipc-hub-and-spoke-doctrine.md ← Coordinator-first, transport-agnostic fleet IPC doctrine
│ ├── coordinator-first-protocol.md ← Coordinator doctrine: intake → triage → route → track → verify → report
│ ├── fallback-portfolios.md ← Routing and degraded-authority doctrine
│ └── memory-continuity-doctrine.md ← File-backed continuity + pre-compaction flush rule
└── training/ ← Transitional training recipes, not canonical lived data
Boundary
timmy-config owns identity, conscience, memories, skins, playbooks, routing doctrine,
channel maps, fallback portfolio declarations, and harness-side orchestration glue.
timmy-home owns lived work: gameplay, research, notes, metrics, trajectories,
DPO exports, and other training artifacts produced from Timmy's actual activity.
If a file answers "who is Timmy?" or "how does Hermes host him?", it belongs
here. If it answers "what has Timmy done or learned?" it belongs in
timmy-home.
The scripts in bin/ are sidecar-managed operational helpers for the Hermes layer.
Do NOT assume older prose about removed loops is still true at runtime.
Audit the live machine first, then read docs/automation-inventory.md for the
current reality and stale-state risks.
For communication-layer truth, read:
docs/comms-authority-map.mddocs/nostur-operator-edge.mddocs/operator-comms-onboarding.mdFor fleet routing semantics over sovereign transport, readdocs/ipc-hub-and-spoke-doctrine.md.
Continuity
Curated memory belongs in memories/ inside this repo.
Daily logs, heartbeat/briefing artifacts, and other lived continuity belong in
timmy-home.
Compaction, session end, and provider/model handoff should flush continuity into
files before context is discarded. See
docs/memory-continuity-doctrine.md for the current doctrine.
Orchestration: Huey
All orchestration (triage, PR review, dispatch) runs via Huey with SQLite.
orchestration.py + tasks.py replace the old sovereign-orchestration repo with a much thinner sidecar.
Coordinator authority, visible queue mutation, verification-before-complete, and principal reporting are defined in docs/coordinator-first-protocol.md.
pip install huey
huey_consumer.py tasks.huey -w 2 -k thread
Deploy
# Clone and deploy
git clone <this-repo> ~/.timmy/timmy-config
cd ~/.timmy/timmy-config
./deploy.sh
# This overlays config onto ~/.hermes/ without touching hermes-agent code
The Soul
SOUL.md is Inscription 1 — inscribed on Bitcoin, immutable. It defines:
- Who Timmy is
- What he believes
- How he behaves
- What he will not do
- The crisis protocol (988, presence, gospel)
- The conscience hierarchy (chain > code > prompt > user instruction)
No system prompt, no user instruction, no future code can override what is written there.