@agentikos/omega-os 0.19.13 → 0.19.14

package/bootstrap/lib/steps.sh

@@ -865,37 +865,55 @@ _claude_plugins_prompt_checklist() {
 
 # --- 50 -----------------------------------------------------------------------
 step_telegram() {
-  local token chat_id
-  ask token "Telegram bot token (from @BotFather)" "${TELEGRAM_TOKEN:-}"
-  if [ -z "$token" ]; then
-    err "a Telegram bot token is required (or install with --profile minimal)"
+  # Two distinct bots in the corrected v0.19.14 model:
+  #   * AISB bot (token A)   — REQUIRED. Runs missions on Max OAuth.
+  #   * Hermès bot (token H) — OPTIONAL. Meta-companion on Anthropic API.
+  # And one optional API key (ANTHROPIC_API_KEY_HERMES) gating Hermès AI.
+  # Old `TELEGRAM_TOKEN` is treated as the AISB token (back-compat).
+  local aisb_token hermes_token anthropic_key chat_id
+
+  # 1. AISB bot — required.
+  info "AISB bot — required. Talks to OmegaOS on Claude Max OAuth."
+  ask aisb_token "AISB Telegram bot token (from @BotFather)" "${TELEGRAM_TOKEN_AISB:-${TELEGRAM_TOKEN:-}}"
+  if [ -z "$aisb_token" ]; then
+    err "an AISB bot token is required (or install with --profile minimal)"
     return 1
   fi
   if have curl; then
-    if ! curl -s "https://api.telegram.org/bot${token}/getMe" | grep -q '"ok":true'; then
-      err "Telegram token rejected by the API"
+    if ! curl -s "https://api.telegram.org/bot${aisb_token}/getMe" | grep -q '"ok":true'; then
+      err "AISB Telegram token rejected by the API"
       return 1
     fi
   fi
+
   local sec="$OMEGA_HOME/Agentik_Extra/etc/secrets"
   mkdir -p "$sec"
-  printf 'TELEGRAM_TOKEN=%s\n' "$token" > "$sec/telegram.env"
+  # Write a single .env file consumed by both daemons; vault still holds
+  # the canonical encrypted copy.
+  {
+    echo "# Generated by OmegaOS install — do not edit by hand."
+    echo "# AISB bot (OmegaOS-native, Claude Max OAuth)"
+    printf 'TELEGRAM_TOKEN_AISB=%s\n' "$aisb_token"
+    printf 'TELEGRAM_TOKEN=%s\n' "$aisb_token"   # back-compat alias
+  } > "$sec/telegram.env"
   chmod 600 "$sec/telegram.env"
-  # Also write the token into the encrypted vault for the new code path.
-  python3 - "$OMEGA_HOME" "$token" <<'PY' || true
+  python3 - "$OMEGA_HOME" "$aisb_token" <<'PY' || true
 import sys
 from pathlib import Path
 home = Path(sys.argv[1])
 sys.path.insert(0, str(home / "Agentik_Engine"))
 try:
     from omega_engine.vault import vault_write
+    # Write under BOTH names so old code paths reading TELEGRAM_TOKEN keep
+    # working without a separate migration step.
+    vault_write(home, "TELEGRAM_TOKEN_AISB", sys.argv[2])
     vault_write(home, "TELEGRAM_TOKEN", sys.argv[2])
 except Exception as exc:
     print(f"(vault write skipped: {exc})")
 PY
-  ok "Telegram bot validated and wired"
+  ok "AISB Telegram bot validated and wired"
 
-  # Capture the forum group chat id — manifest first, then prompt.
+  # 2. AISB group chat id — same as before (scopes missions to a group).
   chat_id="$(python3 - "$MANIFEST" <<'PY' 2>/dev/null || true
 import sys, yaml
 try:
@@ -906,14 +924,11 @@ except Exception:
     print('')
 PY
 )"
-  chat_id="${chat_id//$'\n'/}"
+  chat_id="$(printf '%s' "$chat_id" | tr -d '\n ')"
   if [ -z "$chat_id" ]; then
-    ask chat_id "Telegram forum group chat id (e.g. -1001234567890; blank to set later)" ""
+    ask chat_id "AISB forum group chat id (e.g. -1001234567890; blank to set later)" ""
   fi
   if [ -n "$chat_id" ]; then
-    python3 "$OMEGA_REPO/bootstrap/lib/manifest-helpers.py" telegram-chat-id \
-      "$MANIFEST" "$OMEGA_HOME" 2>/dev/null | sed 's/^/    /' || true
-    # When chat_id came from the prompt (not the manifest), persist directly.
     python3 - "$OMEGA_HOME" "$chat_id" <<'PY' || true
 import sys
 from pathlib import Path
@@ -922,12 +937,59 @@ sys.path.insert(0, str(home / "Agentik_Engine"))
 try:
     from omega_engine.vault import vault_write
     vault_write(home, "TELEGRAM_GROUP_ID", sys.argv[2])
-    print(f"Telegram group_chat_id stored: {sys.argv[2]}")
+    print(f"AISB group chat_id stored: {sys.argv[2]}")
 except Exception as exc:
     print(f"(vault write skipped: {exc})")
 PY
   else
-    info "no Telegram group_chat_id captured — set later with \`omega telegram set-group <id>\`"
+    info "no AISB group_chat_id captured — set later with \`omega telegram set-group <id>\`"
+  fi
+
+  # 3. Hermès bot — OPTIONAL. Skip cleanly if the operator just hits Enter.
+  echo
+  info "Hermès bot — OPTIONAL. Meta-companion on Anthropic API (you pay per call)."
+  info "  Skip both prompts if you don't want Hermès yet — OmegaOS works fully without it."
+  ask hermes_token "Hermès Telegram bot token (blank = skip Hermès)" "${TELEGRAM_TOKEN_HERMES:-}"
+  if [ -n "$hermes_token" ]; then
+    if have curl; then
+      if ! curl -s "https://api.telegram.org/bot${hermes_token}/getMe" | grep -q '"ok":true'; then
+        err "Hermès Telegram token rejected by the API — continuing without Hermès"
+        hermes_token=""
+      fi
+    fi
+  fi
+  if [ -n "$hermes_token" ]; then
+    ask anthropic_key "Anthropic API key for Hermès (sk-ant-...; blank = set later)" \
+        "${ANTHROPIC_API_KEY_HERMES:-${ANTHROPIC_API_KEY:-}}"
+    {
+      echo "# Hermès bot (Layer 2 meta-companion, Anthropic API)"
+      printf 'TELEGRAM_TOKEN_HERMES=%s\n' "$hermes_token"
+    } >> "$sec/telegram.env"
+    if [ -n "$anthropic_key" ]; then
+      printf 'ANTHROPIC_API_KEY_HERMES=%s\n' "$anthropic_key" >> "$sec/telegram.env"
+    fi
+    chmod 600 "$sec/telegram.env"
+    python3 - "$OMEGA_HOME" "$hermes_token" "$anthropic_key" <<'PY' || true
+import sys
+from pathlib import Path
+home = Path(sys.argv[1])
+sys.path.insert(0, str(home / "Agentik_Engine"))
+try:
+    from omega_engine.vault import vault_write
+    vault_write(home, "TELEGRAM_TOKEN_HERMES", sys.argv[2])
+    if sys.argv[3]:
+        vault_write(home, "ANTHROPIC_API_KEY_HERMES", sys.argv[3])
+except Exception as exc:
+    print(f"(vault write skipped: {exc})")
+PY
+    if [ -n "$anthropic_key" ]; then
+      ok "Hermès Telegram bot + Anthropic key wired"
+    else
+      info "Hermès Telegram bot wired (no Anthropic key yet — set with"
+      info "  omega vault write ANTHROPIC_API_KEY_HERMES <sk-ant-...>)"
+    fi
+  else
+    info "Hermès skipped — wire later with \`omega telegram setup-hermes\`"
   fi
   return 0
 }

package/omega/Agentik_Engine/omega_engine/__init__.py

@@ -188,7 +188,7 @@ from omega_engine.genesis import (
 )
 from omega_engine import plan as plan_v7
 
-__version__ = "0.19.13"
+__version__ = "0.19.14"
 
 __all__ = [
     "__version__",

package/omega/Agentik_Engine/omega_engine/hermes.py

@@ -248,19 +248,45 @@ def build_env(
     *,
     extra: dict[str, str] | None = None,
     creds_path: str | Path | None = None,
+    omega_home: str | Path | None = None,
 ) -> dict[str, str]:
     """Build the env dict for every Hermes invocation.
 
-    Injects ``CLAUDE_CODE_OAUTH_TOKEN`` from the live credentials file +
-    a few sane defaults (``HERMES_PROVIDER=anthropic``,
-    ``HERMES_MODEL=claude-opus-4-7``). Caller env wins via ``extra``.
+    v0.19.14 — Hermès now defaults to its OWN Anthropic API key (budget
+    isolation from the OmegaOS Claude Max OAuth):
+
+      1. ``ANTHROPIC_API_KEY_HERMES`` from the encrypted vault → primary.
+      2. ``ANTHROPIC_API_KEY`` already in the shell env → fallback.
+      3. ``CLAUDE_CODE_OAUTH_TOKEN`` from ``~/.claude/.credentials.json``
+         → LAST RESORT only, with a clear warning that this routes Hermès
+         calls through your Max sub.
+
+    Caller env wins via ``extra``.
     """
-    token = claude_oauth_token(creds_path)
     env = {**os.environ}
-    env["CLAUDE_CODE_OAUTH_TOKEN"] = token
-    # If the operator had stale anthropic env vars set, the OAuth token
-    # takes precedence. We do NOT clear them — operators may have legit
-    # API key setups for other tools.
+    # 1. Vault first.
+    key = ""
+    try:
+        from omega_engine.vault import vault_read
+        from pathlib import Path as _P
+        home = _P(omega_home) if omega_home else _P(
+            os.environ.get("OMEGA_HOME", str(_P.home() / "Omega"))
+        )
+        key = (vault_read(home, "ANTHROPIC_API_KEY_HERMES") or "").strip()
+    except Exception:  # noqa: BLE001
+        key = ""
+    # 2. Shell env fallback.
+    if not key:
+        key = (os.environ.get("ANTHROPIC_API_KEY") or "").strip()
+    # 3. Last-resort OAuth (preserves the old behaviour without making
+    # Hermès depend on it).
+    if not key:
+        try:
+            env["CLAUDE_CODE_OAUTH_TOKEN"] = claude_oauth_token(creds_path)
+        except Exception:  # noqa: BLE001
+            pass
+    if key:
+        env["ANTHROPIC_API_KEY"] = key
     env.setdefault("HERMES_PROVIDER", "anthropic")
     env.setdefault("HERMES_MODEL", "claude-opus-4-7")
     if extra:

package/omega/Agentik_Engine/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "omega-engine"
-version = "0.19.13"
+version = "0.19.14"
 description = "The Omega OS orchestration engine — event-sourced, verified-completion agent graphs."
 readme = "README.md"
 requires-python = ">=3.11"

package/omega/Agentik_Engine/tests/test_hermes_and_ua.py

@@ -95,13 +95,43 @@ class TestClaudeOAuthRead(unittest.TestCase):
 
 
 class TestBuildEnv(unittest.TestCase):
-    def test_env_includes_oauth_token_and_defaults(self):
+    """v0.19.14 — Hermès prefers ANTHROPIC_API_KEY_HERMES from the vault,
+    falls back to ANTHROPIC_API_KEY env, then last-resort to the Max
+    OAuth at ``~/.claude/.credentials.json``."""
+
+    def test_env_uses_anthropic_key_env_when_set(self):
+        with tempfile.TemporaryDirectory() as tmp:
+            p = _fake_creds(Path(tmp) / "c.json", token="tk-Z")
+            old = os.environ.get("ANTHROPIC_API_KEY")
+            os.environ["ANTHROPIC_API_KEY"] = "sk-ant-test"
+            os.environ.pop("OMEGA_HOME", None)
+            try:
+                env = H.build_env(creds_path=p)
+                self.assertEqual(env.get("ANTHROPIC_API_KEY"), "sk-ant-test",
+                    "Hermès must prefer ANTHROPIC_API_KEY over OAuth")
+                # OAuth NOT exposed when an Anthropic key is available.
+                self.assertNotIn("CLAUDE_CODE_OAUTH_TOKEN", env)
+            finally:
+                if old is None:
+                    os.environ.pop("ANTHROPIC_API_KEY", None)
+                else:
+                    os.environ["ANTHROPIC_API_KEY"] = old
+
+    def test_env_falls_back_to_oauth_when_no_anthropic_key(self):
         with tempfile.TemporaryDirectory() as tmp:
             p = _fake_creds(Path(tmp) / "c.json", token="tk-Z")
-            env = H.build_env(creds_path=p)
-            self.assertEqual(env["CLAUDE_CODE_OAUTH_TOKEN"], "tk-Z")
-            self.assertEqual(env["HERMES_PROVIDER"], "anthropic")
-            self.assertEqual(env["HERMES_MODEL"], "claude-opus-4-7")
+            old = os.environ.get("ANTHROPIC_API_KEY")
+            os.environ.pop("ANTHROPIC_API_KEY", None)
+            os.environ["OMEGA_HOME"] = tmp  # no vault key here
+            try:
+                env = H.build_env(creds_path=p)
+                self.assertEqual(env.get("CLAUDE_CODE_OAUTH_TOKEN"), "tk-Z")
+                self.assertEqual(env["HERMES_PROVIDER"], "anthropic")
+                self.assertEqual(env["HERMES_MODEL"], "claude-opus-4-7")
+            finally:
+                os.environ.pop("OMEGA_HOME", None)
+                if old is not None:
+                    os.environ["ANTHROPIC_API_KEY"] = old
 
     def test_env_extra_overrides_default(self):
         with tempfile.TemporaryDirectory() as tmp:
@@ -110,9 +140,27 @@ class TestBuildEnv(unittest.TestCase):
                               extra={"HERMES_MODEL": "claude-sonnet-4-7"})
             self.assertEqual(env["HERMES_MODEL"], "claude-sonnet-4-7")
 
-    def test_env_missing_token_propagates_error(self):
-        with self.assertRaises(H.HermesError):
-            H.build_env(creds_path=Path("/no/such/file"))
+    def test_env_no_creds_no_anthropic_returns_env_without_token(self):
+        """When neither an Anthropic key nor Claude OAuth is available,
+        build_env returns a usable env WITHOUT either token. The caller
+        (or Hermès itself) decides whether to error or skip; build_env
+        no longer raises — that was the v0.18 strict behaviour."""
+        old_anth = os.environ.get("ANTHROPIC_API_KEY")
+        old_home = os.environ.get("OMEGA_HOME")
+        os.environ.pop("ANTHROPIC_API_KEY", None)
+        with tempfile.TemporaryDirectory() as tmp:
+            os.environ["OMEGA_HOME"] = tmp
+            try:
+                env = H.build_env(creds_path=Path("/no/such/file"))
+                self.assertNotIn("ANTHROPIC_API_KEY", env)
+                self.assertNotIn("CLAUDE_CODE_OAUTH_TOKEN", env)
+                self.assertEqual(env["HERMES_PROVIDER"], "anthropic")
+            finally:
+                os.environ.pop("OMEGA_HOME", None)
+                if old_home is not None:
+                    os.environ["OMEGA_HOME"] = old_home
+                if old_anth is not None:
+                    os.environ["ANTHROPIC_API_KEY"] = old_anth
 
 
 # ---------------------------------------------------------------------------

package/omega/Agentik_SSOT/VERSION

@@ -1 +1 @@
-0.19.13
+0.19.14

package/omega/Agentik_SSOT/docs/LAYERS.md

@@ -1,90 +1,147 @@
 # OmegaOS Layered Architecture
 
-> Five layers. Each independently usable. All five share ONE credential:
-> the Claude Code Max OAuth token at `~/.claude/.credentials.json`.
+> Five layers. **Two independent credential domains.** **Two Telegram bots
+> with separate tokens.** Hermès sits above; AISB+Oracle+Workers stay below.
+> Each layer is independently usable.
+
+## The corrected model (v0.19.14)
 
 ```
 ┌──────────────────────────────────────────────────────────────────────┐
-│  Layer 1 ─ Human                                                     │
-│  Telegram / CLI / web — operator intent in natural language          │
-└────────────────────────────────────────┬─────────────────────────────┘
-                                         │
-┌────────────────────────────────────────▼─────────────────────────────┐
-│  Layer 2 ─ Hermes (Nous Research, opt-in)                            │
-│  Autonomous self-improving agent. Cross-platform gateway, scheduled  │
-│  automations, skill creation from experience, dialectic user model.  │
-│  Uses CLAUDE_CODE_OAUTH_TOKEN from ~/.claude/.credentials.json.       │
-│  Bridge: `omega hermes {install,link,status,ask}`                    │
-└────────────────────────────────────────┬─────────────────────────────┘
-                                         │
-┌────────────────────────────────────────▼─────────────────────────────┐
-│  Layer 3 ─ AISB (Agentik Intake Service Bus)                         │
-│  Telegram-first intake. Classifies the message, picks a topology,    │
-│  dispatches a mission to the Engine. Lives in $OMEGA_HOME.           │
-└────────────────────────────────────────┬─────────────────────────────┘
-                                         │
-┌────────────────────────────────────────▼─────────────────────────────┐
-│  Layer 4 ─ Oracle (the planner)                                      │
-│  Reads the mission, plans 1..N worker subtasks, each with a          │
-│  verify_cmd + file ownership. Persistent tmux session.               │
-└────────────────────────────────────────┬─────────────────────────────┘
-                                         │
-┌────────────────────────────────────────▼─────────────────────────────┐
-│  Layer 5 ─ Workers (executors)                                       │
-│  One per subtask. Persistent tmux session. Runs `claude -p` with     │
-│  the worker envelope + injected skill palette. Writes .done.json     │
-│  on completion. Verified by the audit gate before the parent's      │
-│  barrier resolves.                                                   │
-└──────────────────────────────────────────────────────────────────────┘
+│  Layer 1 ─ Human (you)                                               │
+│  Three doors:                                                        │
+│   1. Telegram → Hermès bot   (meta-companion, Anthropic API)         │
+│   2. Telegram → AISB bot     (OmegaOS native, Claude Max OAuth)      │
+│   3. CLI / tmux              (omega …, AISB-chat session)            │
+└────────┬───────────────────────────────────┬─────────────────────────┘
+         │                                   │
+         ▼                                   ▼
+┌──────────────────────┐         ┌────────────────────────────────────┐
+│ Layer 2 ─ HERMÈS     │         │ Layer 3 ─ AISB                     │
+│ Meta-companion,      │ ───────►│ OmegaOS intake / orchestrator      │
+│ scheduler, learner.  │ dispatch│ Classifies, picks a topology,      │
+│                      │ missions│ runs the mission.                  │
+│ Auth: ANTHROPIC_API_ │         │                                    │
+│       KEY_HERMES     │         │ Auth: Claude Max OAuth             │
+│ Bot:  TELEGRAM_TOKEN_│         │       (~/.claude/.credentials.json)│
+│       HERMES         │         │ Bot:  TELEGRAM_TOKEN_AISB          │
+│                      │         │                                    │
+│ OPT-IN  (skip if you │         │ Required for missions.             │
+│ don't want a paid    │         │ Telegram bot is optional too —     │
+│ Anthropic key)       │         │ tmux AISB-chat is the fallback.    │
+└──────────────────────┘         └─────────────┬──────────────────────┘
+                                               │
+                                               ▼
+                                  ┌────────────────────────────────────┐
+                                  │ Layer 4 ─ Oracle (planner)         │
+                                  │ Persistent tmux. Reads mission,    │
+                                  │ plans N workers with verify_cmd.   │
+                                  │ Auth: Claude Max OAuth             │
+                                  └─────────────┬──────────────────────┘
+                                                │
+                                                ▼
+                                  ┌────────────────────────────────────┐
+                                  │ Layer 5 ─ Workers (executors)      │
+                                  │ One per subtask. Persistent tmux.  │
+                                  │ Writes .done.json. Audit-gated.    │
+                                  │ Auth: Claude Max OAuth             │
+                                  └────────────────────────────────────┘
+```
+
+## Why TWO bots, TWO auth domains
+
+| Concern | Hermès (L2) | AISB+Oracle+Workers (L3-L5) |
+|---|---|---|
+| **Telegram token** | `TELEGRAM_TOKEN_HERMES` | `TELEGRAM_TOKEN_AISB` |
+| **LLM credential** | `ANTHROPIC_API_KEY_HERMES` (you pay per call) | Claude Max OAuth from `~/.claude/.credentials.json` (covered by your Max sub) |
+| **What it does** | Meta-reasoning: schedules, suggestions, learning, dispatches missions DOWN to AISB | Executes verified-completion missions inside projects |
+| **Budget risk** | You pay → bounded by your Anthropic spend limit | Claude Max — never charged per call |
+| **Failure mode if absent** | Skip Hermès → OmegaOS still works (CLI + AISB bot) | If absent, no missions → not optional |
+
+This split is intentional:
+
+1. **Budget isolation.** Hermès can run a tight schedule loop, learn from
+   observations, propose missions — without ever touching your Max quota.
+   AISB+Workers can crank through 50-step missions on Max OAuth — without
+   ever burning your Anthropic API budget.
+2. **Independent identity.** Hermès has its own Telegram username, its
+   own bot personality, its own conversation history. AISB stays
+   project-focused (one bot per OmegaOS install, topics per project).
+3. **Authority gradient.** Hermès is *above* OmegaOS — it can issue
+   commands to AISB but doesn't run inside it. AISB is *the* runtime
+   for OmegaOS missions.
+
+## Per-project Telegram structure
+
+OmegaOS treats Telegram as the operator's command surface:
+
+```
+AISB Group (Telegram supergroup with topics enabled)
+│
+├── Topic "general"               — chat with AISB, status questions
+├── Topic "project: dentistry"    — dispatch missions for the Dentistry project
+├── Topic "project: kommu"        — dispatch missions for the Kommu project
+├── Topic "project: causio"       — dispatch missions for the Causio project
+└── …                              (one topic per project, mapped in
+                                    Agentik_SSOT/projects/<slug>/registry.yaml)
 ```
 
-## Why this shape
+A message posted in a project topic = a mission for THAT project. AISB
+reads `message_thread_id` (the topic_id), looks up the slug, runs the
+mission in the project's context (cwd = project root, env =
+project-scoped secrets).
+
+Hermès operates ABOVE the group. It can:
+
+  * Receive a DM in **its own** Telegram bot from you.
+  * Decide: "this is a mission for project X" → send a message INTO
+    the AISB group's topic-X (Hermès posts as a member of the group).
+  * Or: "this is a meta-question" → answer directly via Anthropic API.
+  * Or: "this is an autonomous trigger" (cron, observation) → dispatch
+    a fresh mission into a project topic.
 
-| Layer | Role | Runtime | Credential |
-|---|---|---|---|
-| 1 | Intent | Human | n/a |
-| 2 | Autonomous companion | Hermes (Python, ~/.hermes) | Claude Max OAuth |
-| 3 | Mission intake | OmegaOS engine | Claude Max OAuth |
-| 4 | Planning | Persistent tmux + `claude -p` | Claude Max OAuth |
-| 5 | Execution | Persistent tmux + `claude -p` | Claude Max OAuth |
+## Install / secrets layout (corrected)
 
-Every layer below #1 calls Claude through the same OAuth credential. No
-API key burn, no separate auth surface, no extra account to manage. The
-token rotates server-side via the standard Claude Code refresh flow;
-every layer reads the live file (`~/.claude/.credentials.json`) on each
-call so refresh propagates automatically.
+| Vault key | Holds | Who reads it |
+|---|---|---|
+| `TELEGRAM_TOKEN_AISB` | AISB bot token (from BotFather, bot A) | `omega telegram bridge` + AISB daemon |
+| `TELEGRAM_TOKEN_HERMES` | Hermès bot token (from BotFather, bot B) | Hermès daemon only |
+| `ANTHROPIC_API_KEY_HERMES` | Hermès's own paid Anthropic key | Hermès daemon only |
+| `TELEGRAM_GROUP_ID` | AISB supergroup chat_id | AISB daemon (to scope missions) |
+| `TELEGRAM_TOKEN` | **back-compat alias** for `TELEGRAM_TOKEN_AISB` | Old install paths |
+| Claude Max OAuth | The OAuth at `~/.claude/.credentials.json` | AISB, Oracle, all Workers |
+
+Claude Max OAuth is **never duplicated in the vault** — it lives in
+`~/.claude/.credentials.json` and every layer below Hermès reads it live
+on every call so refresh rotations propagate naturally.
 
 ## Layer choice cheat-sheet
 
 | You want to | Use |
 |---|---|
-| One-shot CLI question | Layer 5 directly: `claude -p "..."` |
-| Verified-completion multi-worker mission | Layer 3-5: `omega run "..."` |
-| Recurring scheduled mission (cron) | Layer 3-5: `omega cadence schedule ...` |
-| Cross-platform chat (Telegram, Discord, …) | Layer 2: `hermes gateway` |
-| Skill creation from experience over time | Layer 2: Hermes's learning loop |
-| Long-running autonomous research | Layer 2: Hermes + scheduled task |
-| Visual codebase exploration | Sidecar: `omega ua run <project>` |
-
-## Bridges
-
-* `omega hermes` — Layer 2 ↔ rest of stack. Hermes can call OmegaOS via
-  the `omega` CLI (any of layers 3-5). OmegaOS can call Hermes via
-  `omega hermes ask "..."`.
-* `omega ua` — Understand-Anything sidecar. Builds an interactive
-  knowledge graph of any project; `omega ua consume` lands the graph
-  into the Engine's GraphRetriever so Oracle/workers can answer
-  "where in the code is X?" via Graph RAG.
-* `omega ma` — Anthropic Managed Agents (opt-in, API-key-only). NOT
-  part of the OAuth stack; only used when explicitly opted into per
-  topology entry.
+| Quick chat with the meta-companion | Hermès bot (DM) — Anthropic API |
+| Run a mission on a project | AISB project topic OR `omega run` from project dir |
+| One-shot CLI question (no orchestration) | `claude -p "..."` directly |
+| Verified-completion multi-worker mission | `omega run` / AISB topic — engages Oracle + Workers |
+| Recurring scheduled mission | `omega cadence schedule …` — wakes through AISB |
+| Cross-platform autonomous loop | Hermès (Anthropic API key, scheduled tasks) |
+| Audit a project | `/codeaudit` etc. from project — Quality Arsenal |
 
 ## What this is NOT
 
-* Hermes is not a "wrapper" around OmegaOS — it has its own loop, its
-  own skills, its own memory. The bridge gives both runtimes the
-  ability to delegate to each other.
-* Layer 2 is OPTIONAL. OmegaOS without Hermes is a complete agentic
-  OS (layers 1+3-5). Adding Hermes buys you the autonomous companion
-  + cross-platform gateway + learning loop. Removing Hermes removes
-  none of OmegaOS's verified-completion guarantees.
+* Hermès is NOT a wrapper around AISB — they're separate runtimes with
+  separate credentials and separate Telegram identities. The bridge gives
+  both the ability to delegate to each other.
+* AISB does NOT need Hermès to function. Skip Hermès install → OmegaOS
+  is a complete agentic OS with verified completion. Add Hermès when you
+  want meta-reasoning + autonomous loops above your projects.
+* The Anthropic API key Hermès uses is NOT shared with anything else.
+  AISB+Oracle+Workers stay on Max OAuth, always.
+
+## v0.19.x evolution
+
+| Version | Change |
+|---|---|
+| v0.18  | Single OAuth model (Hermès on Claude Max) |
+| **v0.19.14** | **Split: Hermès on `ANTHROPIC_API_KEY_HERMES`; AISB on Max OAuth; two Telegram bots** |
+| (planned v0.19.15+) | Dedicated Hermès daemon (its own poll loop), Hermès→AISB dispatch verbs |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentikos/omega-os",
-  "version": "0.19.13",
+  "version": "0.19.14",
   "description": "Omega OS — installable agentic operating system with verified-completion orchestration. Event-sourced engine, 8-block rack, autonomous agents, MCP.",
   "bin": {
     "omega-os": "bin/omega-os.js"