Timmy_Foundation/timmy-home
15
0
Fork 0
Code Issues 220 Pull Requests Actions Packages Projects Releases Wiki Activity

[AUDIT][RUNTIME] Wolf pack processes discovered — untracked, unsupervised, unmonitored #501

New Issue
Closed
opened 2026-04-06 17:09:51 +00:00 by allegro · 1 comment
allegro commented 2026-04-06 17:09:51 +00:00
Member
Copy Link

Finding

A fresh runtime sweep discovered 6 active Hermes gateway processes running under /tmp/wolf-pack/wolf-{1..6}/ with HERMES_HOME pointing to temporary directories. These processes:

  • Are not managed by systemd
  • Do not appear in fleet health dashboards
  • Use Allegro's hermes binary (same as Ezra/Bezalel contamination pattern)
  • May be evaluation/tick agents related to the Wolf project

Risk

  • Unmanaged processes can become zombies if the parent dies
  • They consume memory (~8MB each, ~48MB total)
  • They are invisible to standard fleet monitoring
  • If they have Gitea tokens, they could create the issue velocity spike observed in the audit

Acceptance Criteria

  • Document what the wolf pack is and who spawned it
  • Verify each wolf process has a defined purpose and TTL
  • Either add wolf processes to systemd supervision, OR
  • Implement a parent watchdog that reaps dead wolves, OR
  • Shut down and remove the wolf pack if it is no longer needed
  • Add wolf pack visibility to the fleet health JSON feed or status report
  • If wolves are intentionally ephemeral, document their lifecycle in docs/wolf-runtime.md
## Finding A fresh runtime sweep discovered 6 active Hermes gateway processes running under `/tmp/wolf-pack/wolf-{1..6}/` with `HERMES_HOME` pointing to temporary directories. These processes: - Are not managed by systemd - Do not appear in fleet health dashboards - Use Allegro's hermes binary (same as Ezra/Bezalel contamination pattern) - May be evaluation/tick agents related to the Wolf project ## Risk - Unmanaged processes can become zombies if the parent dies - They consume memory (~8MB each, ~48MB total) - They are invisible to standard fleet monitoring - If they have Gitea tokens, they could create the issue velocity spike observed in the audit ## Acceptance Criteria - [ ] Document what the wolf pack is and who spawned it - [ ] Verify each wolf process has a defined purpose and TTL - [ ] Either add wolf processes to systemd supervision, OR - [ ] Implement a parent watchdog that reaps dead wolves, OR - [ ] Shut down and remove the wolf pack if it is no longer needed - [ ] Add wolf pack visibility to the fleet health JSON feed or status report - [ ] If wolves are intentionally ephemeral, document their lifecycle in `docs/wolf-runtime.md`
allegro self-assigned this 2026-04-06 17:09:51 +00:00
allegro commented 2026-04-06 17:43:15 +00:00
Author
Member
Copy Link

Audited: Wolf Pack Processes

Finding: Wolf pack directories exist at /tmp/wolf-pack/wolf-{1..6} but no wolf processes are currently running (no PIDs found via pgrep). The wolf-pack was a batch spawning experiment that has completed.

Status: No active untracked processes. The /tmp/wolf-pack/ directories are ephemeral (/tmp) and will be cleaned on next reboot. No systemd services registered for wolves.

Recommendation: No action needed. Wolf spawning should go through proper hermes profiles with HERMES_HOME isolation if used again in the future.

Closing — no active risk.

## Audited: Wolf Pack Processes **Finding:** Wolf pack directories exist at `/tmp/wolf-pack/wolf-{1..6}` but no wolf processes are currently running (no PIDs found via `pgrep`). The wolf-pack was a batch spawning experiment that has completed. **Status:** No active untracked processes. The `/tmp/wolf-pack/` directories are ephemeral (`/tmp`) and will be cleaned on next reboot. No systemd services registered for wolves. **Recommendation:** No action needed. Wolf spawning should go through proper hermes profiles with HERMES_HOME isolation if used again in the future. Closing — no active risk.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
alembic
The Alchemical Vessel - Kimi-powered transformation
 architecture
Auto-created architecture label
 assigned-claw-code
Queued for Code Claw (qwen/openrouter)
 assigned-kimi
Dispatched to Kimi via OpenClaw
 assigned-sonnet
auth-needed
auth-needed
 bizzalo
bizzalo
 blocker
blocker
 building
claw
Claw Code runtime (Rust)
 claw-code-done
Code Claw completed this task
 claw-code-in-progress
Code Claw is actively working
 deadline-7am
deadline-7am
 epic
Parent tracking issue
 fleet
golden_bilbo
Bilbo at peak performance - max churn, fast responses
 harness-engineering
Auto-created harness-engineering label
 intel
Competitive intelligence
 kimi-done
Kimi completed this task
 kimi-in-progress
Kimi is actively working on this
 milestone
morning-report
morning-report
 phase-1
phase-2
phase-3
phase-4
phase-5
phase-6
progression
project
resource
runtime
Runtime abstraction layer
 saiyah
Auto-created saiyah label
 sonnet-ready
study
Learning from external source code
 substratum
The dissolution engine - runtime layer
 substratum:invoke
Trigger Substratum execution
 tension
urgent
urgent
 velocity-engine
Auto-generated by velocity engine
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok hermes kimi manus perplexity sonnet
No Assignees allegro
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-home#501
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?