lithermes-ai 0.8.8 → 0.8.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -0
- package/README_Ko-KR.md +2 -1
- package/assets/lithermes-plugin/README.md +9 -1
- package/assets/lithermes-plugin/core.py +2 -0
- package/assets/lithermes-plugin/payload-version.json +6 -6
- package/assets/lithermes-plugin/plugin.yaml +1 -1
- package/assets/lithermes-plugin/skills/litresearch/SKILL.md +12 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -74,6 +74,10 @@ Restart any running Hermes CLI or Hermes gateway process. Then open Hermes and t
|
|
|
74
74
|
is `BLOCKED` because a hook cannot switch Hermes commands; invoke `/start-work <plan>` explicitly.
|
|
75
75
|
- `/review-work` records a local redacted `delegate_batch_intent` summary for its
|
|
76
76
|
single five-lane `delegate_task` batch under `.hermes/lithermes/runs/<run>/delegate_batches/<batch>/`.
|
|
77
|
+
- Public retrieval hardening in `lit research`: public endpoints first,
|
|
78
|
+
structured attempt trace, HTTP 200 validation beyond status, login/paywall/CAPTCHA
|
|
79
|
+
refusal, private/loopback route refusal in the research contract, actionable
|
|
80
|
+
diagnostics, and A/B source comparison before synthesis.
|
|
77
81
|
- LitHermes workflow skill set: `ai-slop-remover`, `comment-checker`,
|
|
78
82
|
`debugging`, `deep-interview`, `frontend-ui-ux`, `git-master`, `init-deep`,
|
|
79
83
|
`lsp`, `programming`, `refactor`,
|
|
@@ -95,6 +99,10 @@ Restart any running Hermes CLI or Hermes gateway process. Then open Hermes and t
|
|
|
95
99
|
evidence, timeouts, or cleanup gaps block approval.
|
|
96
100
|
- `lit research`: litresearch mode. Separate verified facts, hypotheses, sources,
|
|
97
101
|
and uncertainty; keep any journal under `.hermes/lithermes/litresearch/`.
|
|
102
|
+
Public retrieval hardening tries public endpoints first, records a structured
|
|
103
|
+
attempt trace, validates more than HTTP 200, refuses login/paywall/CAPTCHA routes,
|
|
104
|
+
performs no network traffic itself, instructs refusal of private/loopback routes,
|
|
105
|
+
reports actionable diagnostics, and uses A/B checks.
|
|
98
106
|
- `lit goal`: litgoal mode. Bind one objective plus checkable criteria through
|
|
99
107
|
`goal_set` / `goal_*` tools; state lives in `.hermes/lithermes/litgoal/`.
|
|
100
108
|
- `lit workflow` / `lit kanban`: durable-workflow mode. Probe `hermes version`,
|
package/README_Ko-KR.md
CHANGED
|
@@ -72,6 +72,7 @@ npm 패키지명은 `lithermes-ai`이며, `lithermes`는 설치 후 CLI/plugin
|
|
|
72
72
|
- interactive install spinner가 terminal 설치는 더 생동감 있게 보여주고, redirect/script 설치는 기존처럼 plain output을 유지합니다. 조용한 terminal 설치가 필요하면 `npx lithermes-ai install --yes --no-spinner`를 사용합니다.
|
|
73
73
|
- `/start-work`: 승인된 plan만 실행하는 execution-only 명령입니다. 자연어 `lit start work`는 hook이 Hermes command 전환을 할 수 없으므로 `BLOCKED`되고, 사용자가 `/start-work <plan>`을 직접 호출해야 합니다.
|
|
74
74
|
- `/review-work`: 단일 5-lane `delegate_task` batch에 대해 redacted local `delegate_batch_intent` 요약을 `.hermes/lithermes/runs/<run>/delegate_batches/<batch>/`에 기록합니다.
|
|
75
|
+
- `lit research`에는 Public retrieval hardening이 적용됩니다. public endpoints first, structured attempt trace, HTTP 200 이상의 검증, login/paywall/CAPTCHA 거부, research contract 안의 private/loopback route 거부, actionable diagnostics, A/B source 비교를 synthesis 전에 요구합니다.
|
|
75
76
|
- LitHermes workflow skill set: `ai-slop-remover`, `comment-checker`,
|
|
76
77
|
`debugging`, `deep-interview`, `frontend-ui-ux`, `git-master`, `init-deep`,
|
|
77
78
|
`lsp`, `programming`, `refactor`,
|
|
@@ -86,7 +87,7 @@ npm 패키지명은 `lithermes-ai`이며, `lithermes`는 설치 후 CLI/plugin
|
|
|
86
87
|
- `lit` / `litwork`: 실행 discipline입니다. 직접 `lit <task>`는 `.hermes/lithermes/runs/`에 run state를 씁니다.
|
|
87
88
|
- `lit plan`: planning-only입니다. 구현하거나 start-work를 호출하지 않고 plan을 만들고 승인 대기합니다.
|
|
88
89
|
- `lit review`: review-work mode입니다. behavior, tests, docs/package readiness, security/safety, cleanup evidence를 5-lane으로 검증합니다.
|
|
89
|
-
- `lit research`: verified facts, hypotheses, sources, uncertainty를 분리하고 journal은 `.hermes/lithermes/litresearch/`에 둡니다.
|
|
90
|
+
- `lit research`: verified facts, hypotheses, sources, uncertainty를 분리하고 journal은 `.hermes/lithermes/litresearch/`에 둡니다. Public retrieval hardening으로 public endpoints first, structured attempt trace, HTTP 200 이상 검증, login/paywall/CAPTCHA 거부, private/loopback route 거부 지시, actionable diagnostics, A/B source check를 수행합니다.
|
|
90
91
|
- `lit goal`: one objective plus checkable criteria를 `.hermes/lithermes/litgoal/`에 `goal_*` 도구로 기록합니다.
|
|
91
92
|
- `lit workflow` / `lit kanban`: durable-workflow mode입니다. `hermes version`,
|
|
92
93
|
`hermes kanban --help`, `hermes profile list`를 먼저 확인하고, setup이 없으면
|
|
@@ -41,6 +41,10 @@ CLI/plugin name, not the npm package name.
|
|
|
41
41
|
run in parallel, the parent blocks for all); there is no named-agent registry
|
|
42
42
|
and no per-child model selection. Broad review commands record a local redacted
|
|
43
43
|
`delegate_batch_intent` summary under `.hermes/lithermes/runs/<run>/delegate_batches/<batch>/`.
|
|
44
|
+
- Public retrieval hardening in `lit research` keeps external research public-only:
|
|
45
|
+
public endpoints first, structured attempt trace, validation beyond HTTP 200,
|
|
46
|
+
login/paywall/CAPTCHA refusal, private/loopback route refusal in the research
|
|
47
|
+
contract, actionable diagnostics, and A/B source comparison before synthesis.
|
|
44
48
|
|
|
45
49
|
## Mode Contract
|
|
46
50
|
|
|
@@ -51,7 +55,11 @@ CLI/plugin name, not the npm package name.
|
|
|
51
55
|
- `lit review`: review-work verifies behavior, tests, docs/package readiness,
|
|
52
56
|
security/safety, and cleanup evidence through a 5-lane all-or-nothing gate.
|
|
53
57
|
- `lit research`: separate verified facts, hypotheses, sources, and uncertainty;
|
|
54
|
-
journals live under `.hermes/lithermes/litresearch/<slug>/`.
|
|
58
|
+
journals live under `.hermes/lithermes/litresearch/<slug>/`. Public retrieval
|
|
59
|
+
hardening tries public endpoints first, records a structured attempt trace,
|
|
60
|
+
validates more than HTTP 200, refuses login/paywall/CAPTCHA routes, blocks
|
|
61
|
+
no network traffic itself, instructs refusal of private/loopback routes, reports
|
|
62
|
+
actionable diagnostics, and uses A/B checks.
|
|
55
63
|
- `lit goal`: bind one objective plus checkable criteria in
|
|
56
64
|
`.hermes/lithermes/litgoal/`.
|
|
57
65
|
- `lit workflow` / `lit kanban`: durable-workflow setup/proposal mode through
|
|
@@ -450,6 +450,8 @@ def build_natural_mode_context(route: NaturalLitRoute) -> str:
|
|
|
450
450
|
"Natural routing: standalone lit research -> lithermes:litresearch.",
|
|
451
451
|
f"Research demand: {objective}",
|
|
452
452
|
"Mode Contract: separate verified facts, hypotheses, sources, and uncertainty. Do not present uncited claims as facts.",
|
|
453
|
+
"public-only retrieval hardening: try public endpoints first, keep a structured attempt trace, and never treat HTTP 200 alone as success.",
|
|
454
|
+
"Safety boundary: stop and report when a source requires login, paywall, CAPTCHA, credentials, or private/loopback network access.",
|
|
453
455
|
"Use Hermes-native delegate_task swarms when justified and keep any research journal under .hermes/lithermes/litresearch/<slug>/.",
|
|
454
456
|
"</lithermes-natural-route>",
|
|
455
457
|
]
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
|
-
"syncedAt": "2026-06-
|
|
2
|
+
"syncedAt": "2026-06-23T00:00:00.000Z",
|
|
3
3
|
"source": "source-reference",
|
|
4
|
-
"sourceHash": "
|
|
4
|
+
"sourceHash": "e7ade29b97ae79910c1ba3119192a95c347860b9729b069498a790a3ec383367",
|
|
5
5
|
"files": [
|
|
6
6
|
{
|
|
7
7
|
"path": "NOTICE.md",
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
},
|
|
10
10
|
{
|
|
11
11
|
"path": "README.md",
|
|
12
|
-
"sha256": "
|
|
12
|
+
"sha256": "1908cf5b7e356c214940435f5f52282417ed6c07e53b5a29489c734371dfeebe"
|
|
13
13
|
},
|
|
14
14
|
{
|
|
15
15
|
"path": "__init__.py",
|
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
},
|
|
18
18
|
{
|
|
19
19
|
"path": "core.py",
|
|
20
|
-
"sha256": "
|
|
20
|
+
"sha256": "a08610a52b32922c78a22613cd98d3e9e18b5899c45375f7981517e6b79da7d9"
|
|
21
21
|
},
|
|
22
22
|
{
|
|
23
23
|
"path": "litgoal/__init__.py",
|
|
@@ -49,7 +49,7 @@
|
|
|
49
49
|
},
|
|
50
50
|
{
|
|
51
51
|
"path": "plugin.yaml",
|
|
52
|
-
"sha256": "
|
|
52
|
+
"sha256": "65ea33f8f8ed91328cdaea3ea742325b409bc180df1f6b3cd71270aceecbae92"
|
|
53
53
|
},
|
|
54
54
|
{
|
|
55
55
|
"path": "redaction.py",
|
|
@@ -169,7 +169,7 @@
|
|
|
169
169
|
},
|
|
170
170
|
{
|
|
171
171
|
"path": "skills/litresearch/SKILL.md",
|
|
172
|
-
"sha256": "
|
|
172
|
+
"sha256": "f8352bbbeb6a52409de349de9d2cc423606ade759431a558fdf040ebc786db4f"
|
|
173
173
|
},
|
|
174
174
|
{
|
|
175
175
|
"path": "skills/litwork/SKILL.md",
|
|
@@ -129,6 +129,18 @@ Delegated children default to thin single-pass retrieval. Counter this in every
|
|
|
129
129
|
|
|
130
130
|
Web and docs lanes are only as good as their query craft. Embed this playbook in each web child's `goal`/`context`, and apply it yourself whenever the main session drives the web-search tool directly.
|
|
131
131
|
|
|
132
|
+
### Public retrieval hardening
|
|
133
|
+
|
|
134
|
+
Use this public-only retrieval protocol whenever a web/docs lane fetches a page or an external repository:
|
|
135
|
+
|
|
136
|
+
1. **Public endpoints first.** Prefer official docs, canonical feeds, package registries, code-host permalinks, public metadata endpoints, and sitemap-linked pages before generic page scraping or rendered browsing.
|
|
137
|
+
2. **Structured attempt trace.** For each source, record `route`, `url`, `status`, `content_kind`, `validation`, `verdict`, and `next_action` in the journal. A route is not successful until validation says the content answers the sub-question.
|
|
138
|
+
3. **HTTP 200 is not proof.** Treat HTTP 200 as only a transport signal; validate body size, expected content type, JSON parseability when relevant, missing/empty bodies, challenge pages, redirect surprises, and the presence of the expected topic or selector.
|
|
139
|
+
4. **Public boundary.** Stop instead of bypassing when a source requires login/paywall/CAPTCHA, credentials, paid access, private cookies, or user-specific state. Report the boundary and continue with other public sources.
|
|
140
|
+
5. **Network safety.** Do not fetch private/loopback, link-local, multicast, reserved, or cloud-metadata addresses, including after redirects. Reject non-http(s) schemes unless the host tool explicitly supports them as local file reads in the current workspace.
|
|
141
|
+
6. **Actionable diagnostics.** When a lane cannot retrieve enough evidence, say which public routes were tried, which validations failed, and what safe next route remains; do not collapse every failure into “blocked”.
|
|
142
|
+
7. **A/B evidence.** For important claims, compare at least two independent public retrieval routes when possible, for example official docs vs release notes, registry metadata vs repository tags, or rendered page text vs source permalink. Record disagreements before synthesis.
|
|
143
|
+
|
|
132
144
|
**English first.** Run every search in English by default — it is the largest, most authoritative corpus on every engine, code host, and documentation site. Add a secondary local-language sweep (one or two extra lanes) only after the English sweep, when the topic is inherently local, or when the user asks for sources in a specific language.
|
|
133
145
|
|
|
134
146
|
**≥10-query floor.** Each web lane runs at least 10 distinct web-search queries, every one varying a different operator or angle — the same query twice wastes the lane. Fetch the full page for every result that matters; snippets mislead.
|