openhermes 2.6.1 → 4.0.0

package/harness/skills/oh-security/SKILL.md

@@ -0,0 +1,110 @@
+---
+name: oh-security
+description: "Security audit: secrets archaeology, dependency supply chain, CI/CD security, OWASP Top 10, STRIDE threat modeling, LLM security. Two modes: daily (8/10 confidence gate) and comprehensive (2/10 bar)."
+tier: 3
+benefits-from: [oh-expert]
+triggers:
+  - "security audit"
+  - "threat model"
+  - "check for vulnerabilities"
+  - "owasp review"
+  - "pentest"
+  - "security review"
+  - "cso"
+---
+
+# oh-security
+
+Security audit that finds the doors that are actually unlocked. Two modes: **daily** (8/10 confidence gate — low noise, high signal) and **comprehensive** (2/10 bar — casts a wider net, more findings). Output is a Security Posture Report with severity ratings and remediation plans. Does NOT make code changes — diagnosis only.
+
+## Mode Selection
+
+- **Daily** (default) — 8/10 confidence gate. Only flag findings with strong evidence. Skips speculative or trace-only checks. Runs all phases but reports only clear findings.
+- **Comprehensive** (`--comprehensive`) — 2/10 bar. Surfaces more. Includes trace-only flags, speculative dependency issues, and historical pattern matching.
+
+## Phases
+
+### Phase 0: Stack Detection + Architecture Mental Model
+Detect the project's language stack and framework. Build an explicit mental model: what are the components, trust boundaries, data flows, and attack surface.
+
+### Phase 1: Attack Surface Census
+Map what an attacker sees:
+- Public vs authenticated vs admin endpoints
+- File upload points, external integrations, background jobs
+- WebSocket channels, webhook receivers
+- CI/CD workflows, container configs, IaC, deploy targets
+
+### Phase 2: Secrets Archaeology
+Scan git history for leaked credentials (AWS keys, OpenAI keys, GitHub tokens, Slack tokens, generic secrets). Check `.env` tracking status. Scan CI configs for inline secrets.
+
+### Phase 3: Dependency Supply Chain
+Check beyond `npm audit`: known CVEs in direct deps, install scripts in production deps, lockfile integrity, abandoned packages. Diff-mode limits to changed deps.
+
+### Phase 4: CI/CD Pipeline Security
+Check for unpinned third-party actions, `pull_request_target` misuse, script injection via `${{ github.event.* }}`, secrets exposed as env vars, CODEOWNERS protection on workflow files.
+
+### Phase 5: Infrastructure Shadow Surface
+Dockerfiles (root user, secrets in ARG, missing USER), config files with prod DB URLs, IaC (overly permissive IAM, privileged K8s). Staging configs referencing prod.
+
+### Phase 6: Webhook & Integration Audit
+Webhook endpoints without signature verification, TLS verification disabled in prod, overly broad OAuth scopes.
+
+### Phase 7: LLM & AI Security
+Prompt injection vectors (user input flowing into system prompts), unsanitized LLM output rendered in UI, tool/function calling without validation, hardcoded AI API keys.
+
+### Phase 8: OWASP Top 10 + STRIDE
+Map findings to OWASP Top 10 categories and STRIDE threat model. Identify gaps in coverage across categories.
+
+## Output Format
+
+```
+Security Posture Report
+══════════════════════
+Project: <name>
+Branch:  <branch>
+Mode:    daily | comprehensive
+Date:    <date>
+
+Critical (n):
+  - <finding> — <file:line> — <remediation>
+
+High (n):
+  - <finding> — <file:line> — <remediation>
+
+Medium (n):
+  - <finding> — <file:line> — <remediation>
+
+Low (n):
+  - <finding> — <file:line> — <remediation>
+
+OWASP Coverage:
+  A01:Broken Access Control — n findings
+  A02:Cryptographic Failures — n findings
+  ...
+
+STRIDE:
+  Spoofing — n
+  Tampering — n
+  Repudiation — n
+  Info Disclosure — n
+  Denial of Service — n
+  Elevation of Privilege — n
+```
+
+## Rules
+
+- **Read-only.** No fixes. Diagnosis only, except for auto-fixable low-severity findings when explicitly asked.
+- **Daily mode** gates findings at 8/10 confidence. If you would not stake your reputation on it, skip it in daily mode.
+- **Comprehensive mode** gates at 2/10. Surface everything plausible. The user decides.
+- **No false positives on git history.** Placeholder values ("your_", "changeme") excluded. Rotated secrets still flagged (they were exposed).
+- **Prioritize by blast radius.** Remote code execution > credential exposure > info leak > best-practice gap.
+- **Always distinguish direct vs transitive** dependencies in supply chain findings.
+- **Use Grep/Glob tools** for searches, not bash grep. The bash blocks below show WHAT to search, not HOW.
+
+## Routing
+
+| Outcome | Route |
+|---------|-------|
+| pass | → [report findings to user] |
+| fail | → oh-investigate (deepen on findings) |
+| blocker | → surface to user |

package/harness/skills/oh-ship/SKILL.md

@@ -0,0 +1,39 @@
+---
+name: oh-ship
+description: "Deploy and PR pipeline — test, bump, changelog, PR, deploy, verify"
+---
+
+# oh-ship
+
+## When to Use
+When code is ready to ship. Runs the full release pipeline from test to PR to deploy verification.
+
+## Workflow
+1. **Pre-flight** — run test suite, lint, typecheck
+2. **Version bump** — read VERSION file or package.json, bump according to semver
+3. **Changelog** — generate from commit history since last tag. Polish voice: consistent tense, group by type (features, fixes, breaking)
+4. **Commit + push** — create release commit with changelog
+5. **PR** — create GitHub PR with summary, test evidence, deploy plan
+6. **Merge** — merge PR after CI passes
+7. **Deploy** — trigger deploy (platform-specific)
+8. **Verify** — canary check, health endpoints, smoke tests
+9. **Post-ship docs sync** — read all project docs (README, ARCHITECTURE.md, CONTRIBUTING.md), cross-reference the diff, update to match what shipped:
+   - README: new features, changed APIs, updated examples
+   - CHANGELOG: verify polish against what actually merged
+   - ARCHITECTURE.md / CONTRIBUTING.md: reflect any structural or workflow changes
+   - TODOS.md: remove completed items, add any new deferred items discovered during ship
+   - VERSION file: bump if not already done
+
+## Anti-patterns
+- Skipping pre-flight checks ("just a quick fix")
+- Bumping version without changelog
+- Deploying without post-deploy verification
+- Not tagging releases
+
+## Routing
+
+| Outcome | Route |
+|---------|-------|
+| pass | → oh-retro (post-ship review) |
+| fail | → oh-expert (diagnose deployment failure) |
+| blocker | → surface to user |

package/harness/skills/oh-skill-craft/SKILL.md

@@ -0,0 +1,107 @@
+---
+name: oh-skill-craft
+description: "Create new agent skills with proper structure, frontmatter, progressive disclosure, and bundled resources. Meta-skill for growing the harness."
+tier: 2
+benefits-from: [oh-expert]
+triggers:
+  - "create a skill"
+  - "write a skill"
+  - "new skill"
+  - "skill-craft"
+  - "meta-skill"
+  - "add a capability"
+---
+
+# oh-skill-craft
+
+Create new agent skills for the OpenHermes harness. Skills are the unit of progressive disclosure — loaded on demand, not preloaded.
+
+## Skill Structure
+
+```
+harness/skills/<oh-name>/
+├── SKILL.md           # Main instructions (required)
+├── REFERENCE.md       # Detailed docs (if SKILL.md exceeds 100 lines)
+└── scripts/           # Utility scripts (if deterministic operations needed)
+```
+
+## SKILL.md Template
+
+```markdown
+---
+name: oh-<name>
+description: "Brief description. Use when [specific triggers]."
+tier: <2|3|4>
+benefits-from: [<skill-dependencies>]
+triggers:
+  - "<trigger phrase>"
+  - "<another trigger>"
+---
+
+# oh-<name>
+
+<one-paragraph summary>
+
+## When to Use
+
+<when to invoke this skill>
+
+## Workflow
+
+1. <step>
+2. <step>
+3. <step>
+
+## Anti-patterns
+
+- <anti-pattern 1>
+- <anti-pattern 2>
+```
+
+## Description Requirements
+
+The description is the only thing the agent sees when deciding which skill to load. Make it actionable:
+
+**Good:** "Create new agent skills with proper structure, frontmrmatter, and bundled resources. Use when user wants to create, write, or build a new skill."
+
+**Bad:** "Helps with skills."
+
+## Field Guide
+
+| Frontmatter Field | Required | Purpose |
+|---|---|---|
+| `name` | yes | Must match `^[a-z0-9]+(-[a-z0-9]+)*$` and directory name |
+| `description` | yes | Max 200 chars. First sentence = what it does. Second = when to use. |
+| `tier` | no | 2=tool, 3=strategic, 4=autonomous. Controls preamble verbosity. |
+| `benefits-from` | no | Skill dependencies. Listed skills should be loaded first. |
+| `triggers` | no | Natural language patterns that should route to this skill. |
+
+## When to Add Scripts
+- Operation is deterministic (validation, formatting)
+- Same code would be generated repeatedly
+- Errors need explicit handling
+
+Scripts save tokens and improve reliability vs generated code.
+
+## When to Split Files
+- SKILL.md exceeds 100 lines
+- Content has distinct domains
+- Advanced features are rarely used (put in REFERENCE.md)
+
+## Review Checklist
+
+- [ ] Description includes triggers ("Use when...")
+- [ ] SKILL.md under 100 lines
+- [ ] No time-sensitive info (dates, versions, deprecation warnings)
+- [ ] Consistent oh- prefix and terminology
+- [ ] Concrete examples included
+- [ ] Anti-patterns documented
+- [ ] Tests still pass after adding (`npm test`)
+
+## Routing
+
+| Outcome | Route |
+|---------|-------|
+| pass | → oh-skills-link (verify skill discovery) |
+| fail | → oh-expert (diagnose skill creation issues) |
+| blocker | → surface to user |

package/harness/skills/oh-skills-link/SKILL.md

@@ -0,0 +1,29 @@
+---
+name: oh-skills-link
+description: "Verify that OpenCode can discover the package-local skills directory"
+---
+
+# oh-skills-link
+
+## When to Use
+After installing new skills or updating existing ones. Verifies that OpenCode can discover the package-local skills directory.
+
+## Workflow
+1. Read skills from `harness/skills/`
+2. Confirm `config.skills.paths` points at the package-local harness path
+3. Skip unchanged skills when checking manifests
+4. Log missing, invalid, or newly added skills
+
+## Anti-patterns
+- Linking skills without verifying they exist in harness
+- Copying skills into global config during normal operation
+- Overwriting user-modified skills without explicit intent
+- Linking broken or incomplete skills
+
+## Routing
+
+| Outcome | Route |
+|---------|-------|
+| pass | → [report link status to user] |
+| fail | → oh-skill-craft (fix or rebuild broken skill) |
+| blocker | → surface to user |

package/harness/skills/oh-skills-list/SKILL.md

@@ -0,0 +1,31 @@
+---
+name: oh-skills-list
+description: "List all available oh-* skills with descriptions"
+---
+
+# oh-skills-list
+
+## When to Use
+To discover what skills are available. Lists every skill with its name, description, and category.
+
+## Output
+Markdown table of skills:
+
+| Skill | Description | Category |
+|-------|-------------|----------|
+| oh-plan | Strategy + architecture review | Orchestration |
+| oh-qa | Full QA workflow | Quality |
+| ... | ... | ... |
+
+## Anti-patterns
+- Listing "all available" but missing recently installed skills
+- Showing skill file paths instead of human-readable descriptions
+- Not categorising skills (flat list is hard to scan)
+
+## Routing
+
+| Outcome | Route |
+|---------|-------|
+| pass | → [done — read-only report] |
+| fail | → [surface issue to user] |
+| blocker | → surface to user |

package/harness/skills/oh-triage/SKILL.md

@@ -0,0 +1,36 @@
+---
+name: oh-triage
+description: "Issue triage state machine — classify, prioritise, assign"
+---
+
+# oh-triage
+
+## When to Use
+When new issues come in, or when reviewing the issue backlog. Drives issues through a triage state machine.
+
+## States
+1. **Needs triage** — new issue, unclassified
+2. **Needs info** — waiting on reporter for clarification
+3. **Ready for agent** — well-specified, can be picked up
+4. **Ready for human** — needs human judgment or access
+5. **Wontfix** — declined with reason
+
+## Workflow
+1. Read new issues (label: `needs-triage`)
+2. Classify: bug / feature / enhancement / question
+3. Assess severity and priority
+4. Assign to appropriate state and owner
+5. Add triage metadata labels
+
+## Anti-patterns
+- Leaving issues in "needs triage" indefinitely
+- Triaging without reading the full issue
+- Wontfix without explanation (leaves reporter unhappy)
+
+## Routing
+
+| Outcome | Route |
+|---------|-------|
+| pass | → oh-issue (publish triaged issues) or oh-handoff (pass to agent) |
+| fail | → oh-expert (clarify ambiguous issue) |
+| blocker | → surface to user |

package/index.mjs

@@ -1,58 +1,3 @@
-import { AutorecallPlugin } from "./autorecall.mjs"
-import { CuratorPlugin } from "./curator.mjs"
-import { SkillBuilderPlugin } from "./skill-builder.mjs"
-import { BootstrapPlugin } from "./bootstrap.mjs"
-import { MemoryToolsPlugin } from "./lib/memory-tools-plugin.mjs"
-import { AmbientMemoryPlugin } from "./lib/ambient-memory.mjs"
-import { OhcPlugin } from "./lib/ohc/pruner.mjs"
-import { UpdaterPlugin } from "./lib/ohc/updater.mjs"
-
-function chain(...fns) {
-  const h = fns.filter(Boolean)
-  if (!h.length) return undefined
-  if (h.length === 1) return h[0]
-  return async (i, o) => { for (const fn of h) await fn(i, o) }
-}
-
-export default async (input) => {
-  const results = await Promise.allSettled([
-    BootstrapPlugin(input),
-    AutorecallPlugin(input),
-    CuratorPlugin(input),
-    SkillBuilderPlugin(input),
-    MemoryToolsPlugin(input),
-    AmbientMemoryPlugin(input),
-    OhcPlugin(input),
-    UpdaterPlugin(input),
-  ])
-  const [bootstrap, autorecall, curator, skillBuilder, memoryTools, ambient, ohc, updater] = results.map(r => r.status === 'fulfilled' ? r.value : {})
-
-  const merged = {}
-
-  if (bootstrap.config) merged.config = bootstrap.config
-
-  const toolHandlers = { ...memoryTools.tool, ...ohc.tool }
-  if (Object.keys(toolHandlers).length) merged.tool = toolHandlers
-
-  merged["experimental.chat.system.transform"] = chain(ohc["experimental.chat.system.transform"])
-  merged["experimental.chat.messages.transform"] = chain(
-    ambient["experimental.chat.messages.transform"],
-    bootstrap["experimental.chat.messages.transform"],
-    ohc["experimental.chat.messages.transform"],
-  )
-  merged["command.execute.before"] = chain(updater["command.execute.before"], ohc["command.execute.before"])
-
-  const eventHandlers = [autorecall.event, curator.event, skillBuilder.event].filter(Boolean)
-  if (eventHandlers.length) {
-    merged.event = async (payload) => {
-      await Promise.allSettled(eventHandlers.map(fn => fn(payload)))
-    }
-  }
-
-  for (const hook of ["experimental.session.compacting", "tool.execute.after"]) {
-    const handler = chain(curator[hook], skillBuilder[hook])
-    if (handler) merged[hook] = handler
-  }
-
-  return merged
-}
+import { BootstrapPlugin } from "./bootstrap.mjs"
+
+export default BootstrapPlugin

package/lib/harness-resolver.mjs

@@ -0,0 +1,77 @@
+// Shared harness directory resolver — canonical implementation.
+// Extracted from bootstrap.mjs to eliminate DRY violation with goal-tracker.mjs.
+// Both consumers import from here.
+
+import path from "node:path"
+import fs from "node:fs"
+import { fileURLToPath } from "node:url"
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url))
+const PKG_DIR = path.resolve(__dirname, "..")
+
+const REQUIRED_HARNESS_FILES = [
+  ["codex", "CONSTITUTION.md"],
+  ["instructions", "RUNTIME.md"],
+  ["skills", "oh-plan", "SKILL.md"],
+]
+
+function ancestorDirs(start, limit = 6) {
+  const dirs = []
+  let current = path.resolve(start)
+  for (let i = 0; i < limit; i++) {
+    dirs.push(current)
+    const parent = path.dirname(current)
+    if (parent === current) break
+    current = parent
+  }
+  return dirs
+}
+
+function buildHarnessCandidates(currentDir, execPath, cwd) {
+  const roots = [path.resolve(currentDir, "harness")]
+  const seen = new Set(roots)
+
+  const anchors = [path.dirname(execPath), path.dirname(path.dirname(execPath)), cwd]
+  for (const anchor of anchors) {
+    for (const dir of ancestorDirs(anchor)) {
+      for (const root of [
+        path.join(dir, "harness"),
+        path.join(dir, "node_modules", "openhermes", "harness"),
+        path.join(dir, "bin", "node_modules", "openhermes", "harness"),
+      ]) {
+        const normalized = path.normalize(root)
+        if (seen.has(normalized)) continue
+        seen.add(normalized)
+        roots.push(normalized)
+      }
+    }
+  }
+
+  return roots
+}
+
+function hasRequiredHarnessFiles(root) {
+  return REQUIRED_HARNESS_FILES.every(parts => fs.existsSync(path.join(root, ...parts)))
+}
+
+export function resolveHarnessRoot({
+  currentDir = PKG_DIR,
+  execPath = process.execPath,
+  cwd = process.cwd(),
+  candidateRoots,
+} = {}) {
+  const roots = candidateRoots ?? buildHarnessCandidates(currentDir, execPath, cwd)
+  for (const root of roots) {
+    if (hasRequiredHarnessFiles(root)) return root
+  }
+  return path.resolve(currentDir, "harness")
+}
+
+let _harnessDir
+
+export function setHarnessRootForTest(dir) { _harnessDir = dir }
+
+export function getHarnessDir() {
+  if (!_harnessDir) _harnessDir = resolveHarnessRoot()
+  return _harnessDir
+}

package/lib/logger.mjs

@@ -0,0 +1,62 @@
+import path from "node:path"
+import os from "node:os"
+import fs from "node:fs"
+
+const LEVELS = { debug: 0, info: 1, warn: 2, error: 3 }
+const CURRENT_LEVEL = LEVELS[process.env.OPENCODE_LOG_LEVEL?.trim().toLowerCase()] ?? (process.env.OPENHERMES_LOG_LEVEL?.trim().toLowerCase() === "debug" ? LEVELS.debug : LEVELS.warn)
+
+const LOG_DIR = path.join(os.homedir(), ".local", "share", "opencode", "log")
+const LOG_FILE = path.join(LOG_DIR, "openhermes.log")
+
+function ts() {
+  const d = new Date()
+  return `${d.getFullYear()}-${(d.getMonth()+1).toString().padStart(2,"0")}-${d.getDate().toString().padStart(2,"0")} ${d.getHours().toString().padStart(2,"0")}:${d.getMinutes().toString().padStart(2,"0")}:${d.getSeconds().toString().padStart(2,"0")}.${d.getMilliseconds().toString().padStart(3,"0")}`
+}
+
+function formatArgs(args) {
+  return args.map(a => {
+    if (a === null) return "null"
+    if (a === undefined) return "undefined"
+    if (typeof a === "object") {
+      try { return a?.message || JSON.stringify(a) } catch { return String(a) }
+    }
+    return String(a)
+  }).join(" ")
+}
+
+function shouldLog(levelName) {
+  return LEVELS[levelName] >= CURRENT_LEVEL
+}
+
+let _fd = null
+function getFd() {
+  if (_fd) return _fd
+  try {
+    fs.mkdirSync(LOG_DIR, { recursive: true })
+    _fd = fs.openSync(LOG_FILE, "a")
+  } catch {
+    _fd = -1
+  }
+  return _fd
+}
+
+export function createLogger(name) {
+  const prefix = `[openhermes:${name}]`
+
+  function emit(levelName, ...args) {
+    if (!shouldLog(levelName)) return
+    const fd = getFd()
+    if (fd < 0) return
+    const line = `${ts()} ${prefix} [${levelName.toUpperCase()}] ${formatArgs(args)}\n`
+    try { fs.writeSync(fd, line) } catch {}
+  }
+
+  return {
+    debug: (...args) => emit("debug", ...args),
+    info: (...args) => emit("info", ...args),
+    warn: (...args) => emit("warn", ...args),
+    error: (...args) => emit("error", ...args),
+  }
+}
+
+export const rootLogger = createLogger("root")

package/package.json

@@ -1,53 +1,49 @@
-{
-  "name": "openhermes",
-  "version": "2.6.1",
-  "description": "OpenHermes plugin suite for OpenCode — autonomous checkpointing, native memory tools, subagent routing, slash commands, and skill-candidate detection.",
-  "type": "module",
-  "license": "MIT",
-  "main": "./index.mjs",
-  "dependencies": {
-    "@opencode-ai/plugin": "1.14.46"
-  },
-  "exports": {
-    ".": "./index.mjs",
-    "./autorecall": "./autorecall.mjs",
-    "./curator": "./curator.mjs",
-    "./skill-builder": "./skill-builder.mjs",
-    "./bootstrap": "./bootstrap.mjs"
-  },
-  "files": [
-    "index.mjs",
-    "autorecall.mjs",
-    "curator.mjs",
-    "skill-builder.mjs",
-    "bootstrap.mjs",
-    "lib/",
-    "schemas/",
-    "harness/"
-  ],
-  "scripts": {
-    "test": "node --test",
-    "commands:audit": "node harness/scripts/sync-commands.mjs --audit",
-    "commands:generate": "node harness/scripts/sync-commands.mjs --generate",
-    "commands:sync": "node harness/scripts/sync-commands.mjs --sync",
-    "commands:full": "node harness/scripts/sync-commands.mjs"
-  },
-  "keywords": [
-    "opencode",
-    "opencode-plugin",
-    "openhermes",
-    "checkpoint",
-    "curation",
-    "memory",
-    "skills"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/nathwn12/openhermes.git"
-  },
-  "bugs": {
-    "url": "https://github.com/nathwn12/openhermes/issues"
-  },
-  "homepage": "https://github.com/nathwn12/openhermes#readme",
-  "author": "nathwn12"
-}
+{
+  "name": "openhermes",
+  "version": "4.0.0",
+  "description": "OpenCode-native skills, commands, and rules orchestration for OpenHermes.",
+  "type": "module",
+  "license": "MIT",
+  "main": "./index.mjs",
+  "dependencies": {
+    "@opencode-ai/plugin": "1.14.46"
+  },
+  "exports": {
+    ".": "./index.mjs",
+    "./bootstrap": "./bootstrap.mjs"
+  },
+  "files": [
+    "index.mjs",
+    "bootstrap.mjs",
+    "ETHOS.md",
+    "CONTEXT.md",
+    "lib/",
+    "test/",
+    "harness/codex/",
+    "harness/instructions/",
+    "harness/skills/",
+    "harness/commands/",
+    "harness/agents/"
+  ],
+  "scripts": {
+    "test": "node --test test/*.test.mjs"
+  },
+  "keywords": [
+    "opencode",
+    "openhermes",
+    "orchestrator",
+    "skills",
+    "commands",
+    "agents",
+    "rules"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nathwn12/openhermes.git"
+  },
+  "bugs": {
+    "url": "https://github.com/nathwn12/openhermes/issues"
+  },
+  "homepage": "https://github.com/nathwn12/openhermes#readme",
+  "author": "nathwn12"
+}