hermes-git 0.3.1 → 0.3.2

package/README.md

@@ -42,6 +42,8 @@ hermes wip
 
 No magic. Every command shows exactly what git operations it runs.
 
+Run `hermes` with no arguments to see the full command reference and available workflows.
+
 ---
 
 ## Installation
@@ -78,7 +80,7 @@ hermes config set provider gemini
 hermes config set gemini-key AIza...
 ```
 
-Verify it worked:
+Verify:
 
 ```bash
 hermes config list
@@ -93,7 +95,7 @@ hermes config list
 npm install -g hermes-git
 hermes config setup
 
-# 2. Initialize your project (optional, enables team config sharing)
+# 2. Initialize your project (optional — enables team config sharing)
 cd your-project
 hermes init
 
@@ -105,13 +107,26 @@ hermes start "user authentication"
 
 ## Commands
 
+### `hermes update`
+
+Update hermes to the latest version.
+
+```bash
+hermes update           # check and install if a newer version exists
+hermes update --check   # check only, don't install
+```
+
+Auto-detects your package manager (npm, bun, or pnpm).
+
+---
+
 ### `hermes config`
 
 Manage API keys and provider settings.
 
 ```bash
-hermes config setup              # Interactive wizard
-hermes config list               # Show current config (keys masked)
+hermes config setup              # interactive wizard
+hermes config list               # show current config (keys masked, sources shown)
 hermes config set provider openai
 hermes config set openai-key sk-...
 hermes config get provider
@@ -122,6 +137,52 @@ Config is stored in `~/.config/hermes/config.json`. You can also use environment
 
 ---
 
+### `hermes guard`
+
+Scan staged files for secrets and sensitive content before committing.
+
+```bash
+hermes guard
+```
+
+Scans every staged file for:
+
+- **Sensitive filenames** — `.env`, `id_rsa`, `*.pem`, `credentials.json`, `google-services.json`, etc.
+- **API keys** — Anthropic, OpenAI, Google, AWS, GitHub, Stripe, SendGrid, Twilio
+- **Private key headers** — `-----BEGIN PRIVATE KEY-----` and variants
+- **Database URLs** with embedded credentials — `postgres://user:pass@host`
+- **Hardcoded passwords/tokens** — common assignment patterns
+
+Findings are categorised as `BLOCKED` (definite secret) or `WARN` (suspicious). The AI explains each finding and what to do about it, then you choose: abort, unstage the flagged files, or proceed anyway.
+
+```
+  BLOCKED  src/config.ts
+           ● Anthropic API key  line 12
+             apiKey: "sk-a...****",
+             Rotate at: https://console.anthropic.com/settings/keys
+
+  What this means:
+  This key gives anyone with repo access full billing access to your
+  Anthropic account. Rotate it immediately and load it from an
+  environment variable instead.
+
+  ? Blocked secrets found. What do you want to do?
+  ❯ Abort — I will fix these before committing
+    Unstage the flagged files and continue
+    Proceed anyway (I know what I'm doing)
+```
+
+**Install as a git pre-commit hook** so it runs automatically on every commit:
+
+```bash
+hermes guard install-hook    # installs to .git/hooks/pre-commit
+hermes guard uninstall-hook  # removes it
+```
+
+In hook mode the scan is non-interactive: prints findings to stderr and exits 1 on any blocker.
+
+---
+
 ### `hermes plan "<intent>"`
 
 Analyze repo state and propose a safe Git plan. **Makes no changes.**
@@ -154,7 +215,7 @@ hermes sync
 hermes sync --from develop
 ```
 
-Hermes evaluates whether rebase or merge is safer given your branch state and explains before executing.
+Evaluates whether rebase or merge is safer given your branch state and explains before executing.
 
 ---
 
@@ -171,55 +232,6 @@ Decides commit vs stash based on what's safest in your current state.
 
 ---
 
-### `hermes guard`
-
-Scan staged files for secrets and sensitive content before committing.
-
-```bash
-hermes guard
-```
-
-Hermes scans every staged file for:
-
-- **Sensitive filenames** — `.env`, `id_rsa`, `*.pem`, `credentials.json`, `google-services.json`, etc.
-- **API keys** — Anthropic, OpenAI, Google, AWS, GitHub, Stripe, SendGrid, Twilio
-- **Private key headers** — `-----BEGIN PRIVATE KEY-----` and variants
-- **Database URLs** with embedded credentials — `postgres://user:pass@host`
-- **Hardcoded passwords/tokens** — common assignment patterns
-
-Findings are categorized as `BLOCKED` (definite secret) or `WARN` (suspicious). The AI explains each finding and what to do about it. Then you choose: abort, unstage the flagged files, or proceed anyway.
-
-```
-  BLOCKED  src/config.ts
-           ● Anthropic API key  line 12
-             apiKey: "sk-a...****",
-             Rotate at: https://console.anthropic.com/settings/keys
-           ● Database URL with credentials  line 15
-             dbUrl: "post...****prod.db.internal/app"
-
-  What this means:
-  The Anthropic API key on line 12 would give anyone with repository
-  access full billing access to your Anthropic account. Rotate it
-  immediately and use process.env.ANTHROPIC_API_KEY instead.
-  ...
-
-  ? Blocked secrets found. What do you want to do?
-  ❯ Abort — I will fix these before committing
-    Unstage the flagged files and continue
-    Proceed anyway (I know what I'm doing)
-```
-
-**Install as a git pre-commit hook** so it runs automatically on every commit:
-
-```bash
-hermes guard install-hook    # installs to .git/hooks/pre-commit
-hermes guard uninstall-hook  # removes it
-```
-
-In hook mode (`--hook`), the scan is non-interactive: it prints findings to stderr and exits 1 on any blocker.
-
----
-
 ### `hermes conflict explain`
 
 Understand why a conflict exists.
@@ -246,15 +258,17 @@ For each file: shows a proposed resolution, lets you accept, edit manually, or s
 
 ### `hermes workflow <name>`
 
-One-command workflows for common patterns.
+One-command workflows for common patterns. Available workflows are shown when you run `hermes` with no arguments.
 
 ```bash
 hermes workflow pr-ready      # fetch → rebase → push --force-with-lease
 hermes workflow daily-sync    # fetch all → show status → suggest next action
 hermes workflow quick-commit  # generate commit message from staged diff
-hermes workflow list          # show available workflows
+hermes workflow list          # show all workflows including project-specific
 ```
 
+Define project-specific workflows in `.hermes/config.json` and they appear automatically in the help output.
+
 ---
 
 ### `hermes worktree new "<task>"`
@@ -273,8 +287,8 @@ hermes worktree new "fix memory leak"
 Initialize project-level config (`.hermes/config.json`). Commit this to share branch patterns and workflows with your team.
 
 ```bash
-hermes init         # Interactive
-hermes init --quick # Use defaults
+hermes init         # interactive
+hermes init --quick # use defaults
 ```
 
 ---
@@ -301,6 +315,8 @@ Hermes resolves config in this priority order:
 | `.env` file in current dir | `ANTHROPIC_API_KEY=sk-ant-...` |
 | `~/.config/hermes/config.json` | set via `hermes config set` |
 
+Environment variables always win — useful for CI and Docker environments where you don't want a config file.
+
 **Supported env vars:**
 
 | Variable | Description |
@@ -326,9 +342,9 @@ If `HERMES_PROVIDER` is not set, Hermes auto-detects by using whichever key it f
 
 1. **Reads your repo state** — branch, commits, dirty files, conflicts, remote tracking
 2. **Sends context + intent to an AI** — using your configured provider
-3. **Validates the response** — all returned commands must start with `git`, destructive flags are blocked
+3. **Validates the response** — all returned commands must start with `git`; destructive flags are blocked
 4. **Executes with display** — shows every command before running it
-5. **You always stay in control** — interactive prompts for anything irreversible
+5. **You stay in control** — interactive prompts for anything irreversible
 
 ---
 
@@ -350,30 +366,23 @@ If `HERMES_PROVIDER` is not set, Hermes auto-detects by using whichever key it f
 hermes config setup
 ```
 
-**Wrong provider selected**
+**Wrong provider being used**
 
 ```bash
 hermes config set provider anthropic
-hermes config list   # verify
+hermes config list   # check sources — env vars override saved config
 ```
 
-**Key saved but not working**
+**Key set but not working**
 
 ```bash
-# Check what Hermes sees
-hermes config list
-
-# Environment variables override saved config
-# Check for conflicting vars:
-echo $ANTHROPIC_API_KEY
+hermes config list   # shows value and where it came from (env / .env / config)
 ```
 
-**General debugging**
+**Update to latest**
 
 ```bash
-hermes --version
-hermes config list
-git status
+hermes update
 ```
 
 ---

package/dist/index.js

@@ -38889,7 +38889,7 @@ function printWorkflows() {
 
 // src/index.ts
 var program2 = new Command;
-var CURRENT_VERSION = "0.3.1";
+var CURRENT_VERSION = "0.3.2";
 program2.name("hermes").description("Intent-driven Git, guided by AI").version(CURRENT_VERSION).action(() => {
   printBanner(CURRENT_VERSION);
   printWorkflows();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hermes-git",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "Intent-driven Git, guided by AI. Turn natural language into safe, explainable Git operations.",
   "type": "module",
   "main": "./dist/index.js",